Linux MintUbuntu Based

How To Install Nikto on Linux Mint 22

r00t
7 minutes read

Install Nikto on Linux Mint 22

Web servers get attacked every day. Misconfigurations, outdated software, and exposed admin panels are the low-hanging fruit that attackers exploit first — and they are embarrassingly common. If you want to install Nikto on Linux Mint 22 and start scanning your own infrastructure before someone else does, you are in exactly the right place. This guide walks you through everything: what Nikto is, why it matters, how to install and configure Nikto on Linux Mint 22, how to run your first scan, and how to fix the most common errors that trip up beginners.

Nikto is a free, open-source, Perl-based web server and CGI scanner developed by CIRT. It checks web servers against a database of over 6,800 potentially dangerous files and programs, tests for more than 1,300 server misconfigurations, and flags outdated software versions — all from a single command-line tool. Linux Mint 22, built on Ubuntu 22.04 LTS (Noble Numbat), is an excellent host for Nikto because it uses the same apt package manager, making installation clean, fast, and dependency-aware.

This tutorial targets beginners to intermediate Linux users, developers, and sysadmins. You do not need to be a professional penetration tester to follow along. All you need is a terminal and about 10 minutes.

Prerequisites

Before you begin the Linux Mint 22 setup for Nikto, confirm the following are in place:

  • Operating System: Linux Mint 22 (Wilma) — based on Ubuntu 22.04 LTS
  • User privileges: A non-root user account with sudo access
  • Internet connection: Active and stable — required to download packages
  • Terminal access: Open the terminal from the taskbar or press Ctrl + Alt + T
  • Disk space: At least 100 MB free for Nikto and its Perl dependencies
  • Optional (recommended): A local test environment such as DVWA or Metasploitable 2 to safely practice scanning without touching live servers

Step 1: Update Your Linux Mint 22 System

Before you install anything on Linux Mint, always refresh your package index and upgrade existing packages. Skipping this step is the single most common cause of broken dependencies during tool installation.

Why This Step Matters

When you run sudo apt update, Linux Mint fetches the latest package lists from all configured repositories. Running sudo apt upgrade then installs newer versions of any outdated packages already on your system. This ensures Nikto installs against the most current, compatible versions of Perl and OpenSSL.

Run the following two commands back to back:

sudo apt update
sudo apt upgrade -y

The -y flag automatically confirms any prompts during the upgrade. Depending on how long it has been since your last update, this may take 1–5 minutes. You will see a list of upgraded packages scroll by — that is completely normal.

Expected output (partial):

Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
...
Reading package lists... Done
Building dependency tree... Done

Once the upgrade finishes, you are ready to install Nikto’s dependencies.

Step 2: Install Perl and Required Dependencies

Nikto is written entirely in Perl, which means Perl must be present on your system before Nikto can run a single scan. On most Linux Mint 22 installations, Perl comes pre-installed, but it is worth explicitly installing it alongside the required SSL libraries to avoid runtime errors later.

Installing Perl

Check if Perl is already installed:

perl -v

If you see output like This is perl 5, version X.X.X, Perl is already there. If the command returns “command not found,” install it manually:

sudo apt install perl -y

Installing SSL and Networking Libraries

Nikto needs these additional packages to scan HTTPS targets and handle HTTP requests correctly:

  • libnet-ssleay-perl — Enables Nikto to perform SSL/TLS scans against HTTPS servers
  • libwhisker2-perl — The core HTTP library that Nikto uses for all web requests
  • openssl — Handles the underlying cryptographic operations for secure scans

Install them all at once:

sudo apt install libnet-ssleay-perl libwhisker2-perl openssl -y

Pro tip: If libwhisker2-perl is not found in your repos, do not panic — the apt install nikto command in the next step will pull it in automatically as a dependency.

Step 3: How To Install Nikto on Linux Mint 22

Now for the core task. There are two reliable methods to install Nikto on Linux Mint 22 — via the apt package manager (recommended for most users) or directly from the official GitHub repository (recommended if you need the absolute latest version).

Method 1: Install Nikto via APT (Recommended)

This is the fastest, most stable approach. The apt package manager handles all dependency resolution automatically.

sudo apt install nikto -y

You will see apt resolving and downloading dependencies in real time. The full installation typically completes in under 30 seconds on a fast connection.

Expected output:

Reading package lists... Done
Building dependency tree... Done
The following additional packages will be installed:
  libwhisker2-perl
The following NEW packages will be installed:
  libwhisker2-perl nikto
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Setting up nikto (2.1.6+dfsg-2) ...

ℹ️ Note on version: The apt repository may carry a slightly older version of Nikto (typically 2.1.6). This version is stable and fully functional for most use cases.

Method 2: Install Nikto from GitHub (Latest Version)

Use this method when you need Nikto’s latest features, plugin updates, or bug fixes that have not yet landed in the Ubuntu/Mint repositories.

First, install git if you do not already have it:

sudo apt install git -y

Then clone the official Nikto repository from GitHub:

git clone https://github.com/sullo/nikto.git

Navigate into the programs directory and run Nikto directly:

cd nikto/programs
perl nikto.pl -h

This method does not add Nikto to your system PATH automatically. You will need to run it from within the nikto/programs/ directory or create a symbolic link manually.

Step 4: Verify the Nikto Installation

After installation, always verify that Nikto is accessible and working before running any scans.

Run the help flag:

nikto -h

Or check the installed version specifically:

nikto -Version

A successful installation displays the Nikto banner followed by a full list of available command-line options:

- Nikto v2.1.6
---------------------------------------------------------------------------
   Options:
       -h+              Target host
       -port+           Override port
       -ssl             Force ssl mode on port
       -nossl           Disable ssl mode
       ...

If using the GitHub method, run from within the nikto/programs/ directory:

perl nikto.pl -Version

Step 5: Configure Nikto on Linux Mint 22

Nikto ships with a default configuration file located at /etc/nikto.conf (APT install) or nikto/program/nikto.conf (GitHub install). Most users never need to touch this file, but knowing where it lives helps you customize scans for professional use.

Key Configuration Options

Open the config file to review or edit it:

sudo nano /etc/nikto.conf

Useful settings to know:

  • NMAP — Point Nikto to your system’s Nmap binary for port discovery
  • USERAGENT — Customize the HTTP User-Agent header Nikto sends during scans
  • TIMEOUT — Set the default scan timeout in seconds
  • MAXTIME — Define a hard cap on total scan duration

For most Linux server tutorial setups and beginner configurations, the default settings work perfectly out of the box. Close the file without changes for now (Ctrl + X).

Step 6: Run Your First Nikto Web Vulnerability Scan

This is where all the setup pays off. The How To Install Nikto on Linux Mint 22 journey reaches its destination — running an actual scan.

Basic Scan by IP Address

nikto -h 192.168.1.1

Replace 192.168.1.1 with the IP address of your target server. The -h flag sets the scan host.

Basic Scan by Domain/URL

nikto -h http://testphp.vulnweb.com

testphp.vulnweb.com is a legally sanctioned practice target hosted by Acunetix — safe to use for learning purposes.

Scan a Specific Port

nikto -h 192.168.1.1 -p 8080

Use -p when your web server runs on a non-standard port. Common examples include 8080, 8443, and 3000.

HTTPS/SSL Scan

nikto -h https://example.com -ssl

The -ssl flag forces Nikto to evaluate SSL/TLS configurations, identify weak ciphers, and flag expired certificates.

Save Results to File

nikto -h 192.168.1.1 -o results.html -Format html

Nikto supports output in .txt, .html, .csv, and .xml formats. HTML output is the most readable for sharing with a team or including in a security report.

Limit Scan Duration

nikto -h 192.168.1.1 -maxtime 120s

Useful in production environments where you cannot afford a long-running scan process.

Understanding Nikto Output

Each line starting with + in Nikto’s output represents a finding. Here is a breakdown of what to look for:

  • + Server: — Identifies the web server software and version (e.g., Apache/2.4.52)
  • + OSVDB-XXXX: — References the Open Source Vulnerability Database entry for that finding
  • + /admin/: — Flags an exposed admin panel or sensitive directory
  • + X-Frame-Options header: — Warns about missing HTTP security headers

Nikto does not assign CVSS severity scores. You will need to manually cross-reference findings against the OWASP Top 10 or the NVD CVE database to assess actual risk.

Step 7: Essential Nikto Command Cheat Sheet

Here is a quick-reference table for the most useful Nikto commands you will reach for regularly:

Command What It Does
nikto -h <target> Basic scan against host (IP or URL)
nikto -h <target> -p 443 Scan a specific port
nikto -h <target> -ssl Force SSL/TLS scanning
nikto -h <target> -o out.html -Format html Save output as HTML report
nikto -h <target> -Tuning 9 Run all scan tuning checks
nikto -h <target> -maxtime 60s Stop scan after 60 seconds
nikto -h <target> -useragent "Mozilla/5.0" Set a custom User-Agent string
nikto -list-plugins List all available scan plugins
nikto -update Update Nikto’s vulnerability database
nikto -H Display the full help menu

Scan tuning levels (-Tuning) let you narrow what Nikto checks. For example, -Tuning 1 checks only for interesting files, while -Tuning 9 runs every available check.

Troubleshooting Common Nikto Errors on Linux Mint 22

Even on a clean Linux Mint 22 setup, you may run into these issues. Here is how to fix them fast.

Error 1: nikto: command not found

Cause: Nikto was not added to your system PATH, or the installation failed silently.

Fix: Re-run the installation:

sudo apt install nikto -y

If using the GitHub method, add Nikto to your PATH manually:

echo 'export PATH=$PATH:/path/to/nikto/programs' >> ~/.bashrc
source ~/.bashrc

Error 2: Can’t locate Net/SSLeay.pm

Cause: The libnet-ssleay-perl package is missing or broken.

Fix:

sudo apt install --fix-broken
sudo apt install libnet-ssleay-perl -y

Error 3: SSL Handshake Errors During Scan

Cause: Outdated OpenSSL or missing SSL libraries on the system.

Fix:

sudo apt install openssl libssl-dev -y

Then re-run your scan with the -ssl flag explicitly included.

Error 4: Scan Hangs or Takes Extremely Long

Cause: The target server has rate limiting, a slow connection, or Nikto is waiting for timeouts on filtered ports.

Fix: Apply a time limit to the scan:

nikto -h 192.168.1.1 -maxtime 90s

You can also reduce verbosity with -Display P to show only progress updates.

Error 5: Permission Denied When Running Nikto

Cause: The current user lacks execution permission on the Nikto script (GitHub method).

Fix:

chmod +x nikto.pl
sudo perl nikto.pl -h <target>

Congratulations! You have successfully installed Nikto. Thanks for using this tutorial for installing the Nikto open-source web scanner on your Linux Mint 22 system. For additional help or useful information, we recommend you check the official Nikto website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
7 minutes read
Photo of r00t

r00t

r00t is a dedicated and highly skilled Linux Systems Administrator with over a decade of progressive experience in designing, deploying, and maintaining enterprise-grade Linux infrastructure. His professional journey began in the telecommunications industry, where early exposure to Unix-based operating systems ignited a deep and enduring passion for open-source technologies and server administration.​ Throughout his career, r00t has demonstrated exceptional proficiency in managing large-scale Linux environments, overseeing more than 300 servers across development, staging, and production platforms while consistently achieving 99.9% system uptime. He holds advanced competencies in Red Hat Enterprise Linux (RHEL), Debian, and Ubuntu distributions, complemented by hands-on expertise in automation tools such as Ansible, Terraform, Bash scripting, and Python.
Copyright © 2026 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button