LabEx
Log InJoin Free

Replay and Re-format a Previous Scan in Nikto

Kali LinuxBeginner
Practice Now

Introduction

Nikto is a popular open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.

A full Nikto scan can be time-consuming, especially on large and complex web applications. If you need the scan results in multiple formats (e.g., one for a technical report and another for a presentation), running the scan repeatedly is inefficient. Nikto provides a powerful feature to save scan results and then "replay" them to generate reports in different formats without re-scanning the target.

In this lab, you will learn how to perform an initial scan, save the results to an XML file, and then use the -replay option to efficiently generate a new report in HTML format.

Perform a scan and save the output to an XML file

In this step, you will perform a basic Nikto scan against a local test web server. The key is to save the output to a file in a structured format, like XML, which Nikto can parse later. We will use the -o option to specify an output file and -Format to define the file type.

First, ensure you are in the ~/project directory. Our setup script has already started a simple web server on localhost at port 8000.

Now, run the following command in your terminal to scan the local web server and save the results to a file named scan_results.xml:

nikto -h http://localhost:8000 -o scan_results.xml -Format xml

Let's break down this command:

  • nikto: The command to run the Nikto scanner.
  • -h http://localhost:8000: Specifies the host (target) to scan.
  • -o scan_results.xml: Specifies the output file name.
  • -Format xml: Instructs Nikto to save the output in XML format.

The scan will take a moment to complete. You will see output in your terminal similar to the following (details may vary):

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    localhost
+ Target Port:        8000
+ Start Time:         ...
---------------------------------------------------------------------------
+ Server: SimpleHTTP/0.6 Python/3.10.6
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ No CGI directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: GET, HEAD, OPTIONS
+ Public HTTP Methods: GET, HEAD, OPTIONS
...
+ 1 host(s) tested

After the command finishes, a file named scan_results.xml will be created in your current directory (~/project).

Use the -replay option with the saved XML file

In this step, you will learn how to use Nikto's -replay feature. This option allows Nikto to parse a previously saved XML scan file and display the findings without connecting to the target server again. This is incredibly useful for quickly reviewing results or for situations where the target is no longer online.

To replay the scan you just saved, use the following command:

nikto -replay scan_results.xml

This command tells Nikto to read the scan_results.xml file and output the findings to the terminal. The output will look almost identical to the original scan's terminal output, but it will be generated instantly from the file.

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    localhost
+ Target Port:        8000
+ Start Time:         ...
---------------------------------------------------------------------------
+ Server: SimpleHTTP/0.6 Python/3.10.6
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
...
+ 1 host(s) tested

Notice how quickly the command completes. This demonstrates that Nikto is reading from the local file, not performing a new network scan.

Use -Format htm to generate a new HTML report

In this step, you will combine the -replay option with the -Format option to generate a report in a new format. This is the core of this lab's lesson: you can take one saved scan and produce multiple types of reports from it.

Let's say you now need a nicely formatted HTML report for a presentation. You can generate it directly from your saved scan_results.xml file.

Run the following command:

nikto -replay scan_results.xml -o report.html -Format htm

Here's the breakdown of the new command:

  • nikto -replay scan_results.xml: This part is the same as the previous step; it tells Nikto to use the saved data.
  • -o report.html: This specifies a new output file named report.html.
  • -Format htm: This tells Nikto to format the output as an HTML file.

This command will run very quickly and produce minimal output in the terminal, as it is writing the report directly to the report.html file.

- Nikto v2.5.0
+ 1 host(s) tested

You have now successfully generated a new report in a different format without re-scanning the target.

Verify the new report is created without re-scanning

In this step, you will verify that the new HTML report file has been created and confirm that it contains valid HTML content. This reinforces the understanding that the previous command generated a file-based report.

First, list the files in your current directory (~/project) to see the newly created report.

ls -l

You should see both the original XML file and the new HTML file in the output:

total 12
-rw-r--r-- 1 labex labex  68 ... index.html
-rw-r--r-- 1 labex labex ... ... report.html
-rw-r--r-- 1 labex labex ... ... scan_results.xml

Next, to quickly check the content of the new report, you can use the head command to view the first few lines of the report.html file.

head report.html

The output will show the beginning of an HTML document, confirming that the file was created correctly.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Nikto Report</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <style type="text/css">
...

The most important observation is the speed. The command in Step 3 finished almost instantly, while the original scan in Step 1 took a noticeable amount of time. This is the definitive proof that you are re-formatting existing data, not performing a new, time-consuming scan.

Understand the efficiency of replaying saved results

In this final step, you will solidify your understanding of the efficiency gained by using the replay feature. Imagine you also need the results in a CSV (Comma-Separated Values) format to import into a spreadsheet for further analysis. Instead of running another scan, you can simply generate another report from the same scan_results.xml file.

Run the following command to create a CSV report:

nikto -replay scan_results.xml -o report.csv -Format csv

This command is structured just like the one for HTML, but it specifies a new filename (report.csv) and a new format (csv). Again, it will complete in seconds.

Now, list the files again to see all the generated reports:

ls -l

You will now see three report files, all generated from a single scan:

total 16
-rw-r--r-- 1 labex labex  68 ... index.html
-rw-r--r-- 1 labex labex ... ... report.csv
-rw-r--r-- 1 labex labex ... ... report.html
-rw-r--r-- 1 labex labex ... ... scan_results.xml

This workflow—scan once, report many times—is a cornerstone of efficient vulnerability assessment. For large-scale scans that might take hours, this feature saves an enormous amount of time and computational resources, allowing you to focus on analyzing the results rather than waiting for scans to complete.

Summary

In this lab, you have learned a highly efficient workflow for working with Nikto scan results. You successfully performed a web server scan and saved its findings to an XML file. You then used the powerful -replay option to parse this saved data and generate new reports in different formats (HTML and CSV) without needing to re-run the time-consuming network scan.

The key commands and concepts you practiced are:

  • nikto -h [host] -o [file.xml] -Format xml: To perform a scan and save the results.
  • nikto -replay [file.xml] -o [new_report] -Format [htm/csv/txt]: To generate new reports from saved data.

This technique of separating the scanning phase from the reporting phase is crucial for efficient security testing and analysis.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux