Keyboard shortcuts

Press โ† or โ†’ to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

๐Ÿ  Back to Blog

Nikto Cheatsheet

Basic Usage

CommandPurpose
nikto -h <target>Basic scan of target host
nikto -h <target> -p <port>Scan specific port
nikto -h <target> -p <port1,port2>Scan multiple ports
nikto -h <target> -p 80-443Scan port range

Output Options

OptionDescription
-o <file>Output to file
-Format txtText format (default)
-Format csvCSV format
-Format htmHTML format
-Format xmlXML format
-Format jsonJSON format
-nosslDisable SSL checks
-no404Disable 404 checks (faster)

Authentication

OptionDescription
-id <user:pass>HTTP basic authentication
-mutate 1Guess usernames/passwords
-mutate 2Guess directory names
-mutate 3Guess filenames
-mutate 4Guess usernames from Apache
-mutate 5Guess usernames from cgiwrap
-mutate 6Guess usernames from Windows

Important Flags

FlagDescription
-Cgidirs noneDonโ€™t scan CGI directories
-Cgidirs allScan all CGI directories
-Display 1Show redirects
-Display 2Show cookies received
-Display 3Show all 200/404/403 responses
-Display 4Show URLs requiring authentication
-Display DDebug output
-Display VVerbose output
-Tuning 1Interesting files
-Tuning 2Misconfigurations
-Tuning 3Information disclosure
-Tuning 4Injection (XSS/Script/HTML)
-Tuning 5Remote file retrieval
-Tuning 6Denial of service
-Tuning 7Remote file execution
-Tuning 8SQL injection
-Tuning 9File upload
-Tuning aAuthentication bypass
-Tuning bSoftware identification
-Tuning cRemote code execution
-Tuning dDenial of service (DoS)
-Tuning eDenial of service (DoS)
-Tuning fFingerprinting
-Tuning gSQL injection
-Tuning hRemote file retrieval
-Tuning iMisconfigurations
-Tuning jInformation disclosure
-Tuning kFile upload
-Tuning lLocal file inclusion
-Tuning mRemote file inclusion
-Tuning nInteresting files
-Tuning oOS command injection
-Tuning pPrivilege escalation
-Tuning qRemote code execution
-Tuning rRemote file execution
-Tuning sSQL injection
-Tuning tAuthentication bypass
-Tuning uRemote file retrieval
-Tuning vXSS
-Tuning wInformation disclosure
-Tuning xXSS
-Tuning yXSS
-Tuning zXSS

Proxy and SSL Options

OptionDescription
-useproxy <url>Use HTTP proxy
-sslForce SSL mode
-nosslDisable SSL checks
-rootPrepend root value to all requests
-timeout <seconds>Request timeout (default 10)

Useful Examples

Basic Scan

nikto -h example.com

Scan Specific Port with SSL

nikto -h example.com -p 443 -ssl

Scan with Authentication

nikto -h example.com -id admin:password

Output to HTML File

nikto -h example.com -Format htm -o report.html

Scan with Specific Tuning (SQL Injection)

nikto -h example.com -Tuning 8

Scan with Multiple Tuning Options

nikto -h example.com -Tuning 3,4,8

Verbose Output with Redirects

nikto -h example.com -Display V -Display 1

Scan Through Proxy

nikto -h example.com -useproxy http://proxy.example.com:8080

Scan with Custom User Agent

nikto -h example.com -useragent "Mozilla/5.0"

Scan Specific CGI Directories

nikto -h example.com -Cgidirs /cgi-bin/

Scan with Timeout

nikto -h example.com -timeout 30

Scan Multiple Ports

nikto -h example.com -p 80,443,8080

Scan with Mutations (Directory Guessing)

nikto -h example.com -mutate 2

Comprehensive Scan with All Options

nikto -h example.com -p 80,443 -ssl -Format htm -o report.html -Display V -Tuning 1,2,3,4,5,6,7,8,9