Nikto is a popular web server scanning and vulnerability assessment tool used for checking web servers, finding outdated software, detecting security issues, and gathering server information. Since Nikto is written in Perl, You can also install and use it on Android devices using the Termux terminal application without root access. Here’s what you can do with Nikto in Termux:
- Scan websites for vulnerabilities.
- Detect outdated web server software.
- Find insecure server configurations.
- Check common security issues.
- Gather web server information.
- Practice web security testing on Android.
Installation Commands
Below are the simple commands to install and use Nikto on Android using the Termux terminal application.
Update Termux and install required dependencies:
pkg update && pkg upgrade -y && pkg install git perl clang make wget openssl-tool openssl -yClone the Nikto GitHub repository:
git clone https://github.com/sullo/nikto.gitMove into the Nikto directory:
cd nikto/programInstall the Required Perl Modules:
cpan JSON XML::WriterInstall the SSL Perl Module:
cpan Net::SSLeayCheck if Nikto is working:
perl nikto.pl -Version(Optional) Create a shortcut command:
ln -s $PWD/nikto.pl $PREFIX/bin/niktoNow you can run Nikto from anywhere:
niktoUsage Commands
Below are some important Nikto usage commands for basic scanning and information gathering.
Scan a website using HTTP:
nikto -h http://example.comScan a website using HTTPS:
nikto -h https://example.comScan a specific IP and port:
nikto -h 192.168.1.10 -p 8080Save scan results to a file:
nikto -h example.com -o result.txtScan with SSL enabled manually:
nikto -h example.com -sslUse a custom user agent:
nikto -h example.com -useragent Mozilla/5.0Scan through Tor (Tor must be running):
nikto -h example.com -useproxy http://127.0.0.1:9050Show all available options:
nikto -HelpEnd Note
Nikto is a useful web server scanning tool for learning website security testing and vulnerability assessment tasks. You can install and use Nikto on Android devices using the Termux application where different web scanning commands, server checks, and security testing tasks can be performed directly from the mobile terminal environment without root access.

