NIKTO Web Scanner
The NIKTO web scanner is a popular open source scanner, used mostly on Apache servers, that runs a comprehensive suite of tests to check for security vulnerabilities and configuration issues. As it turns out, a point of NIKTO trivia is to know that the name “NIKTO” came from a cult science fiction movie called “The Day the Earth Stood Still.” The word “NIKTO” was the last word in the code phrase, “Klaatu Barada NIKTO” which would stop Gort, a robot in the movie, from using his vast destructive powers on the earth.
Movie trivia aside, NIKTO works with literally any web server, although it is mostly used today is on Apache. The NIKTO web scanner runs a comprehensive suite of tests that includes identifying over 6500+ malicious files and programs. It also checks for misconfigurations, also a source of vulnerability, as well as version level issues on over 250+ server types. NIKTO also checks for multiple index files and HTTP server options. It will also identify and enumerate both web servers and the software installed. The basic plugins are frequently updated, so you can use the automatic update feature in NIKTO to stay current.
The NIKTO 1.00 beta release came out in December 2001 with subsequent bug fixes that year. Over several years NIKTO’s popularity increased substantially, and, in 2007 the next major release, 2.0 came out.
The NIKTO web scanner is designed for speed. It can test the targeted web servers rapidly, but will be detected afterwards in IPS/IDS files and other log file locations. NIKTO noise is an excellent way to test your Intrusion Detection System. Any set of web server log monitoring, host based intrusion detection or network based intrusion detection should detect NIKTO scanning if they are properly configured and set up correctly.
NIKTO includes many basic features. NIKTO provides full HTTP proxy support and SSL support. SSL support includes at least Unix with OpenSSL. NIKTO checks server components to see if any require upgrade with a later release. All of NIKTO’s reports can be utilized in XML, HTML, CSV, or plain text. The report functions include a template “engine” which makes it relatively simple to customize reports.
NIKTO can also scan multiple ports on one server, or on multiple servers. Update can be done via command line . NIKTO will identify installed software. And supports host authentication with Basic and Windows New Technology LAN Manager (NTLM). NTLM is a suite of security protocols Microsoft has developed to authenticate users and help maintain data privacy. NIKTO also provides proxy support with authentication and support for cookies. NIKTO can be automatically updated from the command-line.
Executing a NIKTO scan of a web server is not complex. NIKTO is based on Perl, so it will run just about anywhere you have the right Perl interpreter installed. NIKTO is incorporated with the Kali Linux Penetration Testing distribution.
Selecting targets to scan is pretty straight forward with NIKTO. Targets can be entered individually or as a list for bulk uploads:
www.targetedwebsitefortesting.com—using the website on default Port 80
XX.XX.XX.XX—this is the IP address of a website on Port 80
https://www.targetedwebsitefortesting.com—this is an SSL website on default Port 443
In some cases, a web server will host multiple sites using virtual hosts. Virtual hosts allow for more than one website on one web server or system. So, www.samplecompany1.com and www.samplecompany2.com can be hosted on the same server. NIKTO allows you to test each of these virtual hosts to maximize your vulnerability coverage. It is highly useful to scan the hostname of the server and the IP address to make sure that all available paths are tested for vulnerabilities.
Sometimes a NIKTO scan can take quite a bit of time. It all depends on your web servers. NIKTO also produces excellent results in detecting and avoiding false positives.
Single Port NIKTO Scanning. The single port NIKTO scan requires a host to target, as port 80 is assumed if none is specified. The host can either be the IP or a hostname of a machine.
Multiple Port NIKTO Scanning. NIKTO can scan multiple ports from the same scanning session. This requires you specify the list of ports. Ports can be specified as a range or as comma delimited.
Multiple Hosts. NIKTO can scan multiple hosts in the same session by utilizing a text file of host names or IP addresses. A file of hosts should be formatted as one host per line. The port numbers should be provided at the end of each line. Ports can be separated from the host via a colon (or a comma). The default if no port is specific is that port 80 is assumed.
Configuration Variables. NIKTO configuration files are formatted like standard Unix Configuration files. Variables are set with VariableName=. Both blank lines and any line starting with “ # “ is ignored.
Data Structures. Data structures are used to communicate between plugins. Data structures are all standard Perl hash references. The mark hash contains complete information about a chosen target. The mark hash is read-only. The parameters hash contains all parameters that are directed to one of the plugins through one of the hooks. The parameters hash has both a key of the parameter name and the passed parameter. Parameters such as verbose will be automatically handled by NIKTO, but the parameters will still be included in the hash. The vulnerability hash contains, as you would expect, all information about a vulnerability.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.