NIKTO

Vulnerability Scanner

Nikto, also known as Nikto2, is an open source (GPL) and free-to-use web server scanner which performs vulnerability scanning against web servers for multiple items including dangerous files and programs, and checks for outdated versions of web server software. It also checks for server configuration errors and any possible vulnerabilities they might have introduced.

The Nikto vulnerability scanner project is a fast-moving effort, frequently updated with the latest known vulnerabilities. This allows you to scan your web servers with confidence as you search for any possible issues.

DOWNLOADS

SYSTEM REQUIREMENTS

RAM : Minimum 512MB (1GB is recommended).

Storage : Minimum 10 MB (Lightweight tool).

OS : Compatible with Linux, macOS, and Windows.

Architecture : Supports both 32-bit and 64-bit systems.

Available on : PC


ADDITIONAL INFORMATION

Published By

Chris Sullo.

Release Date

2001

Approximate Size

2.22 MB

Publisher Info

Chris Sullo is known for creating security tools.

Supported Languages

English

Last Update

Regularly updated, the latest version is from 2023.

Programming Language

Written in Perl.

Operating System

Cross-platform

License

Open Source under the GNU General Public License (GPL).

  • Nikto is free to use, open source and frequently updated.
  • Can be used to scan any web server ( Apache, Nginx, Lighttpd, Litespeed, etc ).
  • Scans against 6,700+ known vulnerabilities and version checks for 1,250+ web servers ( and growing ).
  • Scans for configuration-related issues such as open index directories.
  • SSL certificate scanning.
  • Ability to scan multiple ports on a server with multiple web servers running.
  • Ability to scan through a proxy and with http authentication.
  • Ability to specify maximum scan time, exclude certain types of scans and unusual report headers seen as well.

  • Scanning for vulnerabilities : Nikto checks for over 6,700 potentially harmful files and programs, outdated server software, and version-specific issues.
  • Detecting security misconfigurations : It looks for multiple index files, HTTP server options, and other configuration weaknesses.
  • Identifying installed software : Nikto can recognize installed web applications and software using headers, favicons, and files.
  • Performing SSL checks : It supports scanning HTTPS websites and can detect SSL-related vulnerabilities.
  • Saving reports : The results can be saved in various formats, including plain text, XML, HTML, or CSV.
  • Using proxies and evasion techniques : Nikto supports full HTTP proxy usage and has methods to avoid detection.

  1. Nikto is currently billed as Nikto2. The tool is now 20 years old and has reached version 2.5. This is a Web server scanner that looks for vulnerabilities in Web applications. The package has about 6,700 vulnerabilities in its database.
  2. Routines in Nikto2 look for outdated software contributing to the delivery of Web applications and check on the Web server’s configuration. The system can scan ports on Web servers and can scan multiple servers in one session. The scanner tries a range of attacks as well a looking for exploits. For example, it will probe credentials, working through a dictionary of well-known usernames and passwords that hackers know to try.
  3. The sequence of tests also includes an anti-IDS attack that will help you to check on the abilities of your intrusion detection system if you have one installed.

Nikto is a web server scanner used to identify vulnerabilities, misconfigurations, and outdated software. Here are some examples of its usage :

Basic Examples
  1. Scan a Target Host : nikto -h http://example.com

    2. Performs a basic scan on the specified host to identify vulnerabilities.

  2. Scan a Specific Port : nikto -h http://example.com -p 8080

    3. Targets a specific port (e.g., 8080) for scanning.

  3. Save Results to a File : nikto -h http://example.com -o results.txt

    4. Saves the scan results to a file named results.txt

  4. Scan an HTTPS Website : nikto -h https://example.com

    5. Scans a secure website using HTTPS.

  5. Use a Proxy : nikto -h http://example.com -useproxy http://proxyserver:port

    6. Routes the scan through a specified proxy server.

Advanced Examples
  1. Custom User-Agent : nikto -h http://example.com -useragent "CustomUserAgent"

    2. Uses a custom User-Agent string for the scan.

  2. Tuning Options : nikto -h http://example.com -Tuning 123

    3. Specifies tuning options to focus on specific types of tests (e.g., file uploads, injection flaws).

  3. Scan Multiple Hosts : nikto -h hosts.txt

    4. Scans multiple hosts listed in a file (hosts.txt)

  4. Output in Different Formats : nikto -h http://example.com -Format html -o report.html

    5. Saves the results in HTML format for easier viewing.

  5. Evade IDS/IPS : nikto -h http://example.com -evasion 1

    6. Uses evasion techniques to bypass intrusion detection/prevention systems.

Practical Applications
  • Web Server Security : Identify vulnerabilities like outdated software, misconfigurations, and dangerous files.
  • Compliance Testing : Ensure web servers meet security standards.
  • Penetration Testing : Assess the security posture of web applications.

  • libnet-ssleay-perl
  • perl

Terminal Installation Commands ...

$ sudo apt-get update

$ git clone https://github.com/sullo/nikto

GUI Installation Steps ...
Linux
  1. Open a terminal.
  2. Install Nikto using :

    3. $ sudo apt update

    $ sudo apt install nikto
  3. Verify installation : nikto -Version
Windows
  1. Install ActivePerl or Strawberry Perl (Nikto requires Perl).
  2. Download Nikto from its GitHub repository.
  3. Extract the files and navigate to the directory in Command Prompt.
  4. Run Nikto using : perl nikto.pl
MacOS
  1. Install Homebrew (if not already installed).
  2. Install Nikto using : brew install nikto
  3. Verify installation : nikto -Version

Terminal Uninstallation Commands ...

$ sudo apt-get remove nikto

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  1. Remove Nikto using : sudo apt remove nikto
  2. Clean up dependencies : sudo apt autoremove
Windows
  1. Delete the Nikto folder.
  2. If installed, remove Perl via Control Panel > Programs > Uninstall a Program.
MacOS
  1. Remove Nikto using : brew uninstall nikto

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235