Tool

Commander

Copy-ready command templates for common penetration testing tools. Select a tool, fill in the parameters, copy, paste, profit.

nikto

↗ docs

Web server scanner that checks for dangerous files, misconfigurations, and outdated software

webscanningmisconfigurationsvulnerabilities

Parameters

{host}*

{port}*

{output_file}*

{format}*

{tuning}*

Basic Scan

Run a standard scan against a web server.

nikto -h

Scan Custom Port

Scan a web server running on a non-standard port.

nikto -h -p

Scan HTTPS / SSL

Force SSL mode for HTTPS targets.

nikto -h -ssl

Save Output to File

Save scan results to a file.

nikto -h -o -Format

Tuning (Plugin Selection)

Limit scan to specific check categories.

nikto -h -Tuning

1=Interesting files, 2=Misconfig, 3=Info disclosure, 4=Injection, 5=Remote file retrieval, 6=Denial of service, 7=Remote file retrieval (server), 8=Command execution, 9=SQL injection, 0=File upload, a=Auth bypass, b=Software ID, c=Remote source inclusion, x=Reverse tuning