NIkto 2.1.5


We're happy to announce the immediate availability of Nikto 2.1.5, and that Nikto is now sponsored by Sunera LLC!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

This release contains a number of important bug fixes, as well as new functionality and improvements, which have been added to the development branch over the last 19 months! 

New Features

  • Save full response on positive, plaintext & JSON
  • -maxtime maximum execution time per host (seconds)
  • -until run until specified time or duration
  • -IgnoreCode option to allow db_404_strings @CODE from the command line
  • Replay saved JSON requests with
  • Client SSL certificate support
  • Output file name now takes '.' which will auto-generate name
  • Content parsing to add items to db_variables values for enhanced testing
  • robots.txt lines are now added to db_variables values for enhanced testing
New Checks
  • Check for wildcards in crossdomain.xml and clientaccesspolicy.xml
  • Find IPs in HTTP headers
  • Checked for sites parked at hosting providers or advertising pages
  • Parsed robots.txt now checks for listed files (for content search, etc.)
  • nikto_favicon.plugin checks for icons in <link> tags
  • Fix bugs/minor enhancements in: XML reports, robots.txt parsing, wildcard certificate matching, banner parsing, tons more!
  • Default to use Net::SSL instead of Net::SSLeay as a result of too many memory issues in SSLeay
  • CSV reports include the same info as other reports
  • HTML reports include more meta information

For a full list of updates, see the CHANGELOG.txt file or the list of closed tickets on

MD5 Checksums: