Web server scanning with Nikto
OpenVAS, which we just looked at, is a general-purpose vulnerability scanner. It can find vulnerabilities for any kind of operating system or for any server daemon. However, as we've just seen, an OpenVAS scan can take a while to run, and it might be more than what you need.
Nikto is a special-purpose tool with only one purpose. That is, it's meant to scan web servers and only web servers. It's easy to install, easy to use, and capable of doing a comprehensive scan of a web server fairly quickly. And, although it's included in Kali Linux, you don't need Kali Linux to run it.
Nikto in Kali Linux
If you already have Kali Linux, you'll find that nikto
is already installed under the Vulnerability Analysis
menu:
When you click on that menu item, you'll open a command-line terminal with a display of the Nikto help screen:
Installing and updating Nikto on Linux
Nikto is in the EPEL repository for Red Hat/CentOS, and it's in the normal repository for Ubuntu. Along with the...