All the tables provided in the cheat sheets are also presented in tables below which are easy to copy and paste.
The Nikto cheat sheet covers:
- Installation
- Standard command to scan websites
- Scan options
- Display options
- Output options
- Tuning options
View or Download the Cheat Sheet JPG image
Right-click on the image below to save the JPG file ( 2427 width x 2302 height in pixels), or click here and open it in a new browser tab. Once the image opens in a new window, you may need to click on the image to zoom in and view the full-sized jpeg.
View or Download the cheat sheet PDF file
You can download the cheat sheet PDF file here. If it opens in a new browser tab, simply right click on the PDF and navigate to the download selection.
What’s included in the Cheat Sheet
The following categories and items have been included in the cheat sheet:
Installation
Installation | $ sudo apt-get install nikto |
Standard command to scan websites
Standard command to scan websites | nikto –host (web url host name) –(http port number ) |
Scan options
Scan options |
|
|---|---|
Nikto –h (Hostname/IP address) | Scan a host |
Nikto -h -port (Port Number1),(Port Number2) | Scan host targeting specific ports |
Nikto -h (Hostname) -maxtime (seconds) | Define maximum scan time |
Nikto -h-until | Scan duration |
Nikto -h-vhost | Define host header |
Nikto -h-no404 | Skip http 404 guessing |
Nikto -h-nossl | Stop using SSL during scan |
Nikto -h-ssl | Force to use SSL |
Nikto -update | Update scan engine plugins |
Nikto -h-dbcheck | Check database |
Nikto -h (Hostname/IP address) -output (filename) | Input output to a file |
Nikto -h-useproxy (Proxy IP address) | Web host scan via a proxy |
Nikto -h-config (filename.conf) | Use a specified file as a database |
Nikto -h-nolookup | Stop DNS lookup for hosts |
Nikto -h-nocache | Stop caching responses for scans |
Display options
Display Options |
|
|---|---|
Nikto -h -Display (option) |
|
1 | Display redirects |
2 | Display cookies |
3 | Display 200 ok response |
4 | Display Web URLs requiring authentication |
D | Display debug output |
E | Show HTTP errors |
P | Print to STDOUT |
V | Verbose output display |
Output options
Output Options |
|
|---|---|
Nikto -h -Format |
|
csv | Comma Separated Value |
htm | HTML Format |
txt | Plain text |
xml | XML Format |
Tuning options
Tuning Options |
|||
|---|---|---|---|
Nikto -h (Hostname) -tuning (Option) |
|||
0 | Upload files | 7 | Remote File Retrieval - Server Wide |
1 | View specific file in log | 8 | Command Execution / Remote Shell |
2 | Default file misconfiguration | 9 | SQL Injection |
3 | Display information disclosure | a | Authentication Bypass |
4 | Injection (XSS/Script/HTML) | b | Software Identification |
5 | Remote File Retrieval - Inside Web Root | c | Remote Source Inclusion |
6 | Denial of Service | x | Reverse Tuning Options |
Reference and additional resources: https://github.com/sullo/nikto
Nikto FAQs
What does Nikto command do?
Nikto is a vulnerability scanner for Web servers. This provides lists of weaknesses that can be filtered to specific vulnerability types. The scanner looks for thousands of weaknesses, which means that its output can be overwhelming if you don’t properly target each scan and categorize the results into groups of weaknesses that can be closed down with a single action.
What is tuning in Nikto?
Tuning is the term used by Nikto for its search settings. Tuning a scan to a specific type of weakness limits the actions of the vulnerability scanner. Tuning is the core step in using Nikto because its breadth is so great that you will receive too much information to deal with if you don’t target each run.
How long does a Nikto scan take?
A full Nikto scan can take 45 minutes to run. To get an idea of the extensive nature of each investigative run, the Nikto system has a list of 6,700 files to look for. The important skill to deploy when using Nikto is learning how to limit each scan to make it quicker to complete and so that the results give you just enough remediation tasks that can be meaningfully handled.
