GARY IS COMING FOR YOU

You shouldn't have done that.

nikto Tool Reference

Nikto is an open source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, outdated versions, and version-specific problems.

Basic Usage

  • nikto -h <host> - Basic scan
  • nikto -h http://example.com - Scan with protocol
  • nikto -h 192.168.1.1 -p 8080 - Scan specific port

Target Options

  • -h, -host - Target host
  • -p, -port - Target port (default 80)
  • -ssl - Force SSL mode
  • -nossl - Disable SSL
  • -vhost - Virtual host
  • -root - Prepend path to all requests

Scan Options

  • -Tuning <x> - Scan tuning (see below)
  • -Plugins <plugins> - Select plugins
  • -list-plugins - List available plugins
  • -update - Update databases and plugins
  • -dbcheck - Check database syntax

Tuning Options

Use with -Tuning flag:

  • 0 - File upload
  • 1 - Interesting file/log
  • 2 - Misconfiguration/default file
  • 3 - Information disclosure
  • 4 - Injection (XSS/Script/HTML)
  • 5 - Remote file retrieval (inside root)
  • 6 - Denial of service
  • 7 - Remote file retrieval (server wide)
  • 8 - Command execution/remote shell
  • 9 - SQL injection
  • a - Authentication bypass
  • b - Software identification
  • c - Remote source inclusion
  • x - Reverse tuning (exclude)

Output Options

  • -o, -output - Output file
  • -Format <format> - Output format (csv, htm, txt, xml, json)
  • -Display <option> - Display options
  • -nointeractive - Disable interactive features

Display Options

  • 1 - Show redirects
  • 2 - Show cookies
  • 3 - Show 200/OK responses
  • 4 - Show URLs requiring auth
  • D - Debug output
  • E - HTTP errors
  • P - Print progress
  • V - Verbose

Authentication

  • -id user:pass - HTTP basic auth
  • -id user:pass:realm - Auth with realm

Evasion Techniques

  • -evasion <technique> - IDS evasion

Evasion Options

  • 1 - Random URI encoding
  • 2 - Directory self-reference (/./)
  • 3 - Premature URL ending
  • 4 - Long random string
  • 5 - Fake parameter
  • 6 - TAB as request spacer
  • 7 - Random case sensitivity
  • 8 - Windows directory separator (\)
  • A - Use carriage return
  • B - Use binary value 0x0b

Proxy Options

  • -useproxy - Use proxy from config
  • -useproxy http://proxy:port - Use specific proxy

Performance

  • -timeout - Request timeout (default 10)
  • -Pause - Pause between tests
  • -maxtime - Max scan time per host
  • -until - Run until specific time

Common Examples

Basic Scan

nikto -h example.com

Standard vulnerability scan.

SSL Scan

nikto -h example.com -ssl

Scan HTTPS site.

Multiple Ports

nikto -h example.com -p 80,443,8080

Scan multiple ports.

Save Report

nikto -h example.com -o report.html -Format htm

Generate HTML report.

Specific Tests

nikto -h example.com -Tuning 9

SQL injection tests only.

Exclude Tests

nikto -h example.com -Tuning x6

Skip DoS tests.

With Authentication

nikto -h example.com -id admin:password

Scan with HTTP basic auth.

Evasion Mode

nikto -h example.com -evasion 1,2,7

Use evasion techniques.

Full Verbose Scan

nikto -h example.com -Display V -o full_scan.txt

Verbose output with log.

Configuration

Config File

  • /etc/nikto.conf - System config
  • nikto.conf - Local config

Update Databases

nikto -update

Tips

  • Run -update regularly for latest tests
  • Use -Tuning to focus on specific vulnerability types
  • Nikto is noisy - it will be detected by IDS
  • Use -evasion for basic IDS evasion
  • Combine with other tools like nmap and dirb
  • HTML reports are good for documentation
  • Some tests can be harmful - use -Tuning x6 to skip DoS
  • Always get authorization before scanning