Introduction
Nikto is a popular open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.
While Nikto can be configured using command-line options, its default behavior is controlled by a central configuration file, nikto.conf. Understanding how to modify this file allows you to permanently change default settings, tailor scans for specific environments, and streamline your workflow.
In this lab, you will learn how to locate, read, and modify the nikto.conf file. You will change the default USERAGENT string, run a scan to observe the new behavior, and then restore the original configuration.
Locate the main nikto.conf configuration file
In this step, you will locate the main Nikto configuration file, nikto.conf. This file contains all the default settings that Nikto uses when it runs. On Debian-based systems like the Ubuntu environment you are using, this file is typically located in the /etc/ directory.
We can use the find command to search the entire filesystem for the file. This is a useful technique when you're unsure of a configuration file's exact location.
Execute the following command in your terminal to find nikto.conf. We will redirect standard error (2) to /dev/null to hide any "Permission denied" messages for a cleaner output.
sudo find / -name nikto.conf 2> /dev/null
You should see the path to the configuration file as the output:
/etc/nikto.conf
Now that you know its location, you can proceed to inspect its contents.
Open the file and review default settings like RFIURL
In this step, you will open the nikto.conf file using a text editor and examine some of its default settings. We will use the nano editor, which is a simple command-line text editor. Since the file is in /etc/ and owned by the root user, you must use sudo to open it.
Open the file with nano:
sudo nano /etc/nikto.conf
Once inside nano, you can navigate with the arrow keys. The file is heavily commented (lines starting with #) to explain what each variable does.
Let's search for a specific variable, RFIURL. This variable defines the external file Nikto uses for Remote File Inclusion (RFI) tests. Press Ctrl + W to open the search prompt, type RFIURL, and press Enter. You should see a line similar to this:
## The URL to a remote file to use for RFI tests.
RFIURL=http://cirt.net/rfi.txt
Next, let's find the USERAGENT variable, which we will modify in the next step. Press Ctrl + W again, type USERAGENT, and press Enter. You will find the default User-Agent string Nikto uses to identify itself to the web server.
## The User-Agent to send to the web server
USERAGENT=Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 (Nikto/2.5.0)
After reviewing these settings, you can exit nano without saving any changes by pressing Ctrl + X.
Change a static variable like the default USERAGENT
Now, you will modify a static variable in the configuration file. We will change the default USERAGENT to a custom value. Changing the User-Agent can be useful to mimic a specific browser, evade simple detection, or label your scan traffic for logging purposes.
First, open the file again with nano:
sudo nano /etc/nikto.conf
Use Ctrl + W to search for USERAGENT again. Once you've found the line, it's good practice to keep the original value for reference. Add a # at the beginning of the original USERAGENT line to comment it out. Then, on a new line directly below it, add your custom User-Agent.
Your changes should look like this:
## The User-Agent to send to the web server
#USERAGENT=Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 (Nikto/2.5.0)
USERAGENT=MyCustomScanner/1.0
Now, save the changes and exit the editor. Press Ctrl + O to write the changes, press Enter to confirm the filename, and then press Ctrl + X to exit nano. Your configuration is now updated.
Run a scan to observe the new default behavior
In this step, you will run a Nikto scan against the local web server to see your new USERAGENT in action. The setup script for this lab has already installed and started an Apache web server, which is running on 127.0.0.1 (localhost).
When Nikto starts a scan, it prints a summary of the configuration it's using. This allows us to verify our change without needing to inspect web server logs.
Run a basic scan against the local server with the -h (host) option:
nikto -h http://127.0.0.1
Observe the initial output from Nikto. It will list the target information and some of the options being used for the scan. You should see your custom User-Agent reflected in the output.
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 127.0.0.1
+ Target Hostname: 127.0.0.1
+ Target Port: 80
+ Start Time: 2023-10-27 10:30:00 (GMT0)
---------------------------------------------------------------------------
- Server: Apache/2.4.52 (Ubuntu)
+ User-Agent: MyCustomScanner/1.0
- The anti-clickjacking X-Frame-Options header is not present.
... (scan results will continue) ...
As you can see in the line + User-Agent: MyCustomScanner/1.0, Nikto is now using the default value you set in nikto.conf. You can stop the scan at any time by pressing Ctrl + C.
Revert the changes to the original configuration
Finally, it's good practice to restore the configuration to its original state, especially in a shared environment. In this step, you will revert the changes made to nikto.conf.
During the lab setup, a backup of the original configuration file was automatically created at /etc/nikto.conf.bak. You can restore this backup by using the mv (move) command to overwrite your modified file with the original one.
Execute the following command to restore the backup:
sudo mv /etc/nikto.conf.bak /etc/nikto.conf
This command moves /etc/nikto.conf.bak to /etc/nikto.conf, effectively replacing the file you edited.
To confirm that the file has been reverted, you can use the grep command to check the USERAGENT line again.
grep USERAGENT /etc/nikto.conf
The output should now show the original, un-commented User-Agent line, confirming that your changes have been successfully reverted.
USERAGENT=Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 (Nikto/2.5.0)
Summary
In this lab, you successfully customized Nikto's behavior by editing its core configuration file, nikto.conf. This is a fundamental skill for tailoring security tools to meet the specific requirements of a penetration test or security audit.
You have learned how to:
- Locate the
nikto.conffile on a Linux system. - Read and understand the purpose of configuration variables.
- Modify a static variable, specifically the
USERAGENT. - Verify the configuration change by running a scan and observing the output.
- Restore the original configuration from a backup file.
Mastering configuration file changes allows you to set persistent, custom defaults for your tools, making your security testing more efficient and effective.
