Introduction
Nikto is a popular open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.
While running a scan is useful, being able to save the results in a clear, readable, and shareable format is crucial for security professionals. Nikto can export scan results into various formats, with HTML being one of the most convenient for analysis.
In this lab, you will learn how to run a Nikto scan against a target web server and generate a well-structured HTML report.
Specify the HTML format using -Format html
In this step, you will learn how to specify the output format for your Nikto scan. Nikto can generate reports in various formats, and for this lab, we will focus on HTML, which is highly readable and easy to navigate.
The -Format option is used to tell Nikto which report format to use. To generate an HTML report, you must specify html as the argument for this option.
Let's start by exploring Nikto's help menu to see the format options.
nikto -Help | grep Format
You should see output that lists the available formats, including html.
-Format Scan report format (csv, htm, msf+, nbe, sql, txt, xml)
The syntax to specify the HTML format is simply -Format html. We will combine this with other flags in the upcoming steps to build our full command.
Use the -o flag for the output HTML file
In this step, you will learn how to specify the file where Nikto should save the report. Simply setting the format to HTML will print the raw HTML code to your terminal, which is not very useful. You need to direct this output to a file.
The -o (or --output) flag is used for this purpose. You provide the desired filename as an argument to this flag.
Let's combine this with the format flag from the previous step. We will name our report file nikto_report.html and save it in the current directory (~/project). We also need to specify the target to scan using the -h (or --host) flag. For this lab, our target is the local web server running at http://127.0.0.1:8000.
The complete command structure will look like this:
nikto -h http://127.0.0.1:8000 -Format html -o nikto_report.html
We will execute this full command in the next step. For now, just familiarize yourself with the structure and the purpose of each flag.
Execute the scan to create the report
Now it's time to put everything together and run the scan. We will use the command we constructed in the previous steps to scan our local web server and save the results to an HTML file.
Execute the following command in your terminal. The scan may take a few moments to complete.
nikto -h http://127.0.0.1:8000 -Format html -o nikto_report.html
During the scan, Nikto will display its progress in the terminal. The output will look similar to this:
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 127.0.0.1
+ Target Hostname: 127.0.0.1
+ Target Port: 8000
+ Start Time: 2023-10-27 10:30:00
---------------------------------------------------------------------------
+ Server: SimpleHTTP/0.6 Python/3.10.12
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI directories found (use '-C all' to force check all possible dirs)
+ "robots.txt" not found.
+ OSVDB-3233: /: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ 7528 requests: 0 error(s) and 5 item(s) reported on remote host
+ End Time: 2023-10-27 10:30:15
+ (15 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Once the scan is finished, you can verify that the report file has been created by listing the files in the current directory.
ls -l nikto_report.html
You should see the nikto_report.html file listed in the output.
-rw-r--r-- 1 labex labex 21435 Oct 27 10:30 nikto_report.html
Open the generated HTML file in a web browser
In this step, you will open the generated nikto_report.html file to view its contents. Since it's an HTML file, the best way to view it is in a web browser.
The LabEx environment includes the Firefox web browser. You can open the report directly from the terminal by running the firefox command followed by the filename.
Execute the following command. This will launch Firefox and open your report.
firefox nikto_report.html
A new Firefox window should appear on your screen, displaying the Nikto scan report. If the window appears behind your terminal, you may need to move the terminal window to see it.
Navigate the different sections of the HTML report
This final step involves exploring the report you've just opened in Firefox. The HTML report generated by Nikto is structured to be clear and informative.
Take a moment to look at the different parts of the report:
- Scan Details: At the top, you'll find a summary of the scan, including the target IP, hostname, port, and the time the scan was performed.
- Vulnerabilities Table: The main part of the report is a table listing all the findings. Each row represents a potential issue.
- Key Columns: Pay attention to the
URIcolumn, which shows the affected path, and theDescriptioncolumn, which explains the finding. Many findings include a link (often an OSVDB ID) that you can click for more detailed information about that specific vulnerability.
Click on some of the links in the report to see how they provide additional context. Familiarizing yourself with this report structure is a key skill for analyzing security scan results. This step is for observation, so there are no commands to execute.
Summary
In this lab, you learned how to use Nikto to generate a comprehensive web server vulnerability report in HTML format.
You practiced using the -Format html option to specify the report type and the -o flag to save the output to a file named nikto_report.html. Finally, you opened and navigated the generated report in a web browser, learning how to interpret the scan summary and the detailed findings.
This skill is essential for documenting and communicating security assessments effectively.
