Top Related Projects
Nmap - the Network Mapper. Github mirror of official SVN repository.
The ZAP by Checkmarx Core project
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
Automatic SQL injection and database takeover tool
w3af: web application attack and audit framework, the open source web vulnerability scanner.
In-depth attack surface mapping and asset discovery
Quick Overview
Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, outdated versions, and version-specific problems. It's designed to be fast, easy to use, and can be run on most platforms that support Perl.
Pros
- Extensive vulnerability database with regular updates
- Customizable and extensible through plugins
- Supports multiple output formats (HTML, CSV, XML)
- Can be integrated with other security tools and frameworks
Cons
- Can generate a large number of false positives
- Scans can be noisy and easily detected by intrusion detection systems
- Performance can be slow on large websites or when using all available checks
- Requires Perl to be installed, which may not be available on all systems
Getting Started
To get started with Nikto:
-
Clone the repository:
git clone https://github.com/sullo/nikto.git -
Navigate to the Nikto directory:
cd nikto -
Run a basic scan:
perl nikto.pl -h http://example.com -
For more options and advanced usage, refer to the documentation:
perl nikto.pl -Help
Note: Ensure you have Perl installed on your system before running Nikto. Always obtain permission before scanning websites you don't own or have explicit authorization to test.
Competitor Comparisons
Nmap - the Network Mapper. Github mirror of official SVN repository.
Pros of Nmap
- More comprehensive network scanning and discovery capabilities
- Actively maintained with frequent updates and a large community
- Extensive scripting engine for customized scans and vulnerability checks
Cons of Nmap
- Steeper learning curve for beginners
- Can be more resource-intensive, especially for large-scale scans
- May trigger security alerts or be blocked by firewalls more easily
Code Comparison
Nikto (Perl):
sub nikto_headers {
my ($mark) = @_;
my %headers;
foreach my $header (split(/\n/, $mark->{'headers'})) {
my ($key, $value) = split(/:\s*/, $header, 2);
$headers{lc($key)} = $value;
}
return %headers;
}
Nmap (Lua):
local function get_headers(response)
local headers = {}
for line in response:gmatch("[^\r\n]+") do
local name, value = line:match("^(%S+):%s*(.+)")
if name then headers[name:lower()] = value end
end
return headers
end
Both examples show functions for parsing HTTP headers, but Nmap's implementation is in Lua, reflecting its more extensive scripting capabilities.
The ZAP by Checkmarx Core project
Pros of ZAP
- More comprehensive web application security scanner with a wider range of features
- Active development with frequent updates and a larger community
- Graphical user interface for easier use and visualization of results
Cons of ZAP
- Steeper learning curve due to its extensive feature set
- Potentially slower scan times for large applications compared to Nikto
- Requires more system resources to run effectively
Code Comparison
Nikto (Perl):
sub nikto_headers {
return {
'User-Agent' => NIKTO_VERSION,
'Host' => $VARIABLES{'HOSTNAME'},
'Accept' => '*/*',
'Accept-Language' => 'en',
'Connection' => 'close',
};
}
ZAP (Java):
public class HttpSender {
public HttpMessage sendAndReceive(HttpMessage msg, boolean followRedirect) throws IOException {
return sendAndReceive(msg, followRedirect, true);
}
}
Both projects use different programming languages, with Nikto primarily written in Perl and ZAP in Java. Nikto's code snippet shows a simple header configuration, while ZAP's code demonstrates a more object-oriented approach to handling HTTP requests.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
Pros of WPScan
- Specialized for WordPress, offering deeper and more accurate scans for WP-specific vulnerabilities
- Regularly updated with the latest WordPress security issues and plugins
- Includes a comprehensive database of known WordPress vulnerabilities
Cons of WPScan
- Limited to WordPress sites, lacking versatility for other web applications
- May require more setup and configuration compared to Nikto's simplicity
- Can be slower for large WordPress sites with many plugins and themes
Code Comparison
WPScan (Ruby):
def scan
run_plugins
enumerate_users
check_vulnerabilities
generate_report
end
Nikto (Perl):
sub scan {
check_server();
run_plugins();
check_vulnerabilities();
print_report();
}
Both tools use a similar structure for their main scanning functions, but WPScan's code is more focused on WordPress-specific elements like user enumeration, while Nikto's code is more general-purpose for web server scanning.
Automatic SQL injection and database takeover tool
Pros of sqlmap
- Specialized for SQL injection attacks, offering more in-depth and targeted functionality
- Supports a wide range of database management systems (DBMS)
- Actively maintained with frequent updates and a large community
Cons of sqlmap
- Limited to SQL injection vulnerabilities, unlike Nikto's broader web server scanning capabilities
- Steeper learning curve due to its more complex features and options
- May trigger more security alerts due to its aggressive nature
Code Comparison
sqlmap
def checkDbms(self):
for dbms in SUPPORTED_DBMS:
if conf.dbms and conf.dbms.lower() == dbms.lower():
return dbms
return None
Nikto
sub nikto_headers {
my ($id, $item, $headers) = @_;
foreach my $header (keys %$headers) {
add_vulnerability($id, $item, $header, $headers->{$header});
}
}
The sqlmap code snippet shows a function for checking supported database management systems, while the Nikto code demonstrates header processing for vulnerability detection. This reflects sqlmap's focus on database interactions and Nikto's broader web server scanning approach.
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Pros of w3af
- More comprehensive web application security scanner with a wider range of vulnerability checks
- Provides a graphical user interface (GUI) for easier use and visualization of results
- Supports multiple output formats and integration with other security tools
Cons of w3af
- Steeper learning curve due to its complexity and extensive features
- May produce more false positives compared to Nikto
- Slower scanning speed, especially for large-scale applications
Code Comparison
w3af (Python):
def get_long_desc(self):
return """
This plugin finds web applications in the target website.
For example, if the target URL is:
- http://host.tld/
This plugin will find applications like:
- http://host.tld/wordpress/
- http://host.tld/phpmyadmin/
...
"""
Nikto (Perl):
sub nikto_headers {
my ($id, $res, $content) = @_;
my %headers;
$headers{$_} = $res->{'response'}->{'headers'}->{$_}
foreach (keys %{ $res->{'response'}->{'headers'} });
return %headers;
}
Both repositories focus on web application security scanning, but w3af offers a more feature-rich and user-friendly experience at the cost of complexity and speed, while Nikto provides a simpler, faster approach with potentially fewer false positives.
In-depth attack surface mapping and asset discovery
Pros of Amass
- More comprehensive subdomain enumeration and asset discovery
- Actively maintained with frequent updates and new features
- Supports multiple data sources and integrations for enhanced reconnaissance
Cons of Amass
- Steeper learning curve due to more complex functionality
- Potentially slower execution for basic scans compared to Nikto
- Requires more system resources for large-scale scans
Code Comparison
Nikto (Perl):
sub nikto_headers {
my ($mark) = @_;
my %headers;
foreach my $header (split(/\n/, $mark->{'headers'})) {
my ($key, $value) = split(/:\s*/, $header, 2);
$headers{lc($key)} = $value;
}
return %headers;
}
Amass (Go):
func (e *Enumeration) submitKnownNames(ctx context.Context) {
for _, src := range e.Sys.DataSources() {
if !e.Config.IsDomainInScope(src.String()) {
continue
}
names, err := src.Domains()
if err != nil {
continue
}
e.submitNames(ctx, names)
}
}
Both tools serve different purposes in the security testing ecosystem. Nikto focuses on web server scanning and vulnerability detection, while Amass specializes in subdomain enumeration and asset discovery. The code snippets highlight their different approaches and programming languages used.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
nikto
Nikto web server scanner - https://cirt.net/Nikto2
Full documentation - https://github.com/sullo/nikto/wiki
Run normally:
git clone https://github.com/sullo/nikto
# Main script is in program/
cd nikto/program
# Run using the shebang interpreter
./nikto.pl -h http://www.example.com
# Run using perl (if you forget to chmod)
perl nikto.pl -h http://www.example.com
Run as a Docker container:
git clone https://github.com/sullo/nikto.git
cd nikto
docker build -t sullo/nikto .
# Call it without arguments to display the full help
docker run --rm sullo/nikto
# Basic usage
docker run --rm sullo/nikto -h http://www.example.com
# To save the report in a specific format, mount /tmp as a volume:
docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json
Basic usage:
Options:
-ask+ Whether to ask about submitting updates
yes Ask about each (default)
no Don't ask, don't send
auto Don't ask, just send
-Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
-config+ Use this config file
-Display+ Turn on/off display outputs:
1 Show redirects
2 Show cookies received
3 Show all 200/OK responses
4 Show URLs which require authentication
D Debug output
E Display all HTTP errors
P Print progress to STDOUT
S Scrub output of IPs and hostnames
V Verbose output
-dbcheck Check database and other key files for syntax errors
-followredirects Follow 3xx redirects to new location
-evasion+ Encoding technique:
1 Random URI encoding (non-UTF8)
2 Directory self-reference (/./)
3 Premature URL ending
4 Prepend long random string
5 Fake parameter
6 TAB as request spacer
7 Change the case of the URL
8 Use Windows directory separator (\)
A Use a carriage return (0x0d) as a request spacer
B Use binary value 0x0b as a request spacer
-Format+ Save file (-o) format:
csv Comma-separated-value
htm HTML Format
msf+ Log to Metasploit
nbe Nessus NBE format
txt Plain text
xml XML Format
(if not specified the format will be taken from the file extension passed to -output)
-Help Extended help information
-host+ Target host
-IgnoreCode Ignore Codes--treat as negative responses
-id+ Host authentication to use, format is id:pass or id:pass:realm
-key+ Client certificate key file
-list-plugins List all available plugins, perform no testing
-maxtime+ Maximum testing time per host
-mutate+ Guess additional file names:
1 Test all files with all root directories
2 Guess for password file names
3 Enumerate user names via Apache (/~user type requests)
4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
5 Attempt to brute force sub-domain names, assume that the host name is the parent domain
6 Attempt to guess directory names from the supplied dictionary file
-mutate-options Provide information for mutates
-nointeractive Disables interactive features
-nolookup Disables DNS lookups
-noslash Strip trailing slash from URL (e.g., '/admin/' to '/admin')
-nossl Disables the use of SSL
-no404 Disables nikto attempting to guess a 404 page
-output+ Write output to this file ('.' for auto-name)
-Pause+ Pause between tests (seconds, integer or float)
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-RSAcert+ Client certificate file
-root+ Prepend root value to all requests, format is /directory
-Save Save positive responses to this directory ('.' for auto-name)
-ssl Force ssl mode on port
-Tuning+ Scan tuning:
1 Interesting File / Seen in logs
2 Misconfiguration / Default File
3 Information Disclosure
4 Injection (XSS/Script/HTML)
5 Remote File Retrieval - Inside Web Root
6 Denial of Service
7 Remote File Retrieval - Server Wide
8 Command Execution / Remote Shell
9 SQL Injection
0 File Upload
a Authentication Bypass
b Software Identification
c Remote Source Inclusion
x Reverse Tuning Options (i.e., include all except specified)
-timeout+ Timeout for requests (default 10 seconds)
-Userdbs Load only user databases, not the standard databases
all Disable standard dbs and load only user dbs
tests Disable only db_tests and load udb_tests
-until Run until the specified time or duration
-update Update databases and plugins from CIRT.net
-useproxy Use the proxy defined in nikto.conf
-usecookies Use cookies from responses in future requests
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
License
Copyright (C) 2001 Chris Sullo
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License only.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Top Related Projects
Nmap - the Network Mapper. Github mirror of official SVN repository.
The ZAP by Checkmarx Core project
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
Automatic SQL injection and database takeover tool
w3af: web application attack and audit framework, the open source web vulnerability scanner.
In-depth attack surface mapping and asset discovery
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot