Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple items including dangerous files/programs, outdated server software and other problems.
Nikto is a web server assessment tool that scans web servers for over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and looks for version-specific problems on over 270 servers.
# Nikto comes pre-installed on Kali Linux
nikto -h
sudo apt update
sudo apt install nikto
# Clone from GitHub
git clone https://github.com/sullo/nikto.git
cd nikto/program
perl nikto.pl -h
# Run Nikto in Docker
docker run --rm -it securecodebox/nikto -h http://target.com
# Basic scan
nikto -h http://target.com
# HTTPS scan
nikto -h https://target.com
# Scan specific port
nikto -h http://target.com -p 8080
# Scan multiple ports
nikto -h http://target.com -p 80,443,8080,8443
# Save output to file
nikto -h http://target.com -o results.txt
# HTML output
nikto -h http://target.com -Format htm -o results.html
# XML output for parsing
nikto -h http://target.com -Format xml -o results.xml
# CSV output for spreadsheets
nikto -h http://target.com -Format csv -o results.csv
# HTTP Basic authentication
nikto -h http://target.com -id username:password
# NTLM authentication
nikto -h http://target.com -id domain\username:password
# Custom authentication header
nikto -h http://target.com -H "Authorization: Bearer token123"
# HTTP proxy
nikto -h http://target.com -useproxy http://proxy:8080
# SOCKS proxy
nikto -h http://target.com -useproxy socks://proxy:1080
# Proxy with authentication
nikto -h http://target.com -useproxy http://user:pass@proxy:8080
# Ignore SSL certificate errors
nikto -h https://target.com -ssl
# Force SSL/TLS version
nikto -h https://target.com -ssl -vhost target.com
# Test SSL certificate
nikto -h https://target.com -Plugins sslinfo
# List available plugins
nikto -list-plugins
# Use specific plugins only
nikto -h http://target.com -Plugins "headers,outdated"
# Exclude specific plugins
nikto -h http://target.com -Plugins "@@ALL,-dos"
# Show plugin information
nikto -h http://target.com -Plugins "headers" -Display V
# Headers analysis
nikto -h http://target.com -Plugins headers
# Check for outdated software
nikto -h http://target.com -Plugins outdated
# SSL/TLS information
nikto -h https://target.com -Plugins sslinfo
# Directory indexing
nikto -h http://target.com -Plugins dir_indexing
# Server information disclosure
nikto -h http://target.com -Plugins info
# Test for Apache modules
nikto -h http://target.com -Plugins apache_expect_xss
# Test for specific vulnerabilities
nikto -h http://target.com -Plugins "shellshock,heartbleed"
# Directory traversal tests
nikto -h http://target.com -Plugins dir_traversal
# Cross-site scripting tests
nikto -h http://target.com -Plugins xss
# SQL injection basic tests
nikto -h http://target.com -Plugins sql_injection
# Test multiple virtual hosts
nikto -h http://target.com -vhost www.target.com,app.target.com,admin.target.com
# Force specific Host header
nikto -h http://192.168.1.100 -vhost target.com
# Custom User-Agent
nikto -h http://target.com -useragent "Custom-Scanner/1.0"
# Multiple custom headers
nikto -h http://target.com -H "X-Forwarded-For: 127.0.0.1" -H "X-Real-IP: 127.0.0.1"
# Simulate mobile browser
nikto -h http://target.com -useragent "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)"
# Adjust timeout (default: 10 seconds)
nikto -h http://target.com -timeout 30
# Control request delay
nikto -h http://target.com -Pause 2
# Limit maximum number of redirects
nikto -h http://target.com -maxtime 3600
# Random User-Agent rotation
nikto -h http://target.com -useragent "@@RANDOM"
# Encode URLs
nikto -h http://target.com -evasion 1
# Use different evasion techniques
# 1: Random URI encoding
# 2: Directory self-reference
# 3: Premature URL ending
# 4: Prepend long random string
# 5: Fake parameter
# 6: TAB as request spacer
# 7: Change case
# 8: Use Windows directory separator
nikto -h http://target.com -evasion 1,2,3,4
Nikto results include various finding types:
π΄ High Risk:
π‘ Medium Risk:
π΅ Low Risk/Info:
# Server information disclosure
"Server: Apache/2.4.7 (Ubuntu)"
# Outdated software
"Apache/2.4.7 appears to be outdated (current is at least Apache/2.4.41)"
# Dangerous files
"/admin/: Directory indexing found."
# Missing security headers
"Missing X-Frame-Options header"
# Default files
"/icons/: Directory indexing found."
# Comprehensive initial scan
nikto -h http://target.com -Format htm -o nikto_scan.html
# Follow up with SSL analysis if HTTPS
nikto -h https://target.com -Plugins sslinfo -Format txt -o ssl_analysis.txt
# Test for common vulnerabilities
nikto -h http://target.com -Plugins "shellshock,heartbleed,expect" -o vuln_check.txt
# First, discover virtual hosts with other tools
# gobuster vhost -u http://target.com -w wordlist.txt
# Then test discovered hosts
nikto -h http://target.com -vhost admin.target.com,api.target.com,dev.target.com
# Automated security scanning in pipeline
nikto -h http://staging.myapp.com -Format xml -o nikto_results.xml
# Parse results for critical findings
grep -i "critical\|high" nikto_results.xml
# Fail build if critical vulnerabilities found
if grep -qi "critical" nikto_results.xml; then exit 1; fi
# Security header compliance
nikto -h https://target.com -Plugins headers -Format csv -o headers_check.csv
# Check for outdated software
nikto -h http://target.com -Plugins outdated -Format txt -o outdated_software.txt
# First, discover web servers with Nmap
nmap -sS -p 80,443,8080,8443 target.com
# Then scan discovered services with Nikto
nmap -p 80,443,8080,8443 target.com --script http-enum
nikto -h http://target.com -p 80,8080
nikto -h https://target.com -p 443,8443
# Use Nikto through Burp proxy for manual review
nikto -h http://target.com -useproxy http://127.0.0.1:8080
# This allows you to:
# - Review all requests in Burp
# - Manually test interesting findings
# - Add requests to Burp scope for further testing
# Use Nikto results to guide Metasploit testing
nikto -h http://target.com -Format xml -o nikto.xml
# Import findings and look for exploitable vulnerabilities
# Then use appropriate Metasploit modules
Edit /etc/nikto.conf or create custom config:
# Example custom configuration
CLIOPTS=-Display 1234EP -o nikto_output.txt -Format htm
NIKTODB=/usr/share/nikto/databases/
PLUGINDIR=/usr/share/nikto/plugins/
# Custom User-Agents
@@USERAGENTS=Mozilla/5.0 (compatible; CustomBot/1.0)
@@USERAGENTS=Mozilla/5.0 (X11; Linux x86_64) Custom Scanner
# Custom headers
@@HEADERS=X-Scanner: Nikto
@@HEADERS=X-Test: Security-Assessment
# Update Nikto databases
nikto -update
# Manual database location
nikto -h http://target.com -config /path/to/custom/nikto.conf
# Use specific database version
nikto -h http://target.com -dbcheck
# Create target list
echo -e "http://target1.com\nhttp://target2.com\nhttp://target3.com" > targets.txt
# Scan multiple targets
while read target; do
echo "Scanning $target"
nikto -h "$target" -o "nikto_$(echo $target | sed 's/[^a-zA-Z0-9]/_/g').txt"
done < targets.txt
#!/bin/bash
# automated_nikto_scan.sh
TARGET=$1
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
OUTPUT_DIR="nikto_results_$TIMESTAMP"
mkdir -p "$OUTPUT_DIR"
echo "Starting Nikto scan of $TARGET"
# Basic scan
nikto -h "$TARGET" -Format htm -o "$OUTPUT_DIR/basic_scan.html"
# SSL analysis if HTTPS
if [[ $TARGET == https* ]]; then
nikto -h "$TARGET" -Plugins sslinfo -Format txt -o "$OUTPUT_DIR/ssl_analysis.txt"
fi
# Security headers check
nikto -h "$TARGET" -Plugins headers -Format csv -o "$OUTPUT_DIR/headers.csv"
# Vulnerability check
nikto -h "$TARGET" -Plugins "shellshock,heartbleed" -Format txt -o "$OUTPUT_DIR/vulnerabilities.txt"
echo "Scan complete. Results in $OUTPUT_DIR/"
Understanding Nikto helps in defense:
# Common Nikto signatures in logs:
# User-Agent: Mozilla/5.0 (compatible; Nikto/2.x.x)
# Requests for common vulnerability paths:
# - /admin/
# - /backup/
# - /test/
# - /.git/
# - /robots.txt
# - /phpinfo.php
# Rate limiting
# Web Application Firewall (WAF) rules
# Remove unnecessary files and directories
# Update software regularly
# Implement proper security headers
# Configure proper error pages
# Basic scan
nikto -h http://target.com
# HTTPS scan with SSL info
nikto -h https://target.com -Plugins sslinfo
# Authenticated scan
nikto -h http://target.com -id username:password
# Proxy scan
nikto -h http://target.com -useproxy http://127.0.0.1:8080
# Multiple hosts
nikto -h http://target.com -vhost www.target.com,admin.target.com
# Specific plugins only
nikto -h http://target.com -Plugins "headers,outdated,dir_indexing"
# HTML output
nikto -h http://target.com -Format htm -o results.html
# Stealth scan with evasion
nikto -h http://target.com -evasion 1,2,7 -useragent "@@RANDOM"
# Update databases
nikto -update
# List all plugins
nikto -list-plugins
Nikto is most effective as part of a comprehensive security assessment. Use it for initial reconnaissance and vulnerability discovery, then follow up with manual testing and specialized tools for deeper analysis.
Nikto is a valuable tool for web server security assessment. Use it responsibly to identify and help remediate security issues in web applications and servers.