How To Install Nikto Web Scanner on Ubuntu

Install Nikto Web Scanner on Ubuntu

In this tutorial, we will show you how to install and configuration of Nikto web scanner on your Ubuntu server. For those of you who didn’t know, Nikto Web-scanner is an open-source web-server scanner which can be used to scan the web-servers for malicious programs and files. Nikto can be used to scan the outdated versions of programs too. Nikto will provide us a quick and easy scan to find out the dangerous files and programs in the server, At the end of scan result with a log file.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation Nikto in Ubuntu server.

Install Nikto Web Scanner on Ubuntu

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Install some prerequisites.

apt-get install wget unzip libnet-ssleay-perl libwhisker2-perl openssl

Step 3. Installing Nikto Web Scanner.

First thing to do is to go to Nikto’s download page and download the latest stable version of Nikto web scanner, At the moment of writing this article it is version 2.1.5:

wget https://cirt.net/nikto/nikto-2.1.5.tar.gz
tar xvfz nikto-2.1.5.tar.gz
mv nikto-2.1.5/ nikto

Change the current working directory and make the Perl script executable:

cd nikto/
chmod +x nikto.pl

Before performing any scan we need to update the Nikto database packages using:

### perl nikto.pl -update

+ Retrieving 'nikto_cookies.plugin'
+ Retrieving 'db_parked_strings'
+ Retrieving 'nikto_headers.plugin'
+ Retrieving 'nikto_report_csv.plugin'
+ Retrieving 'db_tests'
+ Retrieving 'CHANGES.txt'
+ CIRT.net message: Please submit Nikto bugs to https://github.com/sullo/nikto

Step 4. Scan for vulnerabilities using Nikto.

For example, the following command will scan your website:

perl nikto.pl -h yourwebsite.com

You can check all options supported by Nikto using the -h switch:

### perl nikto.pl -h

-config+            Use this config file
-Display+           Turn on/off display outputs
-dbcheck            check database and other key files for syntax errors
-Format+            save file (-o) format
-Help               Extended help information
-host+              target host
-id+                Host authentication to use, format is id:pass or id:pass:realm
-list-plugins       List all available plugins
-output+            Write output to this file
-nossl              Disables using SSL
-no404              Disables 404 checks
-Plugins+           List of plugins to run (default: ALL)
-port+              Port to use (default 80)
-root+              Prepend root value to all requests, format is /directory
-ssl                Force ssl mode on port
-Tuning+            Scan tuning
-timeout+           Timeout for requests (default 10 seconds)
-update             Update databases and plugins from CIRT.net
-Version            Print plugin and database versions
-vhost+             Virtual host (for Host header)

Congratulations! You have successfully installed Nikto. Thanks for using this tutorial for installing Nikto web scanner on your Ubuntu 16.04 system. For additional help or useful information, we recommend you to check the official Nikto website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!