Nikto

Open-source web server scanner for finding dangerous files, programs, and outdated server versions

Open Source Alternative to

Snyk

Repository activity

Stars10.5k
Forks1.4k
Open Issues3

sullo-nikto health score - Linux Foundation Insights

License

Other

Languages

Perl
Shell
Go Template

Get it:Website GitHub

About Nikto

Nikto is a web server scanner for security professionals, penetration testers, and system administrators. It checks web servers for potentially dangerous or interesting files and programs and for outdated versions of thousands of servers.

It runs as a Perl script, either directly or through perl, and can also run as a Docker container. Its test database supports BODY, HEADER, COOKIE, and CODE matchers that combine with AND logic to target response content, headers, cookies, and status codes.

Scan tuning lets you focus on specific issue classes such as injection, misconfiguration, or command execution, and evasion techniques help test through filters. Results export to CSV, JSON, HTML, XML, plain text, or a SQL database for later review.

Key features

Checks web servers for thousands of dangerous or interesting files
Identifies outdated server software versions
Scan tuning to target injection, misconfiguration, and more
Evasion techniques for testing through filters and IDS
Test database with BODY, HEADER, COOKIE, and CODE matchers

Details

First released: 2012
License: GPL-3.0 (code)
Platforms: CLI · Docker
Deployment: self-hostable · docker
Language: Perl
Reports: CSV · JSON · HTML · XML · text · SQL