LabEx
Log InJoin Free

Scan Web Servers in Nikto

NmapBeginner
Practice Now

Introduction

In this lab, you will learn how to use Nikto, an open-source web server scanner, to detect potential vulnerabilities. You will install Nikto, scan a test web server, save the results, and analyze the findings to identify security weaknesses. This hands-on practice will provide you with fundamental skills for web security assessment.

Install and Verify Nikto

Before you can scan for vulnerabilities, you need to install the Nikto tool. This step will guide you through updating your system's package list and installing Nikto using the apt package manager. All commands will be run in the terminal. Your default working directory is /home/labex/project.

First, update the package list to ensure you get the latest version of the software available in the repositories.

sudo apt update

Next, install Nikto. The -y flag automatically confirms the installation, so you don't have to type 'Y' manually.

sudo apt install -y nikto

Once the installation is complete, it is good practice to verify that the tool was installed correctly. You can do this by checking its version.

nikto -Version

You should see output that displays the Nikto version number, similar to the following. The exact version may differ.

---------------------------------------------------------------------------
- Nikto v2.5.0
---------------------------------------------------------------------------

With Nikto successfully installed, you are now ready to proceed with scanning a web server.

Perform a Basic Scan

Now that Nikto is installed, your next step is to run a basic scan against a target web server. For this lab, a test web server is already running in your environment. Before scanning, you should always confirm that the target is online and accessible.

First, verify that the target web server is running. We will use curl with the -I flag to fetch only the HTTP headers from the server. The target for this lab is http://localhost:8000.

curl -I http://localhost:8000

A successful response will include the line HTTP/1.0 200 OK, which indicates that the server is active and ready to accept requests.

HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.10.12
Date: ...
Content-type: text/html
Content-Length: 71

Now, run your first Nikto scan. Use the -h (or -host) flag to specify your target.

nikto -h http://localhost:8000

Nikto will start scanning the target. You will see real-time output in your terminal as it performs various tests. The scan will begin with information about the target and then list any potential vulnerabilities it finds.

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    localhost
+ Target Port:        8000
+ Start Time:         ...
---------------------------------------------------------------------------
+ Server: SimpleHTTP/0.6 Python/3.10.12
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
...
+ 1 host(s) tested

You have now performed a basic web server scan. In the next step, you will learn how to save these results for later analysis.

Save Scan Results to a File

Running a scan and viewing the output in the terminal is useful for a quick check, but for professional assessments, you must save the results. A saved report serves as a record of the findings and can be shared with others for remediation.

Nikto allows you to save scan results in various formats. In this step, you will save the report as a plain text file. Use the -o (or -output) flag to specify an output file.

Run the scan again, this time directing the output to a file named nikto_report.txt.

nikto -h http://localhost:8000 -o nikto_report.txt

The scan will run just like before, but this time, in addition to displaying the results on the screen, it will save them to the specified file in your current directory (/home/labex/project).

After the scan completes, verify that the report file was created using the ls -l command, which lists files and their details.

ls -l nikto_report.txt

You should see your new report file listed, with a size greater than zero.

-rw-rw-r-- 1 labex labex 1234 ... nikto_report.txt

To quickly confirm the file's contents, you can view the first 20 lines using the head command.

head -n 20 nikto_report.txt

This will display the beginning of the report, which includes the scan summary and the first few findings. Now you have a permanent record of your scan.

Analyze the Scan Report

With the scan results saved, the final step is to analyze the report to understand the identified vulnerabilities. This involves reading the report and filtering it to highlight the most important information.

First, you can view the entire report using the cat command. This is useful for getting a complete overview of all the information Nikto gathered.

cat nikto_report.txt

A full report can be long, so it is often more efficient to filter it. Nikto uses a + symbol at the beginning of a line to indicate an interesting finding or potential vulnerability. You can use the grep command to display only these lines.

grep '+' nikto_report.txt

This command will filter the report and show you a concise list of all the items Nikto flagged.

+ Target Host: localhost
+ Target Port: 8000
+ GET /: The anti-clickjacking X-Frame-Options header is not present.
+ HEAD /: SimpleHTTP/0.6 appears to be outdated (current is at least 1.2)

When reviewing these findings, pay attention to descriptions that indicate misconfigurations (like missing security headers) or the presence of sensitive files. Each finding provides a starting point for further investigation.

Summary

In this lab, you successfully installed Nikto and performed a vulnerability scan on a target web server. You learned how to execute a scan, save the findings to a report file, and analyze the results to identify potential security issues. These foundational skills, including installing security tools, running scans, and interpreting reports, are essential for anyone starting in cybersecurity and penetration testing.

Related Nmap Courses
Nmap for Beginners

Nmap for Beginners

cybersecuritynmaplinux
Hands-On Network Scanning with Nmap on Linux

Hands-On Network Scanning with Nmap on Linux

cybersecuritynmaplinux
Nmap Scanning and Telnet Access

Nmap Scanning and Telnet Access

cybersecuritynmaplinux