Using Nikto right

Hello everyone !
Nikto is one of the first tools I encountered when i started learning infosec, but then out of habits and because I watch a lot of ippsec’s videos, I quit using it altogether and did most of my recon with the very well known nmap, gobuster, wfuzz… well, you know them I suppose.
Sometimes though, when I’m out of idea, I fall back to Nikto , just in case it might see something other tools haven’t.
The thing is, I can’t recall one time where that actually happened. Never have I used Nikto in a way that in the end I would say that was game changing.

So my question is, what’s the value of that tool ? In which context should I think of using it instead of something else ? Is it just a matter of preference or is there actually some things Nikto can do I’m unaware of and I’m missing on something big ?

@dragonista said:

Hello everyone !
Nikto is one of the first tools I encountered when i started learning infosec, but then out of habits and because I watch a lot of ippsec’s videos, I quit using it altogether and did most of my recon with the very well known nmap, gobuster, wfuzz… well, you know them I suppose.
Sometimes though, when I’m out of idea, I fall back to Nikto , just in case it might see something other tools haven’t.
The thing is, I can’t recall one time where that actually happened. Never have I used Nikto in a way that in the end I would say that was game changing.

So my question is, what’s the value of that tool ? In which context should I think of using it instead of something else ? Is it just a matter of preference or is there actually some things Nikto can do I’m unaware of and I’m missing on something big ?

All tools are a personal choice. Nikto is pretty useless unless there is a web app, for example.

I often use nikto as part of my enumeration process - along with dirb/gobuster/dirbuster etc. Often it is a case of scanning for folders with (say) Gobuster while Nikto is running.

There are a couple of boxes where this is definitely the fastest way to find things like an admin login page, or a robots.txt that has usable information in.

There aren’t many tools which are the only tool that does a thing.

@TazWake said:

There aren’t many tools which are the only tool that does a thing.

Clearly ! But I can’t imagine, for instance, doing a good recon on a website without a tool like Gobuster. If not it, then another one that would do the job, or I could create one. In the case of Nikto, i just feel like I’m missing the real value or purpose of it so I was wondering in what typical scenarios you’d say “here’s a good time for Nikto !” :slight_smile:

@dragonista said:
@TazWake said:

There aren’t many tools which are the only tool that does a thing.

Clearly ! But I can’t imagine, for instance, doing a good recon on a website without a tool like Gobuster. If not it, then another one that would do the job, or I could create one. In the case of Nikto, i just feel like I’m missing the real value or purpose of it so I was wondering in what typical scenarios you’d say “here’s a good time for Nikto !” :slight_smile:

Isn’t Nikto a vulnerability scanner? It doesn’t fill the same role as wfuzz ffuf or go buster. It’s just looking for known vulnerabilities from what it can find on the web server.

@dragonista said:

@TazWake said:

There aren’t many tools which are the only tool that does a thing.

Clearly ! But I can’t imagine, for instance, doing a good recon on a website without a tool like Gobuster. If not it, then another one that would do the job, or I could create one.

Ok, then I might not understand the question.

For directory enumeration (as @HcKy points out) you could use Wfuzz, Ffuf, Dirb, Dirbuster, Gobuster etc.

Sometimes it makes sense to use more than one - I find different results sometimes betewen Dirb and Gobuster which seems strange. If I wanted to do vhost enumeration I’d probably go with Wfuzz over Gobuster. etc.

Its all down to picking the tool you want to use for a given task.

In the case of Nikto, i just feel like I’m missing the real value or purpose of it so I was wondering in what typical scenarios you’d say “here’s a good time for Nikto !” :slight_smile:

Again, as @HcKy says, its a web app vulnerability scanner. If you find a webapp, you can scan it for vulnerabilities with a variety of tools - Nikto, Nessus/OpenVAS, Grabber, w3af, ZAP or commercial tools like Nexpose.

I see, so it might just be me that didn’t really understand what it was supposed to be used for. Thanks for your answers, I’ll try again Nikto in better suited scenarios :slight_smile:

For me, if I have a web app, running nikto makes sense - simply because it might find something.

I first used nikto against the Jerry machine. Was my first time here on HTB.
And from memory it retrieved a file (config file) containing a password.

But I don’t use nikto often - as @TazWake mentioned; it becomes a preference of what you like to run