loading
loading
Scanners
A web server scanner that runs comprehensive tests for known issues.
overview
nikto scans a web server against a large bundled catalog of checks, probing for thousands of potentially dangerous files and programs, outdated server versions, and version-specific problems. Point it at a host and port and it walks its test database, reporting what answers back, which makes it a fast way to surface low-hanging web server issues before deeper manual work.
It is built for everyday assessment. Set the target host and port, force or disable SSL, route through a proxy, tune the test categories and cap per-host time, and write findings as CSV, HTML, XML, NBE, or text. Scan tuning and plugin selection narrow the test set, while virtual-host and authentication options reach servers behind name-based routing or basic auth.
On Trickest, nikto is a Scanners node that takes a host and writes a file and a folder of results. Run it after a prober such as httpx confirms which hosts are live, so the scan spends time only on servers that answer.
source github.com/sullo/nikto
use cases
Scan a live host to catch dangerous files, outdated software, and misconfigurations from nikto's checks before deeper manual testing.
Set -vhost so the Host header targets the right application on a server that routes multiple sites by name behind one IP.
Write output as XML or CSV with -Format so results feed a report generator or land in a queryable table for triage.
Use -maxtime and -Pause to cap how long a single host takes and space requests, keeping a broad scan from stalling on one slow server.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| host | STRING | -host | Target host to scan. |
| port | STRING | -port | Port to use (default 80). |
| force-ssl | BOOLEAN | -ssl | Force SSL mode on the port. |
| format | STRING | -Format | Output file format (csv, html, nbe, txt, xml). |
| scan-tuning | STRING | -Tuning | Narrow the test categories run against the target. |
| plugins | STRING | -Plugins | Select which plugins to run (default: ALL). |
| maxtime | STRING | -maxtime | Maximum testing time per host (e.g. 1h, 60m, 3600s). |
| proxy | STRING | -useproxy | Route requests through a proxy (http://server:port). |
Showing key inputs. nikto exposes 32 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| host | STRING | -host | Target host. |
| port | STRING | -port | Port to use (default 80). |
| pause | STRING | -Pause | Pause between tests in seconds (integer or float). |
| proxy | STRING | -useproxy | Use the proxy defined in nikto.conf, or an http://server:port argument. |
| until | STRING | -until | Run until the specified time or duration. |
| vhost | STRING | -vhost | Virtual host to send in the Host header. |
| config | FILE | -config | Use this config file. |
| format | STRING | -Format | Output file format (csv, html, nbe, txt, xml). |
| mutate | STRING | -mutate | Guess additional file names. |
| no-404 | BOOLEAN | -no404 | Disable nikto's attempt to guess a 404 page. |
| no-ssl | BOOLEAN | -nossl | Disable the use of SSL. |
| dbcheck | BOOLEAN | -dbcheck | Check the database and other key files for syntax errors. |
| display | STRING | -Display | Turn display outputs on or off (options: 1, 2, 3, 4, D, E, P, S, V). |
| maxtime | STRING | -maxtime | Maximum testing time per host (e.g. 1h, 60m, 3600s). |
| plugins | STRING | -Plugins | List of plugins to run (default: ALL). |
| timeout | STRING | -timeout | Timeout for requests (default 10 seconds). |
| userdbs | STRING | -Userdbs | Load only user databases, not the standard databases. |
| cgi-dirs | STRING | -Cgidirs | Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/". |
| no-slash | BOOLEAN | -noslash | Strip the trailing slash from a URL (e.g. '/admin/' to '/admin'). |
| nolookup | BOOLEAN | -nolookup | Disable DNS lookups. |
| rsa-cert | FILE | -RSAcert | Client certificate file. |
| force-ssl | BOOLEAN | -ssl | Force SSL mode on the port. |
| hosts-file | FILE | -host | File of target hosts to scan. |
| ignore-code | STRING | -IgnoreCode | Ignore these status codes and treat them as negative responses. |
| scan-tuning | STRING | -Tuning | Scan tuning to control which test categories run. |
| use-cookies | BOOLEAN | -usecookies | Use cookies from responses in future requests. |
| mutate-options | STRING | -mutate-options | Provide information for mutates. |
| root-directory | STRING | -root | Prepend a root value to all requests, format is /directory. |
| client-cert-key | FILE | -key | Client certificate key file. |
| follow-redirects | BOOLEAN | -followredirects | Follow 3xx redirects to the new location. |
| evasion-technique | STRING | -evasion | Encoding technique used to evade IDS filtering. |
| host-authentication | STRING | -id | Host authentication to use, format is id:pass or id:pass:realm. |
example
# scan a host over SSL, narrow the tests, and write XML for a reportnikto -host example.com -port 443 -ssl -Tuning 123b -Format xml -o scan.xml- Nikto v2.5.0---------------------------------------------------------------------------+ Target IP: 203.0.113.10+ Target Hostname: example.com+ Target Port: 443+ Start Time: 2026-06-18 14:22:07 (GMT0)---------------------------------------------------------------------------+ Server: nginx+ /: The X-Content-Type-Options header is not set.+ /: The anti-clickjacking X-Frame-Options header is not present.+ /admin/: Admin login page/section found.+ /backup/: Directory indexing found.+ 7915 requests: 0 error(s) and 6 item(s) reported on remote host+ End Time: 2026-06-18 14:39:51 (GMT0) (1064 seconds)guidance
Use nikto for a fast, broad pass over a web server's known issues. It is a single-host web scanner, so feed it live hosts from httpx and bound runs with max-time. For modern template-driven CVE coverage at scale, pair it with or move to nuclei.
Faster, template-driven scanner with a large community ruleset. Prefer it for current CVE coverage and pipeline scale.
Active web vulnerability scanner that crawls and fuzzes. nikto leans on a known-issue database instead of crawling.
Fingerprints the stack rather than testing for flaws. Run it alongside nikto to identify what you are scanning.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A command-line scanner that finds exposed services, files, and folders through the web root.
A CMS detection and exploitation suite.
A host list is probed by httpx, then nikto scans the live web servers for known issues and writes the findings as a queryable output.
Facts on this page come from the live Trickest tool library.