← All Cheatsheets

web-pentest

Nikto — Web Vulnerability Scanner

Nikto web server scanner — checks for dangerous files, outdated software, and server misconfigurations.

11 views Apr 2026 lazyhackers

Basic Scanning (8)

nikto -h http://target.com

Basic scan against target

basic scan

nikto -h target.com -p 80,443,8080,8443

Scan multiple ports

ports

nikto -h https://target.com -ssl

Force SSL/HTTPS scanning

ssl https

nikto -h http://target.com -Tuning 9

Full tuning (all checks)

full

nikto -h http://target.com -Tuning 1

Interesting file/seen in logs only

files

nikto -h http://target.com -Tuning 2

Misconfiguration checks

misconfig

nikto -h http://target.com -Tuning 4

XSS checks

xss

nikto -h http://target.com -Tuning 8

Command injection checks

rce cmd

Authentication & Proxy (3)

nikto -h http://target.com -id admin:password

HTTP Basic Auth credentials

auth basic

nikto -h http://target.com -useproxy http://127.0.0.1:8080

Route through Burp proxy

proxy burp

nikto -h http://target.com -C "session=TOKEN"

Include session cookie

auth cookie

Output & Evasion (7)

nikto -h http://target.com -o report.html -Format html

Save output as HTML report

output html

nikto -h http://target.com -o report.csv -Format csv

Save as CSV

output csv

nikto -h http://target.com -o report.xml -Format xml

Save as XML

output xml

nikto -h http://target.com -evasion 1

IDS evasion: random URI encoding

evasion

nikto -h http://target.com -evasion 2

IDS evasion: directory self-reference /./

evasion

nikto -h http://target.com -evasion 8

IDS evasion: Windows directory separator

evasion

nikto -h http://target.com -Pause 1

Add 1 second delay between requests

evasion slow