group-icon
Hacker's Arena
Knowledge base and discussions group for Security enthusiasts
116 Members
Join this group to post and comment.
Naveen Sunil
Naveen Sunil
Information Technology
12 Jan 2019

Reconnaissance with Nikto

So if you're probably looking to do some serious Reconnaissance, then you might consider using Nikto. Nikto is an open source recon tool present in Kali and is also available on GitHub sullo/nikto

Nikto can be launched easily as,

nikto -h

The hostname could be an IP address or domain name.

There are certain tuning options available which can be used with flag -Tuning

These are the tuning options and you can use

0 - File Upload

1 - Interesting File / Seen in logs

2 - Misconfiguration / Default File

3 - Information Disclosure

4 - Injection (XSS/Script/HTML)

5 - Remote File Retrieval - Inside Web Root

6 - Denial of Service

7 - Remote File Retrieval - Server Wide

8 - Command Execution / Remote Shell

9 - SQL Injection

a - Authentication Bypass

b - Software Identification

c - Remote Source Inclusion      

x - Reverse Tuning Options (i.e., include all except specified)

So if you are scanning https://www.test.com/ for Injection, the format would be,

nikto -Tuning 4 -h test.com

To exclude any one scan, for example say SQLi,

nikto -Tuning x 9 -h test.com