__ _______________________ _________._________________________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

nikto Cheatsheet

← Back to cheatsheets

← Home

Nikto is an open source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, outdated versions, and version-specific problems.

Basic Usage

  • nikto -h <host> - Basic scan
  • nikto -h http://example.com - Scan with protocol
  • nikto -h 192.168.1.1 -p 8080 - Scan specific port

Target Options

  • -h, -host - Target host
  • -p, -port - Target port (default 80)
  • -ssl - Force SSL mode
  • -nossl - Disable SSL
  • -vhost - Virtual host
  • -root - Prepend path to all requests

Scan Options

  • -Tuning <x> - Scan tuning (see below)
  • -Plugins <plugins> - Select plugins
  • -list-plugins - List available plugins
  • -update - Update databases and plugins
  • -dbcheck - Check database syntax

Tuning Options

Use with -Tuning flag:

  • 0 - File upload
  • 1 - Interesting file/log
  • 2 - Misconfiguration/default file
  • 3 - Information disclosure
  • 4 - Injection (XSS/Script/HTML)
  • 5 - Remote file retrieval (inside root)
  • 6 - Denial of service
  • 7 - Remote file retrieval (server wide)
  • 8 - Command execution/remote shell
  • 9 - SQL injection
  • a - Authentication bypass
  • b - Software identification
  • c - Remote source inclusion
  • x - Reverse tuning (exclude)

Output Options

  • -o, -output - Output file
  • -Format <format> - Output format (csv, htm, txt, xml, json)
  • -Display <option> - Display options
  • -nointeractive - Disable interactive features

Display Options

  • 1 - Show redirects
  • 2 - Show cookies
  • 3 - Show 200/OK responses
  • 4 - Show URLs requiring auth
  • D - Debug output
  • E - HTTP errors
  • P - Print progress
  • V - Verbose

Authentication

  • -id user:pass - HTTP basic auth
  • -id user:pass:realm - Auth with realm

Evasion Techniques

  • -evasion <technique> - IDS evasion

Evasion Options

  • 1 - Random URI encoding
  • 2 - Directory self-reference (/./)
  • 3 - Premature URL ending
  • 4 - Long random string
  • 5 - Fake parameter
  • 6 - TAB as request spacer
  • 7 - Random case sensitivity
  • 8 - Windows directory separator (\)
  • A - Use carriage return
  • B - Use binary value 0x0b

Proxy Options

  • -useproxy - Use proxy from config
  • -useproxy http://proxy:port - Use specific proxy

Performance

  • -timeout - Request timeout (default 10)
  • -Pause - Pause between tests
  • -maxtime - Max scan time per host
  • -until - Run until specific time

Common Examples

Basic Scan

nikto -h example.com

Standard vulnerability scan.

SSL Scan

nikto -h example.com -ssl

Scan HTTPS site.

Multiple Ports

nikto -h example.com -p 80,443,8080

Scan multiple ports.

Save Report

nikto -h example.com -o report.html -Format htm

Generate HTML report.

Specific Tests

nikto -h example.com -Tuning 9

SQL injection tests only.

Exclude Tests

nikto -h example.com -Tuning x6

Skip DoS tests.

With Authentication

nikto -h example.com -id admin:password

Scan with HTTP basic auth.

Evasion Mode

nikto -h example.com -evasion 1,2,7

Use evasion techniques.

Full Verbose Scan

nikto -h example.com -Display V -o full_scan.txt

Verbose output with log.

Configuration

Config File

  • /etc/nikto.conf - System config
  • nikto.conf - Local config

Update Databases

nikto -update

Tips

  • Run -update regularly for latest tests
  • Use -Tuning to focus on specific vulnerability types
  • Nikto is noisy - it will be detected by IDS
  • Use -evasion for basic IDS evasion
  • Combine with other tools like nmap and dirb
  • HTML reports are good for documentation
  • Some tests can be harmful - use -Tuning x6 to skip DoS
  • Always get authorization before scanning

← Back to cheatsheets

← Home