Web Vulnerability Scanning using Nikto –To Secure Your Website

Xeeshan Keyani August 13, 2025

Web Vulnerability Scanning Nikto: In the world of cybersecurity, web servers are a common target for attackers. Hackers often scan websites for vulnerabilities such as outdated software, misconfigurations, and insecure scripts. This is where Nikto, a powerful open-source web server scanner, comes in.

Nikto is a command-line tool designed to identify potential security risks on web servers. It can detect thousands of known vulnerabilities, including outdated server versions, dangerous files, insecure cookies, and missing security headers. Because of its speed, accuracy, and open-source nature, Nikto is widely used by ethical hackers and security professionals, including those preparing for the CEH (Certified Ethical Hacker) exam.

What is Nikto?

Nikto is an open-source vulnerability scanner that performs comprehensive tests against web servers. It checks for over 6,700 potentially dangerous files/programs and can identify more than 1,200 outdated server versions with known vulnerabilities.

Key Features of Nikto:

  • Detects outdated web server software
  • Scans for common and insecure files
  • Identifies configuration issues
  • Detects missing HTTP security headers
  • Supports SSL/TLS scanning
  • Generates HTML, CSV, or plain-text reports

Why Use Nikto in Web Security?

Web server vulnerabilities can lead to:

  • Data breaches (via outdated scripts and plugins)
  • Website defacement
  • Session hijacking
  • Unauthorized admin access
  • SEO spam infections

By running Nikto scans regularly, security teams can detect and patch issues before cybercriminals exploit them.

How Nikto Works

When you run a Nikto scan, the tool:

  1. Sends multiple HTTP requests to the target web server.
  2. Compares responses against a database of known vulnerability signatures.
  3. Detects potential issues such as:
    • Old Apache, Nginx, or IIS versions
    • Exposed admin directories (like /phpMyAdmin/)
    • Default installation files
    • Weak SSL configurations
  4. Logs all findings into a detailed report for analysis.

Example Nikto Command

Basic web scan:

nikto -h http://192.168.1.105

Save results as HTML:

nikto -h http://192.168.1.105 -output report.html -Format htm

SSL scan:

nikto -h https://example.com

Common Vulnerabilities Found by Nikto

  • Outdated Server Software – Example: Apache/2.2.8 with known CVEs
  • Directory Listing Enabled – Allows attackers to browse server files
  • Exposed Admin Interfaces – /phpMyAdmin/ without authentication
  • Insecure Cookies – Missing HttpOnly or Secure flags
  • Missing Security Headers – No X-Frame-Options, allowing clickjacking

Best Practices for Using Nikto

  • Always scan in a legal environment (e.g., penetration testing lab or authorized systems).
  • Run scans after updates to check for misconfigurations.
  • Combine Nikto with other tools like Nmap or OpenVAS for deeper analysis.
  • Regularly update Nikto’s vulnerability database for accurate detection.

 Nikto Web Vulnerability Scanning

 1. Lab Requirements

 Target Machine:

  • Use: Metasploitable2
  • IP: 192.168.1.105 (replace with your actual IP)
  • Ping Kali From target machine

  • Ping form target to kali

Attacker Machine:

  • OS: Kali Linux
  • Tools: Nikto (pre-installed on Kali)

 2. Objective

Perform a Nikto scan on a vulnerable web server and identify common vulnerabilities such as:

  • Outdated software
  • Directory listing
  • Default credentials
  • Insecure cookies

3. Lab Setup

  1. Ensure Kali Linux and Metasploitable2 are on the same network (192.168.1.0/24)
  2. Ping the target from Kali to confirm connectivity:

ping 192.168.1.105

  1. Start Apache on Metasploitable (if not auto-started):

sudo service apache2 start

4. Nikto Scan Execution

Basic Scan:

#nikto -h http://192.168.142.130

Full Detailed Scan with Output:

nikto -h http://192.168.1.105 -output nikto_report.html -Format htm

Optional:

  • SSL Scan: nikto -h https://target-ip
  • Specify Port: nikto -h 192.168.1.105 -p 8080

5. Sample Nikto Report Summary

Parameter

Value

Tool Used

Nikto v2.5.0

Target IP

192.168.1.105

Scan Method

HTTP GET, Header & Signature Analysis

Port Scanned

80

 6. Vulnerabilities Found (Example)

Vulnerability

Description

Outdated Apache Version

Apache/2.2.8 with known exploits

/phpMyAdmin/ Directory Listing Enabled

Sensitive interface exposed

/test.php Found

Test scripts left on production server

X-Frame-Options Header Missing

Clickjacking possible

Cookie Without HttpOnly Flag

Session hijacking risk

7. Fix Suggestions

Issue

Recommendation

Outdated Software

Update Apache and PHP to latest versions

phpMyAdmin Exposed

Password-protect or remove access

Test Files Found

Remove unnecessary files from web root

Missing Headers

Add security headers in Apache config

Insecure Cookies

Use Secure and HttpOnly cookie attributes

8. Report Conclusion (Example): The Nikto scan identified several critical security weaknesses that could expose the system to potential attacks. These include outdated server software, which may contain known vulnerabilities, as well as exposed administrative interfaces that could allow unauthorized access if not properly secured. Additionally, multiple misconfigurations were detected, indicating that certain security best practices have not been fully implemented. Such issues increase the overall attack surface and make the system more susceptible to exploitation by malicious actors.

Immediate remediation is strongly recommended to mitigate these risks and strengthen the system’s security posture. This should include promptly updating all server software and components to their latest secure versions, restricting access to sensitive directories and administrative endpoints, and implementing proper authentication mechanisms. Furthermore, enhancing HTTP response headers—such as adding security headers like Content Security Policy (CSP), X-Frame-Options, and Strict-Transport-Security—can help protect against common web-based attacks. Regular security assessments and continuous monitoring should also be established to prevent future vulnerabilities.

FAQs

1. What is Nikto in cybersecurity?

Nikto is an open-source command-line tool used to scan web servers for security vulnerabilities, outdated software, misconfigurations, and dangerous files that attackers could exploit. It is widely used by penetration testers and ethical hackers for web security assessments. 

2. What types of vulnerabilities can Nikto detect?
Nikto can detect several web server weaknesses such as outdated server versions, insecure scripts, exposed admin directories, missing security headers, and dangerous files on a web server. These issues can potentially lead to attacks like data breaches or unauthorized access. (Tech Bit)

3. Is Nikto available in Kali Linux?
Yes. Nikto is pre-installed in many penetration testing distributions such as Kali Linux. Security professionals can run it directly from the terminal using commands like nikto -h http://target-ip to scan a web server for vulnerabilities. (Tech Bit)

4. Is Nikto scanning legal?
Nikto scanning is legal only when performed on systems you own or have explicit permission to test. Unauthorized vulnerability scanning of websites may violate cybersecurity laws and ethical hacking guidelines.

5. How long does a Nikto scan take?
The duration of a Nikto scan depends on the target server and the number of tests performed. Because Nikto checks thousands of potential vulnerabilities and files, a full scan can sometimes take 30–45 minutes or longer. 

6. Can Nikto be used with other penetration testing tools?

Yes. Security professionals often combine Nikto with tools like Nmap or vulnerability scanners to perform deeper security analysis and identify additional attack surfaces during penetration testing. (Tech Bit)

 

Tags:

Post a Comment

0 Comments