LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

nikto

web server vulnerability scanner

TLDR

Scan a web server
$ nikto -h [http://example.com]
copy
Scan a specific port
$ nikto -h [example.com] -p [8080]
copy
Scan with SSL
$ nikto -h [https://example.com]
copy
Output results to a file
$ nikto -h [example.com] -o [report.html] -Format htm
copy
Scan multiple hosts from a file
$ nikto -h [hosts.txt]
copy
Use a specific tuning type (e.g., 1=interesting files, 2=misconfiguration, 3=information disclosure)
$ nikto -h [example.com] -Tuning [123]
copy
Scan through an HTTP proxy
$ nikto -h [example.com] -useproxy [http://proxy:8080]
copy
Update the plugins and databases
$ nikto -update
copy

SYNOPSIS

nikto [options]

DESCRIPTION

nikto is an open source web server vulnerability scanner. It performs comprehensive tests against web servers, checking for over 6700 potentially dangerous files/CGIs, outdated server software versions, and version-specific problems on over 270 servers.The tool checks for server configuration issues such as the presence of multiple index files and HTTP server options. It also attempts to identify installed web servers and software. Plugins are frequently updated and can be automatically retrieved.

PARAMETERS

-h HOST

Target host, IP address, or URL. Can also be a file containing a list of hosts.
-p PORT
Target port(s). Multiple ports can be specified as a comma-separated list (e.g., 80,443,8080).
-ssl
Force SSL mode on the connection.
-o FILE
Output file for the scan report.
-Format TYPE
Output format: htm, txt, csv, xml, json, nbe, or sql.
-Tuning TYPE
Scan tuning to control test types. Values: 0=File Upload, 1=Interesting File, 2=Misconfiguration, 3=Information Disclosure, 4=Injection (XSS/Script/HTML), 5=Remote File Retrieval (inside web root), 6=Denial of Service, 7=Remote File Retrieval (server-wide), 8=Command Execution, 9=SQL Injection, a=Authentication Bypass, b=Software Identification, c=Remote Source Inclusion, x=Reverse Tuning (exclude types).
-useproxy PROXY
Use the specified HTTP proxy for connections.
-id AUTH
Host authentication credentials in the format id:password or id:password:realm.
-evasion TECHNIQUE
IDS evasion technique (1-8). Multiple can be combined.
-timeout SECONDS
Timeout for requests (default: 10 seconds).
-Plugins PLUGINS
Select which plugins to run (default: ALL). Use -list-plugins to see available plugins.
-list-plugins
List all available plugins and their descriptions.
-maxtime SECONDS
Maximum testing time per host.
-nointeractive
Disable interactive features (useful for scripted runs).
-update
Update scan plugins and databases from cirt.net.
-Version
Display nikto version, plugin, and database versions.
--help
Display help information.

CAVEATS

Authorized testing only -- scanning servers without permission may be illegal. Nikto is intentionally not designed to be stealthy; it generates a large number of requests that will be logged by the target server. It is a Perl-based tool requiring LibWhisker.

HISTORY

Nikto was created by Chris Sullo and David Lodge as an open source web server scanner for security testing. It is maintained under the CIRT.net project.

SEE ALSO

nmap(1), dirb(1), gobuster(1), curl(1)

Copied to clipboard
Kai