Perl<\/code><\/strong> based open-source web vulnerability scanner that can unearth every other potential threat on your web server including but not limited to;<\/p>\n\n\n\n\n- Insecure files and programs<\/li>\n\n\n\n
- Outdated servers and programs<\/li>\n\n\n\n
- Server and software misconfigurations<\/li>\n\n\n\n
- Default files and programs<\/li>\n<\/ul>\n\n\n\n
Nikto can run on almost any Operating system with Perl interpreter installed. It supports SSL, proxies, host authentication, attack encoding, IDS evation etc.<\/p>\n\n\n\n
Installing Nikto Web Scanner on Rocky Linux 8<\/h2>\n\n\n\n
There are two ways in which you can install Nikto web scanner.<\/p>\n\n\n\n
\n- Clone the Nikto GitHub repo and run Nikto perl<\/a><\/li>\n\n\n\n
- Install Nikto on Rocky Linux 8 from Third Party Repositories<\/a><\/li>\n<\/ol>\n\n\n\n
Clone the Nikto GitHub Repo and run Nikto perl program<\/h3>\n\n\n\n
The easiest and the most recommended way to run Nikto on Rocky Linux is to clone its GitHub repository to your system and run Nikto perl program from the repository directory.<\/p>\n\n\n\n
Since this is a perl program, you need to install perl on your system before you can run Nikto.<\/p>\n\n\n\n
dnf install perl<\/code><\/pre>\n\n\n\nOnce you have Perl installed, clone the Nikto repository;<\/p>\n\n\n\n
git clone https:\/\/github.com\/sullo\/nikto<\/code><\/pre>\n\n\n\nOnce you have cloned the repository, you can now change into program directory;<\/p>\n\n\n\n
cd nikto\/program<\/code><\/pre>\n\n\n\nand run nikto.pl<\/code><\/strong> program.<\/p>\n\n\n\nThe syntax is;<\/p>\n\n\n\n
.\/nikto.pl [options...]<\/strong><\/code><\/pre>\n\n\n\nWhen run without any command line options, it shows basic description of various command options;<\/p>\n\n\n\n
.\/nikto.pl<\/code><\/pre>\n\n\n\nSample output;<\/p>\n\n\n\n
\n- Nikto v2.1.6\n---------------------------------------------------------------------------\n+ ERROR: No host (-host) specified\n\n Options:\n -ask+ Whether to ask about submitting updates\n yes Ask about each (default)\n no Don't ask, don't send\n auto Don't ask, just send\n -Cgidirs+ Scan these CGI dirs: \"none\", \"all\", or values like \"\/cgi\/ \/cgi-a\/\"\n -config+ Use this config file\n -Display+ Turn on\/off display outputs:\n 1 Show redirects\n 2 Show cookies received\n 3 Show all 200\/OK responses\n 4 Show URLs which require authentication\n D Debug output\n E Display all HTTP errors\n P Print progress to STDOUT\n S Scrub output of IPs and hostnames\n V Verbose output\n -dbcheck Check database and other key files for syntax errors\n -evasion+ Encoding technique:\n 1 Random URI encoding (non-UTF8)\n 2 Directory self-reference (\/.\/)\n 3 Premature URL ending\n 4 Prepend long random string\n 5 Fake parameter\n 6 TAB as request spacer\n 7 Change the case of the URL\n 8 Use Windows directory separator (\\)\n A Use a carriage return (0x0d) as a request spacer\n B Use binary value 0x0b as a request spacer\n -Format+ Save file (-o) format:\n csv Comma-separated-value\n json JSON Format\n htm HTML Format\n nbe Nessus NBE format\n sql Generic SQL (see docs for schema)\n txt Plain text\n xml XML Format\n (if not specified the format will be taken from the file extension passed to -output)\n -Help This help information\n\n<\/code><\/pre>\n\n\n\nIf you want to see more details about the options above, run the command below;<\/p>\n\n\n\n
.\/nikto -H<\/code><\/pre>\n\n\n\nUsing Nikto to Perform Web Scanning<\/h4>\n\n\n\n
In this section, we are going to see how Nikto is used with various command line options shown above to perform web scanning.<\/p>\n\n\n\n
In its basic functionality, Nikto requires just an host an to scan. The target host can be specified with the -h <\/strong>or -host <\/strong>option. For example, to scan a web server whose IP address is 192.168.60.20<\/strong>, run Nikto as follows;<\/p>\n\n\n\n.\/nikto.pl -host 192.168.60.20<\/code><\/pre>\n\n\n\n\n- Nikto v2.1.6\n---------------------------------------------------------------------------\n+ Target IP: 192.168.60.20\n+ Target Hostname: 192.168.60.20\n+ Target Port: 80\n+ Start Time: 2021-07-13 22:17:01 (GMT3)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.37 (rocky)\n+ Cookie PHPSESSID created without the httponly flag\n+ Retrieved x-powered-by header: PHP\/7.4.6\n+ The anti-clickjacking X-Frame-Options header is not present.\n+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.\n+ Root page \/ redirects to: login.php\n+ Apache\/2.4.37 appears to be outdated (current is at least Apache\/2.4.46). Apache 2.2.34 is the EOL for the 2.x branch.\n+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST\n+ OSVDB-3268: \/config\/: Directory indexing found.\n+ \/config\/: Configuration information may be available remotely.\n+ OSVDB-3268: \/tests\/: Directory indexing found.\n+ OSVDB-3092: \/tests\/: This might be interesting.\n+ OSVDB-3268: \/icons\/: Directory indexing found.\n+ OSVDB-3268: \/docs\/: Directory indexing found.\n+ OSVDB-3233: \/icons\/README: Apache default file found.\n+ OSVDB-3092: \/.git\/index: Git Index file may contain directory listing information.\n+ \/.git\/HEAD: Git HEAD file found. Full repo details may be present.\n+ \/.git\/config: Git config file found. Infos about repo details may be present.\n+ \/.gitignore: .gitignore file found. It is possible to grasp the directory structure.\n+ 8916 requests: 0 error(s) and 17 item(s) reported on remote host\n+ End Time: 2021-07-13 22:17:16 (GMT3) (15 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested\n<\/code><\/pre>\n\n\n\nAs you can see from the output, when the target host is specified without a port, Nikto scans port 80<\/strong> by default.<\/p>\n\n\n\nHowever, if your web server is running on a different port, you have to specify the port using the -p<\/strong> or -port<\/strong> option.<\/p>\n\n\n\nSee example below;<\/p>\n\n\n\n
.\/nikto.pl -h 192.168.60.15 -p 8080<\/code><\/pre>\n\n\n\nIf you have multiple virtualhosts on the same host server listening on different ports, you can specify multiple ports by separating them with comma.<\/p>\n\n\n\n
.\/nikto.pl -h 192.168.60.20 -p 8080,8888<\/code><\/pre>\n\n\n\nYou can also specify a range of ports in the format port1-portN<\/strong> for example,<\/p>\n\n\n\n.\/nikto.pl -h 192.168.60.20 -p 8080-8888<\/code><\/pre>\n\n\n\nInstead of using the IP address to specify the target host, URLs can also be used for example;<\/p>\n\n\n\n
.\/nikto.pl -h mydvwa.example.com<\/code><\/pre>\n\n\n\n.\/nikto.pl -h https:\/\/mydvwa.example.com<\/code><\/pre>\n\n\n\nYou can also specify the port when you use URL;<\/p>\n\n\n\n
.\/nikto.pl -h mydvwa.example.com -p 8080<\/code><\/pre>\n\n\n\n.\/nikto.pl -h https:\/\/mydvwa.example.com -p 8443<\/code><\/pre>\n\n\n\nor<\/p>\n\n\n\n
.\/nikto.pl -h mydvwa.example.com:8080<\/code><\/pre>\n\n\n\n.\/nikto.pl -h https:\/\/mydvwa.example.com:8443\/<\/code><\/pre>\n\n\n\nAs much as target hosts can be specified using the -p<\/strong> option, it is also possible to specify a file containing a list of target hosts one per line. For instance, you file should should contains the targets in the format;<\/p>\n\n\n\ncat scan-targets<\/code><\/pre>\n\n\n\nhttps://mydvwa.example.com:443\/\n192.168.60.20:8888\n192.168.43.101<\/code><\/pre>\n\n\n\nTo scan these hosts at the same time, run the command below;<\/p>\n\n\n\n
.\/nikto.pl -h scan-targets<\/code><\/pre>\n\n\n\nIt is also possible to scan the hosts in a network listening on web server ports using Nmap and pass the output to .\/nikto.pl. For example to scan for open port 80 in a network, 192.168.43.0\/24,<\/p>\n\n\n\n
nmap -p80 192.168.60.0\/24 -oG - | .\/nikto.pl -h -<\/code><\/pre>\n\n\n\nIf you are going through a proxy server, you can ask .\/nikto.pl to use proxy by using the -useproxy<\/strong> option. You can set the proxy details on the .\/nikto.pl configuration file, \/etc\/.\/nikto.pl\/config.txt <\/strong>or you can it on the command line as shown below;<\/p>\n\n\n\nTo define the proxy server details in the \/etc\/.\/nikto.pl\/config.txt file, use the format;<\/p>\n\n\n\n
PROXYHOST=192.168.20.45\nPROXYPORT=3128\nPROXYUSER=username\nPROXYPASS=password<\/code><\/pre>\n\n\n\nWhen you have defined the proxy details as shown above, then run .\/nikto.pl as follows;<\/p>\n\n\n\n
.\/nikto.pl -h 192.168.20.128 -useproxy<\/code><\/pre>\n\n\n\nTo specify the proxy connection details on the command line;<\/p>\n\n\n\n
.\/nikto.pl -h 192.168.20.128 -useproxy http:\/\/id:password@192.168.20.23:3128\/<\/code><\/pre>\n\n\n\n.\/nikto.pl -h 192.168.20.128 -useproxy http:\/\/@192.168.20.23:3128\/<\/code><\/pre>\n\n\n\nNikto can export scan results in different formats; CSV, HTML, XML, NBE, text. To save the results in a specific output format, you need to specify the -o\/-output<\/strong> option as well as the -Format<\/strong> option to define the output format. See examples below to save the scan results in html format.<\/p>\n\n\n\n.\/nikto.pl -h 192.168.60.20 -o \/var\/www\/html\/test.html -F html<\/code><\/pre>\n\n\n\nYou can therefore access the report via web browser. See screenshot below;<\/p>\n\n\n\n![\"\"](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/nikto-1.png\" "\\"\\"")
<\/figure>\n\n\n\n<\/a>Nikto can also be fine tuned to perform specific scans. Below is a description of the tuning options that can be used to achieve this functionality.<\/p>\n\n\n\n\n1 - Interesting File \/ Seen in logs\n2 - Misconfiguration \/ Default File\n3 - Information Disclosure\n4 - Injection (XSS\/Script\/HTML)\n5 - Remote File Retrieval - Inside Web Root\n6 - Denial of Service\n7 - Remote File Retrieval - Server Wide\n8 - Command Execution \/ Remote Shell\n9 - SQL Injection\n0 - File Upload\na - Authentication Bypass\nb - Software Identification\nc - Remote Source Inclusion\nx - Reverse Tuning Options (i.e., include all except specified)\n<\/code><\/pre>\n\n\n\nFor example, to test for SQL Injection and Remote File Retrieval \u2013 Server Wide, you would use .\/nikto.pl like;<\/p>\n\n\n\n
.\/nikto.pl -h 192.168.60.20 -Tuning 79 -o \/var\/www\/html\/test.html -F html<\/code><\/pre>\n\n\n\nSample command output;<\/p>\n\n\n\n
\n- Nikto v2.1.6\n---------------------------------------------------------------------------\n+ Target IP: 192.168.60.20\n+ Target Hostname: 192.168.60.20\n+ Target Port: 80\n+ Start Time: 2021-07-13 22:27:33 (GMT3)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.37 (rocky)\n+ Cookie PHPSESSID created without the httponly flag\n+ Retrieved x-powered-by header: PHP\/7.4.6\n+ The anti-clickjacking X-Frame-Options header is not present.\n+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.\n+ Root page \/ redirects to: login.php\n+ Apache\/2.4.37 appears to be outdated (current is at least Apache\/2.4.46). Apache 2.2.34 is the EOL for the 2.x branch.\n+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST\n+ 717 requests: 0 error(s) and 6 item(s) reported on remote host\n+ End Time: 2021-07-13 22:27:35 (GMT3) (2 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested\n<\/code><\/pre>\n\n\n\nInstall Nikto on Rocky Linux 8 from Third Party Repositories<\/h3>\n\n\n\n
Nikto can be installed from EPEL repos but also, there are some other required dependencies that can be provided by third party GetPageSpeed repository.<\/p>\n\n\n\n
dnf install https:\/\/extras.getpagespeed.com\/release-el8-latest.rpm epel-release<\/code><\/pre>\n\n\n\nOnce the repos are in place, install Nikto on Rocky Linux 8.<\/p>\n\n\n\n
dnf install nikto<\/code><\/pre>\n\n\n\n\n============================================================================================================================================================================\n Package Architecture Version Repository Size\n============================================================================================================================================================================\nInstalling:\n nikto noarch 1:2.1.6-8.el8 epel 352 k\nInstalling dependencies:\n perl-JSON-PP noarch 1:2.97.001-3.el8 appstream 67 k\n perl-Math-BigRat noarch 0.2614-1.el8 appstream 39 k\n perl-Time-HiRes x86_64 4:1.9758-2.el8 appstream 60 k\n perl-bignum noarch 0.49-2.el8 appstream 42 k\n perl-libwhisker2 noarch 2.5-29.el8 getpagespeed-extras-noarch 95 k\n\nTransaction Summary\n============================================================================================================================================================================\nInstall 6 Packages\n\nTotal download size: 655 k\nInstalled size: 2.8 M\nIs this ok [y\/N]: y\n<\/code><\/pre>\n\n\n\nYou can then use Nikto from the command line like above, except that for this you just run nikto<\/code> instead of .\/nikto.pl<\/code>.<\/p>\n\n\n\nnikto<\/code><\/pre>\n\n\n\n\n- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****\n- Nikto v2.1.6\n---------------------------------------------------------------------------\n+ ERROR: No host specified\n\n -config+ Use this config file\n -Display+ Turn on\/off display outputs\n -dbcheck check database and other key files for syntax errors\n -Format+ save file (-o) format\n -Help Extended help information\n -host+ target host\n -id+ Host authentication to use, format is id:pass or id:pass:realm\n -list-plugins List all available plugins\n -output+ Write output to this file\n -nossl Disables using SSL\n -no404 Disables 404 checks\n -Plugins+ List of plugins to run (default: ALL)\n -port+ Port to use (default 80)\n -root+ Prepend root value to all requests, format is \/directory \n -ssl Force ssl mode on port\n -Tuning+ Scan tuning\n -timeout+ Timeout for requests (default 10 seconds)\n -update Update databases and plugins from CIRT.net\n -Version Print plugin and database versions\n -vhost+ Virtual host (for Host header)\n \t\t+ requires a value\n\n\tNote: This is the short help output. Use -H for full help text.\n<\/code><\/pre>\n\n\n\nFeel free to explore the basic usage of other command line options from Nikto Documentation<\/a> page.<\/p>\n\n\n\nOther Tutorials<\/h3>\n\n\n\n
Detecting Malicious Files with Wazuh and VirusTotal<\/a><\/p>\n\n\n\nIntercept Malicious File Upload with ModSecurity and ClamAV<\/a><\/p>\n\n\n\n
![<\/a>Nikto can also be fine tuned to perform specific scans. Below is a description of the tuning options that can be used to achieve this functionality.<\/p>\n\n\n\n\n1 - Interesting File \/ Seen in logs\n2 - Misconfiguration \/ Default File\n3 - Information Disclosure\n4 - Injection (XSS\/Script\/HTML)\n5 - Remote File Retrieval - Inside Web Root\n6 - Denial of Service\n7 - Remote File Retrieval - Server Wide\n8 - Command Execution \/ Remote Shell\n9 - SQL Injection\n0 - File Upload\na - Authentication Bypass\nb - Software Identification\nc - Remote Source Inclusion\nx - Reverse Tuning Options (i.e., include all except specified)\n<\/code><\/pre>\n\n\n\nFor example, to test for SQL Injection and Remote File Retrieval \u2013 Server Wide, you would use .\/nikto.pl like;<\/p>\n\n\n\n.\/nikto.pl -h 192.168.60.20 -Tuning 79 -o \/var\/www\/html\/test.html -F html<\/code><\/pre>\n\n\n\nSample command output;<\/p>\n\n\n\n\n- Nikto v2.1.6\n---------------------------------------------------------------------------\n+ Target IP: 192.168.60.20\n+ Target Hostname: 192.168.60.20\n+ Target Port: 80\n+ Start Time: 2021-07-13 22:27:33 (GMT3)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.37 (rocky)\n+ Cookie PHPSESSID created without the httponly flag\n+ Retrieved x-powered-by header: PHP\/7.4.6\n+ The anti-clickjacking X-Frame-Options header is not present.\n+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.\n+ Root page \/ redirects to: login.php\n+ Apache\/2.4.37 appears to be outdated (current is at least Apache\/2.4.46). Apache 2.2.34 is the EOL for the 2.x branch.\n+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST\n+ 717 requests: 0 error(s) and 6 item(s) reported on remote host\n+ End Time: 2021-07-13 22:27:35 (GMT3) (2 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested\n<\/code><\/pre>\n\n\n\nInstall Nikto on Rocky Linux 8 from Third Party Repositories<\/h3>\n\n\n\nNikto can be installed from EPEL repos but also, there are some other required dependencies that can be provided by third party GetPageSpeed repository.<\/p>\n\n\n\ndnf install https:\/\/extras.getpagespeed.com\/release-el8-latest.rpm epel-release<\/code><\/pre>\n\n\n\nOnce the repos are in place, install Nikto on Rocky Linux 8.<\/p>\n\n\n\ndnf install nikto<\/code><\/pre>\n\n\n\n\n============================================================================================================================================================================\n Package Architecture Version Repository Size\n============================================================================================================================================================================\nInstalling:\n nikto noarch 1:2.1.6-8.el8 epel 352 k\nInstalling dependencies:\n perl-JSON-PP noarch 1:2.97.001-3.el8 appstream 67 k\n perl-Math-BigRat noarch 0.2614-1.el8 appstream 39 k\n perl-Time-HiRes x86_64 4:1.9758-2.el8 appstream 60 k\n perl-bignum noarch 0.49-2.el8 appstream 42 k\n perl-libwhisker2 noarch 2.5-29.el8 getpagespeed-extras-noarch 95 k\n\nTransaction Summary\n============================================================================================================================================================================\nInstall 6 Packages\n\nTotal download size: 655 k\nInstalled size: 2.8 M\nIs this ok [y\/N]: y\n<\/code><\/pre>\n\n\n\nYou can then use Nikto from the command line like above, except that for this you just run nikto<\/code> instead of .\/nikto.pl<\/code>.<\/p>\n\n\n\nnikto<\/code><\/pre>\n\n\n\n\n- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****\n- Nikto v2.1.6\n---------------------------------------------------------------------------\n+ ERROR: No host specified\n\n -config+ Use this config file\n -Display+ Turn on\/off display outputs\n -dbcheck check database and other key files for syntax errors\n -Format+ save file (-o) format\n -Help Extended help information\n -host+ target host\n -id+ Host authentication to use, format is id:pass or id:pass:realm\n -list-plugins List all available plugins\n -output+ Write output to this file\n -nossl Disables using SSL\n -no404 Disables 404 checks\n -Plugins+ List of plugins to run (default: ALL)\n -port+ Port to use (default 80)\n -root+ Prepend root value to all requests, format is \/directory \n -ssl Force ssl mode on port\n -Tuning+ Scan tuning\n -timeout+ Timeout for requests (default 10 seconds)\n -update Update databases and plugins from CIRT.net\n -Version Print plugin and database versions\n -vhost+ Virtual host (for Host header)\n \t\t+ requires a value\n\n\tNote: This is the short help output. Use -H for full help text.\n<\/code><\/pre>\n\n\n\nFeel free to explore the basic usage of other command line options from Nikto Documentation<\/a> page.<\/p>\n\n\n\nOther Tutorials<\/h3>\n\n\n\nDetecting Malicious Files with Wazuh and VirusTotal<\/a><\/p>\n\n\n\nIntercept Malicious File Upload with ModSecurity and ClamAV<\/a><\/p>\n\n\n\nInstall and use ClamAV on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"In this tutorial, you will learn how to install Nikto web scanner on Rocky Linux 8. Nikto is a Perl based open-source web vulnerability scanner that can<\/p>\n","protected":false},"author":3,"featured_media":9649,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,150],"tags":[3842,223,3843,3836],"class_list":["post-9645","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-vulnerability-scanners","tag-install-nikto-on-rocky-linux-8","tag-nikto","tag-nikto-scanner","tag-nikto-web-scanner","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9645"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9645"}],"version-history":[{"count":3,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9645\/revisions"}],"predecessor-version":[{"id":21731,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9645\/revisions\/21731"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9649"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/.\/nikto.pl.png\"){kind=link}