The most basic Nikto scan requires simply a host to target, since port 80 is
assumed if none is specified. The host can either be an IP or a hostname of a
machine, and is specified using the -h (-host) option. This will scan the IP
192.168.0.1 on TCP port 80:
perl nikto.pl -h 192.168.0.1
To check on a different port, specify the port number with the -p (-port)
option. This will scan the IP 192.168.0.1 on TCP port 443:
perl nikto.pl -h 192.168.0.1 -p 443
Hosts, ports and protocols may also be specified by using a full URL syntax,
and it will be scanned:
perl nikto.pl -h https://192.168.0.1:443/
There is no need to specify that port 443 may be SSL, as Nikto will first
test regular HTTP and if that fails, HTTPS. If you are sure it is an SSL server,
specifying -s (-ssl) will speed up the test.
perl nikto.pl -h 192.168.0.1 -p 443 -ssl
More complex tests can be performed using the
-mutate parameter, as detailed later. This can
produce extra tests, some of which may be provided with extra parameters through
-mutate-options parameter. For
-mutate 3, with or without
a file attempts to brute force usernames if the web server allows ~
perl nikto.pl -h 192.168.0.1 -mutate 3 -mutate-options user-list.txt
Nikto can scan multiple ports in the same scanning session. To test more than
one port on the same host, specify the list of ports in the -p (-port) option.
Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list,
(i.e., 80,88,90). This will scan the host on ports 80, 88 and 443.
perl nikto.pl -h 192.168.0.1 -p 80,88,443
Nikto support scanning multiple hosts in the same session via a text file of
host names or IPs. Instead of giving a host name or IP for the -h (-host)
option, a file name can be given. A file of hosts must be formatted as one host
per line, with the port number(s) at the end of each line. Ports can be
separated from the host and other ports via a colon or a comma. If no port is
specified, port 80 is assumed.
This is an example of a valid hosts file:
Example 3.1. Valid Hosts File
A host file may also be an nmap output in "greppable" format (i.e. from the
output from -oG).
A file may be passed to Nikto through stdout/stdin using a "-" as the
filename. For example:
nmap -p80 192.168.0.0/24 -oG - | nikto.pl -h -
If the machine running Nikto only has access to the target host (or update
server) via an HTTP proxy, the test can still be performed. Set the
PROXY* variables (as described in section 4), then execute
Nikto with the -u (-useproxy) command. All connections will be relayed through
the HTTP proxy specified in the configuration file.
perl nikto.pl -h 192.168.0.1 -p 80 -u
Nikto can be automatically updated, assuming you have Internet connectivity
from the host Nikto is installed on. To update to the latest plugins and
databases, simply run Nikto with the -update command.
perl nikto.pl -update
If updates are required, you will see a list of the files downloaded:
perl nikto.pl -update
+ Retrieving 'nikto_core.plugin'
+ Retrieving 'CHANGES.txt'