This does a port scan only; no other checks will be run. If you are
port-scanning only, I suggest you use Nmap or some other tool that is
dedicated to that task.
This controls the output format when the -output
flag is used. Valid values are htm,
csv, and txt. If this option is
not used, txt will be used as the default output
This forces all checks in the scan database to be executed,
regardless of web server banner.
Use this to specify the target host or a file that contains target
entries in the format domain.com:80:443. Each line
should contain one entry; any other command-line options such as
-ssl will be applied to all the hosts in the file.
Use this to specify HTTP Basic authentication credentials in the form
realm is optional.
The mutate options are special, in that each
integer placed in these options activates a different
"conditional" plug-in. For example,
by entering 13 you enable the
Mutate and Enum_apache
This avoids hostname DNS lookups.
This specifies an output filename. The default format is plain text.
This is the port the checks will be run against. The default is 80.
This prepends a directory to all requests. This is useful for web
servers that are configured to redirect all requests to a static
This forces use of HTTPS. On occasion this option is unreliable. A
workaround is to use Nikto in combination with an HTTPS proxy agent
such as sslproxy, stunnel,
This is the connection timeout (the default is 10 seconds). If you
are on a fast link and are scanning a multitude of hosts, lowering
this helps to reduce scan time.
This tells Nikto to use the proxy information defined in
config.txt, for all requests. At the time of
this writing, only HTTP proxies are supported.
This will print the version of all found plug-ins and databases.
This sets the virtual host that will be used for the HTTP
Host header. This is crucial when scanning a
domain that is hosted on a server virtually. To get the most coverage
you should run a scan against the web server's IP,
and against the domain.
This enables debug mode, which outputs a large amount of detail
regarding every request and response.
This does a basic syntax-check against the
scan_database.db and user_scan_data
base.db databases that the main scanning engine uses.
This retrieves and updates databases and plug-ins, getting the latest
version from cirt.net. By default Nikto will never automatically
download and install updates. It will prompt the user for
This enables verbose mode.