SecurityTrails Blog · Mar 17 · by Sara Jelen

From heroes to deviants: Discussing the cultures of hacking with Gabriella Biella Coleman

Reading time: 11 minutes

When talking about hacker cultures, the media often blurs the lines between the act of hacking and criminality, inadventaly propping up stereotypes that plague the figure of the hacker.

Consequently, your web server is also the first component of your website in the line of attack. That's because attackers target your web server to find any vulnerabilities, configuration-related errors and SSL certificate-related security issues. As part of the SecurityTrails blog series highlighting both [online vulnerability scanning tools][1] and [information gathering][2] utilities, today we'll explore a tool focused on scanning web servers called Nikto. Let's learn more about Nikto and how to use it to scan your web server. ## What is Nikto? Nikto, also known as Nikto2, is an open source (GPL) and free-to-use web server scanner which performs vulnerability scanning against web servers for multiple items including dangerous files and programs, and checks for outdated versions of web server software. It also checks for server configuration errors and any possible vulnerabilities they might have introduced. The [Nikto vulnerability scanner project][3] is a fast-moving effort, frequently updated with the latest known vulnerabilities. This allows you to scan your web servers with confidence as you search for any possible issues. Main features: - Nikto is free to use, open source and frequently updated - Can be used to scan any web server (Apache, Nginx, Lighttpd, Litespeed, etc.) - Scans against 6,700+ known vulnerabilities and version checks for 1,250+ web servers (and growing) - Scans for configuration-related issues such as open index directories - SSL certificate scanning - Ability to scan multiple ports on a server with multiple web servers running - Ability to scan through a proxy and with http authentication - Ability to specify maximum scan time, exclude certain types of scans and unusual report headers seen as well Save Nikto output to a specific file [1]: /blog/online-vulnerability-scanning-tools "13 Online Vulnerability Scanning Tools to Scan your Website Security" [2]: /blog/information-gathering "Information Gathering: Concept, Techniques and Tools explained" [3]: [4]: [5]: /blog/top-15-nmap-commands-to-scan-remote-hosts "Top 16 Nmap Commands to Scan Remote Hosts - Tutorial Guide" [6]: /blog/open-ports "What is an Open Port? Concept, Risks, and How to detect Open Ports" [7]: /blog/nmap-vulnerability-scan "How to Perform a Nmap Vulnerability Scan using NSE scripts" [8]: /blog/attack-vector "What is an Attack Vector? - SecurityTrails"