In this tutorial, we will show you how to install and configure of Nikto web scanner on your Ubuntu server. For those of you who didn’t know, Nikto Web-scanner is an open-source web-server scanner that can be used to scan the web-servers for malicious programs and files. Nikto can be used to scan the outdated versions of programs too. Nikto will provide us a quick and easy scan to find out the dangerous files and programs in the server, At the end of the scan result in a log file.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you the step-by-step installation of Nikto in the Ubuntu server.
Install Nikto Web Scanner on Ubuntu
Step 1. First, make sure that all your system packages are up-to-date by running the following
apt-get commands in the terminal.
sudo apt-get update sudo apt-get upgrade
Step 2. Install some prerequisites.
apt-get install wget unzip libnet-ssleay-perl libwhisker2-perl openssl
Step 3. Installing Nikto Web Scanner on Ubuntu.
The first thing to do is to go to Nikto’s download page and download the latest stable version of the Nikto web scanner, At the moment of writing this article it is version 2.1.5:
wget https://cirt.net/nikto/nikto-2.1.5.tar.gz tar xvfz nikto-2.1.5.tar.gz mv nikto-2.1.5/ nikto
Change the current working directory and make the Perl script executable:
cd nikto/ chmod +x nikto.pl
Before performing any scan we need to update the Nikto database packages using:
### perl nikto.pl -update + Retrieving 'nikto_cookies.plugin' + Retrieving 'db_parked_strings' + Retrieving 'nikto_headers.plugin' + Retrieving 'nikto_report_csv.plugin' + Retrieving 'db_tests' + Retrieving 'CHANGES.txt' + CIRT.net message: Please submit Nikto bugs to https://github.com/sullo/nikto
Step 4. Scan for vulnerabilities using Nikto.
For example, the following command will scan your website:
perl nikto.pl -h yourwebsite.com
You can check all options supported by Nikto using the -h switch:
### perl nikto.pl -h -config+ Use this config file -Display+ Turn on/off display outputs -dbcheck check database and other key files for syntax errors -Format+ save file (-o) format -Help Extended help information -host+ target host -id+ Host authentication to use, format is id:pass or id:pass:realm -list-plugins List all available plugins -output+ Write output to this file -nossl Disables using SSL -no404 Disables 404 checks -Plugins+ List of plugins to run (default: ALL) -port+ Port to use (default 80) -root+ Prepend root value to all requests, format is /directory -ssl Force ssl mode on port -Tuning+ Scan tuning -timeout+ Timeout for requests (default 10 seconds) -update Update databases and plugins from CIRT.net -Version Print plugin and database versions -vhost+ Virtual host (for Host header)
Congratulations! You have successfully installed Nikto. Thanks for using this tutorial for installing the Nikto web scanner on your Ubuntu 16.04 system. For additional help or useful information, we recommend you check the official Nikto website.