Nikto is an open-source web server scanning tool via command line. It runs various tests against web server to find security vulnerabilities such as server misconfiguration, outdated software, insecure and default files, etc.
This tutorial demonstrates how to install Nikto on Raspberry Pi.
Install Nikto
Connect to Raspberry Pi via SSH. Make sure the package lists are up-to-date:
sudo apt update
Install Nikto with command:
sudo apt install -y nikto
We can check Nikto version as follows:
nikto -Version
Testing Nikto
In order to scan for vulnerabilities on a web server, run the nikto
command and specify target host with -h
option:
nikto -h 192.168.0.184
Nikto runs tests against web server and provides the output something like this:
---------------------------------------------------------------------------
+ Target IP: 192.168.0.184
+ Target Hostname: 192.168.0.184
+ Target Port: 80
+ Start Time: 2021-05-14 05:58:44 (GMT3)
---------------------------------------------------------------------------
+ Server: Apache/2.4.46 (Debian)
+ Server leaks inodes via ETags, header found with file /, fields: 0x29cd 0x5c2412785e8f7
+ The anti-clickjacking X-Frame-Options header is not present.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: OPTIONS, HEAD, GET, POST
+ OSVDB-561: /server-status: This reveals Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
+ 6544 items checked: 0 error(s) and 4 item(s) reported on remote host
+ End Time: 2021-05-14 05:58:57 (GMT3) (13 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Uninstall Nikto
If you want to completely remove the Nikto and related dependencies, execute the following command:
sudo apt purge --autoremove -y nikto
Leave a Comment
Cancel reply