Running a web server scan is a straight forward process. Follow through this Nikto Tutorial to get an overview of what is involved. Start your web server testing with one of the most well known website / server testing tools. This is the same tool we use in our hosted service. Nikto is a perl based security testing tool and this means it will run on most operating systems with the necessary Perl interpreter installed. We will guide you through using it on Ubuntu Linux, basically because it is our operating system of choice and it just works. Perl comes already installed in Ubuntu.

• Install Nikto Ubuntu
• Install Nikto Ubuntu
• Install Nikto Kali

Nikto is a Perl based, open source vulnerability tool which performs wide range of tests against web servers for thousands of vulnerabilities, outdated versions. Nikto– one of the open source utilities that is widely used by Pentesters.Nikto has ability to identify potentially interesting files by referencing the robots.txt file, by spidering the surface of the application, and by cycling through a list of known files that contain sensitive information. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

Install Nikto Ubuntu

So it is a matter of downloading the tool, unpacking it and running the command with the necessary options. For Windows users running Nikto will involve installing a perl environment (activestate perl) or loading up a Linux virtual machine using.

If you are running Microsoft Windows as your main operating system you may find having a virtual machine with Kali Linux or Ubuntu will bring a number of benefits. For a starters it makes getting tools such as Nikto a very simple process, as well as develop some skills using Linux based operating system that will benefit all aspects of your security testing. The majority of free security testing tools are developed on and for Linux based systems. By using a virtual machine you can test Nikto and many other open source security tools without affecting your production workstation. Nikto Installation on Ubuntu On a default installation of Ubuntu, launch a terminal and using a standard user account download the latest version of Nikto.

Test@ubuntu:~$ wget You can unpack it with an archive manager tool or use tar and gzip together with this command.

Install Nikto Ubuntu

• Windows (using ActiveState Perl and Strawberry Perl). Some POSIX features, such as interactive commands may not work under Windows. • Mac OSX • Various Linux and Unix installations (including RedHat, Solaris, Debian, Ubuntu, BackTrack, etc.) The only required Perl module that does not come standard is LibWhisker. Nikto comes with and is configured to use a local LW.pm file (in the plugins directory). As of Nikto version 2.1.5, the included LibWhisker differs (slightly) from the standard LibWhisker 2.5 distribution.

Install Nikto Kali

For SSL support the Net::SSLeay Perl module must be installed. Windows support for SSL is dependent on the installation package, but is rumored to exist for ActiveState's Perl. For support for logging to Metasploit, the RPC::XML and RPC::XML::Client modules must be installed. Nikto will operate without these modules, but the functionality will not be available. Install These instructions do not include information on installing Perl, Perl Modules, OpenSSL, LibWhisker or any of the utilities that may be needed during installation (such as gzip, tar, etc.).