Nikto - site scanner for vulnerabilities

Started by arthyk, Aug 10, 2022, 07:31 AM

Previous topic - Next topic

arthykTopic starter

The first step for a hаcker or pentester before attacking any website involves creating a target list after careful reconnaissance, in which weaknesses are identified as potential attack vectors. Following this, the hаcker would utilize a web server scanning tool such as Nikto to identify vulnerabilities that can be exploited.

Nikto, an open-source and easy-to-use web server scanner, is recognized as a leading solution for identifying website vulnerabilities, making it a popular choice in the industry. However, before using Nikto, it is recommended to perform preliminary reconnaissance with tools like Maltego to create a specific list of goals to focus on.

Once a target list has been finalized, Nikto can assist in identifying any potential vulnerabilities, with the ultimate goal of exploiting them to takeover the targeted website. Finding a vulnerability with a known exploit will make it easier to perform covert attacks, such as inserting malicious code.

James Fisher

Nikto is a useful tool for scanning software on our server to identify any potentially vulnerable files or programs. Perl support is required to run Nikto, and it is compatible with numerous operating systems including Linux, Unix, and Windows. Reports generated by Nikto can be exported in formats such as TXT, CSV for Excel, HTML, and XML.

In addition to scanning multiple ports using the -p option, Nikto can also scan multiple hosts in one session. This can be accomplished by creating a text file of hostnames or IP addresses with the corresponding port numbers at the end of each line. The file can be transferred to Nikto via standard output/input using "-" as the file name.

Furthermore, Nikto can utilize a proxy by specifying it in either the configuration file or command line option. The -useproxy option is used to install a proxy on the command line, while the configuration file requires setting the PROXY* variables and executing Nikto with the -useproxy option.


Regarding Nikto - unfortunately, I could not find reliable information about the creators of the resource. Accordingly, there is little confidence in where else information about the problems of the site will be sent and whether there will be additional hidden surprises. Open source does not yet guarantee reliability.