Product
Pricing
Resources
Docs
Product
Pricing
Resources
Docs

Nikto2

What is Nikto2?

Nikto is an open source dynamic web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

Security Stage DAST (Dynamic Analysis)
Type OpenSource
Frameworks Any
Site https://github.com/sullo/nikto/wiki

 

Pre-requisite

1 You'll need a URL to scan

How do I set it up?

Adding Nikto to your set of dynamic security tests involves adding the tool to your toolkit, and any configuration you want to specify. Your version configuration will be setup for dynamic testing.  Go to the dynamic documentation page to see how to set this up for any dynamic testing.

To add the Nikto2 security tool:

  • Go to the 'Test Tools' tab and click 'Add Tool' for the 'Nikto2' tool.

Nikto2Setup

  • Click on the blue cog symbol on the right hand side to set any specific Nikto2 flags you wish to set. Note you do not need to set any of these parameters, and leaving them blank will allow Nikto2 to run it's default security scan against your webserver. Supported flags include:
    • Tuning Parameters
    • Evasion Parameters
    • Mutate Parameters
    • CGI Directory Parameters
    • Host Authentication Parameters
    • Max Time Parameter
    • Mutate Options Parameter
    • Vhost Option Parameter
    • Pause Option Parameter
    • Timeout Option Parameter
    • No SSL Option Parameter
    • No Lookup Option Parameter
    • No 404 Option Parameter
  • See https://github.com/sullo/nikto/wiki for full details on these Nikto2 configuration parameters.
  • Click Save.

Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Nikto2 tool will be included in the test run and any results added to your vulnerabilities list.

Notes

Currently, most of the Nikto2 command line flags are supported by the adaptor. If you find any further flags you wish to have included, please contact Uleska.