The Nikto Web Scanner

Install
 Nikto via GitHub
Download  
 Latest GitHub Release
Docs
 Wiki

Nikto is an open-source  web server scanner that performs comprehensive tests against web servers. It checks for over 7,000 potentially dangerous or interesting files and programs, identifies outdated versions of thousands of servers and components, and detects common server misconfigurations such as multiple index files, HTTP server options, and more. Nikto also attempts to identify installed web servers and software, with scan items and plugins that can be updated automatically.

Not every finding represents a direct security vulnerability, but most do. Nikto includes hundreds of application-specific tests and many informational checks that highlight possible misconfigurations or information disclosures.

Features

Some of the major features of Nikto are listed below. See the documentation for a full list of features and usage information.

  • Support for both IPv4 and IPv6 

  • HTTP proxy support

  • TLS/SSL Support (OpenSSL on Linux, and ActiveState’s Perl + NetSSL on Windows)

  • Checks for outdated server components

  • Save reports in plain text, JSON, SQL, XML, HTML, or CSV

  • Template engine to easily customize reports

  • Scan multiple ports on a server, or multiple servers via input file (including nmap output)

  • LibWhisker’s IDS encoding techniques

  • Identifies installed software via headers, favicons, and other files

  • Host authentication with Basic and NTLM

  • Apache and cgiwrap username enumeration

  • Scan tuning to include or exclude entire classes of vulnerability checks

  • Guess credentials for authorization realms (including many default ID/password combos) 

  • False positive reduction via multiple methods: headers, page content, and content hashing

  • Reports “unusual” headers seen

  • Interactive status, pause and changes to verbosity settings

  • Save full request/response for positive tests

  • Replay saved finding requests

  • Checks for common “parked” sites

Support

The best way to get support with Nikto is via GitHub, and the documentation can be found here.

For all other questions or problems, please open a new GitHub issue.

License

The Nikto 2.x code is licensed under the GPLv2. The Nikto database files may only be distributed with, and for use in, the Nikto package/program, and may not be used in any other software product without a commercial license obtained from the author.