Nikto is an Open Source web vulnerability scanner which runs in command line. It can perform comprehensive tests against over 6700 potentially dangerous files or programs and checks for outdated versions on 1250 servers, and version specific problems on over 270 servers. Nikto can find vulnerabilities on hosts and web servers. Nikto comes pre-installed with Kali Linux.


To use nikto on our Kali Linux, we fire up our Terminal, and type following commands to check the options in details in nikto:
nikto -H

We can see the detailed options in the following screenshot:


Now run this tool against a vulnerable web target. In our case we have run Damn Vulnerable Web Application in our localhost, and we run nikto here. So we use following command:
nikto -h

This will take some time to complete the scan. Then the result comes like following screenshot:


Here we got the details nikto has find in this web server.

If we want to scan specific tuning then our command will be following:
nikto -h -Tuning 9

By using this command nikto will tuned for tune number 9. 9 number tune is for SQL Injection. We can see the tuning and other options in the -H (help) menu.

Nikto is an automated tool that find CGI and dangerous files and scan for vulnerabilities. If we want to save the scan results and analyze later then we type following command:
nikto -h -output /root/Desktop/nikto-scans -Format html

This command will save out scanned result in root/Desktop/nikto-scans and the file format will be in html.


The HTML file looks like following screenshot:


We also can choose output file format as text,XML, NBE or CSV file format.

This is how we can use nikto in Kali Linux to scan for vulnerabilities, bad attackers takes advantage of this vulnerabilities but that will be a crime, searching for vulnerabilities may be crime in some cases.

So we always suggest to make a legal paper of penetration testing permission, and report the admins of the web application, that they can fix it.

Liked our tutorials then follow us on Twitter and visit our site regularly.