thelinuxvault blog

How to Scan Vulnerabilities of Websites Using Nikto in Linux: A Comprehensive Guide

Nikto is a powerful open-source web server scanner that performs comprehensive vulnerability assessments against web servers. Designed for rapid scanning, Nikto identifies outdated server software, dangerous CGI scripts, configuration errors, and other web-related security flaws. While it shouldn’t be your only security tool, Nikto excels at initial reconnaissance and identifying low-hanging vulnerabilities in web applications.

In this guide, you’ll learn how to install, configure, and leverage Nikto effectively on Linux systems. Whether you're a penetration tester, security analyst, or developer, understanding Nikto will significantly enhance your web application security posture.

Disclaimer:
⚠️ Only scan websites you own or have explicit permission to test. Unauthorized scanning is illegal and unethical.

2026-05

Table of Contents#

  1. Installing Nikto on Linux
  2. Basic Nikto Scan
  3. Understanding Nikto Output
  4. Advanced Scanning Techniques
  5. Common Practices & Tips
  6. Best Practices for Effective Scanning
  7. Practical Examples
  8. Conclusion
  9. References

Installing Nikto on Linux#

Nikto is available in most Linux repositories. Here are installation methods for popular distros:

Debian/Ubuntu#

sudo apt update
sudo apt install nikto

Fedora/RHEL/CentOS#

sudo dnf install nikto  # Fedora
sudo yum install nikto  # RHEL/CentOS 7

Arch Linux#

sudo pacman -S nikto

Verify Installation#

nikto -Version

Output: Nikto v2.5.0

Basic Nikto Scan#

Perform your first scan against a target domain or IP:

nikto -h http://example.com

Command Breakdown:

  • -h: Specifies the target host (HTTP/HTTPS).

Output Explained:#

- Nikto v2.5.0
- Target IP:          93.184.216.34
- Target Hostname:    example.com
- Server:             ECS (netlify/1.24.0)
+ Allowed HTTP Methods: GET, HEAD
+ /: Default account found for 'admin:admin'
+ /config/: Directory indexing enabled.
+ /backup/: Apache/2.4.7 appears outdated.

🚩 Key Indicators:

  • Outdated software versions
  • Exposed directories
  • Default credentials
  • Risky HTTP methods (e.g., PUT/DELETE)

Understanding Nikto Output#

Nikto categorizes findings using symbols:

  • +: Information
  • -: Minor concern
  • *: Important issue
  • !: Severe vulnerability

Common Findings:#

  1. OSVDB Entries: References to Open Source Vulnerability Database IDs.
  2. HTTP Methods: Dangerous methods like PUT or TRACE.
  3. Cookie Security: Missing HttpOnly or Secure flags.
  4. Directory Listings: Exposed sensitive directories.
  5. Server Version Disclosure: Exposes software versions.

Advanced Scanning Techniques#

Scan with Specific Port#

nikto -h http://example.com -p 8080

Use SSL/HTTPS#

nikto -h https://example.com -ssl

Authenticated Scans#

nikto -h http://example.com -id admin:password

(-id provides username:password for HTTP Basic Auth)

Save Results to File#

nikto -h http://example.com -o scan_report.html -F html

Formats: csv, txt, xml, nbe (Nessus).

Evasion Techniques (Stealth)#

nikto -h http://example.com -evasion 1

Evasions:

  • 1: Random URL encoding
  • 2: Directory self-reference
  • 3: Premature URL termination

Common Practices & Tips#

  1. Combine with Proxies: Pipe Nikto through proxychains for anonymity:

    proxychains nikto -h http://example.com

  2. Scan Multiple Hosts: Use file input:

    nikto -h hosts.txt

    (Where hosts.txt contains one target per line)

  3. Performance Tuning:

    • Speed up with -Tuning x (e.g., x=1 scans for files only).
    • Slow down with -delay 2 (seconds) to evade rate limiting.

  4. Check Plugins: Nikto supports plugins for extended checks:

    nikto -h http://example.com -Plugins cgi,robots

Best Practices for Effective Scanning#

  1. Permissions First: Always obtain written authorization.
  2. Schedule Off-Peak Scans: Avoid disrupting production traffic.
  3. Combine Tools: Use Nikto alongside OWASP ZAP, Nmap, or Burp Suite.
  4. Update Nikto Regularly: 
    nikto -update
  5. Review False Positives: Manually verify critical findings.
  6. Scan Staging Environments: Test pre-production sites first.

Practical Examples#

Example 1: Full Audit with Reporting#

nikto -h https://test-site.local \
  -ssl \
  -Tuning 1,2,3,4,5,6,7,8,9 \  # Scan all types
  -o report.xml \
  -Format xml

Example 2: Check for XSS/CGI Risks#

nikto -h http://vulnerable-app.org \
  -Plugins "cgi,xss" \ 
  -evasion 1     # Evade basic WAFs

Example 3: Aggressive Scan with Authentication#

nikto -h http://dev.internal \
  -id api_user:S3curePass! \
  -Tuning 0 \     # Disable tuning (scan all checks)
  -timeout 3 \     # Faster timeout (seconds)
  -Display v       # Verbose mode

Conclusion#

Nikto is an indispensable tool for rapid web server reconnaissance. Its ability to detect misconfigurations, outdated software, and common vulnerabilities makes it a staple in security workflows. While not a replacement for manual testing or DAST suites, it provides a critical first layer of defense by identifying obvious weaknesses before attackers do.

Always update Nikto before scans, combine it with other tools, and adhere to ethical guidelines. Happy scanning!

References#

  1. Official Nikto Documentation
  2. Nikto GitHub Repository
  3. OWASP Testing Guide
  4. MITRE CWE Top 25
  5. HTTP Security Headers Guide