Nikto Cheat Blatt¶
Überblick¶
Nikto ist ein Open Source Webserver-Scanner, der umfassende Tests gegen Webserver für mehrere Objekte durchführt, einschließlich über 6700 potenziell gefährliche Dateien/Programme, Überprüfungen für veraltete Versionen von über 1250 Servern und Version spezifische Probleme auf über 270 Servern. Es überprüft auch die Serverkonfigurationselemente wie das Vorhandensein mehrerer Indexdateien, HTTP-Serveroptionen und versucht, installierte Webserver und Software zu identifizieren.
ZEIT Warning: Verwenden Sie Nikto nur gegen Webserver, die Sie besitzen oder eine ausdrückliche Erlaubnis zum Testen haben. Unberechtigtes Scannen kann gegen Nutzungsbedingungen oder lokale Gesetze verstoßen.
Installation¶
Systempaket Installation¶
```bash
Ubuntu/Debian¶
sudo apt update sudo apt install nikto
CentOS/RHEL/Fedora¶
sudo yum install nikto
or¶
sudo dnf install nikto
Arch Linux¶
sudo pacman -S nikto
macOS with Homebrew¶
brew install nikto ```_
Manuelle Installation¶
```bash
Clone from GitHub¶
git clone https://github.com/sullo/nikto.git cd nikto/program
Make executable¶
chmod +x nikto.pl
Install dependencies¶
sudo apt install perl libnet-ssleay-perl libcrypt-ssleay-perl libio-socket-ssl-perl
Create symlink for system-wide access¶
sudo ln -s $(pwd)/nikto.pl /usr/local/bin/nikto
Verify installation¶
nikto -Version ```_
Docker Installation¶
```bash
Pull Docker image¶
docker pull sullo/nikto
Run Nikto in Docker¶
docker run --rm sullo/nikto -h http://target.com
Create alias for easier usage¶
echo 'alias nikto="docker run --rm sullo/nikto"' >> ~/.bashrc source ~/.bashrc ```_
Das ist der Grund.¶
```bash
Nikto is pre-installed on Kali Linux¶
nikto -Version
Update Nikto database¶
nikto -update
If not installed¶
sudo apt update sudo apt install nikto ```_
Basisnutzung¶
Einfacher Webserver Scan¶
```bash
Basic scan¶
nikto -h http://target.com
Scan with HTTPS¶
nikto -h https://target.com
Scan specific port¶
nikto -h http://target.com:8080
Scan multiple hosts¶
nikto -h http://target1.com,http://target2.com
Scan from file¶
echo "http://target1.com" > targets.txt echo "http://target2.com" >> targets.txt nikto -h targets.txt ```_
Port- und Protokolloptionen¶
```bash
Scan specific port¶
nikto -h target.com -p 80,443,8080,8443
Scan port range¶
nikto -h target.com -p 80-90
Force SSL¶
nikto -h target.com -ssl
Disable SSL¶
nikto -h target.com -nossl
Use specific HTTP method¶
nikto -h target.com -method GET nikto -h target.com -method POST ```_
Authentication¶
```bash
Basic authentication¶
nikto -h http://target.com -id username:password
NTLM authentication¶
nikto -h http://target.com -id domain\username:password
Custom headers¶
nikto -h http://target.com -H "Authorization: Bearer token123"
Cookie authentication¶
nikto -h http://target.com -H "Cookie: sessionid=abc123"
Multiple headers¶
nikto -h http://target.com -H "Authorization: Bearer token" -H "X-API-Key: key123" ```_
Erweitertes Scannen¶
Tuning Optionen¶
```bash
Scan specific categories¶
nikto -h target.com -Tuning 1 # Interesting File / Seen in logs nikto -h target.com -Tuning 2 # Misconfiguration / Default File nikto -h target.com -Tuning 3 # Information Disclosure nikto -h target.com -Tuning 4 # Injection (XSS/Script/HTML) nikto -h target.com -Tuning 5 # Remote File Retrieval - Inside Web Root nikto -h target.com -Tuning 6 # Denial of Service nikto -h target.com -Tuning 7 # Remote File Retrieval - Server Wide nikto -h target.com -Tuning 8 # Command Execution - Remote Shell nikto -h target.com -Tuning 9 # SQL Injection nikto -h target.com -Tuning 0 # File Upload nikto -h target.com -Tuning a # Authentication Bypass nikto -h target.com -Tuning b # Software Identification nikto -h target.com -Tuning c # Remote Source Inclusion nikto -h target.com -Tuning x # Reverse Tuning Options (exclude)
Multiple tuning options¶
nikto -h target.com -Tuning 1,2,3,4
Exclude specific tests¶
nikto -h target.com -Tuning x6 # Exclude DoS tests ```_
Plugin Management¶
```bash
List available plugins¶
nikto -list-plugins
Use specific plugins¶
nikto -h target.com -Plugins "apacheusers,cgi"
Exclude plugins¶
nikto -h target.com -Plugins "@@DEFAULT" -Plugins "-outdated"
Custom plugin directory¶
nikto -h target.com -plugindir /path/to/plugins
Plugin-specific options¶
nikto -h target.com -Plugins "cgi(all)" nikto -h target.com -Plugins "headers(verbose)" ```_
Ausgabe und Reporting¶
```bash
Save output to file¶
nikto -h target.com -o scan_results.txt
Specify output format¶
nikto -h target.com -Format txt -o results.txt nikto -h target.com -Format xml -o results.xml nikto -h target.com -Format csv -o results.csv nikto -h target.com -Format htm -o results.html nikto -h target.com -Format json -o results.json
Multiple output formats¶
nikto -h target.com -Format txt,xml,csv -o results
Verbose output¶
nikto -h target.com -verbose
Display only specific findings¶
nikto -h target.com -Display 1 # Show redirects nikto -h target.com -Display 2 # Show cookies received nikto -h target.com -Display 3 # Show all 200/OK responses nikto -h target.com -Display 4 # Show URLs which require authentication nikto -h target.com -Display V # Verbose output nikto -h target.com -Display E # Debug output ```_
Spezielles Scannen¶
SSL/TLS Testing¶
```bash
SSL-specific scan¶
nikto -h https://target.com -ssl
Test SSL ciphers¶
nikto -h https://target.com -Plugins "ssl"
Ignore SSL certificate errors¶
nikto -h https://target.com -ssl -nossl
Test specific SSL version¶
nikto -h https://target.com -ssl -sslversion 3 ```_
CGI und Script Testing¶
```bash
CGI enumeration¶
nikto -h target.com -Plugins "cgi"
Test all CGI directories¶
nikto -h target.com -Plugins "cgi(all)"
Custom CGI directory¶
nikto -h target.com -Cgidirs "/scripts/,/cgi/,/custom-cgi/"
Test for dangerous CGI scripts¶
nikto -h target.com -Tuning 8 ```_
Verzeichnis und Dateientdeckung¶
```bash
Test for common files¶
nikto -h target.com -Tuning 1,2
Test for backup files¶
nikto -h target.com -Plugins "backup_files"
Test for interesting files¶
nikto -h target.com -Plugins "interesting_files"
Custom root directory¶
nikto -h target.com -root /app/
Test multiple directories¶
nikto -h target.com -root /,/app/,/admin/ ```_
Datenbank- und Anwendungstest¶
```bash
SQL injection tests¶
nikto -h target.com -Tuning 9
Test for database files¶
nikto -h target.com -Plugins "database_files"
Test for application-specific vulnerabilities¶
nikto -h target.com -Plugins "apache_expect_xss" nikto -h target.com -Plugins "shellshock" nikto -h target.com -Plugins "heartbleed"
Test for outdated software¶
nikto -h target.com -Plugins "outdated" ```_
Automatisierungsskripte¶
Batch-Scanning Script¶
```bash
!/bin/bash¶
Batch web server scanning with Nikto¶
TARGETS_FILE="\(1" OUTPUT_DIR="nikto_scans_\)(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGETS_FILE" ]; then
echo "Usage: $0
if [ ! -f "$TARGETS_FILE" ]; then echo "Error: Targets file not found: $TARGETS_FILE" exit 1 fi
mkdir -p "$OUTPUT_DIR"
echo "[+] Starting batch Nikto scan" echo "[+] Targets file: $TARGETS_FILE" echo "[+] Output directory: $OUTPUT_DIR"
Function to scan a single target¶
scan_target() \\{ local target="\(1" local target_name=\)(echo "\(target"|sed 's|https\?://||'|sed 's|[:/]|_|g') local output_file="\)OUTPUT_DIR/$\\{target_name\\}"
echo "[+] Scanning: $target"
# Run comprehensive scan
nikto -h "$target" \
-Tuning 1,2,3,4,5,7,8,9,a,b,c \
-Format txt,xml,csv \
-o "$output_file" \
-timeout 10 \
-maxtime 3600 \
2>&1|tee "$\\\\{output_file\\\\}_console.log"
if [ $? -eq 0 ]; then
echo " ✓ Scan completed: $target"
else
echo " ✗ Scan failed: $target"
fi
\\}
Read targets and scan¶
while IFS= read -r target; do # Skip empty lines and comments [[ -z "\(target"||"\)target" =~ ^#.*$ ]] && continue
scan_target "$target"
# Wait between scans to be respectful
sleep 5
done < "$TARGETS_FILE"
echo "[+] Batch scanning completed" echo "[+] Results saved in: $OUTPUT_DIR"
Generate summary report¶
echo "[+] Generating summary report..."
cat > "$OUTPUT_DIR/summary.html" << 'EOF'
Nikto Scan Summary
Generated on: $(date)
| Target | Findings | Status |
|---|---|---|
| $target | $findings | $status |
EOF
echo "[+] Summary report created: $OUTPUT_DIR/summary.html" ```_
Continuous Monitoring Script¶
```bash
!/bin/bash¶
Continuous web application monitoring with Nikto¶
CONFIG_FILE="nikto_monitor.conf" LOG_DIR="nikto_monitoring" ALERT_EMAIL="security@company.com"
Create default config if it doesn't exist¶
if [ ! -f "\(CONFIG_FILE" ]; then cat > "\)CONFIG_FILE" << 'EOF'
Nikto monitoring configuration¶
Format: URL|SCAN_INTERVAL|ALERT_THRESHOLD¶
https://app1.company.com|86400|5 https://app2.company.com|43200|3 http://internal.app.com:8080|21600|10 EOF echo "Created default config: $CONFIG_FILE" echo "Edit the configuration and run again" exit 1 fi
mkdir -p "$LOG_DIR"
Function to send alert¶
send_alert() \\{ local target="\(1" local findings="\)2" local threshold="\(3" local report_file="\)4"
if [ "$findings" -gt "$threshold" ]; then
echo "ALERT: $target has $findings findings (threshold: $threshold)"|\
mail -s "Nikto Alert: $target" -A "$report_file" "$ALERT_EMAIL" 2>/dev/null||\
echo "Alert: $target has $findings findings (email failed)"
fi
\\}
Function to scan target¶
monitor_target() \\{ local target="\(1" local threshold="\)2" local timestamp=\((date +%Y%m%d_%H%M%S) local target_name=\)(echo "\(target"|sed 's|https\?://||'|sed 's|[:/]|_|g') local report_file="\)LOG_DIR/\(\\\\{target_name\\\\}_\)timestamp.txt"
echo "[$(date)] Scanning $target"
# Run Nikto scan
nikto -h "$target" \
-Tuning 1,2,3,4,5,7,8,9,a,b,c \
-Format txt \
-o "$report_file" \
-timeout 10 \
-maxtime 1800 \
> /dev/null 2>&1
if [ -f "$report_file" ]; then
# Count findings
findings=$(grep -c "+" "$report_file" 2>/dev/null||echo "0")
echo "[$(date)] $target: $findings findings"
# Send alert if threshold exceeded
send_alert "$target" "$findings" "$threshold" "$report_file"
# Keep only last 10 reports per target
ls -t "$LOG_DIR/$\\\\{target_name\\\\}_"*.txt 2>/dev/null|tail -n +11|xargs rm -f 2>/dev/null
return 0
else
echo "[$(date)] $target: Scan failed"
return 1
fi
\\}
Main monitoring loop¶
echo "[$(date)] Starting Nikto monitoring"
while true; do while IFS='|' read -r target interval threshold; do # Skip comments and empty lines [[ "\(target" =~ ^#.*\)||-z "$target" ]] && continue
# Check if it's time to scan this target
target_name=$(echo "$target"|sed 's|https\?://||'|sed 's|[:/]|_|g')
last_scan_file="$LOG_DIR/.$\\\\{target_name\\\\}_last_scan"
current_time=$(date +%s)
if [ -f "$last_scan_file" ]; then
last_scan=$(cat "$last_scan_file")
time_diff=$((current_time - last_scan))
if [ "$time_diff" -lt "$interval" ]; then
continue # Not time to scan yet
fi
fi
# Update last scan time
echo "$current_time" > "$last_scan_file"
# Run scan in background
monitor_target "$target" "$threshold" &
done < "$CONFIG_FILE"
# Wait before next check
sleep 300 # Check every 5 minutes
done ```_
Schwachstelle Korrelation Skript¶
```bash
!/bin/bash¶
Correlate Nikto findings with CVE database¶
NIKTO_REPORT="$1" OUTPUT_FILE="nikto_cve_correlation.html"
if [ -z "\(NIKTO_REPORT" ]||[ ! -f "\)NIKTO_REPORT" ]; then
echo "Usage: $0
echo "[+] Correlating Nikto findings with CVE database"
Extract findings from Nikto report¶
grep "+" "\(NIKTO_REPORT"|while IFS= read -r line; do # Extract relevant information finding=\)(echo "$line"|sed 's/^+ //')
# Search for CVE references
cve_refs=$(echo "$finding"|grep -oE 'CVE-[0-9]\\\\{4\\\\}-[0-9]+'|sort -u)
if [ -n "$cve_refs" ]; then
echo "Finding: $finding"
echo "CVE References: $cve_refs"
echo "---"
fi
done > nikto_cve_findings.txt
Generate HTML report with CVE links¶
python3 << 'EOF' import re import requests import json from datetime import datetime
Read Nikto findings¶
with open('nikto_cve_findings.txt', 'r') as f: content = f.read()
Parse findings¶
findings = [] current_finding = \\{\\}
for line in content.split('\n'): if line.startswith('Finding: '): if current_finding: findings.append(current_finding) current_finding = \\{'finding': line[9:], 'cves': []\\} elif line.startswith('CVE References: '): cve_refs = line[16:].split() current_finding['cves'] = cve_refs
if current_finding: findings.append(current_finding)
Generate HTML report¶
html_content = f"""
Nikto CVE Correlation Report
Generated on: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}
Total findings with CVE references: \\\\{len(findings)\\\\}
""" for finding in findings: html_content += f"""Finding
\\\\{finding['finding']\\\\}
CVE References
""" for cve in finding['cves']: cve_url = f"https://cve.mitre.org/cgi-bin/cvename.cgi?name=\\\\{cve\\\\}" nvd_url = f"https://nvd.nist.gov/vuln/detail/\\\\{cve\\\\}" html_content += f""" """ html_content += """"
with open('nikto_cve_correlation.html', 'w') as f: f.write(html_content)
print(f"CVE correlation report generated: nikto_cve_correlation.html") print(f"Found \\{len(findings)\\} findings with CVE references") EOF
echo "[+] CVE correlation completed" echo "[+] Report saved: nikto_cve_correlation.html" ```_
Integrationsskripte¶
Nmap + Nikto Integration¶
```bash
!/bin/bash¶
Discover web services with Nmap, then scan with Nikto¶
NETWORK="\(1" OUTPUT_DIR="nmap_nikto_\)(date +%Y%m%d_%H%M%S)"
if [ -z "$NETWORK" ]; then
echo "Usage: $0
mkdir -p "$OUTPUT_DIR"
echo "[+] Discovering web services with Nmap"
Discover web services¶
nmap -sS -p 80,443,8080,8443,8000,8888,9000,9090 \ --open \ -oG "\(OUTPUT_DIR/nmap_web_services.gnmap" \ "\)NETWORK"
Extract web services¶
grep -E "(80|443|8080|8443|8000|8888|9000|9090)/open" "$OUTPUT_DIR/nmap_web_services.gnmap"|\ awk '\\{print \(2\\\\}'|sort -u > "\)OUTPUT_DIR/web_hosts.txt"
echo "[+] Found \((wc -l < "\)OUTPUT_DIR/web_hosts.txt") hosts with web services"
Scan each host with Nikto¶
while IFS= read -r host; do echo "[+] Scanning $host with Nikto"
# Get open ports for this host
ports=$(grep "$host" "$OUTPUT_DIR/nmap_web_services.gnmap"|\
grep -oE '[0-9]+/open'|cut -d'/' -f1|tr '\n' ','|sed 's/,$//')
if [ -n "$ports" ]; then
nikto -h "$host" -p "$ports" \
-Format txt,xml \
-o "$OUTPUT_DIR/$\\\\{host\\\\}_nikto" \
-timeout 10 \
-maxtime 1800
fi
sleep 5 # Be respectful
done < "$OUTPUT_DIR/web_hosts.txt"
echo "[+] Nmap + Nikto scan completed" echo "[+] Results saved in: $OUTPUT_DIR" ```_
Integration von Burp Suite¶
```bash
!/bin/bash¶
Export Nikto findings to Burp Suite format¶
NIKTO_REPORT="$1" BURP_OUTPUT="nikto_for_burp.xml"
if [ -z "\(NIKTO_REPORT" ]||[ ! -f "\)NIKTO_REPORT" ]; then
echo "Usage: $0
echo "[+] Converting Nikto report to Burp Suite format"
python3 << 'EOF' import xml.etree.ElementTree as ET import sys
Read Nikto XML report¶
try: tree = ET.parse(sys.argv[1]) root = tree.getroot() except: print("Error: Could not parse Nikto XML report") sys.exit(1)
Create Burp Suite XML structure¶
burp_root = ET.Element("issues")
for scan in root.findall('.//scan'): target_host = scan.get('targethost', '') target_port = scan.get('targetport', '80')
for item in scan.findall('.//item'):
issue = ET.SubElement(burp_root, "issue")
# Basic issue information
ET.SubElement(issue, "serialNumber").text = item.get('id', '')
ET.SubElement(issue, "type").text = "5244416" # Information disclosure
ET.SubElement(issue, "name").text = "Nikto Finding"
ET.SubElement(issue, "host").text = target_host
ET.SubElement(issue, "port").text = target_port
ET.SubElement(issue, "protocol").text = "http"
ET.SubElement(issue, "path").text = item.get('uri', '/')
# Issue details
description = item.get('description', '')
ET.SubElement(issue, "issueDetail").text = description
# Severity mapping
osvdb_id = item.get('osvdb', '')
if 'critical' in description.lower() or 'high' in description.lower():
severity = "High"
elif 'medium' in description.lower():
severity = "Medium"
else:
severity = "Information"
ET.SubElement(issue, "severity").text = severity
ET.SubElement(issue, "confidence").text = "Certain"
Write Burp Suite XML¶
tree = ET.ElementTree(burp_root) tree.write('nikto_for_burp.xml', encoding='utf-8', xml_declaration=True)
print("Burp Suite XML generated: nikto_for_burp.xml") print("Import this file into Burp Suite via Target > Site map > Import") EOF
echo "[+] Conversion completed: $BURP_OUTPUT" ```_
Fehlerbehebung¶
Gemeinsame Themen¶
SSL/TLS Probleme¶
```bash
Test SSL connectivity¶
openssl s_client -connect target.com:443
Force SSL version¶
nikto -h https://target.com -ssl -sslversion 3
Ignore SSL certificate errors¶
nikto -h https://target.com -ssl -nossl
Debug SSL issues¶
nikto -h https://target.com -ssl -Display E ```_
Timeout-Ausgaben¶
```bash
Increase timeout¶
nikto -h target.com -timeout 30
Set maximum scan time¶
nikto -h target.com -maxtime 7200
Reduce scan scope¶
nikto -h target.com -Tuning 1,2,3
Use fewer plugins¶
nikto -h target.com -Plugins "headers,robots" ```_
Leistungsfragen¶
```bash
Reduce scan intensity¶
nikto -h target.com -Pause 5
Limit concurrent connections¶
nikto -h target.com -timeout 10 -maxtime 3600
Use specific tuning to reduce load¶
nikto -h target.com -Tuning x6 # Exclude DoS tests
Scan specific directories only¶
nikto -h target.com -root /app/ ```_
Datenbank-Updates¶
```bash
Update Nikto database¶
nikto -update
Check database version¶
nikto -Version
Manual database update¶
cd /var/lib/nikto wget https://cirt.net/nikto/UPDATES/2.1.6/db_tests ```_
Debugging und Logging¶
```bash
Enable debug output¶
nikto -h target.com -Display E
Verbose output¶
nikto -h target.com -verbose
Save debug information¶
nikto -h target.com -Display E -o debug.log
Check configuration¶
nikto -config ```_
Ressourcen¶
- [offizielle Nikto-Website](LINK_7
- [Nikto GitHub Repository](LINK_7
- Nikto-Dokumentation
- Web Application Security Test
- (LINK_7_)
- [Web Server Security](LINK_7_
- (LINK_7)
--
*Dieses Betrugsblatt bietet eine umfassende Referenz für die Verwendung von Nikto für Webserver Schwachstelle Scannen. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *