Blog

Nikto Cheatsheet and Examples

by Ryan Fisher | November 19, 2021 | Blog

Nikto is a web server and CGI scanner written in pearl. It can identify a wide array of common web application vulnerabilities and is a valuable tool during the scanning and enumeration process.

It comes by default installed on kali the latest version of kali linux found here:

https://www.kali.org/get-kali/

 

For manual installation:

<code>git clone https://github.com/sullo/nikto </code>

To scan a single host:

<code>nikto -h https://targethost.com </code>

To specify the port (defaults to 80):

<code>nikto -h https://targethost.com -port 8888 </code>

To enforce SSL:

<code>nikto -h https://targethost.com  -ssl </code>

To output to a file:

<code>nikto -h https://targethost.com -output /path/to/file </code>

To output to different formats (html, csv, msf, nbe, txt xml)

(if not specified the format will be taken from the file extension passed to -output)

<code>nikto -h https://targethost.com -f csv /path/to/file </code>

Ignore certain http codes:

<code>nikto -h https://targethost.com -IgnoreCode 404 </code>

Sites requiring authentication:

<code>nikto -h https://targethost.com -id user:pass </code>

To scan CGI dirs:

<code>nikto -h https://targethost.com -Cgidirs “all”</code>

All hosts in a file:

<code> nikto -h hosts.txt </code>

To use scan through a proxy (if cookies are required):

<code> nikto -h https://targethost.com -useproxy proxy.ip.goes.here </code>