Nikto- Vulnerability Scanner For Web Server and Applications

Scan your web server for vulnerabilities, misconfiguration in FREE with Nikto scanner

Nikto is a perl based and open source web scanning tool which helps in scanning a web server for multiple items, including over 6400 potentially dangerous files, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

Using Nikto on Kali Linux

Since it’s inbuilt in Kali, you don’t need to install anything.

• Login into Kali Linux
• Go to Applications >> Vulnerability Analysis and click nikto

It will open the terminal where you can run the scanning against your web server.

Installing Nikto on Other Distro:

Step 1: Check if the perl modules are installed on your server.

perl -v

If not, then enter the below mentioned command to Install perl:

# apt-get install perl openssl libnet-ssleay-perl

For Red Hat/CentOS/Fedora :
            Use yum instead apt-get.


Step 2: Download the latest version of Nikto:

# wget http://www.cirt.net/nikto/nikto-2.1.5.tar.gz

Unpack it using the following tar command:

# tar -xvf nikto-2.1.5.tar.gz

# cd nikto-2.1.5

# perl nikto.pl

There is multiple ways/syntax you can use to run the scan. However, the quickest way to do is;

# nikto –h $targetserverurl

# perl nikto.pl -h targetserver.com

Multiple Port Scanning:

perl nikto.pl -h targetserver.com -p 80,443

 Make sure you have proper permission to scan the target.

To update Nikto:

# perl nikto.pl -update

Further information can be found in the documentation on the project page http://cirt.net/nikto2-docs/installation.html