Home page logo


Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. For downloads and more information, visit the Nikto homepage.

Popularity #14, 2
Rating ★★★★½ (24)
Latest release 2.1.4
Feb. 20, 2011
(9 years, 3 months ago)


no rating Natal


I would like to use nikto to scan my web server. I have created a new site https://www.natalastroloji.com and recently received multiple attacks.

I think some of the server components are outdated. I am not sure how to implement your application. Is there a document that explains each step?

How can I improve the security of my website with your application?


Yilmaz Sarac

Are we talking about a security program that was last updated in 2011? What are the features other than security? - https://yilmazsarac.com.tr/

★★★★★ sanal ofis

Very succesfull,thanks from sanal ofis : https://sanalofisankaram.com/

★★★★★ Harika Kanatlar

Very succesfull scanner, thanks https://harikakanatlar.com/

★★★★ Harika Kanatlar newer comment by this user ↑

all type of web and application Anti kack methods and applications.

★★★★★ Eric Luis

Nikto is a very good scanner, thanks, 5 stars!

My Recommended SEO Digital Marketing Website: https://www.topleveltraffic.com

★★★★★ webtasarimci

I downloaded it for my own server for testing purposes.


no rating webtasarimci newer comment by this user ↑

Test amacıyla kendi sunucum için indirdim.


★★★★★ Rashad

Nikto is one of the best web scanners. Now we have Nikto online https://nikto.online/ too, for easy scan

no rating Ozkan

Thanks for the best security tools in the world :)

its my recommended seo website: https://www.ogocer.com

no rating Ozkan newer comment by this user ↑

Thanks for the best security tools in the world :)

its my recommended seo website: <a href="https://www.ogocer.com/blog/seo/">https://www.ogocer.com</a>

no rating Estetik Ameliyatları

nice contain thank you. https://www.onlineestetik.com/

no rating Tesettür Giyim Modelleri newer comment by this user ↑

Thank you for the information. https://modatesetturevi.com/

no rating mp3 indir

i checked my mp3 site with this scanner, it's good. https://guncelmp3indir.com

★★★★★ enozelders

Nikto is very succesfull , go to 5 stars :D

My website: https://enozelders.com

★★★★★ Ender OZ

Nikto is very succesfull scanner, thanks bro, 5 stars!

My recommended seo website: https://www.seokaos.com/seo/

★★★★★ Hizmetleri

this great theme. But a question; where is dummy data for content? https://hizmetleri.net/

no rating Arapça kursu ankara

Very useful and creative thank you https://arapcakursuankara.web.tr/

★★★★★ Aşı Takvimi

Its clean and easy to finding vulnerable web servers. Thank you http://www.droloji.com

★★★★★ Benjamin

Nikto is too good scanner, thank you man!


no rating ulvis

i get error for my site when try tool... http://ulvis.net

★★★★★ ulvis

I use Nikto to all of my servers, thanks bro. http://ulvis.net

★★★★★ Çocuk Gelişimi

All of my servers I use it. Its clean and easy to finding vulnerable web servers. Thanks Bro.


★★★★ eStore

Nice tool,intended to be used by network/sistem admins but now most popular among hackers


★★★★★ Savas

I use Nikto to all of my servers, thanks bro.


★★★★★ Rashad Aliyev

We like Nikto scanner and integrated it to our SaaS system. https://penteston.com

★★★★★ TZ Security

Nikto is very good scanner, yes it's old but still can detect flaws that would be missed with other scanners. In combination with w3af, Nessus (openvas) and maybe Acunetix it would be pretty much complete automated discovery of security flaws of servers and web applications. http://tz-security.com

no rating Chris

I prefer nmap pkg, but nikto scanner is not at all bad.. hope for improvements.

★★★★★ Rob Attfield

I've had to research this tool for an assignment for my I.T studies... For an open-source tool, I found it to be very impressive - it made me aware of errors on my Debian VPS I wasn't even aware of. I was also suprised of the vast amount of features it offered, and the types of tests that are available to run. I find it a great tool to test clients' websites and make sure the servers are secure.

no rating Jeeper

Just found it, old but still useful tool, we were suffering from many treads on many sites and it still catch them up pretty well

★★★★★ Jonathan Goh

I like this tools!! because it can scan many vulnerability~

Andrea Bodei

Very old, it is not at the same level of the other tools in this list

★★★★ squeekgeek

Really good for finding vulnerable web servers. Good work!

★★★★ masoud

I Interst to all type of web and application Anti kack methods and applications.Thanks .

no rating Sagan Marketing

Definitely the best one out of the free options, would be nice if they made a java port, for easier Windows integration

★★★★★ Eden

This is a Perl script, so to run under Windows requires a Perl interpreter.

Good tool.

no rating Craig

For some reason I can't find the windows version on the homepage.

no rating loken

i like this tool, it's awesome there is a lot of things i can do with this tool to protect my website

★★★★ hackertarget.com

Old school tool that continues to find poorly configured web servers. It wont find all your web app bugs but it does find interesting things to poke at.

Your comment

Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).

  (will not be shown, will not be spammed)
(At least 50 characters. No markup is allowed. URLs will be made into links.)
 What is the standard TCP port number for the SSH service? (antispam)

Feed for updates.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]