Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is built on LibWhisker and can run any platform which has a Perl environment, and supports SSL, proxies, host authentication, IDS evasion and more.
Key Features
- Designed to find many types of web server problems including:
- Server and software misconfigurations.
- Default files and programs.
- Insecure files and programs.
- Outdated servers and programs.
- Uses rfp’s LibWhisker as a base for all network functionality.
- Main scan database in CSV format for easy updates.
- Fingerprint servers via favicon.ico files.
- Determines “OK” vs “NOT FOUND” responses for file type, if possible.
- Determines CGI directories for each server, if possible.
- Switch HTTP versions as needed so that the server understands requests properly.
- SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s Perl/NetSSL).
- Output to file in plain text, HTML or CSV.
- Plugin support (standard PERL).
- Checks for outdated server software.
- Proxy support (with authentication).
- Host authentication (Basic).
- Watches for “bogus” OK responses.
- Attempts to perform educated guesses for Authentication realms.
- Captures/prints any Cookies received.
- Mutate mode to “go fishing” on web servers for odd items.
- Builds Mutate checks based on robots.txt entries (if present).
- Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available).
- Multiple IDS evasion techniques.
- Users can add a custom scan database.
- Supports automatic code/check updates (with web access).
- Multiple host/port scanning (scan list files).
- Username guessing plugin via the cgiwrap program and Apache~user methods.
Website: cirt.net/nikto
Support: Manual
Developer: Sullo
License: GNU General Public License v2.0
Nikto is written in Perl. Learn Perl with our recommended free books and free tutorials.
Related Software
| Vulnerability Detection Tools | |
|---|---|
| Metasploit | Penetration testing framework |
| Nuclei | Fast and customisable vulnerability scanner |
| OpenVAS | Full-featured vulnerability scanner |
| Nikto | Web server scanner |
| Lynis | Auditing, system hardening, compliance testing |
| grype | Vulnerability scanner for container images and filesystems |
| OSSEC | Centralized architecture for monitoring and managing multiple systems |
| OpenSCAP | NIST Certified SCAP 1.2 toolkit |
| octoscan | Static vulnerability scanner for GitHub action workflows |
| Greenbone | Central management service between security scanners and the user clients. |
| Terrapin | Terrapin Vulnerability Scanner for the Terrapin attack |
| Tiger | Security audit and intrusion detection too |
| PRS | Web security scanner |
| Trivy | Terrapin Vulnerability Scanner for the Terrapin attack |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |