Scribd Logo
Upload

Welcome to Scribd!

  • Installation and usage guide for the Nikto web vulnerability scanner

    Uploaded by

    Karen Martinez
    93 views1 page
    The document provides a cheat sheet for using the nikto security scanner. It lists the standard command to scan websites using nikto along with common scan, display, output, and tuning options. Examples are given for scanning a specific host or IP address on certain ports, limiting scan time, skipping 404 checks, and more. Additional resources are provided for further reference on using nikto's various scanning capabilities.

    Original Description:

    Original Title

    NIkto-Cheat-Sheet

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides a cheat sheet for using the nikto security scanner. It lists the standard command to scan websites using nikto along with common scan, display, output, and tuning options. Examples are given for scanning a specific host or IP address on certain ports, limiting scan time, skipping 404 checks, and more. Additional resources are provided for further reference on using nikto's various scanning capabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    93 views1 page

    Installation and usage guide for the Nikto web vulnerability scanner

    Uploaded by

    Karen Martinez
    The document provides a cheat sheet for using the nikto security scanner. It lists the standard command to scan websites using nikto along with common scan, display, output, and tuning options. Examples are given for scanning a specific host or IP address on certain ports, limiting scan time, skipping 404 checks, and more. Additional resources are provided for further reference on using nikto's various scanning capabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Installation $ sudo apt-get install nikto nikto cheat sheet

    Standard command to scan websites nikto –host (web url host name) –(http port number )

    Scan options Display Options

    Nikto –h (Hostname/IP address) Scan a host Nikto -h -Display (option)


    Nikto -h -port (Port Number1),(Port Number2) Scan host targeting specific ports 1 Display redirects

    Nikto -h (Hostname) -maxtime (seconds) Define maximum scan time 2 Display cookies

    Nikto -h-until Scan duration 3 Display 200 ok response

    Display Web URLs


    Nikto -h-vhost Define host header 4
    requiring authentication
    Nikto -h-no404 Skip http 404 guessing D Display debug output

    Nikto -h-nossl Stop using SSL during scan E Show HTTP errors

    Nikto -h-ssl Force to use SSL P Print to STDOUT

    V Verbose output display


    Nikto -update Update scan engine plugins

    Nikto -h-dbcheck Check database Output Options


    Nikto -h (Hostname/IP address) -output (filename) Input output to a file
    Nikto -h -Format
    Nikto -h-useproxy (Proxy IP address) Web host scan via a proxy
    csv Comma Separated Value
    Nikto -h-config (filename.conf) Use a specified file as a database
    htm HTML Format
    Nikto -h-nolookup Stop DNS lookup for hosts txt Plain text
    Nikto -h-nocache Stop caching responses for scans xml XML Format

    Tuning Options

    Nikto -h (Hostname) -tuning (Option)

    0 Upload files 7 Remote File Retrieval - Server Wide

    1 View specific file in log 8 Command Execution / Remote Shell

    2 DDefault file misconfiguration 9 SQL Injection

    3 Display information disclosure a Authentication Bypass

    4 Injection (XSS/Script/HTML) b Software Identification

    5 Remote File Retrieval - Inside Web Root c Remote Source Inclusion

    6 Denial of Service x Reverse Tuning Options

    Reference and additional resources - https://github.com/sullo/nikto

    You might also like