Bullet-proof Apache: Nikto Security Scanner


If you’ve ever been responsible for maintaining an Apache web server, you know how important security is.

Nikto provides an easy way to scan for known (and unknown) vulnerabilities within your Apache server.  Actually, it does a fairly comprehensive scan on over 200 web servers, not just Apache.  To run a security scan, download the tool, then extract the archive to the desired location.  To initiate a scan from the Nikto directory, type:


./nikto.pl -host [ip address]


Note: when specifying an IP address, make sure you use the external IP of your webserver, not the internal IP.

Here is what my results look like:

– Nikto v2.03/2.04
+ Target IP:
+ Target Hostname:    blurred for security
+ Target Port:        80
+ Start Time:         2009-01-26 16:44:36
+ Server: Apache
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 3 item(s) reported on remote host
+ End Time:        2009-01-26 16:45:25 (49 seconds)
+ 1 host(s) tested

Test Options: -host

I would then look up the results and fix each issue until there have been no issues detected.  See the OSVDB-ID?  These IDs are found in the Open Source Vulnerability Database.  Each ID will contain a description, classification, and solution.

To aid in your research, I have created an OSVDB Firefox search plugin.  Install the plugin and then search for 3092, 3268, 3233, etc.

Hopefully this makes securing your web server quick & painless.


About Benjamin Perove

Ben has been associated with a broad spectrum of technologies starting from an early age, and he's contributed to the success of many businesses and enterprises since 2001. Most of his time is spent building cool stuff. When he's not working, he enjoys reading, playing acoustic guitar, and being with friends. He currently resides in Chiang Mai, Thailand.

2 Comments so far

  1. sem calcinha @ February 28th, 2012

    Adoro me mostrar peladinha na web cam

  2. Hellen @ July 27th, 2014

    I see a lot of interesting posts on your website. You have
    to spend a lot of time writing, i know how to save
    you a lot of work, there is a tool that creates readable,
    google friendly posts in couple of minutes, just search in google – k2 unlimited content

Leave a reply

Add this site to your Firefox Search Bar

Twitter Activity

Recent Entries



Got WordPress Security?

You will definitely wish you had downloaded my top 5 recommendations when you're cleaning out malicious Javascript from deep within you WordPress site. Enter your email and get the PDF right now, before it's too late.