🌐 Web application security
Nikto
Classic web server scanner — fast checks for known issues and misconfigurations.
Beginner
⏱ 5 minutes 💸 Free GPLv2
Why use it
Nikto is a quick first-pass scanner: it tests for 7000+ known web server issues, dangerous files, outdated software versions, and common misconfigurations. Useful as a fast baseline before deeper tools.
What you get
- Server fingerprinting and version checks
- Dangerous file/path discovery (/admin, /backup, etc.)
- Outdated software version detection
- Common configuration issues
- XML/HTML/CSV report exports
System requirements
| Cpu | minimal |
|---|---|
| Ram | 256 MB |
| Disk | 50 MB |
| Os | Linux, macOS, Windows (with Perl) |
| Docker | Yes |
Installation
sudo apt install nikto or git clone github.com/sullo/nikto && cd nikto/program. Quick scan: nikto -h https://target.com. Use -Tuning to focus on specific check categories.
Suggested configuration
Use Nikto as a fast first pass before ZAP/Burp — it finds the obvious stuff in minutes. Always set -evasion 1 when scanning targets that may be behind WAFs (your own).
Integration ideas
- Pipe results into your SIEM as one-shot alerts
- Combine with Nuclei for CVE confirmation
Alternatives
- Nuclei — Modern, faster, better template ecosystem.
- OWASP ZAP — Far broader; needs more setup.
Cyentrix verdict
Old but cheap-and-cheerful. Worth keeping in the toolkit for quick "what's exposed here?" sweeps.