LinuxCommandLibrary

nikto

TLDR

Scan web server

$ nikto -h [http://example.com]
copy
Scan specific port
$ nikto -h [example.com] -p [8080]
copy
Scan with SSL
$ nikto -h [https://example.com]
copy
Output to file
$ nikto -h [example.com] -o [report.html] -Format htm
copy
Scan multiple hosts
$ nikto -h [hosts.txt]
copy
Update database
$ nikto -update
copy
Tune scan type
$ nikto -h [example.com] -Tuning [x]
copy

SYNOPSIS

nikto [options]

DESCRIPTION

nikto is a web server vulnerability scanner. It checks for dangerous files and misconfigurations.
The tool tests for thousands of issues. Identifies outdated software and known vulnerabilities.
nikto scans web servers.

PARAMETERS

-h HOST

Target host/URL.
-p PORT
Target port(s).
-o FILE
Output file.
-Format TYPE
Output format (htm, txt, csv, xml).
-Tuning TYPE
Scan tuning options.
-update
Update scan database.
--help
Display help information.

CAVEATS

Authorized testing only. Noisy scanner. Perl-based tool.

HISTORY

Nikto was created by Chris Sullo as an open source web server scanner for security testing.

SEE ALSO

nmap(1), dirb(1), gobuster(1)

Copied to clipboard