In this tutorial, we will show you how to install the Nikto web scanner on Ubuntu. For those of you who didn’t know, Nikto Web Scanner is an open-source software tool that plays a crucial role in the security assessment of web servers. It is designed to detect various types of vulnerabilities, including outdated software versions, dangerous files and programs, and other security risks. The importance of vulnerability assessment in web security cannot be overstated, as it helps organizations identify and mitigate potential threats before they can be exploited by attackers.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Nikto Web Scanner on Ubuntu Linux. You can follow the same instructions for Ubuntu 24.04, 22.04, and any other Debian-based distribution like Linux Mint.
Prerequisites
- A server running one of the following operating systems: Ubuntu 24.04, 22.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Nikto Web Scanner on Ubuntu
Step 1. Keeping your system up-to-date is essential for security and compatibility. Begin by updating the package lists and upgrading the installed packages to their latest versions:
sudo apt update sudo apt upgrade sudo apt install wget unzip libnet-ssleay-perl libwhisker2-perl openssl
Step 2. Installing Nikto Web Scanner on Ubuntu system.
You can now easily install Nikto by running the following command below:
sudo apt install nikto
To confirm that Nikto has been installed correctly, run the following command:
nikto -h
If the installation is successful, you will see the help menu, which provides an overview of Nikto’s command-line options.
Step 4. Scan for vulnerabilities using Nikto.
Generally, Nikto requires just a host to scan which can be specified with -h or -host option for example if we need to scan a machine whose IP is 192.168.77.21 we will run Nikto as follows and the scan would look something like this:
nikto -h 192.168.77.21
If the webserver is running on a different port, you have to specify the port number by using -p or –port option:
nikto -h 192.168.77.21 -p 8080
To specify the target by its URL we will use the command:
nikto -h http:// www.your-domain.com
If you need to use a proxy server, the -useproxy option allows you to define the proxy address:
nikto -useproxy http://<proxy-server>:<port> -h <target-website>
Step 5. Updating Nikto’s Plugin and Database.
To ensure effective scanning, regularly update Nikto’s plugin and database with the latest vulnerability definitions:
nikto -update
Congratulations! You have successfully installed Nikto. Thanks for using this tutorial for installing the Nikto web scanner on your Ubuntu Linux system. For additional help or useful information, we recommend you check the official Nikto website.
