Introduction
Nikto is a popular open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.
Before conducting any scans, it's crucial to understand the available options and how to use them correctly. The command-line help menus are the most direct way to learn about Nikto's capabilities.
In this lab, you will explore the various help-related command-line options available in Nikto. You will learn how to access basic and detailed help, list all available test plugins, and check the tool's version. Mastering these simple commands will provide a solid foundation for using Nikto effectively in more complex scenarios.
Access the basic help menu with -h
In this step, you will learn how to access the basic help menu. Like many command-line tools, Nikto provides a -h (or --help) option to display a summary of the most common command-line options. This is the first place you should look when you need a quick reminder of how to use the tool.
Execute the following command in your terminal to display the basic help menu:
nikto -h
You will see a condensed list of options. This output is designed to be a quick reference for everyday use.
- Nikto v2.5.0
---------------------------------------------------------------------------
-config+ Use this config file
-Display+ Turn on/off display outputs
-evasion+ Encoding technique
-Format+ Save file (-o) format
-host+ Host to target
-Help Extended help information
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-nointeractive Disables interactive features
-nossl Disables the use of SSL
-no404 Disables 404 checking
... (output truncated) ...
+ requires a value
This gives you a brief overview of what each option does. Notice that some options are marked with a +, indicating they require a value.
View the extended help display with -H
In this step, you will view the extended help menu. While the -h option is useful for a quick reminder, sometimes you need more detailed information about all available options, including the less common ones. For this purpose, Nikto provides the -H (or --Help) option.
Run the following command to see the full help display:
nikto -H
The output from this command is much more comprehensive than the basic help menu. It provides a complete list of all options, often with more detailed explanations and examples.
- Nikto v2.5.0
---------------------------------------------------------------------------
-ask+ (yes/no) Whether to ask about submitting updated
information to CIRT.net.
-config+ (config.txt) Specify a configuration file to use instead
of the default file.
-dbcheck Check the scan databases for syntax errors.
-Display+ (1234D) Control the output that Nikto shows. Use the
reference number or letter to specify the
type. Multiple may be used.
1 - Show redirects
2 - Show cookies received
3 - Show all 200/OK responses
4 - Show URLs which require authentication
D - Debug output
E - Display all HTTP errors
P - Print progress to STDOUT
S - Scrub output of IPs and hostnames
V - Verbose output
... (output truncated) ...
Take a moment to scroll through this output. You will discover many powerful features that were not listed in the basic help menu.
List all available plugins with -list-plugins
In this step, you will learn how to list all available Nikto plugins. Nikto's scanning power comes from its plugins, which are individual scripts that perform specific tests. Understanding which plugins are available can help you customize your scans.
To see a complete list of all installed plugins, use the -list-plugins option.
Execute the command below:
nikto -list-plugins
This will print a long list of all the plugins that Nikto can use during a scan. Each plugin is responsible for checking a specific vulnerability or misconfiguration.
- Nikto v2.5.0
---------------------------------------------------------------------------
Loaded 289 plugins from /var/lib/nikto/plugins
Plugin:
- aolserver
http://cirt.net/plugins.shtml#aolserver
Checks for AOLserver specific items
Plugin:
- apache
http://cirt.net/plugins.shtml#apache
Checks for Apache specific items
Plugin:
- apache_expect_xss
http://cirt.net/plugins.shtml#apache_expect_xss
Checks for the Apache Expect XSS header.
... (output truncated) ...
This list shows the plugin name, a link to more information, and a brief description of its purpose.
Check the syntax for a specific option
In this step, you will practice finding the syntax for a specific option using the help menu. The extended help (-H) is your reference manual. When you want to know how to use a particular feature, you can search within this help output.
Let's say you want to use the -Tuning option to control which types of tests are run, but you're not sure what values are valid. You can combine the nikto -H command with grep to find the relevant information quickly.
Run the following command to find details about the -Tuning option:
nikto -H | grep 'Tuning'
The pipe symbol | sends the output of nikto -H to the grep command, which then filters the output to show only the lines containing the word "Tuning".
-Tuning+ (1234567890ab) Tuning options control the tests that Nikto
will use against a target. Use the reference
number or letter to specify the type.
Multiple may be used.
1 - Interesting File / Seen in logs
2 - Misconfiguration / Default File
3 - Information Disclosure
4 - Injection (XSS/Script/HTML)
5 - Remote File Retrieval - Inside Web Root
6 - Denial of Service
7 - Remote File Retrieval - Server Wide
8 - Command Execution / Remote Shell
9 - SQL Injection
0 - File Upload
a - Authentication Bypass
b - Software Identification
x - Reverse Tuning Options (i.e., include
all except specified)
This output clearly explains what the -Tuning option does and lists all the valid values you can use with it.
Verify the installed Nikto version
In this final step, you will learn how to check the installed version of Nikto. Knowing the version is important for several reasons: it helps you determine if you have the latest features and security checks, and it's essential information to provide when reporting a bug or asking for help.
Nikto has a dedicated option, -Version (note the capital 'V'), to display version information for the tool and its key components.
Execute the following command in your terminal:
nikto -Version
The command will output detailed version information.
---------------------------------------------------------------------------
- Nikto v2.5.0
- LibWhisker v2.5
- Perl v5.34.0
- SSL support: Net::SSLeay 1.92
- SSL compilation options: OPENSSL_VER=0x30000020, OPENSSL_INC=/usr/include, OPENSSL_LIB=/usr/lib/x86_64-linux-gnu
- Nikto DB: 20231125
- CIRT DB: 20221101
---------------------------------------------------------------------------
This output shows the version of Nikto itself, as well as the versions of its underlying components like Perl and OpenSSL, and the update status of its databases.
Summary
In this lab, you have successfully explored the essential command-line help options for the Nikto web scanner.
You have learned how to:
- Use
nikto -hto get a quick summary of common options. - Use
nikto -Hto view a comprehensive and detailed list of all available options. - Use
nikto -list-pluginsto see all the test plugins that Nikto can utilize. - Find information about a specific option by piping the help output to
grep. - Check the installed version of Nikto and its components with
nikto -Version.
You are now equipped with the fundamental knowledge required to navigate Nikto's options and understand its capabilities. This will allow you to confidently construct more complex scan commands in the future.
