Nikto Cheatsheet and Examples

by Ryan Fisher | November 19, 2021 | Blog

Nikto is a web server and CGI scanner written in pearl. It can identify a wide array of common web application vulnerabilities and is a valuable tool during the scanning and enumeration process.

It comes by default installed on kali the latest version of kali linux found here:


For manual installation:

<code>git clone </code>

To scan a single host:

<code>nikto -h </code>

To specify the port (defaults to 80):

<code>nikto -h -port 8888 </code>

To enforce SSL:

<code>nikto -h  -ssl </code>

To output to a file:

<code>nikto -h -output /path/to/file </code>

To output to different formats (html, csv, msf, nbe, txt xml)

(if not specified the format will be taken from the file extension passed to -output)

<code>nikto -h -f csv /path/to/file </code>

Ignore certain http codes:

<code>nikto -h -IgnoreCode 404 </code>

Sites requiring authentication:

<code>nikto -h -id user:pass </code>

To scan CGI dirs:

<code>nikto -h -Cgidirs “all”</code>

All hosts in a file:

<code> nikto -h hosts.txt </code>

To use scan through a proxy (if cookies are required):

<code> nikto -h -useproxy </code>