Assessing web server issues with Nikto

Nikto is an open source tool that allows security assessors to evaluate the configuration of web servers. Unlike Nmap or Nessus, Nikto is designed exclusively for web-based configuration evaluations. As a general rule, it's a good idea to run Nikto (or a similar web scanner) on web services that are identified as part of a penetration test or vulnerability assessment. Nikto can be accessed from its web page at https://cirt.net/Nikto2.

The installation of Nikto is a fairly straightforward process, similar to the other tools we've used throughout this book:

wget https://github.com/sullo/nikto/archive/master.zip
unzip master.zip
cd nikto-master/program
Nikto is now ready to use!

Nikto, like many early security tools, ...

Get Nmap Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap Essentials by David Shaw

Assessing web server issues with Nikto

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly