Vulnerability scanning with Nikto

Nikto is a very popular and easy to use webserver assessment tool to find potential problems and vulnerabilities very quickly. This tutorial shows you how to scan webservers for vulnerabilities using Nikto in Kali Linux. Nikto comes standard as a tool with Kali Linux and should be your first choice when pen testing webservers and web applications. Nikto is scanning for 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers according to the official Nikto website. You should know that Nikto is not designed as a stealthy tool and scans the target in the fastest way possible which makes the scanning process very obvious in the log files of an intrusion detection systems (IDS).

Nikto comes with the following features:

These are some of the major features in the current version:

  • SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
  • Full HTTP proxy support
  • Checks for outdated server components
  • Save reports in plain text, XML, HTML, NBE or CSV
  • Template engine to easily customize reports
  • Scan multiple ports on a server, or multiple servers via input file (including nmap output)
  • LibWhisker’s IDS encoding techniques
  • Easily updated via command line
  • Identifies installed software via headers, favicons and files
  • Host authentication with Basic and NTLM
  • Subdomain guessing
  • Apache and cgiwrap username enumeration
  • Mutation techniques to “fish” for content on web servers
  • Scan tuning to include or exclude entire classes of vulnerability
  • Guess credentials for authorization realms (including many default id/pw combos)
  • Authorization guessing handles any directory, not just the root
  • Enhanced false positive reduction via multiple methods: headers,
    page content, and content hashing
  • Reports “unusual” headers seen
  • Interactive status, pause and changes to verbosity settings
  • Save full request/response for positive tests
  • Replay saved positive requests
  • Maximum execution time per target
  • Auto-pause at a specified time
  • Checks for common “parking” sites
  • Logging to Metasploit
  • Thorough documentation

Another nice feature in Nikto is the possibility to define the test using the -Tuning parameter. This will let you run only the tests you need which can safe you a lot of time:

0 – File Upload
1 – Interesting File / Seen in logs
2 – Misconfiguration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service
7 – Remote File Retrieval – Server Wide
8 – Command Execution / Remote Shell
9 – SQL Injection

a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options (i.e., include all except specified)

Nikto has it’s own updating mechanism. We encourage you to check for updates before using Nikto. Nikto can be updated using the following command:

nikto -update

Scanning webservers with Nikto

Let’s start Nikto to scan for interesting files with option 1 using the following command:
nikto -host [hostname or IP]-Tuning 1

Nikto webserver scanner kali

Nikto will now display the Apache, OpenSSL and PHP version of the targeted webserver. Also it will give you an overview of possible vulnerabilities including the Open Source Vulnerabilities Database (OSVDB) reference. When you search the OSVDB website for the reference code it will explain the possible vulnerability in more detail. The OSVDB project currently covers more than 120,980 vulnerabilities, spanning 198,973 products from 4,735 researchers, over 113 years.

Running all Nikto scans against a host

To run all scans against a particular host you can use the following command:

nikto -host [hostname or IP]

Running all scans will take a lot of time to complete.

Running Nikto against multiple hosts

Nikto offers several options to test multiple hosts:

  • By using a valid hosts file containing one host per line
  • Piping Nmap output to Nikto.

A valid host file is a text file containing the hosts, you have to use one line for each host in order to make it valid for Nikto. Instead of using the hostname as an argument for the -h option you should use the filepath to the valid hosts file.

Another solution is to pipe the Nmap output to Nikto. Nmap will output the valid hosts to Nikto and Nikto will run the selected scans against these hosts. The following command will run a Nmap scan on host – using a grepable output which is defined by the -oG- flag:

nmap -p80 -oG – | nikto -h –

Please note that you should use a dash (-) for Nikto’s host option to use the hosts supplied by Nmap.

In your nikto scan options, use tack capital F htm to signify the output format as html.

Below is an example command:

nikto -h -Display V -F htm -output niktoscan.html

(H/T to

Load testing software comparison

Below is a fairly comprehensive list of most widely used performance testing tools for measuring web application performance and load stress capacity, current as of this post date (2012-09-19). These load testing tools will ensure your application performance in peak traffic and extreme stress conditions.

The list includes open source as well as licensed performance testing tools. But almost all licensed tools have free trial version so that you can get chance to work hands-on before deciding which is the best tool for your needs.

Top 15 Performance Testing Tools

  • Apache JMeter
  • NeoLoad
  • LoadRunner
  • Appvance
  • LoadUI
  • WebLOAD
  • WAPT
  • Loadster
  • LoadImpact
  • Rational Performance Tester
  • Testing Anywhere
  • OpenSTA
  • QEngine (ManageEngine)
  • Loadstorm
  • CloudTest
  • Httperf

1. Apache JMeter

Apache JMeter

Description: Open source load testing tool: It is a Java platform application. It is mainly considered as a performance testing tool and it can also be integrated with the test plan. In addition to the load test plan, you can also create a functional test plan.  This tool has the capacity to be loaded into a server or network so as to check on its performance and analyze its working under different conditions. Initially, it was introduced for testing the web applications, but later its scope had widened.   It is of great use in testing the functional performance of the resources such as Servlets, Perl Scripts and JAVA objects.  Need JVM 1.4 or higher to run.

Apache JMeter System Requirements:  Unix and Windows
Download link: Apache JMeter download

2. NeoLoad


Description: Load and performance testing software: This is a tool used for measuring and analyzing the performance of the website. The performance and the end result can be evaluated by using this tool and any further steps can be taken. This helps you in improving and optimizing the performance of your web application. This tool analysis the performance of the web application by increasing the traffic to the website and the performance under heavy load can be determined. You can get to know the capacity of the application and the amount of users it can handle at the same time. This tool was developed by a French company named as Netosys and it was written in JAVA.  It is available in two different languages; English and French.

NeoLoad System Requirements:  This tool is compatible on operating systems like Microsoft windows, Linux and Solaris.
Download link: NeoLoad download

3. LoadRunner


Description: This is a HP product which can be used as a performance testing tool.  This can be bought as a HP product from its HP software division.  Also, it is very much useful in understanding and determining the performance and outcome of the system when there is actual load. One of the key attractive features of this testing tool is that, it can create and handle thousands of users at the same time. This tool enables you to gather all the required information with respect to the performance and also based on the infrastructure.  The LoadRunner comprises of different tools; namely, Virtual User Generator, Controller, Load Generator and Analysis.

LoadRunner System Requirements: Microsoft Windows and Linux are the favourable OS for this measuring tool.
Download link: LoadRunner download

4. Appvance


Description: Next Generation App Performance Testing Platform: Appvance PerformanceCloud is a broad-scale platform targeted at enterprise clients which can fully exercise apps from beginning (at the UX) to end. The platform is used to surface deep app and site issues from functional to load and stress and performance to APM. Unique designer functionality allows codeless test creation even from modern AJAX sites driving rapid productivity gains in SQA, and playback occurs on actual browsers in the cloud through the firms uxAvatar technology. Compatible with Selenium, JMeter, Dynatrace, Oracle Forms, Flash/Flex and more, and can test up to 10M concurrent users.

Appvance System Requirements:  Runs in private or public cloud
Demo link:  Appvance

5. LoadUI


Description: Open Source Stress Testing Tool: Load UI is yet another open source and load testing software used for measuring the performance of the web applications. This tool works effectively when it is integrated with the functional testing tool soapUI. LoadUI is the most flexible and interactive testing tools. This allows you to create, configure and update your tests while the application is being tested. It also gives a visual Aid for the user with a drag and drop experience. This is not a static performance tool. The advanced analysis and report generating features allows you to examine the actual performance by pumping in new data even while the application is being tested. You need not bother to restart the LoadUI each and every time you modify or change the application. It automatically gets updated in the interface.

System Requirements: Cross platform.
Price: This tool being a open source application, it is available for free and everyone can have the easy access to its full source code.
Download link: LoadUI download

6. WebLOAD


Description: Load testing and stress testing tool for web application: To find out the bottlenecks of the website, it is necessary to examine the pros and cons. There are many performance testing tools available for measuring the performance of the certain web application. WebLoad is one such tool used for load testing and stress testing. This tool can be used for Load testing any internet applications such as Ajax, Adobe Flex, Oracle Forms and much more. Through this tool, you have the ability to measure the working performance and also its response to the users. This was developed by the Radview Software for the testing of Web applications.  This tool was a famous and award fetching software of the Radview Software. This tool is widely used in the environment where there is a high demand for maximum Load testing. This tool gives you a clear information on the functionality and the actual capacity of the web applications.

WebLOAD System Requirements: Cross Platform.
Download link: WebLOAD download



Description: Performance testing tool for web sites and intranet applications: WAPT refers to the Web Application Performance tool.  These are scales or analyzing tools for measuring the performance and output of any web application or web related interfaces. These tools help us to measure the performance of any web services, web applications or for any other web interfaces. With this tool you have the advantage of testing the web application performances in various different environment and different load conditions. WAPT provides detailed information about the virtual users and its output to its users during the load testing. This is considered to be the best cost effective tool for analyzing the performance of the web services. The WAPT tools can tests the web application on its compatibility with browser and operating system. It is also used for testing the compatibility with the windows application in certain cases.

WAPT System Requirement: Windows OS is required for this testing tool.
Download link: WAPT download

8. Loadster


Description: Loadster is a desktop based advanced HTTP load testing tool. The web browser can be used to record the scripts which is easy to use and record. Using the GUI you can modify the basic script with dynamic variables to validate response. With control over network bandwidth you can simulate large virtual user base for your application stress tests. After test is executed HTML report is generated for analysis. This tool is best to identify performance bottlenecks in your application.

Loadster System Requirements: Windows 7/Vista/XP
Download link: Loadster download

9. LoadImpact


Description: LoadImpact is a load testing tool which is mainly used in the cloud-based services. This also helps in website optimization and improvising the working of any web application. This tools generates traffic to the website by simulating users so as to find the stress and maximum load it can work. This LoadImpact comprises of two main parts; the load testing tool and the page analyzer. The load testing can be divided into three types such as Fixed, Ramp up and Timeout. The page analyzer works similar to a browser and it gives information regarding the working and statistics of the website. The fame of developing this load testing tool belongs to Gatorhole AB. This is a freemium service which means that, it can be acquired for free and also available for premium price. But, you have the advantage of many options and features when you buy them for premium price.

System Requirement: This works well on Windows OS and Linux.
Download link: LoadImpact download

10. Rational Performance Tester

Rational Performance Tester

Description: The Rational performance tester is an automated performance testing tool which can be used for a web application or a server based application where there is a process of input and output is involved. This tool creates a demo of the original transaction process between the user and the web service. By the end of it all the statistical information are gathered and they are analyzed to increase the efficiency. Any leakage in the website or the server can be identified and rectified immediately with the help of this tool. This tool can be the best option in building a effective and error free cloud computing service. This Rational Performance tester was developed by IBM (Rational software division). They have come up with many versions of this automated testing tool.

Rational Performance Tester System Requirement: Microsoft Windows and Linux AIX good enough for this performance testing tool.
Download link: Rational Performance Tester download

11. Testing Anywhere

Testing Anywhere

Description: Test Anywhere is a automated testing tool which can be employed for testing the performance of any web sites, web applications or any other objects. Many developers and testers make use if this tool to find out any bottlenecks in their web application and rectify them accordingly. It is a powerful tool which can test any application automatically. This testing tool comes along with a built in editor which allows the users to edit the testing criteria according to their needs. The testing anywhere tool involves 5 simple steps to create a test. They are object recorder, advanced web recorder, SMART test recorder, Image recognition and Editor with 385+ comments. Originally, this testing software was developed by San Jose based Automation Anywhere Inc. Today, there are more than 25000 users for this product.

Testing Anywhere System Requirement:   This tool is compatible with all versions of Windows OS.
Download link: Testing Anywhere download

12. OpenSTA


Description: Open source HTTP performance test tools: Open STA stands for Open System Testing Architecture. This is a GUI based performance tool used by application developers for load testing and analyzing. This is believed to be a complex tool among the all other performance testing tools. It has proven capability in the past and the current toolset is capable of performing the heavy load test and analyses for the scripted HTTP and HTTPS. Here, the testing is carried out by using the recordings and simple scripts. To carry out the test successfully, results and other statistics are taken through various test runs. These data and results can be later exported to software for creating reports. This is a free testing tool and it is distributed under GNU GPL and it will remain free forever. This tool was originally developed by Cyrano, which was later taken over by Quotium.

OpenSTA System Requirement:  OpenSTA runs only on Windows operating system.
Download link: OpenSTA download

13. QEngine (ManageEngine)

QEngine (ManageEngine)

Description: QEngine (ManageEngine) is a most common and easy-to-use automated testing tool helping in performance testing and load testing of your web applications. Many developers find it to be the most simple and easy tool to use for finding out any leakage in their web services or websites. The key important feature of this testing tool is its ability to perform remote testing of web services from any geographical location. Other than that, QEngine (ManageEngine) also offers carious other testing options such as functionality testing, compatibility testing, stress testing , load testing and regression testing. This automated testing tool has the capacity to generate and simulate lot if users so that the performance can be well analyzed in the during the maximum load. This is a free software available for the users online.

QEngine System Requirement:  This tool works with the Microsoft Windows and Linux.
Download link: QEngine download

14. Loadstorm


Description: Cloud load testing for web applications: Loadstorm is the cheapest available performance and load testing tool. Here, you have the option of creating your own test plans, testing criteria and testing scenario. You can generate up to 50000 concurrent users by generating traffic to your website and then carry out the testing. Through this tool, you can bring an end to all the expensive performance testing tools. The cloud infrastructure is used in this tool, which enables you to send huge amount of requests per second. There are thousands of servers available around the world for this software. They are proudly known as the lowest cloud load testing tool. There is no need of any scripting knowledge for using this tool. You will be provided with many graphs and reports which measures the performance in various metrics such as error rates, average response time and number of users. This tool is available for free, but the premium account comes with added features.

Loadstorm System Requirement:  Windows OS.
Download link: Loadstorm download

15. CloudTest

Soasta cloudtest

Description: SOASTA CloudTest is a performance testing tool for the cloud computers. The users or the developers can use the cloud platform as their virtual testing lab. The developers can carry out their per4formance or load testing in the cloud platform in the cost effective way through this CloudTest tool. This CloudTest has the capacity to enable number of users to use the website at the same time. It also increases the traffic of the website to know the actual performance under stress and heavy load. The credit of developing this software goes to an American Technology company, SOASTA Inc. They provide many services for testing the websites and other web applications and now they also help in testing the mobile applications. They are not free services, the price differs according to the number of load injector machines required per hour by you. The trial version with power of 100 concurrent users is available for free.

SOASTA CloudTest System Requirement:  It runs on Windows, Linux and Mac OS.
Download link: SOASTA CloudTest download

Plus one more:

16. Httperf


Description: Httperf is a high performance testing tool for measuring and analyzing the performance of any web services and web applications. This is mainly used to the test the HTTP servers and its performance. The main objective of this testing tool would be to count the number of responses generated from this particular server. This generates the HTTP GET requests from the server which helps in summarizing the overall performance of the server. Through this tool, you will be able to conclude the rate at which the response is sent from each server and thereby the efficiency can be calculated. The ability to sustain the server overload, support the HTTP/1.1 protocol and compatibility with new workload are the three key features of this performance testing tool.  This was originally developed by David Mosberger and many others at HP. This is a Hewlett Packard product.

Httperf System Requirement: Windows and Linux.
Download link: Httperf download


Related Posts

Share This