Introduction
Nikto is a popular open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.
Manually scanning a large number of hosts can be tedious and time-consuming. A more efficient approach is to list all your targets in a single file and have Nikto scan them sequentially. In this lab, you will learn how to create a text file containing multiple target hosts and use Nikto to perform a vulnerability scan on all of them with a single command.
Create a text file with multiple target IPs or hostnames
In this step, you will create a simple text file that contains the hostnames of the targets you want to scan. Nikto can read this file and scan each host listed within it. Each hostname or IP address should be on a new line. We will use the nano text editor to create this file in your current working directory, ~/project.
First, open a new file named targets.txt using nano:
nano targets.txt
Now, inside the nano editor, add the following two hostnames. These are public sites available for testing purposes.
scanme.nmap.org
example.com
To save the file in nano, press Ctrl+O, then press Enter to confirm the filename. To exit nano, press Ctrl+X.
You can verify the contents of your file using the cat command:
cat targets.txt
You should see the following output:
scanme.nmap.org
example.com
Now you have a target file ready for Nikto.
Use the -h flag with the path to your text file
In this step, we will prepare the Nikto command for a multi-target scan. The -h (or --host) flag is used to specify the target. While it typically takes a single hostname or IP address, it can also accept a file path. When you provide a file path, Nikto understands that it should read the targets from that file.
The basic syntax for this operation is:
nikto -h /path/to/your/file.txt
Since our file targets.txt is in the current directory (~/project), we can simply use the filename.
Before running the actual scan, it's good practice to familiarize yourself with Nikto's options. You can view the help menu by running:
nikto -Help
Scroll through the output and you will find the description for the -h / -host option, confirming that it can take a host or a file of hosts. We will execute the actual scan in the next step.
Launch the multi-target scan
Now that you have created the target file and understand the command structure, it's time to launch the scan. Nikto will read the targets.txt file and scan each host listed inside it, one after the other.
Execute the following command in your terminal to begin the scan. Please be patient, as a full scan of multiple hosts can take several minutes.
nikto -h targets.txt
The terminal will now display the real-time progress of the scan.
Monitor the output as Nikto scans each host sequentially
In this step, you will observe the output generated by Nikto. There are no new commands to run. As the scan progresses, you will see detailed information for each target.
First, Nikto will display its banner and start with the first target, scanme.nmap.org. You will see information like its IP address, server software, and any vulnerabilities found.
A truncated example of the initial output for the first host might look like this:
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 45.33.32.156
+ Target Hostname: scanme.nmap.org
+ Target Port: 80
+ Start Time: ...
---------------------------------------------------------------------------
+ Server: Apache/2.4.7 (Ubuntu)
... (vulnerability checks and findings for scanme.nmap.org) ...
Once the scan for scanme.nmap.org is complete, Nikto will automatically begin scanning the next target, example.com. The output will clearly indicate the switch to the new target:
... (end of scan for scanme.nmap.org) ...
+ 1 host(s) tested
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 93.184.216.34
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: ...
---------------------------------------------------------------------------
+ Server: ECS (sjc/4E5D)
... (vulnerability checks and findings for example.com) ...
Simply watch the terminal until the entire process is finished.
Review the combined results in the output or saved file
Once Nikto has finished scanning all the hosts in targets.txt, it will print a final summary. This summary includes the total number of hosts tested and the end time of the scan. The entire scan log for all hosts will be visible in your terminal.
While viewing output in the terminal is useful, for documentation or further analysis, it's better to save the results to a file. You can do this using the -o (or -output) flag.
Let's run the scan again, but this time, we'll save the output to a file named scan_results.txt.
nikto -h targets.txt -o scan_results.txt
This command will perform the same scan, but in addition to displaying the output on the screen, it will write it to scan_results.txt. After the scan completes, you can view the contents of the saved report using the cat command:
cat scan_results.txt
This allows you to review the findings for all scanned hosts at any time without having to run the scan again.
Summary
In this lab, you have successfully learned how to automate the scanning of multiple web servers using Nikto. You practiced creating a target list in a text file, with each target on a new line. You then used the -h flag to point Nikto to this file, allowing it to scan each host sequentially. Finally, you learned how to save the combined results of a multi-host scan to an output file using the -o flag for easy review and record-keeping. This method is a fundamental technique for improving efficiency in network reconnaissance and vulnerability assessment workflows.
