Nikto Cheat Sheet: - Tuning

This document provides a cheat sheet for using the Nikto vulnerability scanner. It lists basic usage examples and options for tuning scans, evasion techniques, output formats, and other settings like specifying ports, proxies, maximum testing times, and updating or checking the Nikto database.

Uploaded by

Xavi Luna

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

1K views

Nikto Cheat Sheet: - Tuning

Uploaded by

Xavi Luna

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

Nikto Cheat Sheet

Basic Usage!

! nikto -host example.com -port 8080 ! ! ! !

Display Options ! 1 2 3 4 D E P S V ! ! !

Tuning!

-Tuning

-Display

Show redirects Show cookies received Show all 200/OK responses Show URLs which require authentication Debug output Display all HTTP errors Print progress to STDOUT Scrub output of IPs and hostnames Verbose output ! !

Evasion Options! 1 2 3 4 5 6 7 8 A B

1 ! Interesting File / Seen in logs! 2 ! Misconguration / Default File! 3 ! Information Disclosure! 4 ! Injection (XSS/Script/HTML)! 5 ! Remote File Retrieval - Inside Web Root! 6 ! ! Denial of Service! 7 ! Remote File Retrieval - Server Wide! 8 ! Command Execution / Remote Shell! 9 ! SQL Injection! 0 ! File Upload! a ! Authentication Bypass! b ! Software Identication! c ! Remote Source Inclusion! x ! Reverse Tuning Options (i.e., include all ! except specied)! Specify Port Number! Use Proxy!

-evasion

-port!

Random URI encoding (non-UTF8) Directory self-reference (/./) Premature URL ending Prepend long random string Fake parameter TAB as request spacer Change the case of the URL Use Windows directory separator (\) Use a carriage return (0x0d) as a request spacer Use binary value 0x0b as a request spacer

-useproxy! -maxtime -until -nossl ! -ssl -no404 -id ! -key

Maximum testing time per host secs! Run for specied time or duration! Disables SSL! Force SSL! Disables 404 Guessing! Host authentication! format id:pass or id:pass:realm! Client certicate key le! Display Version! Help!

Output File Format! Use -o to save le with le extension.! csv! Comma-separated-value! htm ! HTML Format! msf+ ! Log to Metasploit! nbe ! Nessus NBE format! txt ! Plain text! xml ! XML Format!

-Format !

-Version! -H or -h! -update! -dbcheck! -config

Virtual host! Save Request & Response Headers! Can be replayed with replay.pl

-vhost! -save!

Update! DBCheck! Specify cong le!

NeedSec.com

Lab10 - Dirbuster
No ratings yet
Lab10 - Dirbuster
15 pages
WP Integrating Active Directory ML
No ratings yet
WP Integrating Active Directory ML
14 pages
Abs Red Team Adversarial Attack Simulation Exercises Guidelines v1 5 PDF
No ratings yet
Abs Red Team Adversarial Attack Simulation Exercises Guidelines v1 5 PDF
47 pages
Tryhackme: Overpass 2 - Hacked Walkthrough: 1. What Was The Url of The Page They Used To Upload A Reverse Shell?
No ratings yet
Tryhackme: Overpass 2 - Hacked Walkthrough: 1. What Was The Url of The Page They Used To Upload A Reverse Shell?
11 pages
Oscp Webinar
No ratings yet
Oscp Webinar
47 pages
Hack The Box
No ratings yet
Hack The Box
3 pages
Bug Bounty Hunting Tips 1641110966
100% (1)
Bug Bounty Hunting Tips 1641110966
11 pages
Linux Privilege Escalation SSH KEY
No ratings yet
Linux Privilege Escalation SSH KEY
3 pages
CSCI369 Lab 3
No ratings yet
CSCI369 Lab 3
4 pages
Hack Windows Using Metasploit Lab Manual
No ratings yet
Hack Windows Using Metasploit Lab Manual
3 pages
Pentest Checklists
No ratings yet
Pentest Checklists
20 pages
Wireshark Cheat Sheet
No ratings yet
Wireshark Cheat Sheet
1 page
Metasploit Penetration Testing Cookbook: Chapter No. 4 "Client-Side Exploitation and Antivirus Bypass"
No ratings yet
Metasploit Penetration Testing Cookbook: Chapter No. 4 "Client-Side Exploitation and Antivirus Bypass"
44 pages
How To Use Beast Trojan
No ratings yet
How To Use Beast Trojan
1 page
Linux Privilege Escalation
No ratings yet
Linux Privilege Escalation
42 pages
Windows Privilege Escalation Fundamentals
No ratings yet
Windows Privilege Escalation Fundamentals
36 pages
EJPT Notes 2022 PDF
No ratings yet
EJPT Notes 2022 PDF
9 pages
OSCP Exam Training
No ratings yet
OSCP Exam Training
19 pages
Threat Hunting in Splunk With Zeek
No ratings yet
Threat Hunting in Splunk With Zeek
10 pages
IS4560 Lab 1 Assessment Worksheet
No ratings yet
IS4560 Lab 1 Assessment Worksheet
4 pages
@FsKnockouT-1. Active Directory Enumeration & Attacks
No ratings yet
@FsKnockouT-1. Active Directory Enumeration & Attacks
368 pages
Page - 1: WWW - Hackingarticles.in
No ratings yet
Page - 1: WWW - Hackingarticles.in
29 pages
SMB Penetration Testing
No ratings yet
SMB Penetration Testing
15 pages
Intigriti EB Hacker Report 2024
No ratings yet
Intigriti EB Hacker Report 2024
27 pages
Pwnable Writeup
No ratings yet
Pwnable Writeup
110 pages
Ethical Hacking Tools Preview
No ratings yet
Ethical Hacking Tools Preview
39 pages
Metasploit Framework
No ratings yet
Metasploit Framework
8 pages
Cain and Abel User Manual
100% (1)
Cain and Abel User Manual
134 pages
Pstools
100% (5)
Pstools
13 pages
Web Application Pentesting Checklist
No ratings yet
Web Application Pentesting Checklist
23 pages
Reconnaissance Scanning Gaining Access Maintaining Access Clearing Track
No ratings yet
Reconnaissance Scanning Gaining Access Maintaining Access Clearing Track
11 pages
Lab Experiment #08 - Network & Host Detection Scans
No ratings yet
Lab Experiment #08 - Network & Host Detection Scans
3 pages
Burp Suite
No ratings yet
Burp Suite
174 pages
Advanced SQL Injection
No ratings yet
Advanced SQL Injection
28 pages
Pwning ADCS
No ratings yet
Pwning ADCS
38 pages
Advanced Cross Site Scripting: and CSRF
No ratings yet
Advanced Cross Site Scripting: and CSRF
42 pages
Hakin9 Metasploit Nutshell PDF
No ratings yet
Hakin9 Metasploit Nutshell PDF
70 pages
Subdomain Enumeration Cheat Sheet: @yamakira
No ratings yet
Subdomain Enumeration Cheat Sheet: @yamakira
1 page
Guide To SSRF
No ratings yet
Guide To SSRF
6 pages
TheHarvester Cheat Sheet
No ratings yet
TheHarvester Cheat Sheet
1 page
Network+ Guide To Networks 5 Edition
No ratings yet
Network+ Guide To Networks 5 Edition
102 pages
Malwaredotpy - Linux Basics Pentesting Tutorials
No ratings yet
Malwaredotpy - Linux Basics Pentesting Tutorials
18 pages
Android Exploits 101
No ratings yet
Android Exploits 101
46 pages
Offsec Sample Report
No ratings yet
Offsec Sample Report
32 pages
Security Tools Overview
100% (1)
Security Tools Overview
12 pages
Recon For Web Pen-Testing
No ratings yet
Recon For Web Pen-Testing
17 pages
Abusing SUDO (Linux Privilege Escalation)
100% (3)
Abusing SUDO (Linux Privilege Escalation)
5 pages
With Emphasis On Web Applications Security Related Issues
0% (1)
With Emphasis On Web Applications Security Related Issues
28 pages
006 Course Guide - Bug Bounty & Web Security by ZTM
No ratings yet
006 Course Guide - Bug Bounty & Web Security by ZTM
5 pages
Georgoa Weidman Resume
No ratings yet
Georgoa Weidman Resume
6 pages
FOR One API Security Testing Training For Bug Hunters and InfoSec
No ratings yet
FOR One API Security Testing Training For Bug Hunters and InfoSec
7 pages
Forensics
No ratings yet
Forensics
3 pages
Metasploit - Pen Test & Cybersecurity Guide
No ratings yet
Metasploit - Pen Test & Cybersecurity Guide
76 pages
Common Tools and Methods Used in Vulnhub CTF's
No ratings yet
Common Tools and Methods Used in Vulnhub CTF's
4 pages
Certified Ethical Hacker C.E.H v11 Exam Prep And Dumps
From Everand
Certified Ethical Hacker C.E.H v11 Exam Prep And Dumps
Byte Books
No ratings yet
Trackpad Ver. 2.0 Class 4
From Everand
Trackpad Ver. 2.0 Class 4
Nidhi Arora
No ratings yet
Metasploit: The Penetration Tester's Guide
From Everand
Metasploit: The Penetration Tester's Guide
David Kennedy
3.5/5 (12)
Ultimate Penetration Testing with Nmap: Master Cybersecurity Assessments for Network Security, Monitoring, and Scanning Using Nmap (English Edition)
From Everand
Ultimate Penetration Testing with Nmap: Master Cybersecurity Assessments for Network Security, Monitoring, and Scanning Using Nmap (English Edition)
Travis DeForge
No ratings yet
Online Hacker Survival Guide
From Everand
Online Hacker Survival Guide
Naven Johnson
No ratings yet
Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools
From Everand
Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools
Dr. Hidaia Mahmood Alassoulii
No ratings yet

Nikto Cheat Sheet: - Tuning

Uploaded by

Nikto Cheat Sheet: - Tuning

Uploaded by

Nikto Cheat Sheet

! nikto -host example.com -port 8080 ! ! ! !

-useproxy! -maxtime -until -nossl ! -ssl -no404 -id ! -key

-Version! -H or -h! -update! -dbcheck! -config

Update! DBCheck! Specify cong le!

You might also like