Scribd
Upload
136 views1 page

Nikto Sheets

This document provides a cheat sheet for using the nikto security scanner. It lists the standard command syntax to scan a website on a given host and port. It outlines various scan, display, output, tuning, and other options that can be used to customize the scan behavior and results reporting. These include options to target specific ports, set a maximum scan time, filter responses, output results to file, and tune the scan checks to target certain vulnerability types. Additional resources for nikto are provided in the reference section.

Uploaded by

elephone P2000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
136 views1 page

Nikto Sheets

This document provides a cheat sheet for using the nikto security scanner. It lists the standard command syntax to scan a website on a given host and port. It outlines various scan, display, output, tuning, and other options that can be used to customize the scan behavior and results reporting. These include options to target specific ports, set a maximum scan time, filter responses, output results to file, and tune the scan checks to target certain vulnerability types. Additional resources for nikto are provided in the reference section.

Uploaded by

elephone P2000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Installation $ sudo apt-get install nikto nikto cheat sheet

Standard command to scan websites nikto –host (web url host name) –(http port number )

Scan options Display Options

Nikto –h (Hostname/IP address) Scan a host Nikto -h -Display (option)


Nikto -h -port (Port Number1),(Port Number2) Scan host targeting specific ports 1 Display redirects

Nikto -h (Hostname) -maxtime (seconds) Define maximum scan time 2 Display cookies

Nikto -h-until Scan duration 3 Display 200 ok response

Display Web URLs


Nikto -h-vhost Define host header 4
requiring authentication
Nikto -h-no404 Skip http 404 guessing D Display debug output

Nikto -h-nossl Stop using SSL during scan E Show HTTP errors

Nikto -h-ssl Force to use SSL P Print to STDOUT

V Verbose output display


Nikto -update Update scan engine plugins

Nikto -h-dbcheck Check database Output Options


Nikto -h (Hostname/IP address) -output (filename) Input output to a file
Nikto -h -Format
Nikto -h-useproxy (Proxy IP address) Web host scan via a proxy
csv Comma Separated Value
Nikto -h-config (filename.conf) Use a specified file as a database
htm HTML Format
Nikto -h-nolookup Stop DNS lookup for hosts txt Plain text
Nikto -h-nocache Stop caching responses for scans xml XML Format

Tuning Options

Nikto -h (Hostname) -tuning (Option)

0 Upload files 7 Remote File Retrieval - Server Wide

1 View specific file in log 8 Command Execution / Remote Shell

2 DDefault file misconfiguration 9 SQL Injection

3 Display information disclosure a Authentication Bypass

4 Injection (XSS/Script/HTML) b Software Identification

5 Remote File Retrieval - Inside Web Root c Remote Source Inclusion

6 Denial of Service x Reverse Tuning Options

Reference and additional resources - https://github.com/sullo/nikto

You might also like