Integrate Nikto2 into CI/CD

What is Nikto2?

Nikto is an open source dynamic web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

Security Stage DAST (Dynamic Analysis)
Type OpenSource
Frameworks Any


1 You'll need a URL to scan

How do I set up nikto2?

Adding Nikto to your set of dynamic security tests involves adding the tool to your toolkit, and any configuration you want to specify. Your version configuration will be setup for dynamic testing.  Go to the dynamic documentation page to see how to set this up for any dynamic testing.

To add the Nikto2 security tool:

  • Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'Nikto2' as a tool.


  • Click on the blue cog symbol on the right hand side to set any specific Nikto2 flags you wish to set. Note you do not need to set any of these parameters, and leaving them blank will allow Nikto2 to run it's default security scan against your webserver. Supported flags include:
    • Tuning Parameters
    • Evasion Parameters
    • Mutate Parameters
    • CGI Directory Parameters
    • Host Authentication Parameters
    • Max Time Parameter
    • Mutate Options Parameter
    • Vhost Option Parameter
    • Pause Option Parameter
    • Timeout Option Parameter
    • No SSL Option Parameter
    • No Lookup Option Parameter
    • No 404 Option Parameter
  • See for full details on these Nikto2 configuration parameters.
  • Click Save.

Now any time you click 'Test Now' and choose the ToolKit you added Nikto2 to, or make a request over the Uleska API or CLI and include that ToolKit, the Nikto2 tool will be included in the test run and any results added to your vulnerabilities list.


Currently, most of the Nikto2 command line flags are supported by the adaptor. If you find any further flags you wish to have included, please contact Uleska.