README.md
1nikto
2=====
3
4Nikto web server scanner - https://cirt.net/Nikto2
5
6Full documentation - https://cirt.net/nikto2-docs/
7
8Basic usage:
9
10```
11 Options:
12 -ask+ Whether to ask about submitting updates
13 yes Ask about each (default)
14 no Don't ask, don't send
15 auto Don't ask, just send
16 -Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
17 -config+ Use this config file
18 -Display+ Turn on/off display outputs:
19 1 Show redirects
20 2 Show cookies received
21 3 Show all 200/OK responses
22 4 Show URLs which require authentication
23 D Debug output
24 E Display all HTTP errors
25 P Print progress to STDOUT
26 S Scrub output of IPs and hostnames
27 V Verbose output
28 -dbcheck Check database and other key files for syntax errors
29 -evasion+ Encoding technique:
30 1 Random URI encoding (non-UTF8)
31 2 Directory self-reference (/./)
32 3 Premature URL ending
33 4 Prepend long random string
34 5 Fake parameter
35 6 TAB as request spacer
36 7 Change the case of the URL
37 8 Use Windows directory separator (\)
38 A Use a carriage return (0x0d) as a request spacer
39 B Use binary value 0x0b as a request spacer
40 -Format+ Save file (-o) format:
41 csv Comma-separated-value
42 htm HTML Format
43 msf+ Log to Metasploit
44 nbe Nessus NBE format
45 txt Plain text
46 xml XML Format
47 (if not specified the format will be taken from the file extension passed to -output)
48 -Help Extended help information
49 -host+ Target host
50 -IgnoreCode Ignore Codes--treat as negative responses
51 -id+ Host authentication to use, format is id:pass or id:pass:realm
52 -key+ Client certificate key file
53 -list-plugins List all available plugins, perform no testing
54 -maxtime+ Maximum testing time per host
55 -mutate+ Guess additional file names:
56 1 Test all files with all root directories
57 2 Guess for password file names
58 3 Enumerate user names via Apache (/~user type requests)
59 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
60 5 Attempt to brute force sub-domain names, assume that the host name is the parent domain
61 6 Attempt to guess directory names from the supplied dictionary file
62 -mutate-options Provide information for mutates
63 -nointeractive Disables interactive features
64 -nolookup Disables DNS lookups
65 -nossl Disables the use of SSL
66 -no404 Disables nikto attempting to guess a 404 page
67 -output+ Write output to this file ('.' for auto-name)
68 -Pause+ Pause between tests (seconds, integer or float)
69 -Plugins+ List of plugins to run (default: ALL)
70 -port+ Port to use (default 80)
71 -RSAcert+ Client certificate file
72 -root+ Prepend root value to all requests, format is /directory
73 -Save Save positive responses to this directory ('.' for auto-name)
74 -ssl Force ssl mode on port
75 -Tuning+ Scan tuning:
76 1 Interesting File / Seen in logs
77 2 Misconfiguration / Default File
78 3 Information Disclosure
79 4 Injection (XSS/Script/HTML)
80 5 Remote File Retrieval - Inside Web Root
81 6 Denial of Service
82 7 Remote File Retrieval - Server Wide
83 8 Command Execution / Remote Shell
84 9 SQL Injection
85 0 File Upload
86 a Authentication Bypass
87 b Software Identification
88 c Remote Source Inclusion
89 x Reverse Tuning Options (i.e., include all except specified)
90 -timeout+ Timeout for requests (default 10 seconds)
91 -Userdbs Load only user databases, not the standard databases
92 all Disable standard dbs and load only user dbs
93 tests Disable only db_tests and load udb_tests
94 -until Run until the specified time or duration
95 -update Update databases and plugins from CIRT.net
96 -useproxy Use the proxy defined in nikto.conf
97 -Version Print plugin and database versions
98 -vhost+ Virtual host (for Host header)
99 + requires a value
100```
101