Pre-requisite

How do I set up nikto2?

Adding Nikto to your set of dynamic security tests involves adding the tool to your toolkit, and any configuration you want to specify. Your version configuration will be setup for dynamic testing.  Go to the dynamic documentation page to see how to set this up for any dynamic testing.

To add the Nikto2 security tool:

• Go to the 'Test Tools' tab and click 'Add Tool' for the 'Nikto2' tool.

• Click on the blue cog symbol on the right hand side to set any specific Nikto2 flags you wish to set. Note you do not need to set any of these parameters, and leaving them blank will allow Nikto2 to run it's default security scan against your webserver. Supported flags include:
  • Tuning Parameters
  • Evasion Parameters
  • Mutate Parameters
  • CGI Directory Parameters
  • Host Authentication Parameters
  • Max Time Parameter
  • Mutate Options Parameter
  • Vhost Option Parameter
  • Pause Option Parameter
  • Timeout Option Parameter
  • No SSL Option Parameter
  • No Lookup Option Parameter
  • No 404 Option Parameter
• See https://github.com/sullo/nikto/wiki for full details on these Nikto2 configuration parameters.
• Click Save.

Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Nikto2 tool will be included in the test run and any results added to your vulnerabilities list.

Notes

Currently, most of the Nikto2 command line flags are supported by the adaptor. If you find any further flags you wish to have included, please contact Uleska.