• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • February
  • 4
  • Nikto – Web Server Scanner

Nikto – Web Server Scanner

February 4, 2018 Comments Off on Nikto – Web Server Scanner
download nikto how to use nikto Nikto - Web Server Scanner nikto commands nikto scan nikto tutorial

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).
Not every check is a security problem, though most are. There are some items that are “info only” type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

Features:

  • SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
  • Perl/NetSSL)
  • Full HTTP proxy support
  • Checks for outdated server components
  • Save reports in plain text, XML, HTML, NBE or CSV
  • Template engine to easily customize reports
  • Scan multiple ports on a server, or multiple servers via input file (including nmap output)
  • LibWhisker’s IDS encoding techniques
  • Easily updated via command line
  • Identifies installed software via headers, favicons and files
  • Host authentication with Basic and NTLM
  • Subdomain guessing
  • Apache and cgiwrap username enumeration
  • Mutation techniques to “fish” for content on web servers
  • Scan tuning to include or exclude entire classes of vulnerability
  • checks
  • Guess credentials for authorization realms (including many default id/pw combos)
  • Authorization guessing handles any directory, not just the root
  • directory
  • Enhanced false positive reduction via multiple methods: headers,
  • page content, and content hashing
  • Reports “unusual” headers seen
  • Interactive status, pause and changes to verbosity settings
  • Save full request/response for positive tests
  • Replay saved positive requests
  • Maximum execution time per target
  • Auto-pause at a specified time
  • Checks for common “parking” sites
  • Logging to Metasploit
  • Thorough documentation

Basic Usage:

  
Options:
-ask+               Whether to ask about submitting updates
                      yes   Ask about each (default)
                      no    Don't ask, don't send
                      auto  Don't ask, just send
-Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
-config+            Use this config file
-Display+           Turn on/off display outputs:
                        1     Show redirects
                        2     Show cookies received
                        3     Show all 200/OK responses
                        4     Show URLs which require authentication
                        D     Debug output
                        E     Display all HTTP errors
                        P     Print progress to STDOUT
                        S     Scrub output of IPs and hostnames
                        V     Verbose output
-dbcheck           Check database and other key files for syntax errors
-evasion+          Encoding technique:
                        1     Random URI encoding (non-UTF8)
                        2     Directory self-reference (/./)
                        3     Premature URL ending
                        4     Prepend long random string
                        5     Fake parameter
                        6     TAB as request spacer
                        7     Change the case of the URL
                        8     Use Windows directory separator (\)
                        A     Use a carriage return (0x0d) as a request spacer
                        B     Use binary value 0x0b as a request spacer
-Format+           Save file (-o) format:
                        csv   Comma-separated-value
                        htm   HTML Format
                        msf+  Log to Metasploit
                        nbe   Nessus NBE format
                        txt   Plain text
                        xml   XML Format
(if not specified the format will be taken from the file extension passed to -output)
-Help              Extended help information
-host+             Target host
-IgnoreCode        Ignore Codes--treat as negative responses
-id+               Host authentication to use, format is id:pass or id:pass:realm
-key+              Client certificate key file
-list-plugins      List all available plugins, perform no testing
-maxtime+          Maximum testing time per host
-mutate+           Guess additional file names:
                        1     Test all files with all root directories
                        2     Guess for password file names
                        3     Enumerate user names via Apache (/~user 
                              type requests)
                        4     Enumerate user names via cgiwrap 
                              (/cgi-bin/cgiwrap/~user type requests)
                        5     Attempt to brute force sub-domain names, 
                              assume that the host name is the parent domain
                        6     Attempt to guess directory names from the 
                              supplied dictionary file
-mutate-options    Provide information for mutates
-nointeractive     Disables interactive features
-nolookup          Disables DNS lookups
-nossl             Disables the use of SSL
-no404             Disables nikto attempting to guess a 404 page
-output+           Write output to this file ('.' for auto-name)
-Pause+            Pause between tests (seconds, integer or float)
-Plugins+          List of plugins to run (default: ALL)
-port+             Port to use (default 80)
-RSAcert+          Client certificate file
-root+             Prepend root value to all requests, format is /directory
-Save              Save positive responses to this directory ('.' for auto-name)
-ssl               Force ssl mode on port
-Tuning+           Scan tuning:
                        1     Interesting File / Seen in logs
                        2     Misconfiguration / Default File
                        3     Information Disclosure
                        4     Injection (XSS/Script/HTML)
                        5     Remote File Retrieval - Inside Web Root
                        6     Denial of Service
                        7     Remote File Retrieval - Server Wide
                        8     Command Execution / Remote Shell
                        9     SQL Injection
                        0     File Upload
                        a     Authentication Bypass
                        b     Software Identification
                        c     Remote Source Inclusion
                        x     Reverse Tuning Options 
                              (i.e., include all except specified)
-timeout+          Timeout for requests (default 10 seconds)
-Userdbs           Load only user databases, not the standard databases
                   all   Disable standard dbs and load only user dbs
                   tests Disable only db_tests and load udb_tests
-until             Run until the specified time or duration
-update            Update databases and plugins from CIRT.net
-useproxy          Use the proxy defined in nikto.conf
-Version           Print plugin and database versions
-vhost+            Virtual host (for Host header)
       + requires a value

Download Nikto

Post navigation

Snitch – Information Gathering via Dorks
AutoSploit – Automated Mass Exploiter

Related Articles

Syhunt Community 6.7 – Web And Mobile Application Scanner

- Vulnerability Scanners
October 1, 2019

OpenVAS – Open Vulnerability Assessment System

- Vulnerability Scanners
August 6, 2019August 6, 2019

XSpear: Powerfull XSS Scanning and Parameter Analysis tool

- Cross Site Scripting, Vulnerability Scanners
July 27, 2019
hacker gadgets
hacker phone covers

Recent Posts

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

January 29, 2023
Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

January 28, 2023
firebaseExploiter: discovers open and exploitable Firebase Database

firebaseExploiter: discovers open and exploitable Firebase Database

January 28, 2023
CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

January 27, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW