Nikto tutorial for kali linux

This is a basic nikto tutorial for kali linux. It will get you started with nikto. For advanced usage, see ‘man nikto’ or

Nikto tutorial: Basic usage

nikto -h

There isnt much output, so you generally dont know whats happening, so it might be good to enable verbose output:

nikto -Display V -h

One of the great things you can do with nikto is to specify the type of checks it runs:
from the man page:

           Tuning options will control the test that Nikto will use against a
           target. By default, if any options are specified, only those tests
           will be performed. If the "x" option is used, it will reverse the
           logic and exclude only those tests. Use the reference number or
           letter to specify the type, multiple may be used:

           0 - File Upload

           1 - Interesting File / Seen in logs

           2 - Misconfiguration / Default File

           3 - Information Disclosure

           4 - Injection (XSS/Script/HTML)

           5 - Remote File Retrieval - Inside Web Root

           6 - Denial of Service

           7 - Remote File Retrieval - Server Wide

           8 - Command Execution / Remote Shell

           9 - SQL Injection

           a - Authentication Bypass

           b - Software Identification

           c - Remote Source Inclusion

           x - Reverse Tuning Options (i.e., include all except specified)

           The given string will be parsed from left to right, any x characters
           will apply to all characters to the right of the character.

Nikto tutorial: Specifying the test

So, to only perform an SQL injection test against your target:

nikto -Tuning 9 -h

or to run everything except DOS

nikto -Tuning x 6 -h

Nikto tutorial: Saving results

You can output to a file with the -o option
You can specify the format of the output file with -Format [csv htm txt or xml]

eg to perform an SQL injection test and save results to an html file with verbose output for your terminal:

nikto -Display V -o results.html -Format htm -Tuning 9 -h

you might also like my metasploit tutorial