CyberSec Lab — Nikto

███╗ ██╗██╗██╗ ██╗████████╗ ██████╗ ████╗ ██║██║██║ ██╔╝╚══██╔══╝██╔═══██╗ ██╔██╗ ██║██║█████╔╝ ██║ ██║ ██║ ██║╚██╗██║██║██╔═██╗ ██║ ██║ ██║ ██║ ╚████║██║██║ ██╗ ██║ ╚██████╔╝

NIKTO WEB SCANNER

WEB SERVER VULNERABILITY SCANNING LAB

MODULE 04 — MISCONFIGS · HEADERS · METHODS · CVEs · EXPOSED FILES

Initialising Nikto v2.1.6...

OBJECTIVES

Run a basic Nikto scan

Identify missing security headers

Find exposed sensitive files/paths

Find dangerous HTTP methods enabled

Scan HTTPS with -ssl flag

Use -Tuning to filter scan type

Save output with -o flag

Submit the pentest report

💻

Terminal

🔍

Findings Panel

📖

Reference

📝

Notepad

📋

Report

PENTEST ENGAGEMENT — AUTHORISED

NIKTO — WEB VULNERABILITY SCAN

TARGET: 10.10.16.10 — webserver.apexlab.local

SCENARIO

Nmap confirmed Apache 2.4.52 running on ports 80 and 443 on 10.10.16.10. Before manual exploitation, use Nikto to automatically scan the web server for misconfigurations, exposed files, dangerous HTTP methods, missing security headers, and known CVEs. Document all findings by severity.

TARGET

Property	Value
IP	10.10.16.10
Hostname	webserver.apexlab.local
HTTP port	80
HTTPS port	443
Web server	Apache 2.4.52 (Ubuntu)

PHASES

Phase 1 — Basic scan on port 80
Phase 2 — Scan HTTPS on port 443 (-ssl)
Phase 3 — Targeted scan with -Tuning
Phase 4 — Save output to file (-o)
Phase 5 — Review and report all findings

TUNING CODES

Code	Category
0	File upload
1	Interesting file / seen in logs
2	Misconfiguration / default file
3	Information disclosure
4	Injection (XSS/script)
5	Remote file retrieval (inside web root)
6	Denial of Service
7	Remote file retrieval (server-wide)
8	Command execution
9	SQL injection
a	Authentication bypass
b	Software identification
c	Remote source inclusion

TERMINAL — attacker@kali:~$

┌──(attacker㉿kali)-[~]

└─$ # Type "help" for available commands

└─$

FINDINGS PANEL — 10.10.16.10

CRITICAL

HIGH

MEDIUM

INFO

Run a Nikto scan to populate findings

Click a finding to see details

REFERENCE — NIKTO

BASIC SYNTAX

nikto -h [host] [options]

COMMON FLAGS

Flag	Description
-h [host]	Target host or IP
-p [port]	Target port (default 80)
-ssl	Force SSL/HTTPS scan
-Tuning [n]	Scan type tuning code
-o [file]	Save output to file
-Format [fmt]	Output format (txt/csv/html/xml)
-id [user:pass]	HTTP authentication
-useragent [ua]	Custom user-agent string
-timeout [sec]	Request timeout
-maxtime [sec]	Max scan duration

EXAMPLES

Basic HTTP scan

nikto -h 10.10.16.10

Specific port

nikto -h 10.10.16.10 -p 8080

HTTPS scan

nikto -h 10.10.16.10 -ssl

HTTPS on port 443

nikto -h 10.10.16.10 -p 443 -ssl

Tuning — interesting files only

nikto -h 10.10.16.10 -Tuning 1

Tuning — misconfigs + injection

nikto -h 10.10.16.10 -Tuning 24

Save to HTML file

nikto -h 10.10.16.10 -o results.html -Format html

Save to text file

nikto -h 10.10.16.10 -o nikto.txt

WHAT NIKTO CHECKS

Nikto tests for 6,700+ potentially dangerous files/programs, outdated server software, version-specific problems, and server configuration issues. It is not a stealth tool — all requests are logged by the target.

LIMITATIONS

Nikto generates significant noise and will be flagged by IDS/IPS. It checks for known issues only — it will not find custom application vulnerabilities, logic flaws, or authentication bypasses. Use Burp Suite for deeper web app testing.

NOTEPAD — SCAN NOTES

PENTEST REPORT — NIKTO WEB SCAN

SERVER IDENTIFICATION

WEB SERVER SOFTWARE

SCRIPTING LANGUAGE

KEY FINDINGS

DANGEROUS HTTP METHODS

EXPOSED SENSITIVE PATH

MISSING SECURITY HEADER

CVE REFERENCED

SCAN COVERAGE

HTTPS SCANNED

OUTPUT SAVED TO FILE

HIGHEST SEVERITY FOUND

TUNING FLAG USED

Score: 0 / 8