Web vulnerability scanning with Nikto
What is Nikto?
Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server types specific checks. It also captures and prints any cookies received.
How Nikto works?
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Command line syntax:
Nikto -h -p -o -F
nikto -h 192.168.0.100 -p 80 -0 /home/user/Desktop/Nikto_Scan.html -F HTML
Nikto -h 192.168.0.100 -p 80 -0 /home/user/Desktop/Nikto_Scan.html -F HTML By specifying the file type to HTML, this will then save us the results of the scan in a nice and clear layout. After the scan has completed just open up the scan results HTML file in the web browser of your chose, the layout will be similar to the one shown on the next side.
HTML Nikto report:
As you can see Nikto, finds a large array of different potential threats on a given server. In the example below, we can see that
At the end of the HTML report, there will be a summary and overview of the scan, this report is perfect to present to a client, as it shows all the information gathered and clearly lists all the vulnerabilities and potential threats to there server.
Nikto is a great scanning software for finding vulnerabilities and potential threats on a web server, which can produce professional reports that clearly highlights all the problems found in the scan.
Link for more information and download: