LabEx
Log InJoin Free

Mute Console Output for Scripting with Nikto

Kali LinuxBeginner
Practice Now

Introduction

Nikto is a popular open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.

When running Nikto from the command line, it produces a lot of real-time output, which is helpful for interactive use. However, when you want to automate scans using scripts, this verbose output can be undesirable.

In this lab, you will learn how to use the -Mute option to run Nikto scans silently. This is a crucial skill for integrating Nikto into automated security workflows and shell scripts, allowing you to capture results in files without cluttering the console.

Run a standard scan and observe the verbose console output

In this step, you will perform a basic Nikto scan against a test web server. This will help you understand the default behavior and the amount of information it prints to the console.

First, let's run a standard scan. The -h option is used to specify the target host. Our test server is running locally on port 8000.

Execute the following command in your terminal:

nikto -h http://127.0.0.1:8000

You will see a lot of output, including the Nikto version banner, target information, and real-time status updates as the scan progresses.

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    127.0.0.1
+ Target Port:        8000
+ Start Time:         ...
---------------------------------------------------------------------------
+ Server:             SimpleHTTP/0.6 Python/3.10.6
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ No CGI directories found (use '-C all' to force check all possible dirs)
... (many more lines of output) ...
+ 1 host(s) tested

This verbose output is useful for monitoring a scan in real-time, but it's not ideal for automation.

Use the -Mute option to suppress normal console output

In this step, you'll learn how to use the -Mute option to significantly reduce the console output. This option tells Nikto to suppress the normal HTTP requests and responses it would typically display during a scan.

The -Mute option is perfect for situations where you only care about the final findings, not the step-by-step progress.

Now, run the same scan as before, but add the -Mute option at the end of the command:

nikto -h http://127.0.0.1:8000 -Mute

Observe the output now. It's much cleaner. The banner and real-time status updates are gone. You will only see the final summary of findings.

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    127.0.0.1
+ Target Port:        8000
+ Start Time:         ...
---------------------------------------------------------------------------
+ Server:             SimpleHTTP/0.6 Python/3.10.6
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ No CGI directories found (use '-C all' to force check all possible dirs)
+ 1 host(s) tested

As you can see, the output is far less cluttered, making it easier to parse or read when the scan is part of a larger process.

Combine -Mute with -o to save results silently to a file

In this step, we will take muting a step further. The goal is to run a scan that produces no output on the console and saves all findings directly to a file. This is the most common requirement for automated scripting.

To achieve this, you can combine the -Mute option with the -o (or --output) option, which specifies an output file.

Run the following command. It will perform the scan, suppress all console output, and save the report to a file named nikto_report.txt.

nikto -h http://127.0.0.1:8000 -Mute -o nikto_report.txt

After running the command, you'll notice that your terminal prompt returns immediately without printing any scan results. The scan ran silently in the background.

To confirm that the report was generated, first list the files in the current directory:

ls

You should see nikto_report.txt in the list.

nikto_report.txt  www

Now, view the contents of the report file:

cat nikto_report.txt

The contents of the file will be the same as the muted output you saw in the previous step. This technique is essential for keeping logs or processing scan results programmatically.

Write a simple bash script that calls a muted Nikto scan

In this step, you will create a simple bash script to automate the silent Nikto scan. This demonstrates how the -Mute and -o options are used in a real-world automation scenario.

First, create a new file named scan.sh using the nano text editor:

nano scan.sh

Inside the nano editor, add the following content. This script will print status messages to the user, run the silent Nikto scan, and save the results to a new file named script_report.txt.

#!/bin/bash

echo "Starting silent Nikto scan..."
nikto -h http://127.0.0.1:8000 -Mute -o script_report.txt
echo "Scan complete. Report saved to script_report.txt"

Press Ctrl+X to exit, Y to save the changes, and Enter to confirm the filename.

Next, you need to make the script executable. Use the chmod command to add execute permissions:

chmod +x scan.sh

Finally, run your new script:

./scan.sh

The script will display the "Starting" and "Scan complete" messages, but the Nikto scan itself will produce no console output.

Starting silent Nikto scan...
Scan complete. Report saved to script_report.txt

You can verify that the new report file script_report.txt was created by using the ls command again.

Check the script's exit code to determine scan completion

In this step, you will learn how to check the exit code of your script. In shell scripting, the exit code is a number that a command or script returns after it finishes executing. An exit code of 0 conventionally means the command completed successfully.

This is a fundamental concept for building reliable scripts, as it allows you to check if a step succeeded before proceeding to the next one.

First, run your script again:

./scan.sh

Immediately after the script finishes, you can check its exit code by examining the special shell variable $?. This variable always holds the exit code of the last command that was executed.

Run the following command:

echo $?

The output should be 0, indicating that your scan.sh script completed without any errors.

0

In more advanced scripts, you could use this check in an if statement to handle errors, for example:

./scan.sh
if [ $? -eq 0 ]; then
  echo "Script completed successfully."
else
  echo "Script failed with an error."
fi

This confirms that you can reliably execute your muted Nikto scan within a script and programmatically verify its completion.

Summary

In this lab, you have learned how to control Nikto's console output for effective scripting and automation.

You started by observing the verbose output of a standard Nikto scan. Then, you used the -Mute option to suppress non-essential output and the -o option to save scan results silently to a file. Finally, you integrated these options into a bash script and learned how to check the script's exit code to verify successful completion.

These skills are fundamental for anyone looking to automate web security assessments and build powerful, non-interactive security tools.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux