🛡️ Nikto: Web Security Testing Tool
Nikto is an open-source web server security scanner that performs comprehensive tests against web servers for multiple vulnerabilities.
🔧 Key Features of Nikto:
- Written in Perl - Cross-platform compatibility
- Web server scanning - Detects dangerous files/CGIs
- Vulnerability identification - Finds security weaknesses
- Misconfiguration detection - Identifies server issues
- Software version checking - Checks outdated software
- Plugins support - Extensible with additional checks
💻 Basic Nikto Commands:
Basic Scan:
nikto -h https://example.com
Scan with Specific Port:
nikto -h example.com -p 443
Save Output to File:
nikto -h example.com -o results.txt
🎯 Common Use Cases:
| Scenario | Command | Purpose |
|---|---|---|
| Basic vulnerability scan | nikto -h target.com |
General security check |
| SSL/TLS scan | nikto -h target.com -ssl |
Check SSL configuration |
| Specific port scan | nikto -h target.com -p 8080 |
Scan non-standard ports |
| Aggressive scan | nikto -h target.com -Tuning 5 |
More thorough testing |
⚠️ Important Notes:
Legal and Ethical Use:
- Only scan servers you own or have permission to test
- Unauthorized scanning is illegal in many countries
- Always get written permission before testing
- Use in controlled environments (labs, authorized pentests)
📊 Sample Output Interpretation:
Understanding Nikto Results:
+ Server: Apache/2.4.29 (Ubuntu) + Retrieved x-powered-by header: PHP/7.2.24 + Root page / redirects to: http://example.com/login.php + OSVDB-3092: /phpmyadmin/: phpMyAdmin directory found
What to look for:
- ❌ Red flags: Default files, outdated software
- ⚠️ Warnings: Directory listings, information disclosure
- ✅ Good signs: Security headers, updated software
🔧 Installation Guide:
🐧 Linux (Kali/Ubuntu)
sudo apt update sudo apt install nikto
🍎 macOS
brew update brew install nikto
🪟 Windows (via WSL)
wsl --install sudo apt install nikto
📚 Learning Resources:
- Official Documentation: cirt.net/Nikto2
- GitHub Repository: github.com/sullo/nikto
- Cheat Sheet: SANS Nikto Cheat Sheet
- Video Tutorials: YouTube search "Nikto Tutorial"
💡 Pro Tip:
Nikto is best used as part of a comprehensive security assessment. Combine it with other tools like:
- Nmap - Network scanning
- OWASP ZAP - Application security testing
- Burp Suite - Web vulnerability scanning
- Metasploit - Exploitation framework
🛡️ Nikto: Ferramenta Teste Seguransa Web
Nikto mak sai ferramenta ida ba teste seguransa web ne'ebé uza hodi hasai informasaun kona-ba server web no pájina web sira.
🔧 Funsaun Nikto nian:
- Hakerek ho lian Perl - Kompatibilidade multiplataforma
- Eskaneamentu server web - Deteta arquivu/CGI perigozu
- Identifika vulnerabilidade - Hetan frakeza seguransa
- Deteta konfigurasaun la loos - Identifika problema server
- Verifika versão software - Hetke software tuan
- Suporta plugins - Bele estende ho verifikasaun adicional
💻 Komandu Báziku Nikto:
Eskaneamentu Báziku:
nikto -h https://ezemplu.com
Eskaneamentu ho Portu Espesífiku:
nikto -h ezemplu.com -p 443
Rai Rezultadu ba Ficheiru:
nikto -h ezemplu.com -o rezultadu.txt
🎯 Kazu Uza Komún:
| Szenáriu | Komandu | Objetivu |
|---|---|---|
| Eskaneamentu vulnerabilidade báziku | nikto -h alvu.com |
Verifikasaun seguransa jeral |
| Eskaneamentu SSL/TLS | nikto -h alvu.com -ssl |
Hetke konfigurasaun SSL |
| Eskaneamentu portu espesífiku | nikto -h alvu.com -p 8080 |
Eskaneamentu portu la padrón |
| Eskaneamentu agresivu | nikto -h alvu.com -Tuning 5 |
Teste kompletu liu |
⚠️ Nota Importante:
Uzu Légal no Étiku:
- De'it eskaneia server ne'ebé ita boot sai donu ka iha permissaun atu testa
- Eskaneamentu la autorizadu ilegal iha nasaun barak
- Sempre hetan permissaun hakerek molok testa
- Uza iha ambiente kontroladu (laboratóriu, pentest autorizadu)
📊 Interpretasaun Rezultadu Amostra:
Komprende Rezultadu Nikto:
+ Server: Apache/2.4.29 (Ubuntu) + Retrieved x-powered-by header: PHP/7.2.24 + Root page / redirects to: http://ezemplu.com/login.php + OSVDB-3092: /phpmyadmin/: phpMyAdmin directory found
Buat ne'ebé tenke hare:
- ❌ Bandeira mean: Ficheiru padrón, software tuan
- ⚠️ Avisu: Listajen diretóriu, diskolse informasaun
- ✅ Sinál di'ak: Header seguransa, software atualizadu
🔧 Guida Instalasaun:
🐧 Linux (Kali/Ubuntu)
sudo apt update sudo apt install nikto
🍎 macOS
brew update brew install nikto
🪟 Windows (via WSL)
wsl --install sudo apt install nikto
📚 Rekursu Aprendizajen:
- Dokumentasaun Ofisiál: cirt.net/Nikto2
- Repozitóriu GitHub: github.com/sullo/nikto
- Cheat Sheet: SANS Nikto Cheat Sheet
- Video Tutorial: YouTube buka "Nikto Tutorial"
🇹🇱 Nikto iha Timór-Leste:
Ema uza Nikto iha Timór hodi:
- Teste seguransa website governu nian - Garante website governu seguru
- Proteje server hosi atake hacker - Identifika frakeza molok hacker hetan
- Haree frakeza iha sistema komputadór nian - Imajina se mak baze iha Timór
- Edukasaun seguransa sibér - Uza ba fins edukasaun iha universidade
Nikto hanesan "tester" ida ne'ebé ajuda hetan problema molok hacker sira utiliza.
💡 Dika Profisionál:
Nikto di'ak liu uza hanesan parte ida husi avaliasaun seguransa kompletu. Kombina ho ferramenta seluk hanesan:
- Nmap - Eskaneamentu rede
- OWASP ZAP - Teste seguransa aplikasaun
- Burp Suite - Eskaneamentu vulnerabilidade web
- Metasploit - Framework eksploitasaun