Nikto

Nikto

github.com

1

About this website

Nikto is an open-source web server scanner that performs comprehensive security testing against web servers, identifying potentially dangerous files, outdated software, misconfigurations, and other security issues. Originally developed by Chris Sullo and Bob Erdmann, Nikto has been a staple of web application security testing since 2004, now maintained under the Sullo CIRT organization. Written in Perl, Nikto performs over 6,700 checks against target web servers, including: outdated software version detection for over 270 server technologies (Apache, nginx, IIS, Tomcat, Jetty, etc.), dangerous file detection (backup files, test scripts, debug pages, configuration files like .htaccess, .env, web.config, and database export files), misconfiguration detection (directory listing enabled, default login pages, exposed admin interfaces, exposed source control directories, source code disclosure), identifying installed web server modules and their versions, checking for dangerous HTTP methods (PUT, DELETE, TRACE, CONNECT), SSL certificate analysis, and HTTP response header inspection for security headers (HSTS, CSP, X-Frame-Options). Key features include: tunable performance settings (timeout, pause, evasion techniques), multiple output formats (HTML, CSV, XML, NBE, JSON), save and replay of full session data, proxy support, host authentication (Basic, NTLM, Digest), virtual host scanning, user-agent spoofing, mutation testing (appending file extensions), and integration with the Metasploit Framework. As of 2026, Nikto has over 8,900 stars.

Tags & Categories

Categories

Tags

Statistics

1
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!