Scanning Webservers with Nikto for vulnerabilities

Nikto is a very popular and easy to use webserver assessment tool to find potential problems and vulnerabilities very quickly. This tutorial shows you how to scan webservers for vulnerabilities using Nikto in Kali Linux. Nikto comes standard as a tool with Kali Linux and should be your first choice when pen testing webservers and web applications. Nikto is scanning for 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers as mentioned on the official Nikto website. Nikto comes with the following features:

FeaturesThese are some of the major features in the current version:

• SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
  Perl/NetSSL)
• Full HTTP proxy support
• Checks for outdated server components
• Save reports in plain text, XML, HTML, NBE or CSV
• Template engine to easily customize reports
• Scan multiple ports on a server, or multiple servers via input file (including nmap output)
• LibWhisker’s IDS encoding techniques
• Easily updated via command line
• Identifies installed software via headers, favicons and files
• Host authentication with Basic and NTLM
• Subdomain guessing
• Apache and cgiwrap username enumeration
• Mutation techniques to “fish” for content on web servers
• Scan tuning to include or exclude entire classes of vulnerability
  checks
• Guess credentials for authorization realms (including many default id/pw combos)
• Authorization guessing handles any directory, not just the root
  directory
• Enhanced false positive reduction via multiple methods: headers,
  page content, and content hashing
• Reports “unusual” headers seen
• Interactive status, pause and changes to verbosity settings
• Save full request/response for positive tests
• Replay saved positive requests
• Maximum execution time per target
• Auto-pause at a specified time
• Checks for common “parking” sites
• Logging to Metasploit
• Thorough documentation

Another nice feature in Nikto is the possibility to define the test using the -Tuning parameter:

0 – File Upload
1 – Interesting File / Seen in logs
2 – Misconfiguration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service
7 – Remote File Retrieval – Server Wide
8 – Command Execution / Remote Shell
9 – SQL Injection

a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options (i.e., include all except specified)

Scanning webservers with Nikto

Let’s start Nikto to scan for interesting files using the following command:
nikto -host [hostname or IP] -Tuning 1

Nikto will display the Apache, OpenSSL and PHP version of the targeted webserver. Also it will give you an overview of possible vulnerabilities including the Open Source Vulnerabilities Database (OSVDB) reference. When you search the OSVDB website for the reference code it will explain the possible vulnerability in more detail. The OSVDB project currently covers 120,980 vulnerabilities, spanning 198,973 products from 4,735 researchers, over 113 years.

Run the following command to run all scans against a particular hosts. Please be a little patient because this might take a while to complete.

nikto -host [hostname or IP] -Tuning 1

Nikto Video Tutorial

Thanks for watching and please subscribe to my YouTube channel for more hacking tutorials :)