nikto
Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
Details
Category: Scanners
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/nikto:dc98b86
Source URL: https://github.com/sullo/nikto
Parameters
host
string
requiredCommand:
-host
- Target hostport
string
Command:
-port
- Port to use (default 80)proxy
string
Command:
-useproxy
- Use the proxy defined in nikto.conf, or argument http://server:portuntil
string
Command:
-until
- Run until the specified time or durationvhost
string
Command:
-vhost
- Virtual host (for Host header)format
string
Command:
-Format
- Output file format (Options: csv, html, nbe, txt, xml)mutate
string
Command:
-mutate
- Guess additional file namesno-404
boolean
Command:
-no404
- Disables nikto attempting to guess a 404 pageno-ssl
boolean
Command:
-nossl
- Disables the use of SSLdbcheck
boolean
Command:
-dbcheck
- Check database and other key files for syntax errorsdisplay
string
Command:
-Display
- Turn on/off display outputs (options: 1, 2, 3, 4, D, E, P, S, V)maxtime
string
Command:
-maxtime
- Maximum testing time per host (e.g., 1h, 60m, 3600s)timeout
string
Command:
-timeout
- Timeout for requests (default 10 seconds)userdbs
string
Command:
-Userdbs
- Load only user databases, not the standard databasescgi-dirs
string
Command:
-Cgidirs
- Scan these CGI dirs: none, all, or values like /cgi/ /cgi-a/nolookup
boolean
Command:
-nolookup
- Disables DNS lookupsrsa-cert
file
Command:
-RSAcert
- Client certificate fileforce-ssl
boolean
Command:
-ssl
- Force ssl mode on portIgnoreCode
string
Command:
-IgnoreCode
- Ignore Codes--treat as negative responsesuse-config
file
Command:
-config
- Use this config fileuser-agent
string
Command:
-useragent
- Over-rides the default useragentscan-tuning
string
Command:
-Tuning
- Scan tuning:mutate-options
string
Command:
-mutate-options
- Provide information for mutatesroot-directory
string
Command:
-root
- Prepend root value to all requests, format is /directoryclient-cert-key
file
Command:
-key
- Client certificate key fileevasion-technique
string
Command:
-evasion
- Encoding techniquehost-authentication
string
Command:
-id
- Host authentication to use, format is id:pass or id:pass:realm