Scan and find the vulnerability of a server Ip using Nikto in Kali Linux

Auntor Acharja
3 min readSep 20, 2020

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

For this blog I use this IP address

  1. To start nikto in Kali Linux, open a terminal and type nikto

2. Now type nikto -h to see all the functionality that used in nikto.

3. If you want to scan a server IP then type this command, it will take some time and show you some vulnerability if exists.

Command: nikto -h serverIp .

Example: nikto -h

Here -h means the host.

4. If you want to scan a specific port for server IP, then type this command and enter. it will show you the result.

Command: nikto -h serverIp -p port

Example: nikto -h -p 80

Here -p means Port

5. If you want to save the scanning result into a text file directly then you need to use this command.

Command: nikto -h serverIp -o fileName -F fileExtension

Example: nikto -h -o result -F txt

6. We can use a proxy server and scan serverIp.For this process first, we need to go to the Nikto config file and uncomment these two lines.

Then save the file.

We can find out nikto config file using this command.

Command: locate nikto.conf

After saving the file go to terminal and enter this command. It will start a scan but this time using proxy.

Command: nikto -h serverIp -useproxy

Example: nikto -h -useproxy

— Happy Hacking —