handbook/tools/2.Scanning-and-Enumeration/2.Enumeration/Vulnerability/Nikto.md
2024-08-31 01:07:22 +02:00

22 lines
1.5 KiB
Markdown

## What is Nikto?
Nikto is an open-source web server scanner that is designed to identify potential vulnerabilities and security issues in web applications. It is a command-line tool that can be used to scan web servers and web applications for known vulnerabilities, misconfigurations, and other security weaknesses.
Nikto works by performing various tests and checks on the target web server or application, including looking for outdated software versions, known vulnerabilities, weak passwords, and other common security issues.
## Common Use and Commands:
Nikto is commonly used by security professionals, system administrators, and penetration testers to scan web applications and identify potential security vulnerabilities.
The following are some common commands used in Nikto:
- To perform a basic scan of a target web server: `nikto -h <target>`
- To perform a scan with SSL enabled: `nikto -h <target> -ssl`
- To specify a custom port for the scan: `nikto -h <target> -p <port>`
- To perform a scan with authentication credentials: `nikto -h <target> -id <username:password>`
- To perform a scan with a specific plugin: `nikto -h <target> -plugins <plugin-name>`
Nikto supports various options and flags that can be used to customize the scan and generate detailed reports, such as setting the output format, enabling verbose logging, and excluding certain tests.
## More Information
For more information on Nikto, including the latest updates and documentation, please visit the project's official website: https://github.com/sullo/nikto