Install Nikto on Ubuntu 20.04

Install Nikto on Ubuntu 20.04

Nikto is an open-source command line tool for web server scanning. This tool runs many tests against web server to find security vulnerabilities such as server misconfiguration, outdated software, insecure and default files, etc.

This tutorial explains how to install Nikto on Ubuntu 20.04.

Prepare environment

Nikto requires libnet-ssleay-perl package for scanning websites which supports HTTPS. Make sure you have installed it.

sudo apt update
sudo apt install -y libnet-ssleay-perl

Install Nikto

Download Nikto from GitHub repository:

wget -qO nikto.tar.gz https://github.com/sullo/nikto/archive/master.tar.gz

Create a new directory to store Nikto scripts:

sudo mkdir /opt/nikto

Extract tar.gz file in a recently created directory:

sudo tar xf nikto.tar.gz --strip-components=2 -C /opt/nikto nikto-master/program

In /usr/local/bin directory we can create a symbolic link to the nikto command:

sudo ln -s /opt/nikto/nikto.pl /usr/local/bin/nikto

Now nikto command can be used for all users as a system-wide command.

We can check Nikto version:

nikto -Version

The tar.gz file is no longer needed, remove it:

rm -rf nikto.tar.gz

Testing Nikto

Run the nikto command and specify target host with -h option to scan for vulnerabilities on a web server:

nikto -h 192.168.0.174

Nikto runs tests against web server and prints the output similar to the following:

---------------------------------------------------------------------------
+ Target IP:          192.168.0.174
+ Target Hostname:    192.168.0.174
+ Target Port:        80
+ Start Time:         2021-10-23 03:56:23 (GMT0)
---------------------------------------------------------------------------
+ Server: Apache/2.4.51 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /, inode: 29cd, size: 5cefce0bf7220, mtime: gzip
+ Allowed HTTP Methods: OPTIONS, HEAD, GET, POST
+ OSVDB-561: /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.
+ 8107 requests: 0 error(s) and 5 item(s) reported on remote host
+ End Time:           2021-10-23 03:57:03 (GMT0) (40 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Uninstall Nikto

If you decided to completely remove Nikto, delete the installation directory:

sudo rm -rf /opt/nikto

Remove symbolic link:

sudo rm -rf /usr/local/bin/nikto

You can also uninstall libnet-ssleay-perl package which required by Nikto:

sudo apt purge --autoremove -y libnet-ssleay-perl

Related

Leave a Comment

Cancel reply

Your email address will not be published.