explaingit

sullo/nikto

10,359PerlAudience · ops devopsComplexity · 2/5Setup · easy

TLDR

A command-line web server scanner that checks websites for known security vulnerabilities, misconfigured settings, exposed files, and outdated software, widely used by security professionals for authorized audits.

Mindmap

mindmap
  root((Nikto))
    What it scans
      Outdated software
      Exposed files
      Misconfigured settings
      Open login pages
    Output formats
      Plain text
      HTML report
      JSON
      XML
    How to run
      Command-line with Perl
      Docker container
    Options
      Port selection
      HTTPS support
      Plugin extensions
      Save to file
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Scan a web server before launch to find exposed admin pages, outdated software versions, and misconfigured headers.

USE CASE 2

Generate a vulnerability report in HTML, JSON, or XML format for inclusion in a formal security audit.

USE CASE 3

Run Nikto via Docker against a staging environment to check for security regressions without installing Perl.

USE CASE 4

Integrate a Nikto scan into a CI/CD pipeline to catch new exposures before each deployment.

Tech stack

PerlDocker

Getting it running

Difficulty · easy Time to first run · 5min

Only scan servers you own or have explicit written permission to test, unauthorized scanning is illegal.

In plain English

Nikto is a web server scanner used to check websites and web servers for known security problems. You point it at a web address, it runs a series of automated tests, and it reports back what it finds: outdated software, misconfigured settings, exposed files that should not be public, login pages left open, and similar issues. It is a command-line tool, meaning you run it from a terminal rather than through a graphical interface. The tool has been around for a long time and is widely used by security professionals and system administrators when they want a quick picture of what vulnerabilities a server might expose. It checks against a database of known issues and can be extended with plugins, so the list of things it looks for can grow over time. Nikto supports a broad set of options. You can tell it which port to scan, whether to use a secure connection, how long to wait for responses, and whether to save its findings to a file. Output can be written in several formats including plain text, HTML, JSON, and XML, which makes it possible to feed results into other tools or reporting systems. The project can be run directly on a machine that has Perl installed, since that is the language it is written in. It can also run as a containerized application using Docker, which means you do not need Perl installed locally at all. You simply pull the container image and pass your target address. Nikto is free and open source. It comes with a note that it is meant for testing servers you have permission to scan. Running it against systems you do not own or operate without authorization is not a sanctioned use.

Copy-paste prompts

Prompt 1
I have permission to audit my web server at https://myserver.example.com. Write the Nikto command to run a full scan, save the results as an HTML report to /tmp/nikto-report.html, and set a 10-second response timeout.
Prompt 2
How do I run Nikto using Docker so I don't need Perl installed locally? Write the exact docker run command to scan a target HTTPS URL and output results in JSON format.
Prompt 3
Write a Nikto command that scans only port 443 with HTTPS, limits output to the most severe findings, and saves results to a plain text file called scan-results.txt.
Open on GitHub → Explain another repo

← sullo on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.