Skill

performing-web-application-scanning-with-nikto

Scans web servers and apps with Nikto for 7,000+ dangerous files, 1,250+ outdated server versions, misconfigurations, XSS, SQLi, and missing security headers.

Bash

Linux

security

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies version-specific problems on over 270 servers. It performs comprehensive tests including XSS, SQL injection, server misconfigurations, default credentials, and known vulnerable CGI scripts.

Supporting Assets

LICENSEassets/template.mdreferences/api-reference.mdreferences/standards.mdreferences/workflows.mdscripts/agent.pyscripts/process.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Performing Web Application Scanning with Nikto

Overview

When to Use

When conducting security assessments that involve performing web application scanning with nikto
When following incident response procedures for related security events
When performing scheduled security testing or auditing activities
When validating security controls through hands-on testing

Prerequisites

Nikto installed (Perl-based, included in Kali Linux)
Written authorization to scan target web servers
Network access to target web applications
Understanding of HTTP/HTTPS protocols

Core Concepts

What Nikto Detects

Server misconfigurations and dangerous default files
Outdated server software versions with known CVEs
Common CGI vulnerabilities and dangerous scripts
Default credentials and admin pages
HTTP methods that should be disabled (PUT, DELETE, TRACE)
SSL/TLS misconfigurations and weak ciphers
Missing security headers (X-Frame-Options, CSP, HSTS)
Information disclosure through headers and error pages

Nikto vs Other Web Scanners

Feature	Nikto	OWASP ZAP	Burp Suite	Nuclei
License	Open Source	Open Source	Commercial	Open Source
Focus	Server/Config	App Logic	Full Pentest	Template-Based
Speed	Fast	Medium	Slow	Very Fast
False Positives	Moderate	Low	Low	Low
Authentication	Basic	Full	Full	Template
Active Community	Yes	Yes	Yes	Yes

Workflow

Step 1: Basic Scanning

# Basic scan against a target
nikto -h https://target.example.com

# Scan specific port
nikto -h target.example.com -p 8443

# Scan multiple ports
nikto -h target.example.com -p 80,443,8080,8443

# Scan with SSL enforcement
nikto -h target.example.com -ssl

# Scan from a host list file
nikto -h targets.txt

Step 2: Advanced Scanning Options

# Comprehensive scan with all tuning options
nikto -h https://target.example.com \
  -Tuning 123456789abcde \
  -timeout 10 \
  -Pause 2 \
  -Display V \
  -output report.html \
  -Format htm

# Tuning options control test types:
# 0 - File Upload
# 1 - Interesting File / Seen in logs
# 2 - Misconfiguration / Default File
# 3 - Information Disclosure
# 4 - Injection (XSS/Script/HTML)
# 5 - Remote File Retrieval - Inside Web Root
# 6 - Denial of Service
# 7 - Remote File Retrieval - Server Wide
# 8 - Command Execution / Remote Shell
# 9 - SQL Injection
# a - Authentication Bypass
# b - Software Identification
# c - Remote Source Inclusion
# d - WebService
# e - Administrative Console

# Scan with specific tuning (XSS + SQL injection + auth bypass)
nikto -h https://target.example.com -Tuning 49a

# Scan with authentication
nikto -h https://target.example.com -id admin:password

# Scan through a proxy
nikto -h https://target.example.com -useproxy http://proxy:8080

# Scan with custom User-Agent
nikto -h https://target.example.com -useragent "Mozilla/5.0 (Security Scan)"

# Scan specific CGI directories
nikto -h https://target.example.com -Cgidirs /cgi-bin/,/scripts/

# Evasion techniques (IDS avoidance for authorized testing)
# 1-Random URI encoding, 2-Directory self-reference
# 3-Premature URL ending, 4-Prepend long random string
nikto -h https://target.example.com -evasion 1234

Step 3: Output and Reporting

# Generate multiple output formats
nikto -h https://target.example.com -output scan.csv -Format csv
nikto -h https://target.example.com -output scan.xml -Format xml
nikto -h https://target.example.com -output scan.html -Format htm
nikto -h https://target.example.com -output scan.txt -Format txt

# JSON output (newer versions)
nikto -h https://target.example.com -output scan.json -Format json

# Save to multiple formats simultaneously
nikto -h https://target.example.com \
  -output scan_report \
  -Format htm

Step 4: Scan Multiple Targets

# Create targets file (one per line)
cat > targets.txt << 'EOF'
https://app1.example.com
https://app2.example.com:8443
http://internal-app.corp.local
192.168.1.100:8080
EOF

# Scan all targets
nikto -h targets.txt -output multi_scan.html -Format htm

# Parallel scanning with GNU parallel
cat targets.txt | parallel -j 5 "nikto -h {} -output {/}_report.html -Format htm"

Step 5: SSL/TLS Assessment

# Comprehensive SSL scan
nikto -h https://target.example.com -ssl \
  -Tuning b \
  -Display V

# Check for specific SSL vulnerabilities
# Nikto checks for:
# - Expired certificates
# - Self-signed certificates
# - Weak cipher suites
# - SSLv2/SSLv3 enabled
# - BEAST, POODLE, Heartbleed indicators
# - Missing HSTS header

Step 6: Integration with Other Tools

# Pipe Nmap results into Nikto
nmap -p 80,443,8080 --open -oG - 192.168.1.0/24 | \
  awk '/open/{print $2}' | \
  while read host; do nikto -h "$host" -output "${host}_nikto.html" -Format htm; done

# Export to Metasploit-compatible format
nikto -h target.example.com -output msf_import.xml -Format xml

# Parse Nikto XML output with Python for custom reporting
python3 -c "
import xml.etree.ElementTree as ET
tree = ET.parse('scan.xml')
for item in tree.findall('.//item'):
    print(f\"[{item.get('id')}] {item.findtext('description', '')[:100]}\")
"

Interpreting Results

Severity Classification

OSVDB/CVE References: Cross-reference with NVD for CVSS scores
Server Information Disclosure: Version banners, technology stack
Dangerous HTTP Methods: PUT, DELETE, TRACE enabled
Default/Backup Files: .bak, .old, .swp, web.config.bak
Admin Interfaces: /admin, /manager, /console exposed
Missing Security Headers: CSP, X-Frame-Options, HSTS

Common False Positives

Generic checks triggered by custom 404 pages
Anti-CSRF tokens flagged as form vulnerabilities
CDN/WAF responses misidentified as vulnerable
Load balancer health check pages

Best Practices

Always obtain written authorization before scanning
Run Nikto in conjunction with application-level scanners (ZAP, Burp)
Use -Pause flag to reduce load on production servers
Validate findings manually before reporting
Combine with SSL testing tools (testssl.sh, sslyze) for comprehensive coverage
Schedule regular scans as part of continuous vulnerability management
Keep Nikto database updated for latest vulnerability checks
Use appropriate evasion settings only for authorized IDS testing

Common Pitfalls

Running Nikto without authorization (legal liability)
Treating Nikto as a complete web application scanner (it focuses on server/config issues)
Not validating results leading to false positive reports
Scanning too aggressively against production systems
Ignoring SSL/TLS findings as "informational"

Related Skills

scanning-infrastructure-with-nessus
scanning-apis-for-security-vulnerabilities
performing-network-vulnerability-assessment