Skip to content

Nikto

Nikto is a powerful assessment tool for finding vulnerabilities in web servers.

https://github.com/sullo/nikto

Scanning a host

Nikto -h <Hostname/IP>

Scanning specific ports

Nikto -h <Hostname/IP> -port

Maximum scan time

Nikto -h <Hostname/IP> -maxtime

Scanning duration

Nikto -h <Hostname/IP> -until

Disable SSL

Nikto -h <Hostname/IP> -nossl

Force SSL

Nikto -h <Hostname/IP> -ssl

Disable 404 guessing

Nikto -h <Hostname/IP> -no404

Ignore negative responses. 302,301

Nikto -h <Hostname/IP> -IgnoreCode

Update the plugins and databases

Nikto -update

Specify host header

Nikto -h <Hostname/IP> -vhost

Output results

Nikto -h  <Hostname/IP> -output

Scanning through a proxy

Nikto -h <Hostname/IP> -useproxy

Host authentication

Nikto -h <Hostname/IP> -id or

Database check

Nikto -h <Hostname/IP> -dbcheck

Config file

Nikto -h <Hostname/IP> -config

Disable name lookups on IP addresses

Nikto -h <Hostname/IP> -nolookup

Disable response cache

Nikto -h <Hostname/IP> -nocache

Disable interactive features

Nikto -h <Hostname/IP> -nointeractive

Display options

Nikto -h <Hostname/IP> -Display

1 Show redirects

2 Show Cookies

3 Show 200/OK responses

4 Show URL requiring authentication

D Show debug output

E HTTP Errors

P Print progress to STDOUT

S Scrub output of IP and Hostname

V Verbose output

Evasion Options

Nikto -h <Hostname/IP> -evasion

1 Random URI Encoding

2 Directory Self-Reference /./

3 Premature URL ending

4 Prepend long random string

5 Fake parameter

6 TAB as request spacer

7 Change the case of the URL

8 Used windows directory separator \

A Use a carriage return (0x0d) as a request spacer

B  Use binary value (0x0b) as a request spacer

Output File Format

Nikto -h <Hostname/IP> -Format

csv       Comma-separated-value

htm    HTML Format

msf+  Log to Metaspoloit

nbe     Nessus NBE

txt       Plain text

xml    XML Format

Tuning

Nikto -h <Hostname/IP> -Tuning

1   Interesting file

2   Misconfiguration

3   Information Disclosure

4   Injection (XSS/Script/HTML)

5   Remote File Retrieval – Inside Web Root

6   Denial of Service

7   Remote File Retrieval – Server Wide

8   Command Execution – Remote Shell

9   SQL Injection

0   File Upload

a   Authentication Bypass

b   Software Identification

c   Remote Source Inclusion

x   Reverse Tuning Option

Mutate

Nikto -h <Hostname/IP> -mutate

1   Test all files in root directory

2   Guess for password file names

3   Enumerate user names via apache

4   Enumerate user names via cgiwrap

5   Attempt to brute force sub-domain names

6   Attempt to guess directory names from a file.