Nikto – Lisandre

Nikto is an Open Source (GPL) web server vulnerability scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

💡 Officially allowed during the OSCP exam according to the OSCP Exam Guide

Official Documentation (GitHub)
Nikto Cheat Sheet (HighOn.Coffee)

FIX for “Invalid argument at /var/lib/nikto/plugins/LW2.pm line 5157

FIX for "Invalid argument at /var/lib/nikto/plugins/LW2.pm line 5157." :
nano /etc/nikto.conf
Add "LW_SSL_ENGINE=SSLeay"

Scan web server for vulnerabilities

URL="http://x.x.x.x"
nikto -host $URL -C all

Using SSL

URL="http://x.x.x.x"
nikto -host $URL -ssl -C all

Debug mode

nikto -D DV -host $URL -ssl -C all

Using a proxy

Using cntlm

nano /etc/nikto.conf

# Proxy settings -- still must be enabled by -useproxy
PROXYHOST=127.0.0.1
PROXYPORT=3128

nikto -useproxy -host $URL -ssl -C all

# Can specify proxy in nikto.conf
nano /etc/nikto.conf
nikto -useproxy -host $URL -ssl -C all

nikto -useproxy "http://proxyserver:8080" -host $URL -ssl -C all
nikto -useproxy "http://127.0.0.1:3128" -host $URL -ssl -C all

# FIX FOR ERROR: Proxy error: opening stream: proxy couldn't make connection
nikto -useproxy "http://127.0.0.1:3128" -host $URL -nossl -ask no -C all

Using SSL & credentials

URL="http://x.x.x.x/login.jsp"
nikto -id "user:password" -host $URL -ssl -C all

Using SSL & cookies

# Scan web server for vulnerabilities - use SSL to connect & cookies
# https://security.stackexchange.com/questions/184910/nikto-authentication

# Edit nikto configuration file
nano /etc/nikto.conf

# Add my cookie
STATIC-COOKIE="cookie1"="value in quotes";"cookie2"="value in quote";

URL="http://x.x.x.x/login.jsp"
nikto -id "user:password" -host $URL -ssl -C all

# Don't forget to remove the cookie from configuration after the test

Control scan duration

Stop the scan after maxtime

nikto -host $URL -maxtime=30s

Request timeout in seconds (default 10)

nikto -host $URL -timeout=30

Add Authorization Header

cd /var/lib/nikto/plugins
cp nikto_core.plugin nikto_core.plugin.bak
nano nikto_core.plugin
Ctrl+W, search for: sub setup_hash

Add this to add the Authorization header.

$reqhash->{'Authorization'} = "Bearer ...";