Hi everyone as we all know there are numbers of web application scanner present on backtrack os so i will be covering most of the scanner in my upcoming post so today we are going to discuss about a small tool known as Nikto.


Nikto is basically an open source web server scanner which performs comprehensive tests against web servers for multiple items,including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto is not designed as an overly stealthy tool.its current version is "Nikto 2.1.5"

Some of its key feature:-

  • Full HTTP proxy support
  • Apache user name enumeration
  • Logging to metasploit
  • Secure Socket Layer support (SSL)
  • Subdomain brute forcing (guessing)
  • Easy to update
  • Save report on multiple format

    How to use Nikto for scanning web app ?

    The usage of this tool is very simple,but before doing these scanning you just need to update it.

    Command in backtrack

    #./ -update (on current directory cd/pentest/web/nikto)

    In kali it is.

    #nikto -update

    To run a basic scan you just need to type.

    #nikto -h [ip/target address]
    #./nokto -h [ip/host address](in backtrack)

    If you want to check different port than use

    #nikto -h [target host] -p [port number]

    If you want this test via proxy than you can use by this command -h [target host] -useproxy http://localhost:8080/

    For help and know more options available just use.

    #nikto -H

    i hope this tut will help you to use nikto scanner if any more doubt please do comment :).

    Thank you for reading.
  • Post a Comment

    Feel Free To Ask Your Query we Love To Answer