What is a Nikto in Computer Networks ? Also Explain it's Features and Implemenatation.
1 Answer



  • Nikto is a Web server scanner that tests web servers for dangerous files, outdated server software and other problems. Also known as a web server assessment tool.

  • It preforms generic and server type specific checks.

  • It is designed to find various default and insecure files, configurations and programs on any type of web server.

  • Nikto is used for assessing the security of a web application’s deployment.

  • It focuses on identifying vulns in commercial and open source web application frameworks.

  • It won’t be as helpful for assessing the security of a custom web application.

  • For example, it may tell you that a site uses an outdated (and insecure) version of WordPress, but it won’t be able to tell you if the blogging application you wrote from scratch is secure or not.

Examine a web server to find potential problems and security vulnerabilities, including:

  • Server and software misconfigurations

  • Default files and programs

  • Insecure files and programs

Features of Nikto

  • SSL Support(Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL)

  • Full HTTP proxy support

  • Checks for outdated server components

  • Save reports in plain text, XML, HTML, NBE or CSV

  • Template engine to easily customize reports

  • Scan multiple ports on a server, or multiple servers via input file (including nmap output)

  • Easily updated via command line

  • Identifies installed software via headers, favicons and files

  • Host authentication with Basic and NTLM

  • Subdomain guessing

  • Scan tuning to include or exclude entire classes of vulnerability checks

  • Guess credentials for authorization (including many default id/pw combos)

Implemenatation of Nikto

  • Nikto is written in Perl, so it will run on any platform that Perl runs on. Like Windows and any of the Unix-based operating systems.

  • You shouldn’t need to install any Perl libraries that aren’t already present in a default installation.

  • Scanning:

    • Nikto is uncomplicated, but not unsophisticated.

    • We can use the -host option to start scanning a single target for the presence of default files, pages that might expose sensitive information, or pages with known vulnerabilities.

Please log in to add an answer.