Web Penetration test Part 4 (Nikto website scanner)

Nikto Screenshot


As we all know this tool is used to use to scan a website and it automatically scans websites and subdomains it has many custom commands and finds many vulnerabilities like XSS, robots.txt and it is also easy to use.

Here is a guide to use Nikto

This tool is preinstalled in Kali Linux:-

To start this tool open terminal and open this tool

type nikto -host [target url]

Nikto Screenshot

here you can see vulnerabilities in my website likenull.rf.gd as you can see my site more vulnerable like there is no header for XSS to make my website secure so you can perform XSS attack to this website.

type nikto -help to open the help page

Let's talk about the features of Nikto:- 

As you can see I am using Kali Linux 2020.1

-config: This option allows the pentester, hacker, or developer to specify an alternative config file to use instead of the config.txt located in the install directory.

-Display: One can control the output that Nikto shows. Reference numbers are used for specification. Multiple numbers may be used as well. The allowed reference numbers can be seen below:

-evasion: pentesters, hackers, and developers are also allowed to specify the Intrusion Detection System evasion technique to use. This option also allows the use of reference numbers to specify the type of technique. Multiple numbers of references may be used:

-host: This option is used to specify the host(s) to target for a scan. It can be an IP address, hostname, or text file of hosts.

-id: For websites that require authentication, this option is used to specify the ID and password to use. The usage format is “id: password”.

you can use nikto -host [target url] -c all 
to check all the modules

Nikto Screenshot

 Here you can see the results a little bit different.

So as now you have learned how to use Nikto in the next post you will learn to use WPscan.

That's all for this post.

If you have any doubts regarding the above content then feel free to ask in the comment section.

The above content contains copyright ©Like null 


If you want to learn Web Penetration Testing then follow our course to it, and it is free of cost also.

Click Here to enrol.



Post a Comment