Nikto is a web server scanner tool, which performs comprehensive checking against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 700 servers, and version specific problems more than 200 servers.
Nikto is built on LibWhisker and can run on any platform which has a Perl environment, and supports SSL, proxies, host authentication, IDS evasion and more.
Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It is not only designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
To install “Nikto“,
# yum install nikto -y
After successful installation of Nikto, the most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.3.1 on TCP port 80:
# nikto -h 192.168.3.1
If your web server is configured on different port, use -p switch with nikto. E.g. # nikto -h 192.168.3.1 -p 443 or # nikto -h https://192.168.3.1:442/