Nikto is an open-source web server scanner/analyzer. We are sharing with you Nikto Free Download in the latest version. It performs comprehensive and exclusive tests against the web servers for multiple vulnerabilities, including:
- Includes 6700 potentially dangerous files or programs
- For over 1250 servers checks the outdated versions
- Includes version specific problems over 270 servers
- Nikto is designed to check for server configuration items like the presence of index files, server options, HTTP
- It can attempt to identify web software’s and server’s
- The plug-ins and scan items are updated frequently or can be updated automatically as well.
To clear the minds of the user, Nikto is not designed as a steady tool. However, it is used to test a web server in the earliest time as possible and becomes evident in log files or an IPA or IDS. In case you want to give this a try (or test the IDS system) then there is support for Lib Whisker’s anti IDS methods.
As many users believe that every check is a security check although most are certain items are “information only” type which looks up for nothing that may not have a security flaw, but the security engineer or the Web Master may not know that something is there present on the server. Some checks are there for the unknown items that have been seen scanned for in log files.
Also Check: Snort Free Download for Windows 10/8/7.
Nikto Latest Features
Some of the features that benefit the user as below:
- It supports SSL (Unix with an open SSL or sometimes Window’s with active state’s Perl or Net SSL)
- It provides with full HTTP proxy support
- It is used to check out for outdated server components
- It is used to save reports in plain text, HTML, CSV or NBE
- It has the template engine that is used to customize reports easily
- It can scan multiple ports on a server
- It can scan multiple servers via input file including Nmap output
- Includes the IDS encoding techniques of Lib Whisker
- Can be updated easily through the command line
- It can identify the installed software’s through headers, files, and favicons
- It has host authentication with NTLM and BASIC
- It can do subdomain guessing
- Enumeration of Apache and cgiwrap username
- It has different mutation techniques to fish for content on the web servers
- It is used to scan to either include or exclude the entire classes of vulnerability checks
- It can guess credentials for the authorization realms which provides for many default pw or id combos
- The guessing can handle any directory and not only the root directory
- Enhanced false definite reduction through multiple methods, page content, headers, and content hashing
- It is used to report any unusual headers
- Interactive status, pause and then changes to verbosity settings
- For the positive tests, it is used to save full request or response
- It can replay the saved definite requests
- It has maximum execution time per target
- It can be automatically paused over a specified time
- It is used to check for common parking sites
- Log into Metasploit through documentation
Also Check: Nmap Free Download – Best Network Security Scanner.
How to Install Nikto
It is a very straight forward process when you get into Nikto vulnerability scanner. With the help of this guide, you can start your web server testing with the well-known server testing tools or website. This is the same tool that is used by us in our hosted Nikto scanner service. Nikto can run on different OS with the required Perl interpreter installed as it is a Perl based security testing tool.
Let us guide you to use this on Ubuntu Linux as it is our OS of choice and happens to work. In Ubuntu, Linux Perl comes fully installed. So all you need to do is download, unpack it and then finally run the command with the necessary options. You need to install a perl environment (active state perl) or load up a Linux virtual machine using Virtual Box or VMware if you are a window user running Nikto on your systems.
You may find having a virtual machine with Kali Linux or Ubuntu if you run Microsoft Windows as your primary OS and thus this shall bring several benefits for you like:
- It makes Nikto a straightforward process
- Develop skills to use Linux based OS that shall benefit all the aspects of security testing
The free security testing tools are mostly developed on and for Linux based systems. Through a virtual machine, you can test Nikto or any other open-source security tool without even affecting the production work station.
Installing Nikto in Ubuntu
To install Nikto on Ubuntu, follow the steps below:
- In the first step, on a default installation of Ubuntu, launch a terminal and thorough a standard user account download nikto’s latest version.
- You can either unpack it with an archive manager tool or can use tar and gzip together with the following command.
- After running Nikto.pl, you will see the following output. Following are going to be your results from a working installation
If you are having any issues regarding the SSL support, it is better to install the libnet-ssleay-perl.
Also Check: OpenVAS Free Download – Vulnerability Scanner Tool.
How to use Nikto to find targets
Let’s test a single hostname. We are going to test the virtual host on 16x.2xx.2xx.1xx over HTTPS. The web server responds to Nikto, and the results indicate that the target is a word press based file.
When you are testing any site with Nikto then the amount of noise it creates in the webserver log files. Nikto is indeed testing for thousands of possible web paths and the response from a web browser which for most items shall be 404 not found.
Sample from Nginx web server being tested by Nikto:
As the tool tests for valid paths remember that when you hit a web server on different virtual hostnames on IP addresses or Sub paths off the root, then different results come out.
Nikto 2.1.0 Released (New Changelog)
The new version of Nikto has been released and comes with the following changes:
- Rewrite to the plugin engine that allows more control
- Rewrite to the reporting engine that allows more cover
- Large overhaul of documents
- Fix bugs
- Provides with security checks
- Allow username guessing to use dictionary files
- NTML authentication and much more
Recommended tools and alternatives for Nikto:
- Nessus Free Download – Professional Vulnerability Scanner.
- Burp Suite Professional Free Download.
- AirJack Free Download – Packet Injection Tool.
- Acunetix Free Download – Web Vulnerability Scanner Free Download.
Nikto Free Download Latest Version (Updated for 2021)
We have explained for you everything you need to know about Nikto, its features, installation tutorial, and how you can download Nikto for Linux. The latest version has been provided for better results. If you found this page helpful, then leave comments in the section below.