Nikto

webenumerationv2 adventofcyber4 ccpentesting

Nikto (7.8k ⭐) is a common website vulnerability scanning tool:

  • πŸ’₯ to find known vulnerabilities
  • πŸ” to find known misconfigurations
  • πŸ’€ to find outdated software
  • πŸ’΅ to find sensitive files
  • ...

See also Plugins such as robots, or cgi...

Usage:

$ nikto -h URL
$ nikto [...] -p 80,8000,8080 # ports
$ nikto [...] -Display V      # ex: verbose
$ nikto [...] -Tuning 9       # ex: SQL injection