loading
loading
Scanners
Run nikto across a list of hosts (deprecated, use nikto directly).
overview
nikto-list points the nikto web server scanner at a whole file of targets, running each entry through nikto's catalog of checks: over 6,700 potentially dangerous files and scripts, outdated versions across 1,250-plus servers, and version-specific problems on 270-plus. One node scans an entire list instead of one host at a time.
The flags mirror nikto's own. You set the port, force or disable SSL, pick an output format, narrow the test categories with scan tuning, set a virtual host, route through a proxy, and cap testing time per host. Results write to a file and a folder, so downstream nodes can parse or store them.
This node is deprecated. nikto now reads a host file and scans multiple targets on its own, so the wrapper adds nothing new. Keep nikto-list for workflows that already depend on it, and reach for nikto directly in anything you build now.
source github.com/sullo/nikto
use cases
Point nikto-list at a host-list file and it runs nikto's full check catalog against every server, so one node covers an entire list instead of a node per target.
nikto flags outdated server software, dangerous default and backup files, and missing security headers across Apache, nginx, and IIS, which surfaces low-hanging web issues fast.
Set -Format to csv or xml so the combined results across every host feed a report or a queryable table for review.
Leave nikto-list where an older workflow already references it; for new builds, switch to nikto directly with a host file, since the base scanner is now multi-target.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| host-list | FILE | · | File listing the target hosts to scan. |
| port | STRING | -port | Port to use (default 80). |
| format | STRING | -Format | Output file format (csv, html, nbe, txt, xml). |
| vhost | STRING | -vhost | Virtual host for the Host header. |
| force-ssl | BOOLEAN | -ssl | Force SSL mode on the port. |
| scan-tuning | STRING | -Tuning | Limit which test categories run (scan tuning). |
| maxtime | STRING | -maxtime | Maximum testing time per host (e.g. 1h, 60m, 3600s). |
| user-agent | STRING | -useragent | Override the default user agent. |
Showing key inputs. nikto-list exposes 27 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| port | STRING | -port | Port to use (default 80). |
| proxy | STRING | -useproxy | Route through a proxy: use nikto.conf's setting or pass http://server:port. |
| until | STRING | -until | Run until the specified clock time or duration. |
| vhost | STRING | -vhost | Virtual host to send in the Host header. |
| format | STRING | -Format | Output file format: csv, html, nbe, txt, or xml. |
| mutate | STRING | -mutate | Guess additional file and directory names. |
| no-404 | BOOLEAN | -no404 | Disable nikto's guessing of the 404 page. |
| no-ssl | BOOLEAN | -nossl | Disable the use of SSL. |
| dbcheck | BOOLEAN | -dbcheck | Check the scan databases and key files for syntax errors. |
| display | STRING | -Display | Turn display outputs on or off (1, 2, 3, 4, D, E, P, S, V). |
| maxtime | STRING | -maxtime | Maximum testing time per host (e.g. 1h, 60m, 3600s). |
| timeout | STRING | -timeout | Timeout for requests (default 10 seconds). |
| userdbs | STRING | -Userdbs | Load only user databases, not the standard ones. |
| cgi-dirs | STRING | -Cgidirs | CGI directories to scan: none, all, or paths like /cgi/ /cgi-a/. |
| nolookup | BOOLEAN | -nolookup | Disable DNS lookups. |
| rsa-cert | FILE | -RSAcert | Client certificate file. |
| force-ssl | BOOLEAN | -ssl | Force SSL mode on the port. |
| host-list | FILE | · | File listing the target hosts to scan. |
| IgnoreCode | STRING | -IgnoreCode | HTTP codes to ignore and treat as negative responses. |
| use-config | FILE | -config | Use this configuration file. |
| user-agent | STRING | -useragent | Override the default user agent. |
| scan-tuning | STRING | -Tuning | Limit which test categories run (scan tuning). |
| mutate-options | STRING | -mutate-options | Extra information to guide the mutate tests. |
| root-directory | STRING | -root | Prepend a root path to all requests, format /directory. |
| client-cert-key | FILE | -key | Client certificate key file. |
| evasion-technique | STRING | -evasion | IDS evasion encoding technique to apply. |
| host-authentication | STRING | -id | Host authentication, format id:pass or id:pass:realm. |
example
# scan every host in the file, force SSL, CSV report, cap each host at 20mnikto -h hosts.txt -ssl -Format csv -Tuning 9 -maxtime 20m -o report.csv- Nikto v2.5.0+ Target IP: 198.51.100.23+ Target Hostname: example.com+ Target Port: 443+ Server: nginx/1.24.0+ /: The X-Content-Type-Options header is not set.+ /: The Strict-Transport-Security HTTP header is not defined.+ /robots.txt: Entry '/admin/' is returned, see robots.txt.+ /admin/: Admin login page/section found.+ 8071 requests: 0 error(s) and 4 item(s) reported on remote hostguidance
Use nikto-list only to keep an existing multi-target workflow running. For anything new, call nikto directly with a host file, since the base scanner now handles multiple targets and this wrapper is deprecated.
The base scanner, now multi-target on its own. The recommended replacement for nikto-list in any new workflow.
Faster, template-driven scanner with broad CVE coverage. Prefer it for scale and current checks.
Active web vulnerability scanner that crawls and fuzzes rather than running a known-issue database.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A command-line scanner that finds exposed services, files, and folders through the web root.
A CMS detection and exploitation suite.
A host list is probed by httpx, then nikto-list scans every live server for known issues and writes the combined findings as a queryable output.
Facts on this page come from the live Trickest tool library.