Nikto Cheatsheet


Nikto is a powerful assessment tools for finding vulnerabilities in web servers.

Scanning a host Nikto -h <Hostname/IP>

Scanning specific ports Nikto -h <Hostname/IP> -port <Port Number>,<Port Number>

Maximum scan time Nikto -h <Hostname/IP> -maxtime <Number in Seconds>

Scanning duration Nikto -h <Hostname/IP> -until

Disable SSL Nikto -h <Hostname/IP> -nossl

Force SSL Nikto -h <Hostname/IP> -ssl

Disable 404 guessing Nikto -h <Hostname/IP> -no404

Ignore negative responses. 302,301 Nikto -h <Hostname/IP> -IgnoreCode <Code Number>

Update the plugins and databases Nikto -update

Specify host header Nikto -h <Hostname/IP> -vhost

Output results Nikto -h  <Hostname/IP> -output <filename>

Scanning through a proxy Nikto -h <Hostname/IP> -useproxy <Proxy IP>

Host authentication Nikto -h <Hostname/IP> -id <id:pass> or <id:pass:realm>

Database check Nikto -h <Hostname/IP> -dbcheck

Config file Nikto -h <Hostname/IP> -config <nikto.conf>

Disable name lookups on IP addresses Nikto -h <Hostname/IP> -nolookup

Disable response cache Nikto -h <Hostname/IP> -nocache

Disable interactive features Nikto -h <Hostname/IP> -nointeractive

Display options

Nikto -h <Hostname/IP> -Display <Option> 1 Show redirects 2 Show Cookies 3 Show 200/OK responses 4 Show URL requiring authentication D Show debug output E HTTP Errors P Print progress to STDOUT S Scrub output of IP and Hostname V Verbose output

Evasion Options

Nikto -h <Hostname/IP> -evasion <Option> 1 Random URI Encoding 2 Directory Self-Reference /./ 3 Premature URL ending 4 Prepend long random string 5 Fake parameter 6 TAB as request spacer 7 Change the case of the URL 8 Used windows directory separator \ A Use a carriage return (0x0d) as a request spacer B  Use binary value (0x0b) as a request spacer

Output File Format

Nikto -h <Hostname/IP> -Format <Option> csv       Comma-separated-value htm    HTML Format msf+  Log to Metaspoloit nbe     Nessus NBE txt       Plain text xml    XML Format

Tuning

Nikto -h <Hostname/IP> -Tuning <Option> 1   Interesting file 2   Misconfiguration 3   Information Disclosure 4   Injection (XSS/Script/HTML) 5   Remote File Retrieval – Inside Web Root 6   Denial of Service 7   Remote File Retrieval – Server Wide 8   Command Execution – Remote Shell 9   SQL Injection 0   File Upload a   Authentication Bypass b   Software Identification c   Remote Source Inclusion x   Reverse Tuning Option

Mutate

Nikto -h <Hostname/IP> -mutate <Option> 1   Test all files in root directory 2   Guess for password file names 3   Enumerate user names via apache 4   Enumerate user names via cgiwrap 5   Attempt to brute force sub-domain names 6   Attempt to guess directory names from a file.