How to use Web Vulnerability Scanner Nikto to scan any Website

When a penetration tester or a security analyst starts to perform website testing, the first step is to conduct reconnaissance where he would get information related to target and from that, he can identify the attack surface.

The attack surface is nothing but a total sum of vulnerabilities that can be exploited to carry out a security attack. After the attack surface is identified by the analyst, he would use some useful web scanning tools to further identify those vulnerabilities, which might become the primary attack vectors.

So far, Nikto is one of the most commonly used website vulnerabilities tools in the industry. It is an open source web server scanner that renders a bunch of vulnerabilities found on a website that could be exploited. Hence playing a primary role to perform website assessment and detects possible vulnerabilities on a site to keep it safe from an attacker.

Let’s just understand how this works. Assume that you have a URL of a target, by using Nikto you need to provide it with one of the three different types of information i.e. an IP Address for a local service, a web domain or an SSL/HTTPS enabled website. These are the three main target information used by Nikto to dig around and hunt the vulnerabilities.

Although we cannot deny the effectiveness of this tool, however one of the main disadvantages of the said tool is, it is not stealthy. While perform scanning on any website that has security controls enabled like Intrusion Detection System or Intrusion Prevention System, they would get notified that they are being scanned

Installing the tool Nikto

You can install Nikto by apt-get install nikto, but in Kali Linux it is pre-installed located in the “Vulnerability Analysis” category.


Type nikto -Help to see all the options that we can perform using this tool.


NiktoNikto 3From above we can see it has many options based on performing different tasks. We are going to use a standard syntax i.e. substituting the target’s IP with -h flag and specifying -ssl to force ssl mode on port:

Nikto 4This showing the quick scan of the targeted website.

Now try Nikto on a local network for finding embedded servers for example a login page for a router or an HTTP service on another machine that’s just a server with no website.

First find our IP address from ifconfig.

Nikto 5After getting the IP run ipcalc to get the range. If it is not installed in your machine first install it by: # apt-get install ipcalc then run # ipcalc

We got the range, now we are interested to run Nmap so that we can find services running in that network range.

Let’s get started with port 80 and scan our network range with it, also specify the flag -oG (grepable output) to take out all those hosts that are up and running. Save the output in a file named ‘ehacking.txt’. You can name it whatever you want.

Nikto 7Nikto 8Use cat command to read the output from our saved file

cat commandUse cat with ‘awk’, a linux tool that will scan the patterns where ‘Up’ means the port is open and the host is up whereas ‘print 2$’ would direct to print out the second word for each in that line, i.e., IP address. Save that data to a new file named ‘targetIP.txt’ as Nikto can easily interpret files like this.

Nikto 9These are all the hosts that have port 80 on. Run Nikto on targetIP.txt.

Nikto 10

So far, we have scanned an SSL enabled website and an IP address on a local network, now let’s scan a website using port 80 (HTTP enabled) i.e an unsecured web domain:

Nikto 11

So, this can tell us it is using Varnish server and some of the headers that would indicate the configuration of website.

The last entries with the OSVDB prefix are those vulnerabilities reported in the Open Source Vulnerability Database (this site shuts down in 2016).

you can use the CVE tool to convert the OSVDB identifier into a CVE entry so that you can use one of the other sites above to learn more about the vulnerability. The CVE contain information about what can be exploited, what the severity score is (such as critical), and some other information that can help accessing an attack vector.

Advantages of Nikto

One of the best things about Nikto is that you can actually export information to a format that can be read by Metasploit when you are doing a scan. To do that, just use the above commands to scan, but append -Format msf+ to the end. The format will allow us to quickly pair data with a weaponized exploit.

This is all about scanning target website for vulnerabilities from identifying first the attacking surface then further hunting those vulnerabilities which can be used as a weaponized exploit.

As this tool is not stealthy, it is recommended that use this tool with a VPN or through TOR browser to be anonymous and protect your identity.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Ultimate Blockchain & Bitcoin Guide

Let us start with a scenario. Whenever there is an election, we always hear the rumor that there is rigging in the election. In...

5 Top Cybersecurity Career Paths & Certifications

We are living in a world of innovations. Now, imagine innovative technologies with zero security is such a big nightmare. Cybersecurity comes here for...

How to Become a Certified Ethical Hacker (CEH)?

Data security becomes more important in running a successful business since persistent threats, hacks, and data breaches happening to an organization’s data. Every organization...

How to Tell if an Online Casino is Safe

Before the UK government established the Gambling Commission in 2005, online gambling was generally unregulated. Sure, Curacao and Malta had regulatory agencies at the...


Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.