📕
The Red Book
  • 📕The Red Book
  • 🦳Stages of Ethical Hacking
    • 1️⃣Information Gathering
      • Active Information Gathering
        • DNS Zone Transfers
        • NMAP
        • netdiscover
        • sqlMap
        • Nikto
        • Shodan
        • RustScan
        • Amass
        • fping
      • Passive Information Gathering
        • Website Recon & Footprinting
        • Whois Enumeration
        • Netcraft
        • ⭐DNS
        • Identify if site is protected by firewall or proxy - wafw00f
        • Subdomain Enumeration - Sublist3r
        • ❌theHarvester (borked)
        • Email gathering
        • Leaked Password Databases
        • Certificates
    • 2️⃣Enumeration
      • SMB
        • Windows discover & Mount
        • NMAP Scripts
        • SMBMap
        • Samba with Linux
        • Dictionary Attack
      • FTP
      • SSH
      • HTTP
        • Subdomain
        • IIS
        • Apache
      • SQL
    • 3️⃣Vulnerability Assessment
      • Nessus
  • 💾System/Host Based Attacks
    • 🪟Windows
      • Frequently exploited Windows Services
    • 🐧Linux
  • 🥽Dorks
    • Google
      • Cheatsheet
      • Examples
    • Extra
  • 🎣Phishing
    • Gophish
    • evilgophish
    • King Phisher
    • EvilURL
  • 🔎OSINT
    • Temporary links
  • 👾Data exfiltration
    • Temporary links
  • 🐝OWASP
    • Top10
  • 📙Cheat Sheet
    • Curl
Powered by GitBook
On this page
  • Installation and introduction
  • Default scan
  • Advanced scan
Edit on GitHub
  1. Stages of Ethical Hacking
  2. Information Gathering
  3. Active Information Gathering

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, etc ...

PrevioussqlMapNextShodan

Last updated 2 years ago

Installation and introduction

Default scan

# HTTP
nikto -h $DOMAIN

# HTTPS
nikto -h $DOMAIN -ssl

# Use domains from file
nikto -h domains.txt

Output 

# Simple
nikto -h $DOMAIN -o output.txt

# CSV format
nikto -h $DOMAIN -o output.csv -Format csv

Integration with metasploit

nikto -h $DOMAIN -Format msf+

Advanced scan

TO BE DONE

🦳
1️⃣
GitHub - sullo/nikto: Nikto web server scannerGitHub
Logo