Product
LET’S SCALE YOUR APPLICATION SECURITY BY AUTOMATING REPETITIVE, BUT NECESSARY TASKS

Our platform helps you run an effective application security pipeline without compromising on development speed.

View the Uleska Product

Pricing
GET STARTED WITH THE ULESKA PLATFORM TODAY FOR FREE.

Let’s start optimising your DevSecOps journey.

View Uleska Pricing

Resources
In-Depth Resources

View Uleska downloads and Case studies to understand how we have helped others

View Uleska Resources

BROWSE OUR BLOG

Browse our range of useful blogs and articles.

View Uleska Blog

Docs
Uleska Docs

All the information you need to know for Uleska documentation

View Uleska Docs

Search the Uleska site

    Sign in

    Open Mobile Menu Close Mobile Menu
    Product
    LET’S SCALE YOUR APPLICATION SECURITY BY AUTOMATING REPETITIVE, BUT NECESSARY TASKS

    Our platform helps you run an effective application security pipeline without compromising on development speed.

    View the Uleska Product

    Pricing
    GET STARTED WITH THE ULESKA PLATFORM TODAY FOR FREE.

    Let’s start optimising your DevSecOps journey.

    View Uleska Pricing

    Resources
    In-Depth Resources

    View Uleska downloads and Case studies to understand how we have helped others

    View Uleska Resources

    BROWSE OUR BLOG

    Browse our range of useful blogs and articles.

    View Uleska Blog

    Docs
    Uleska Docs

    All the information you need to know for Uleska documentation

    View Uleska Docs

    Nikto2

    What is Nikto2?

    Nikto is an open source dynamic web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

    Security Stage DAST (Dynamic Analysis)
    Type OpenSource
    Frameworks Any
    Site https://github.com/sullo/nikto/wiki

     

    Pre-requisite

    1 You'll need a URL to scan

    How do I set it up?

    Adding Nikto to your set of dynamic security tests involves adding the tool to your toolkit, and any configuration you want to specify. Your version configuration will be setup for dynamic testing.  Go to the dynamic documentation page to see how to set this up for any dynamic testing.

    To add the Nikto2 security tool:

    • Go to the 'Test Tools' tab and click 'Add Tool' for the 'Nikto2' tool.

    Nikto2Setup

    • Click on the blue cog symbol on the right hand side to set any specific Nikto2 flags you wish to set. Note you do not need to set any of these parameters, and leaving them blank will allow Nikto2 to run it's default security scan against your webserver. Supported flags include:
      • Tuning Parameters
      • Evasion Parameters
      • Mutate Parameters
      • CGI Directory Parameters
      • Host Authentication Parameters
      • Max Time Parameter
      • Mutate Options Parameter
      • Vhost Option Parameter
      • Pause Option Parameter
      • Timeout Option Parameter
      • No SSL Option Parameter
      • No Lookup Option Parameter
      • No 404 Option Parameter
    • See https://github.com/sullo/nikto/wiki for full details on these Nikto2 configuration parameters.
    • Click Save.

    Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Nikto2 tool will be included in the test run and any results added to your vulnerabilities list.

    Notes

    Currently, most of the Nikto2 command line flags are supported by the adaptor. If you find any further flags you wish to have included, please contact Uleska.