DOCS: https://github.com/sullo/nikto?tab=readme-ov-file

Nikto Tutorial for Parrot OS (Web Vulnerability Scanner)¶

Nikto is a powerful tool for scanning web servers for security vulnerabilities, outdated software, and misconfigurations.

1. Install Nikto on Parrot OS¶

Nikto is pre-installed on Parrot OS. If missing, install it using:

sudo apt update && sudo apt install nikto -y

Check if it's installed:

nikto -Version

2. Basic Scan of a Website¶

To scan a web server:

nikto -h <target>

Example:

nikto -h http://example.com

3. Scan a Specific Port¶

Nikto scans port 80 by default. To scan another port:

nikto -h <target> -p <port>

Example:

nikto -h http://example.com -p 443

4. Scan an IP Address¶

To scan an IP instead of a domain:

nikto -h 192.168.1.1

5. Scan HTTPS Sites (SSL/TLS Scan)¶

Use -ssl to force an SSL scan:

nikto -h <target> -ssl

Or simply use https://

nikto -h https://example.com

6. Save Scan Results¶

Save results to a file:

nikto -h <target> -o scan_results.txt

To save in HTML, JSON, or CSV format:

nikto -h <target> -o report.html -Format html

7. Scan Multiple Targets from a File¶

Create a file (targets.txt) and add one target per line. Then run:

nikto -h targets.txt

8. Evade Detection (Bypass IDS/Firewall)¶

Use a random user agent to avoid detection:

nikto -h <target> -random-agent

Add a delay between requests to be stealthier:

nikto -h <target> -delay 5

(This waits 5 seconds between each request.)

9. Scan Using a Proxy (Anonymity)¶

To scan through a proxy:

nikto -h <target> -useproxy http://proxy-ip:port

10. Skip Specific Tests¶

Nikto allows skipping certain tests using -Tuning options.

Tuning Option	Test Skipped
`0`	File Uploads
`1`	Interesting Files
`2`	Misconfigurations
`3`	Default Files
`4`	Information Disclosure
`5`	Injection Flaws
`6`	SSL Issues
`7`	Denial of Service
`8`	Remote File Retrieval
`9`	Web Application Security

Example: Skip SSL Issues (6) and Denial of Service (7) tests:

nikto -h <target> -Tuning 6,7

For more options, run:

nikto --help

✅ Nikto Cheat Sheet¶

Command	Description
`nikto -h <target>`	Scan a website
`nikto -h <target> -p <port>`	Scan a specific port
`nikto -h <target> -ssl`	Force SSL scan
`nikto -h <target> -o output.txt`	Save results to a file
`nikto -h targets.txt`	Scan multiple targets
`nikto -h <target> -random-agent`	Use a random user agent
`nikto -h <target> -delay 5`	Add a delay between requests
`nikto -h <target> -Tuning 6,7`	Skip specific tests
`nikto -h <target> -useproxy <proxy>`	Scan through a proxy

⚠️ Legal Warning¶

Only use Nikto on websites you own or have explicit permission to test. Unauthorized scanning may be illegal.