How to Use Nikto Web Scanner on Ubuntu

Updated on August 11, 2021
How to Use Nikto Web Scanner on Ubuntu header image

Introduction

Nikto is an open-source web vulnerability scanner based on Perl. It can scan for insecure files and programs, software misconfigurations, and other potential threats within the server. In this article, you will learn how to install and use Nikto to scan your Ubuntu server.

Do not scan servers without permission. Unauthorized scanning on Vultr's network may result in account termination.

Prerequisites

1. Install Nikto

Nikto is available in the default repositories.

$ sudo apt install nikto -y

2. Scan Server using Nikto

We will use Nikto to perform various types of Web Scanning. You can install Apache2 and add virtual hosts to run on different ports for testing purposes. The site or port being scanned must be open and running an application to get an appropriate result.

$ sudo apt install apache2 -y

Examples

These are a few examples that show how to use Nikto.

  • Scan a web server with an IP address 192.0.2.10:

      $ sudo nikto -host 192.0.2.10
  • Scan port 8080 of a web server with an IP address 192.0.2.10:

      $ sudo nikto -h 192.0.2.10 -p 8080
  • If your server has multiple virtual hosts listening on different ports, you can specify them as a comma-separated list. This command will scan two ports: 8080 and 9090.

      $ sudo nikto -h 192.0.2.10 -p 8080,9090
  • You can scan a range of ports by specifying the start and end of the port range. This command will scan all ports from 8080 to 9090.

      $ sudo nikto -h 192.0.2.10 -p 8080-9090
  • Scan a server by URL:

      $ sudo nikto -h http://example.com
  • Scan a URL at a specific port. Two syntax options are available.

      $ sudo nikto -h http://example.com -p 8080
    
      $ sudo nikto -h http://example.com:8080

Scan Multiple Hosts

To scan multiple hosts, create a file containing a list of target hosts, one per line. For example, create a file named scan-targets with the following:

http://example.com:8080
192.0.2.10:8888
192.0.2.11

To scan all the hosts defined in the file scan-targets:

$ sudo nikto -h scan-targets

How to Use a Proxy

To scan through a proxy server, use the -useproxy option. Set the proxy details on the configuration file, /etc/nikto/config.txt.

PROXYHOST=192.0.2.10
PROXYPORT=8080
PROXYUSER=username
PROXYPASS=password

After defining the proxy details, run the scan. For example:

$ sudo nikto -h 192.0.2.11 -useproxy

More Information

Show basic description of various command options available for running scans.

$ sudo nikto

Show more details about the options available.

$ sudo nikto -H

References

For more information on Nikto, please see the official documentation.