Nikto

Nikto

Nikto is an open source web server scanner that performs comprehensive tests against web servers to look for insecure configurations and vulnerabilities. It is intended to be easy to use and provide security professionals both novice and expert with a quality web vulnerability sc
Nikto image
web-server scanner insecure-configuration vulnerabilities

Nikto: Open Source Web Server Scanner

Comprehensive web server tests for insecure configurations and vulnerabilities, easy to use for security professionals of all levels.

What is Nikto?

Nikto is an open source web server security scanner that enables security professionals to perform comprehensive tests against web servers to check for insecure server configurations and vulnerabilities. It is designed to be easy to use, while also providing useful information to security experts.

Some key features and capabilities of Nikto include:

  • Automatically scans web servers for vulnerabilities and insecure configurations
  • Tests against over 6700 potentially dangerous files/CGIs
  • Checks for outdated server components like Apache, IIS, PHP etc.
  • Identifies vulnerabilities like directory traversal, command execution, SQL injection flaws, and XSS issues
  • Performs comprehensive web server security auditing via both passive and active detection
  • Easy to use interface and output reports
  • Actively maintained and updated vulnerability definitions
  • Free open source software with community support

Overall, Nikto aims to simplify web server security auditing while providing advanced scanning capabilities. Its ease of use combined with comprehensive vulnerability checks makes it a popular choice for web security professionals and penetration testers.

Nikto Features

Features

  1. Comprehensive tests against web servers
  2. Looks for insecure configurations and vulnerabilities
  3. Easy to use interface
  4. Quality web vulnerability scanning

Pricing

  • Open Source

Pros

Open source and free

Wide range of vulnerability checks

Easy to use

Can be automated and integrated into workflows

Cons

Prone to false positives

May miss some vulnerabilities

Requires technical knowledge to interpret results

Not as full featured as commercial scanners


The Best Nikto Alternatives

Top Security & Privacy and Vulnerability Scanner and other similar apps like Nikto


Acunetix icon

Acunetix

Acunetix is a comprehensive web application security testing tool used to detect vulnerabilities and security issues in web applications and services. It features an automated web vulnerability scanner that can crawl and test websites, APIs, and web services to identify SQL injection, cross-site scripting (XSS), misconfigurations, and other security flaws.Key...
Acunetix image
OWASP Zed Attack Proxy (ZAP) icon

OWASP Zed Attack Proxy (ZAP)

OWASP Zed Attack Proxy (ZAP) is an open-source web application security scanner used to find vulnerabilities in web applications. It provides automated and manual tools to scan APIs, access control weaknesses, injection flaws, cross-site scripting, insecure configuration issues, and more.Key features of ZAP include:Automated scanner detects vulnerabilities like SQL injection,...
OWASP Zed Attack Proxy (ZAP) image
Nuclei icon

Nuclei

Nuclei is an open-source web security scanning tool developed by Project Discovery. It is designed to send customizable HTTP requests to web applications and APIs to detect security vulnerabilities and misconfigurations.Some key features of Nuclei include:Powerful templating engine to customize vulnerability scans using YAML filesExtensive library of vulnerability templates covering...
Nuclei image
PaladinVPN icon

PaladinVPN

PaladinVPN is a virtual private network (VPN) service designed to provide online privacy and security. It uses advanced encryption protocols to create a secure tunnel for your internet traffic, protecting it from prying eyes and hiding your IP address from websites and third parties.When connected to PaladinVPN, your internet traffic...
PaladinVPN image
Websecurify icon

Websecurify

Websecurify is a powerful website security and malware detection tool. It provides automated vulnerability scanning and malware detection for websites. Key features include:Automatic discovery and scanning of entire website assets including pages, scripts, images, etc.Detection of common vulnerabilities like SQL injection, XSS, weak passwords, etc.Detection of malware, viruses, trojans, backdoors,...
Websecurify image
W3af icon

W3af

w3af is an open-source web application security scanner used by developers and security professionals to identify vulnerabilities in web applications. It features over 200 plugins that allow it to find all types of web app vulnerabilities including cross-site scripting (XSS), SQL injection, remote code execution (RCE), and more.Some key features...
W3af image
Skipfish icon

Skipfish

Skipfish is an open source, active web application security reconnaissance tool. It was created by Michal Zalewski for Google as an automated security testing tool.Here are some key features of Skipfish:It carries out recursive crawl and dictionary-based probes on web applications to prepare an interactive sitemap.It has over 3,400 built-in...
Skipfish image
Arachni icon

Arachni

Arachni is an feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, optimized, stable, and portable making it a reliable tool for web application security assessments.Some key features of Arachni include:High performance web crawling capable of analyzing hundreds...
Arachni image
Intruder icon

Intruder

Intruder is a comprehensive web application security testing tool used to identify vulnerabilities in web apps. It is designed to automate vulnerability scanning and penetration testing to help developers build more secure software.Key features of Intruder include:Automated vulnerability scanning - Intruder can crawl web applications and automatically scan for security...
Intruder image
Wapiti icon

Wapiti

Wapiti is an open-source web application vulnerability scanner that is designed to audit the security of web applications and web services. It works by crawling a target website and scanning for vulnerabilities such as XSS, SQL injection, file inclusion, command execution, CRLF injection, and more.Some key features of Wapiti include:Detects...
Wapiti image
Purplepee.co icon

Purplepee.co

Purplepee.co is a website that provides AI-powered alternatives and substitutions for various software products. Users can enter the name of a piece of software they currently use, and purplepee.co will suggest free, open source, or paid alternatives that offer similar features and functionality.The website has an intuitive interface where users...
HTTPCS Security icon

HTTPCS Security

HTTPCS Security is an open-source web application firewall (WAF) designed to protect websites and web applications from common exploits and vulnerabilities. It works by filtering, monitoring, and blocking potentially malicious HTTP traffic before it reaches the web application.Some key features of HTTPCS Security include:Protection against SQL injection, cross-site scripting (XSS),...
HTTPCS Security image
Yang icon

Yang

Yang is an open-source modeling language developed by the IETF for defining data models and APIs for network configuration and operations. It is commonly used in networking devices and software to model data structures and interfaces in a standardized way.Some key features of Yang include:Tree-based hierarchical data models for complex...
Yang image
Ammonite icon

Ammonite

Ammonite is an open-source Read-Eval-Print Loop (REPL) and script runner for the Scala programming language. It provides an improved interactive shell and scripting environment compared to the default Scala REPL.Some key features of Ammonite include:Advanced tab-completion and syntax highlightingScript running - ability to run Scala scripts with dependenciesBuilt-in package managementMulti-line...
Network Hotfix Scanner icon

Network Hotfix Scanner

Network Hotfix Scanner is a Windows-based application designed to help IT administrators and managers scan for and identify missing Windows updates across all computers on their network. The software provides an easy way to perform patch auditing and ensure systems are up-to-date with the latest hotfixes and security patches from...
Network Hotfix Scanner image
IronWASP icon

IronWASP

IronWASP is an open-source web application penetration testing tool written in Python. It is designed for testing the security of web applications by simulating real-world attacks.Some key features of IronWASP include:Automated detection of common security vulnerabilities like SQL injection, XSS, and moreExtensible architecture allowing for custom plugins and attack modulesBuilt-in...
IronWASP image