文章目录
-
-
- 1,Nikto安装
- 2,基本使用方法
-
- [2.1 常规扫描](#2.1 常规扫描)
- 2.2自定义端口扫描
- [2.3扫描https URL](#2.3扫描https URL)
- 2.4导出扫描report
- 2.5交互式控制
- 专注提醒
- 推荐阅读
-
一直缺少一个可以扫描web安全的工具,Nessus目前也是越来越贵,不得已开始寻找开源替代方案。今天是评估的一个可以扫描web服务器的开源工具Nikto。
1,Nikto安装
Nikto 是由 Perl 语言编写的,因此运行它需要系统具备 Perl 环境及相关依赖,执行如下指令安装Perl:
bash
sudo apt-get install perl -y执行后,安装输出如下:
bash
mirror@pcq-adg-01:~$ sudo apt-get install perl -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
perl is already the newest version (5.38.2-3.2ubuntu0.2).
perl set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 55 not upgraded.为了能够正常扫描 HTTPS 网站,必须安装相关的 Perl SSL 模块。
bash
sudo apt install libio-socket-ssl-perl libnet-ssleay-perl -y执行后,安装输出如下:
bash
mirror@pcq-adg-01:~$ sudo apt install libio-socket-ssl-perl libnet-ssleay-perl -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
liburi-perl perl-openssl-defaults
Suggested packages:
libbusiness-isbn-perl libregexp-ipv6-perl libwww-perl debhelper
The following NEW packages will be installed:
libio-socket-ssl-perl libnet-ssleay-perl liburi-perl perl-openssl-defaults
0 upgraded, 4 newly installed, 0 to remove and 55 not upgraded.
Need to get 606 kB of archives.
After this operation, 2,285 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu noble/main amd64 perl-openssl-defaults amd64 7build3 [6,626 B]
Get:2 http://archive.ubuntu.com/ubuntu noble/main amd64 libnet-ssleay-perl amd64 1.94-1build4 [316 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble/main amd64 libio-socket-ssl-perl all 2.085-1 [195 kB]
Get:4 http://archive.ubuntu.com/ubuntu noble/main amd64 liburi-perl all 5.27-1 [88.0 kB]
Fetched 606 kB in 3s (198 kB/s)
Selecting previously unselected package perl-openssl-defaults:amd64.
(Reading database ... 126829 files and directories currently installed.)
Preparing to unpack .../perl-openssl-defaults_7build3_amd64.deb ...
Unpacking perl-openssl-defaults:amd64 (7build3) ...
Selecting previously unselected package libnet-ssleay-perl:amd64.
Preparing to unpack .../libnet-ssleay-perl_1.94-1build4_amd64.deb ...
Unpacking libnet-ssleay-perl:amd64 (1.94-1build4) ...
Selecting previously unselected package libio-socket-ssl-perl.
Preparing to unpack .../libio-socket-ssl-perl_2.085-1_all.deb ...
Unpacking libio-socket-ssl-perl (2.085-1) ...
Selecting previously unselected package liburi-perl.
Preparing to unpack .../liburi-perl_5.27-1_all.deb ...
Unpacking liburi-perl (5.27-1) ...
Setting up perl-openssl-defaults:amd64 (7build3) ...
Setting up liburi-perl (5.27-1) ...
Setting up libnet-ssleay-perl:amd64 (1.94-1build4) ...
Setting up libio-socket-ssl-perl (2.085-1) ...
Processing triggers for man-db (2.12.0-4build2) ...
Scanning processes...
Scanning candidates...
Scanning linux images...
Pending kernel upgrade!
Running kernel version:
6.8.0-100-generic
Diagnostics:
The currently running kernel version is not the expected kernel version 6.8.0-124-generic.
Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting.
Restarting services...
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart getty@tty1.service
systemctl restart getty@tty6.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.为了确保插件和数据库是最新版本,建议从官方的GitHub仓库clone最新版本,可以执行如下指令安装:
bash
git clone https://github.com/sullo/nikto.git执行后,安装输出如下,文件不大,取决与你的网速快慢:
bash
mirror@pcq-adg-01:~$ git clone https://github.com/sullo/nikto.git
Cloning into 'nikto'...
remote: Enumerating objects: 8183, done.
remote: Counting objects: 100% (3593/3593), done.
remote: Compressing objects: 100% (560/560), done.
remote: Total 8183 (delta 3353), reused 3110 (delta 3028), pack-reused 4590 (from 1)
Receiving objects: 100% (8183/8183), 5.04 MiB | 29.00 KiB/s, done.
Resolving deltas: 100% (6011/6011), done.安装完成后,继续执行目录下更新:
bash
cd nikto/program/
perl nikto.pl -update为了方便全局调用,你可以为脚本赋予执行权限并创建一个软链接到系统路径中:
bash
chmod +x nikto.pl
sudo ln -s $(pwd)/nikto.pl /usr/local/bin/nikto
cd2,基本使用方法
2.1 常规扫描
现在我们开始可以进行扫描执行:
bash
nikto -h IP默认是80端口,执行后,输出结果如下:
bash
mirror@pcq-adg-01:~$ nikto -h 192.168.1.2
- Nikto v2.6.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.2
+ Target Hostname: 192.168.1.2
+ Target Port: 80
+ Platform: Linux/Unix
+ Start Time: 2026-06-10 03:05:36 (GMT0)
---------------------------------------------------------------------------
+ Server: Apache/2.4.65 (Ubuntu)
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [600050] Apache/2.4.65 appears to be outdated (current is at least 2.4.66).
+ [999984] /: Server may leak inodes via ETags, header found with file /, inode: 29af, size: 5f6ebfe24a657, mtime: gzip. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
+ [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [999990] OPTIONS: Allowed HTTP Methods: OPTIONS, HEAD, GET, POST .2.2自定义端口扫描
bash
nikto -h domain.com -p 8080
nikto -h domain.com -p 80,443,80802.3扫描https URL
对 HTTPS 服务进行扫描时,需加上 -ssl 参数。这不仅能切换协议,还能自动忽略测试环境中常见的自签名证书警告,确保扫描顺利进行:
bash
nikto -h https://domain.com -ssl2.4导出扫描report
可以将扫描结果导出为html与csv格式:
bash
nikto -h domain.com -o report.html -Format htm
nikto -h domain.com -o results.csv -Format csv2.5交互式控制
在漫长的扫描过程中,你可以使用以下快捷键实时掌控进度:
空格键:查看当前扫描状态和剩余时间。
- v:切换详细模式(显示具体测试 URL)。
- d:开启调试模式(输出完整的 HTTP 请求头信息)。
- q:安全退出当前扫描
注意:开启调试模式时,会产生大量输出信息,需要注意可读性。
专注提醒
安全扫描会产生大量请求,必须在获得目标系统明确授权的情况下方可使用,严禁用于未授权的非法测试。扫描结果建议要由专业工具和人员分析处理。