Awesome-Mirrors/cyber-security-resources
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2025-03-23 07:36:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Create nikto.md

Browse Source
This commit is contained in:
Omar Santos 2025-03-20 12:48:25 -04:00 committed by GitHub
parent c8f14e1e79
commit c3c9424556
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
cheat_sheets/nikto.md Normal file
View File

@ -0,0 +1,64 @@
# Nikto Cheat Sheet
Nikto is an open-source web server vulnerability scanner used to identify potential security issues in web applications and servers. Below is a cheat sheet highlighting its key features and commands.
### 1. **Basic Nikto Commands**
- **Scan a Host**: `nikto -h `
Initiates a basic scan against a specified target URL.
- **Scan Specific Ports**: `nikto -h -p ,`
Scans the target on specified ports.
- **Use SSL**: `nikto -h -ssl`
Enables SSL scanning for HTTPS services.
- **Save Output**: `nikto -h -o `
Saves scan results to a specified file.
### 2. **Advanced Options**
- **Specify Host Header**: `nikto -h -host `
Sets the Host header for the request.
- **Disable 404 Checks**: `nikto -h -no404`
Skips HTTP 404 guessing.
- **Update Database**: `nikto -update`
Updates Niktos vulnerability database.
- **Check Database**: `nikto -h -dbcheck`
Checks the scan database for errors.
### 3. **Output and Display Options**
- **Output Formats**:
- **HTML**: `nikto -h -o output.html -Format html`
- **XML**: `nikto -h -o output.xml -Format xml`
- **CSV**: `nikto -h -o output.csv -Format csv`
- **Plain Text**: `nikto -h -o output.txt`
- **Display Options**:
- **Verbose Output**: `nikto -h -Display V`
- **Show HTTP Errors**: `nikto -h -Display E`
- **Print to STDOUT**: `nikto -h -Display P`
### 4. **Tuning and Customization**
- **Tuning Options**:
- **Upload Files**: `nikto -h -tuning 0`
- **Remote File Retrieval**: `nikto -h -tuning 7`
- **SQL Injection**: `nikto -h -tuning 9`
- **Use Plugins**: `nikto -h -Plugins `
Utilizes specified plugins during the scan.
- **Proxy Scan**: `nikto -h -useproxy `
Performs scan via a proxy server.
### Additional References:
- https://hackviser.com/tactics/tools/nikto
- https://securemyorg.com/mastering-nikto-web-server-vulnerability-scanning/
- https://hackertarget.com/nikto-website-scanner/
- https://github.com/lattera/nikto/blob/master/nikto-1.x/nikto-1.36/docs/nikto_usage.txt