In this tutorial we will show you how to install and configuration of Nikto web scanner on your Ubuntu server. For those of you who didn’t know, Nikto Web-scanner is a open source web-server scanner which can be used to scan the web-servers for malicious programs and files. Nikto can be used to scan the outdated versions of programs too. Nikto will provide us a quick and easy scan to find out the dangerous files and programs in server, At the end of scan result with a log file.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation Nikto in Ubuntu server.
Install Nikto Web Scanner on Ubuntu
Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.
sudo apt-get update
sudo apt-get upgrade
Step 2. Install some prerequisites.
apt-get install wget unzip libnet-ssleay-perl libwhisker2-perl openssl
Step 3. Installing Nikto Web Scanner.
First thing to do is to go to Nikto’s download page and download the latest stable version of Nikto web scanner, At the moment of writing this article it is version 2.1.5:
tar xvfz nikto-2.1.5.tar.gz
mv nikto-2.1.5/ nikto
Change the current working directory and make the Perl script executable:
chmod +x nikto.pl
Before performing any scan we need to update the nikto database packages using:
### perl nikto.pl -update
+ Retrieving 'nikto_cookies.plugin'
+ Retrieving 'db_parked_strings'
+ Retrieving 'nikto_headers.plugin'
+ Retrieving 'nikto_report_csv.plugin'
+ Retrieving 'db_tests'
+ Retrieving 'CHANGES.txt'
+ CIRT.net message: Please submit Nikto bugs to https://github.com/sullo/nikto
Step 4. Scan for vulnerabilities using Nikto.
For example, the following command will scan your website:
perl nikto.pl -h yourwebsite.com
You can check all options supported by Nikto using the -h switch:
### perl nikto.pl -h
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
Congratulation’s! You have successfully installed Nikto. Thanks for using this tutorial for installing Nikto web scanner on your Ubuntu 14.04 system. For additional help or useful information, we recommend you to check the official Nikto web site.