Nikto: Essential web vulnerability scanner for Linux administrators

Posted on by BlockmyIP | Category: Programas Linux

Introduction

In today’s world, web application security is a priority for any system administrator working with Linux. Having tools that allow detecting vulnerabilities quickly and reliably is essential to keep servers protected against attacks. One of the most popular and open-source scanners in this field is Nikto, a program specifically designed to analyze web servers and discover configuration flaws, dangerous files, and outdated software versions.

What is Nikto?

Nikto is a web vulnerability scanner written in Perl that performs exhaustive tests against an HTTP or HTTPS server. Its database includes more than 6,000 potentially dangerous items, such as known CGI scripts, exposed administration files, insecure headers, and software versions with public vulnerabilities. Being open-source and active since the early 2000s, Nikto has become a reference for penetration testing and security audits in Linux environments.

Installation on Linux

Installing Nikto on a Linux distribution is simple thanks to the usual package managers. Below is the process for the most common families:

  • Debian / Ubuntu: sudo apt update && sudo apt install nikto
  • Fedora: sudo dnf install nikto
  • CentOS / RHEL (requires EPEL): sudo yum install epel-release && sudo yum install nikto
  • Arch Linux: sudo pacman -S nikto

If you prefer the latest version directly from the official repository, you can clone the project from GitHub and run it with Perl:

  • git clone https://github.com/sullo/nikto.git
  • cd nikto
  • perl nikto.pl -h http://example.com

Basic Usage

The simplest command to launch a scan is to specify the target with the -h option followed by the URL or IP address of the server. By default, Nikto uses port 80 for HTTP and 443 for HTTPS, but you can specify another port with -p. Some useful parameters are:

  • -ssl: forces the use of SSL/TLS.
  • -tuning x: adjusts the test level (for example, 0 for basic tests, 9 for all).
  • -output file: saves the result to a text file.
  • -format csv: exports the report in CSV format for later analysis.

A basic example would be:

perl nikto.pl -h http://my-server.com -output results.txt

Scan Examples

To illustrate Nikto’s versatility, here are several common usage scenarios in Linux administrations:

  • Quick scan of an internal site: perl nikto.pl -h http://internal.company -tuning 0
  • Full scan with CSV output: perl nikto.pl -h https://public-site.com -ssl -tuning 9 -output report.csv -format csv
  • Scan of a non-standard port (e.g., 8080): perl nikto.pl -h http://server:8080 -p 8080
  • Scan with basic authentication (if the site requires it): perl nikto.pl -h http://site.com -id admin:password

Interpretation of Results

After finishing the scan, Nikto displays a list of findings classified by risk level. Each entry includes:

  • The tested element (for example, a CGI script or a configuration file).
  • A brief description of the finding.
  • The severity level (Informational, Low, Medium, High).
  • A reference to the vulnerability database (such as CVE) when applicable.

It is important to review the results critically: some findings may be false positives, especially when the server has custom pages that match patterns of known files. Therefore, it is recommended to corroborate critical findings with manual testing or with other scanners such as OpenVAS or Nessus.

Best Practices and Limitations

To get the most out of Nikto in a Linux environment, follow these recommendations:

  • Keep Nikto’s database up