nikto

Overview

Nikto scans web servers for outdated versions, dangerous files, misconfigs, and known CVEs. Signature-based checks over HTTP/S; noisy and comprehensive.

Use `-Tuning` to limit test categories; `-Plugins` for specific checks. `-o` output formats for reporting.

Primary use cases

Quick web server misconfiguration audit
Finding default files and admin interfaces
SSL/TLS and header misconfiguration checks

Key commands

Basic scan

nikto -h https://target.example.com -o nikto.html -Format html

Related tools

Nuclei — Template scanner. YAML checks for CVEs, misconfigs, and exposed services at scale.
Burp Suite — HTTP/S intercepting proxy. Repeater, Intruder, scanner, and extension API for web app testing.

→ official site