{"id":9641,"date":"2021-07-10T22:43:50","date_gmt":"2021-07-10T19:43:50","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9641"},"modified":"2024-03-18T19:43:27","modified_gmt":"2024-03-18T16:43:27","slug":"install-and-use-nikto-web-scanner-on-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-use-nikto-web-scanner-on-ubuntu-20-04\/","title":{"rendered":"Install and Use Nikto Web Scanner on Ubuntu 20.04"},"content":{"rendered":"\n
Hello folks, today we are going to learn how to install and use Nikto web scanner on Ubuntu 20.04 server.<\/p>\n\n\n\n
Nikto is aPerl<\/code><\/strong> based open-source web vulnerability scanner that can unearth every other potential threat on your web server including but not limited to;<\/p>\n\n\n\n
\n
Insecure files and programs<\/li>\n\n\n\n
Outdated servers and programs<\/li>\n\n\n\n
Server and software misconfigurations<\/li>\n\n\n\n
Default files and programs<\/li>\n<\/ul>\n\n\n\n
Nikto can run on almost any Operating system with Perl interpreter installed. It supports SSL, proxies, host authentication, attack encoding, IDS evation etc.<\/p>\n\n\n\n
Installing Nikto Web Scanner on Ubuntu 20.04<\/h2>\n\n\n\n
Install Nikto on Ubuntu 20.04<\/h3>\n\n\n\n
Installation of nikto on Ubuntu 20.04 is pretty straight forward as the package is available on the default repositories. Thus, run the commands below to install nikto.<\/p>\n\n\n\n
Update your package repos and upgrade your server;<\/p>\n\n\n\n
apt update<\/code><\/pre>\n\n\n\n
Install Nikto on Ubuntu 20.04<\/p>\n\n\n\n
Perl is already installed on Ubuntu 20.04:<\/p>\n\n\n\n
Therefore, the command below will install Nikto and all the required dependencies.<\/p>\n\n\n\n
apt install nikto -y<\/code><\/pre>\n\n\n\n
Basic Usage of Nikto<\/h3>\n\n\n\n
The basic nikto command line syntax is:<\/p>\n\n\n\n
nikto [options...]<\/strong><\/code><\/pre>\n\n\n\n
When run without any command line options, it shows basic description of various command options;<\/p>\n\n\n\n
nikto<\/code><\/pre>\n\n\n\n
- Nikto v2.1.5\n---------------------------------------------------------------------------\n+ ERROR: No host specified\n\n -config+ Use this config file\n -Display+ Turn on\/off display outputs\n -dbcheck check database and other key files for syntax errors\n -Format+ save file (-o) format\n -Help Extended help information\n -host+ target host\n -id+ Host authentication to use, format is id:pass or id:pass:realm\n -list-plugins List all available plugins\n -output+ Write output to this file\n -nossl Disables using SSL\n -no404 Disables 404 checks\n -Plugins+ List of plugins to run (default: ALL)\n -port+ Port to use (default 80)\n -root+ Prepend root value to all requests, format is \/directory \n -ssl Force ssl mode on port\n -Tuning+ Scan tuning\n -timeout+ Timeout for requests (default 10 seconds)\n -update Update databases and plugins from CIRT.net\n -Version Print plugin and database versions\n -vhost+ Virtual host (for Host header)\n \t\t+ requires a value\n\n\tNote: This is the short help output. Use -H for full help text.\n<\/code><\/pre>\n\n\n\n
If you want to see more details about the options above, run the command below;<\/p>\n\n\n\n
nikto -H<\/code><\/pre>\n\n\n\n
Using Nikto to Perform Web Scanning<\/h3>\n\n\n\n
In this section, we are going to see how Nikto is used with various command line options shown above to perform web scanning.<\/p>\n\n\n\n
In its basic functionality, Nikto requires just an host an to scan. The target host can be specified with the -h <\/strong>or -host <\/strong>option. For example, to scan a web server whose IP address is 192.168.60.19<\/strong>, run Nikto as follows;<\/p>\n\n\n\n
nikto -host 192.168.60.19<\/code><\/pre>\n\n\n\n
\n- Nikto v2.1.5\n---------------------------------------------------------------------------\n+ Target IP: 192.168.60.19\n+ Target Hostname: dvwa.kifarunix-demo.com\n+ Target Port: 80\n+ Start Time: 2021-07-12 19:24:17 (GMT0)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.37 (rocky)\n+ Retrieved x-powered-by header: PHP\/7.4.6\n+ The anti-clickjacking X-Frame-Options header is not present.\n+ Cookie PHPSESSID created without the httponly flag\n+ Cookie security created without the httponly flag\n+ Root page \/ redirects to: login.php\n+ Server leaks inodes via ETags, header found with file \/robots.txt, fields: 0x1a 0x5c6f1b510366c \n+ File\/dir '\/' in robots.txt returned a non-forbidden or redirect HTTP code (302)\n+ \"robots.txt\" contains 1 entry which should be manually viewed.\n+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST\n+ OSVDB-3268: \/config\/: Directory indexing found.\n+ \/config\/: Configuration information may be available remotely.\n+ OSVDB-3268: \/tests\/: Directory indexing found.\n+ OSVDB-3092: \/tests\/: This might be interesting...\n+ OSVDB-3268: \/icons\/: Directory indexing found.\n+ OSVDB-3268: \/docs\/: Directory indexing found.\n+ OSVDB-3233: \/icons\/README: Apache default file found.\n+ \/login.php: Admin login page\/section found.\n+ OSVDB-3092: \/.git\/index: Git Index file may contain directory listing information.\n+ 6544 items checked: 0 error(s) and 17 item(s) reported on remote host\n+ End Time: 2021-07-12 19:24:26 (GMT0) (9 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested\n<\/code><\/pre>\n\n\n\n
As you can see from the output, when the target host is specified without a port, nikto scans port 80<\/strong> by default.<\/p>\n\n\n\n
However, if your web server is running on a different port, you have to specify the port using the -p<\/strong> or -port<\/strong> option.<\/p>\n\n\n\n
See example below;<\/p>\n\n\n\n
nikto -h 192.168.60.15 -p 8080<\/code><\/pre>\n\n\n\n
If you have multiple virtualhosts on the same host server listening on different ports, you can specify multiple ports by separating them with comma.<\/p>\n\n\n\n
nikto -h 192.168.60.19 -p 8080,8888<\/code><\/pre>\n\n\n\n
You can also specify a range of ports in the format port1-portN<\/strong> for example,<\/p>\n\n\n\n
nikto -h 192.168.60.19 -p 8080-8888<\/code><\/pre>\n\n\n\n
Instead of using the IP address to specify the target host, URLs can also be used for example;<\/p>\n\n\n\n
nikto -h mydvwa.example.com<\/code><\/pre>\n\n\n\n
nikto -h https:\/\/mydvwa.example.com<\/code><\/pre>\n\n\n\n
You can also specify the port when you use URL;<\/p>\n\n\n\n
nikto -h mydvwa.example.com -p 8080<\/code><\/pre>\n\n\n\n
nikto -h https:\/\/mydvwa.example.com -p 8443<\/code><\/pre>\n\n\n\n
or<\/p>\n\n\n\n
nikto -h mydvwa.example.com:8080<\/code><\/pre>\n\n\n\n
nikto -h https:\/\/mydvwa.example.com:8443\/<\/code><\/pre>\n\n\n\n
As much as target hosts can be specified using the -p<\/strong> option, it is also possible to specify a file containing a list of target hosts one per line. For instance, you file should should contains the targets in the format;<\/p>\n\n\n\n
To scan these hosts at the same time, run the command below;<\/p>\n\n\n\n
nikto -h scan-targets<\/code><\/pre>\n\n\n\n
It is also possible to scan the hosts in a network listening on web server ports using Nmap and pass the output to nikto. For example to scan for open port 80 in a network, 192.168.43.0\/24,<\/p>\n\n\n\n
nmap -p80 192.168.43.0\/24 -oG - | nikto -h -<\/code><\/pre>\n\n\n\n
If you are going through a proxy server, you can ask nikto to use proxy by using the -useproxy<\/strong> option. You can set the proxy details on the nikto configuration file, \/etc\/nikto\/config.txt <\/strong>or you can it on the command line as shown below;<\/p>\n\n\n\n
To define the proxy server details in the \/etc\/nikto\/config.txt file, use the format;<\/p>\n\n\n\n
When you have defined the proxy details as shown above, then run nikto as follows;<\/p>\n\n\n\n
nikto -h 192.168.20.128 -useproxy<\/code><\/pre>\n\n\n\n
To specify the proxy connection details on the command line;<\/p>\n\n\n\n
nikto -h 192.168.20.128 -useproxy http:\/\/id:password@192.168.20.23:3128\/<\/code><\/pre>\n\n\n\n
nikto -h 192.168.20.128 -useproxy http:\/\/@192.168.20.23:3128\/<\/code><\/pre>\n\n\n\n
Nikto can export scan results in different formats; CSV, HTML, XML, NBE, text. To save the results in a specific output format, you need to specify the -o\/-output<\/strong> option as well as the -Format<\/strong> option to define the output format. See examples below to save the scan results in html format.<\/p>\n\n\n\n
nikto -h 192.168.60.19 -o test.html -F html<\/code><\/pre>\n\n\n\n
You can therefore access the report via web browser. See screenshot below;<\/p>\n\n\n\n
![\"Install](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/nikto.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\n