Quartz 4

Nikto

2 min read

Purpose: Nikto is a web server scanner that performs comprehensive tests against web servers for multiple items, including potentially dangerous files/programs, outdated versions, and other security issues. Relevance: It is designed specifically for discovering vulnerabilities in web applications, making it the most appropriate choice for a penetration tester targeting a web application.

Key Features & What It Looks For

Nikto uses a constantly updated database to perform over 6,700 distinct tests against a target. Its primary targets include:

  • Misconfigurations: It looks for poorly configured HTTP headers, open directory indexing (where anyone can browse backend files), and default installation files that admins forgot to delete.

  • Outdated Software: It identifies the specific version of the web server (like Apache, Nginx, or IIS) and cross-references it against over 1,250 servers to see if it is vulnerable to known exploits.

  • Dangerous Files: It scans for exposed CGI scripts, leftover backup files, and administrative panels that should not be public.

  • Information Disclosure: It analyzes robots.txt files, favicons, and cookies to fingerprint the backend infrastructure.

The “Loudness” Factor

This is a crucial concept for real-world engagements: Nikto is not a stealthy tool. Because it fires off thousands of HTTP GET requests in a matter of minutes, it generates a massive amount of noise in the target’s web server logs. If the target network has an Intrusion Detection System (IDS) or a Web Application Firewall (WAF) properly configured, Nikto will light up their dashboard immediately and your IP address will likely be blocked.

Because of this, pentesters often use Nikto in two specific ways:

  1. During authorized, “white-box” audits where stealth isn’t required and the goal is simply maximum vulnerability coverage.

  2. During “red-team” engagements specifically to test if the blue team’s IDS is actually working and alerting properly.

Basic Usage

Because it is a command-line tool, it is very straightforward to deploy. In Kali Linux (where it is pre-installed), a basic scan against a target website or IP address looks like this:

Bash

nikto -h http://example.com

Note: The -h flag stands for “host”. You can also add -p to specify a non-standard port, or -ssl to force an HTTPS scan.

vulnerabilityscanning enumerration activerecon #clitool #webserver #scanning tools

Graph View

Backlinks