Nikto allows output to be saved in a variety of formats, including text, CSV, HTML, XML, NBE and exporting to metasploit. When using -output, an output format may be specified with -Format.

If no -Format is specified, Nikto will try to guess the format from the file extension. If Nikto cannot guess the file format then output will only be sent to stdout.

The DTD for the Nikto XML format can be found in the 'docs' directory (nikto.dtd).

HTML reports are generated from template files located in the templates directory. Variables are defined as #variable-name, and are replaced when the report is generated. The files htm_start.tmpl and htm_end.tmpl are included at the beginning and end of the report (respectively). The htm_summary.tmpl also appears at the beginning of the report. The htm_host_head appears once for every host, and the htm_host_item.tmpl and htm_host_im.tmpl appear once for each item found on a host and each "informational message" per host (respectively).

All valid variables are used in these templates. Future versions of this documentation will include a list of variables and their meaning.

The copyright statements must not be removed from the htm_end.tmpl without placing them in another of the templates. It is a violation of the Nikto licence to remove these notices.