nikto cheat sheet - Comparitech

1 nikto cheat sheetInstallation$ sudo apt-get install niktoStandard command to scan websitesnikto host (web url host name) (http port number ) Scan optionsNikto h (Hostname/IP address)Scan a host nikto -h -port (Port Number1),(Port Number2)Scan host targeting specific ports nikto -h (Hostname) -maxtime (seconds) Define maximum scan timeNikto -h-untilScan duration nikto -h-vhostDefine host header nikto -h-no404 Skip http 404 guessing nikto -h-nosslStop using SSL during scanNikto -h-sslForce to use SSLN ikto -updateUpdate scan engine pluginsNikto -h-dbcheckCheck database nikto -h (Hostname/IP address) -output (filename)Input output to a file nikto -h-useproxy (Proxy IP address)Web host scan via a proxyNikto -h-config ( )

2 Use a specified file as a database nikto -h-nolookupStop DNS lookup for hostsNikto -h-nocacheStop caching responses for scansDisplay OptionsNikto -h -Display (option)1 Display redirects 2 Display cookies3 Display 200 ok response4 Display Web URLs requiring authentication DDisplay debug outputEShow HTTP errorsPPrint to STDOUTVV erbose output displayOutput OptionsNikto -h -FormatcsvComma Separated ValuehtmHTML FormattxtPlain textxmlXML FormatTuning OptionsNikto -h (Hostname) -tuning (Option)0 Upload files7 Remote File Retrieval - Server Wide1 View specific file in log8 Command Execution / Remote Shell2 DDefault file misconfiguration9 SQL Injection3 Display information disclosure aAuthentication Bypass4 Injection (XSS/Script/HTML)bSoftware Identification5 Remote File Retrieval - Inside Web RootcRemote Source Inclusion6 Denial of ServicexReverse Tuning OptionsReference and additional resources.