Nikto

Nikto is a command-line web server vulnerability scanner that has been a staple of penetration testing toolkits since its initial release in 2001. It operates by sending a large battery of HTTP requests to a target server and comparing responses against a maintained database of known dangerous files, outdated software signatures, and misconfiguration patterns. A single scan can surface exposed administrative interfaces, default credentials pages, old CGI scripts, directory listing disclosures, HTTP method permissiveness, missing security headers, and server version banners that reveal patch-level weaknesses.

The scanner’s architecture is plugin-based and written in Perl, making it lightweight and highly portable. Its scan logic is tunable via category flags, allowing testers to focus on specific vulnerability classes — such as injection points, file uploads, authentication issues, or information disclosure — rather than running the full test suite. Nikto supports authenticated scans using HTTP Basic and NTLM credentials, can route traffic through HTTP proxies, handles cookies automatically, and operates over both IPv4 and IPv6. Built-in evasion modes allow testers to probe targets while simulating attempts to bypass intrusion detection systems.

What makes Nikto notable is its longevity, breadth of checks, and no-frills utility. It is not a deep application-layer scanner in the manner of a DAST proxy tool; rather, it excels at fast, broad server-level enumeration and is frequently the first scanner run against a new target in an assessment. It ships pre-installed in Kali Linux and is referenced by CISA as a legitimate security testing resource. Nikto remains one of the most efficient tools for quickly identifying low-hanging server misconfigurations before moving into deeper application testing.