# sullo/nikto

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/sullo-nikto).**

10,104 stars · 1,407 forks · Perl · other

## Links

- GitHub: https://github.com/sullo/nikto
- awesome-repositories: https://awesome-repositories.com/repository/sullo-nikto.md

## Description

Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses.

The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations.

The scanner covers broad capability areas including dictionary-based resource discovery to find hidden files and directories, proxy-based traffic routing for anonymizing the scan origin, and a plugin-based architecture for custom scan extensions. Findings are processed through a reporting system that supports multi-format data serialization for external analysis.

The tool includes a portable execution mode that allows the engine to run from a self-contained directory without requiring system-wide installation.

## Tags

### Part of an Awesome List

- [Web Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/web-vulnerability-scanning.md) — Identifies security flaws, outdated software, and common vulnerabilities by probing web servers for known risks.
- [Content Discovery](https://awesome-repositories.com/f/awesome-lists/devtools/content-discovery.md) — Finds unlinked files and directory names through dictionary attacks and brute forcing to uncover hidden content.
- [Vulnerability Scanners](https://awesome-repositories.com/f/awesome-lists/devtools/vulnerability-scanners.md) — Fast black-box scanning for web server and application vulnerabilities.
- [Dynamic Analysis](https://awesome-repositories.com/f/awesome-lists/security/dynamic-analysis.md) — Web server security scanner.
- [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Web server scanner for identifying vulnerabilities.
- [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Nikto web server scanner
- [Vulnerability Scanners](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanners.md) — Web server vulnerability scanner.

### Data & Databases

- [Service Response Signatures](https://awesome-repositories.com/f/data-databases/text-pattern-matching/pattern-occurrence-identification-algorithms/service-response-signatures.md) — Determines server versions and software by matching response headers and banners against a database of known signatures.

### Security & Cryptography

- [Dictionary-Based Resource Discovery](https://awesome-repositories.com/f/security-cryptography/dictionary-based-resource-discovery.md) — Identifies hidden files and directories by iterating through pre-defined lists of common names and paths.
- [Infrastructure Misconfiguration Detectors](https://awesome-repositories.com/f/security-cryptography/infrastructure-as-code-security/infrastructure-misconfiguration-detectors.md) — Identifies insecure server options and configuration errors that could expose the system to attack. ([source](https://github.com/sullo/nikto/wiki/Overview-&-Description))
- [Security Auditing Tools](https://awesome-repositories.com/f/security-cryptography/security-auditing-tools.md) — Identifies insecure server options and common vulnerabilities by analyzing HTTP responses.
- [Vulnerability Scanners](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/vulnerability-scanners.md) — Provides a portable utility for detecting web vulnerabilities with support for custom plugins and proxy routing.
- [Server Fingerprinting](https://awesome-repositories.com/f/security-cryptography/server-fingerprinting.md) — Uses signature-based identification to determine specific server software versions and fingerprints. ([source](https://github.com/sullo/nikto/wiki/Overview-&-Description))
- [Resource Discovery Brute-Forcing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/resource-discovery-brute-forcing.md) — Employs dictionary-based attacks to discover hidden files and directories on the target web server. ([source](https://cdn.jsdelivr.net/gh/sullo/nikto@main/README.md))
- [Reconnaissance Tools](https://awesome-repositories.com/f/security-cryptography/web-application-security/reconnaissance-tools.md) — Discovers hidden directories and identifies server software versions through dictionary attacks.
- [Web Server Fingerprinting](https://awesome-repositories.com/f/security-cryptography/web-server-fingerprinting.md) — Probes targets to determine specific server software versions and detect insecure server misconfigurations.
- [Custom Security Scan Extensions](https://awesome-repositories.com/f/security-cryptography/custom-security-scan-extensions.md) — Provides an extensibility system for adding custom tests and plugins to detect specific vulnerabilities. ([source](https://github.com/sullo/nikto/wiki))
- [IDS Evasion Techniques](https://awesome-repositories.com/f/security-cryptography/intrusion-detection-systems/ids-evasion-techniques.md) — Uses encoding techniques and request spacers to bypass security filters and mask scanning activity.
- [Security Software Evasion](https://awesome-repositories.com/f/security-cryptography/security-configurations/security-check-bypasses/security-software-evasion.md) — Implements request-level encoding and timing spacers to bypass security filters and intrusion detection systems. ([source](https://cdn.jsdelivr.net/gh/sullo/nikto@main/README.md))
- [HTTP Request Evasion](https://awesome-repositories.com/f/security-cryptography/security-configurations/security-check-bypasses/security-software-evasion/http-request-evasion.md) — Bypasses security filters by modifying request encoding and inserting timing spacers between network probes.

### Networking & Communication

- [Network Traffic Proxying](https://awesome-repositories.com/f/networking-communication/network-reliability-diagnostics/network-filtering/ip-address-filters/network-traffic-proxying.md) — Directs network requests through intermediate servers to anonymize the scanner origin or bypass network firewalls.