webapp-nikto

Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions. Use when: (1) Conducting authorized web server security assessments, (2) Identifying common web vulnerabilities and misconfigurations, (3) Detecting outdated server software and known vulnerabilities, (4) Performing compliance scans for web server hardening, (5) Enumerating web server information and enabled features, (6) Validating security controls and patch levels.

242 stars

byaiskillstore

View on GitHub Installation ↓

Best use case

webapp-nikto is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions. Use when: (1) Conducting authorized web server security assessments, (2) Identifying common web vulnerabilities and misconfigurations, (3) Detecting outdated server software and known vulnerabilities, (4) Performing compliance scans for web server hardening, (5) Enumerating web server information and enabled features, (6) Validating security controls and patch levels.

Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.

Practical example

Example input

Use the "webapp-nikto" skill to help with this workflow task. Context: Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions. Use when: (1) Conducting authorized web server security assessments, (2) Identifying common web vulnerabilities and misconfigurations, (3) Detecting outdated server software and known vulnerabilities, (4) Performing compliance scans for web server hardening, (5) Enumerating web server information and enabled features, (6) Validating security controls and patch levels.

Example output

A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.

When to use this skill

Use this skill when you want a reusable workflow rather than writing the same prompt again and again.

When not to use this skill

Do not use this when you only need a one-off answer and do not need a reusable workflow.
Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/webapp-nikto/SKILL.md --create-dirs "https://raw.githubusercontent.com/aiskillstore/marketplace/main/skills/agentsecops/webapp-nikto/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/webapp-nikto/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How webapp-nikto Compares

Feature / Agent	webapp-nikto	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Nikto Web Server Scanner

## Overview

Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple security issues including dangerous files, outdated software versions, and server misconfigurations. This skill covers authorized security assessments of web servers and applications.

**IMPORTANT**: Nikto generates significant traffic and is easily detected. Only use with proper written authorization on systems you own or have explicit permission to test.

## Quick Start

Basic web server scanning:

```bash
# Scan single host
nikto -h http://example.com

# Scan with SSL
nikto -h https://example.com

# Scan specific port
nikto -h example.com -p 8080

# Scan multiple ports
nikto -h example.com -p 80,443,8080
```

## Core Workflow

### Web Server Assessment Workflow

Progress:
[ ] 1. Verify authorization for web server testing
[ ] 2. Identify target web servers and ports
[ ] 3. Perform initial reconnaissance scan
[ ] 4. Run comprehensive vulnerability assessment
[ ] 5. Analyze and categorize findings
[ ] 6. Document vulnerabilities with remediation
[ ] 7. Generate and deliver security report
[ ] 8. Verify no testing artifacts remain

Work through each step systematically. Check off completed items.

### 1. Authorization Verification

**CRITICAL**: Before any web server scanning:
- Confirm written authorization from web server owner
- Verify scope includes web server vulnerability assessment
- Understand acceptable scanning windows
- Document emergency contact procedures
- Confirm no production impact restrictions

### 2. Basic Scanning

Perform basic web server scans:

```bash
# Standard scan
nikto -h http://example.com

# Scan with specific User-Agent
nikto -h http://example.com -useragent "Mozilla/5.0..."

# Scan through proxy
nikto -h http://example.com -useproxy http://proxy:8080

# Scan with authentication
nikto -h http://example.com -id username:password

# SSL/TLS scan
nikto -h https://example.com -ssl

# Force SSL even on non-standard ports
nikto -h example.com -p 8443 -ssl
```

### 3. Advanced Scanning Options

Customize scan behavior:

```bash
# Specify tuning options
nikto -h http://example.com -Tuning 123bde

# Enable all checks (very comprehensive)
nikto -h http://example.com -Tuning x

# Scan multiple hosts from file
nikto -h hosts.txt

# Limit to specific checks
nikto -h http://example.com -Plugins "apache_expect_xss"

# Update plugin database
nikto -update

# Display available plugins
nikto -list-plugins
```

**Tuning Options**:
- **0**: File Upload
- **1**: Interesting File/Seen in logs
- **2**: Misconfiguration/Default File
- **3**: Information Disclosure
- **4**: Injection (XSS/Script/HTML)
- **5**: Remote File Retrieval (Inside Web Root)
- **6**: Denial of Service
- **7**: Remote File Retrieval (Server Wide)
- **8**: Command Execution/Remote Shell
- **9**: SQL Injection
- **a**: Authentication Bypass
- **b**: Software Identification
- **c**: Remote Source Inclusion
- **d**: WebService
- **e**: Administrative Console
- **x**: Reverse Tuning (exclude specified)

### 4. Output and Reporting

Generate scan reports:

```bash
# Output to text file
nikto -h http://example.com -o results.txt

# Output to HTML report
nikto -h http://example.com -o results.html -Format html

# Output to CSV
nikto -h http://example.com -o results.csv -Format csv

# Output to XML
nikto -h http://example.com -o results.xml -Format xml

# Multiple output formats
nikto -h http://example.com -o results.txt -Format txt -o results.html -Format html
```

### 5. Performance Tuning

Optimize scan performance:

```bash
# Increase timeout (default 10 seconds)
nikto -h http://example.com -timeout 20

# Limit maximum execution time
nikto -h http://example.com -maxtime 30m

# Use specific HTTP version
nikto -h http://example.com -vhost example.com

# Follow redirects
nikto -h http://example.com -followredirects

# Disable 404 guessing
nikto -h http://example.com -no404

# Pause between tests
nikto -h http://example.com -Pause 2
```

### 6. Evasion and Stealth

Evade detection (authorized testing only):

```bash
# Use random User-Agent strings
nikto -h http://example.com -useragent random

# Inject random data in requests
nikto -h http://example.com -evasion 1

# Use IDS evasion techniques
nikto -h http://example.com -evasion 12345678

# Pause between requests
nikto -h http://example.com -Pause 5

# Use session cookies
nikto -h http://example.com -cookies "session=abc123"
```

**Evasion Techniques**:
- **1**: Random URI encoding
- **2**: Directory self-reference (/./)
- **3**: Premature URL ending
- **4**: Prepend long random string
- **5**: Fake parameter
- **6**: TAB as request spacer
- **7**: Change case of URL
- **8**: Use Windows directory separator (\)

## Security Considerations

### Authorization & Legal Compliance

- **Written Permission**: Obtain explicit authorization for web server scanning
- **Scope Verification**: Only scan explicitly authorized hosts and ports
- **Detection Risk**: Nikto is noisy and will trigger IDS/IPS alerts
- **Production Impact**: Scans may impact server performance
- **Log Flooding**: Nikto generates extensive log entries

### Operational Security

- **Rate Limiting**: Use -Pause to reduce server load
- **Scan Windows**: Perform scans during approved maintenance windows
- **Session Management**: Use -maxtime to limit scan duration
- **Proxy Usage**: Route through authorized proxy if required
- **User-Agent**: Consider using custom User-Agent for tracking

### Audit Logging

Document all Nikto scanning activities:
- Target hosts and ports scanned
- Scan start and end timestamps
- Tuning options and plugins used
- Findings and vulnerability counts
- False positives identified
- Remediation priorities
- Report delivery and recipients

### Compliance

- **OWASP ASVS**: V14 Configuration Verification
- **NIST SP 800-115**: Technical Guide to Information Security Testing
- **PCI-DSS**: 6.6 and 11.3 - Vulnerability scanning
- **CWE**: Common Weakness Enumeration mapping
- **ISO 27001**: A.12.6 - Technical vulnerability management

## Common Patterns

### Pattern 1: External Perimeter Assessment

```bash
# Scan external web servers
for host in web1.example.com web2.example.com; do
  nikto -h https://$host -o nikto_${host}.html -Format html
done

# Scan common web ports
nikto -h example.com -p 80,443,8080,8443 -o external_scan.txt
```

### Pattern 2: Internal Web Application Assessment

```bash
# Comprehensive internal scan
nikto -h http://intranet.local \
  -Tuning 123456789abcde \
  -timeout 30 \
  -maxtime 2h \
  -o internal_assessment.html -Format html
```

### Pattern 3: SSL/TLS Security Assessment

```bash
# SSL-specific testing
nikto -h https://example.com \
  -Plugins "ssl" \
  -ssl \
  -o ssl_assessment.txt
```

### Pattern 4: Authenticated Scanning

```bash
# Scan with authentication
nikto -h http://example.com \
  -id admin:password \
  -cookies "sessionid=abc123" \
  -Tuning 123456789 \
  -o authenticated_scan.html -Format html
```

### Pattern 5: Bulk Scanning

```bash
# Create host file
cat > web_servers.txt <<EOF
http://web1.example.com
https://web2.example.com:8443
http://web3.example.com:8080
EOF

# Scan all hosts
nikto -h web_servers.txt -o bulk_scan.csv -Format csv
```

## Integration Points

### CI/CD Integration

```bash
#!/bin/bash
# ci_nikto_scan.sh - Automated web security scanning

TARGET_URL="$1"
OUTPUT_DIR="nikto_results/$(date +%Y%m%d_%H%M%S)"

mkdir -p "$OUTPUT_DIR"

# Run Nikto scan
nikto -h "$TARGET_URL" \
  -Tuning 123456789 \
  -maxtime 30m \
  -o "$OUTPUT_DIR/nikto_report.xml" -Format xml

# Check for critical findings
if grep -i "OSVDB" "$OUTPUT_DIR/nikto_report.xml"; then
  echo "CRITICAL: Vulnerabilities detected!"
  exit 1
fi

echo "Scan completed successfully"
exit 0
```

### SIEM Integration

```bash
# Export findings to JSON for SIEM
nikto -h http://example.com -o findings.xml -Format xml

# Parse XML to JSON (requires xmlstarlet or similar)
xmlstarlet sel -t -m "//item" -v "concat(@id,',',description,','
,uri)" -n findings.xml > findings.csv
```

## Troubleshooting

### Issue: Scan Takes Too Long

**Solutions**:
```bash
# Limit scan duration
nikto -h http://example.com -maxtime 15m

# Reduce tuning scope
nikto -h http://example.com -Tuning 123

# Disable 404 checking
nikto -h http://example.com -no404
```

### Issue: SSL/TLS Errors

**Solutions**:
```bash
# Force SSL
nikto -h example.com -ssl -p 443

# Ignore SSL certificate errors
nikto -h https://example.com -ssl -nossl

# Specify SSL version
nikto -h https://example.com -ssl
```

### Issue: Too Many False Positives

**Solutions**:
- Manually verify findings
- Use -Tuning to focus on specific vulnerability types
- Review and update Nikto database with -update
- Exclude known false positives from reports

### Issue: WAF Blocking Scans

**Solutions**:
```bash
# Use evasion techniques
nikto -h http://example.com -evasion 1234567

# Add delays
nikto -h http://example.com -Pause 10

# Use custom User-Agent
nikto -h http://example.com -useragent "legitimate-browser-string"
```

## Defensive Considerations

Protect web servers against Nikto scanning:

**Web Application Firewall Rules**:
- Detect and block Nikto User-Agent strings
- Implement rate limiting
- Block known Nikto attack patterns
- Monitor for scan signatures

**Server Hardening**:
- Remove default files and directories
- Disable directory listing
- Remove server version banners
- Apply security patches regularly
- Follow CIS benchmarks for web server hardening

**Detection and Monitoring**:
- Monitor for rapid sequential requests
- Alert on multiple 404 errors from single source
- Detect common vulnerability probes
- Log and correlate scan patterns
- Implement honeypot files/directories

Common Nikto detection signatures:
- User-Agent contains "Nikto"
- Requests to known vulnerable paths
- Sequential URI enumeration
- Specific HTTP header patterns

## References

- [Nikto Official Documentation](https://cirt.net/Nikto2)
- [Nikto GitHub Repository](https://github.com/sullo/nikto)
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [NIST SP 800-115: Technical Security Testing](https://csrc.nist.gov/publications/detail/sp/800-115/final)
- [CIS Web Server Benchmarks](https://www.cisecurity.org/cis-benchmarks/)

Related Skills

webapp-sqlmap

242

from aiskillstore/marketplace

Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in authorized assessments, (2) Exploiting SQL injection flaws to demonstrate impact, (3) Extracting database information for security validation, (4) Bypassing authentication mechanisms through SQL injection, (5) Identifying vulnerable parameters in web requests, (6) Automating database enumeration and data extraction.

webapp-testing

240

from aiskillstore/marketplace

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

azure-quotas

242

from aiskillstore/marketplace

Check/manage Azure quotas and usage across providers. For deployment planning, capacity validation, region selection. WHEN: "check quotas", "service limits", "current usage", "request quota increase", "quota exceeded", "validate capacity", "regional availability", "provisioning limits", "vCPU limit", "how many vCPUs available in my subscription".

DevOps & Infrastructure

raindrop-io

242

from aiskillstore/marketplace

Manage Raindrop.io bookmarks with AI assistance. Save and organize bookmarks, search your collection, manage reading lists, and organize research materials. Use when working with bookmarks, web research, reading lists, or when user mentions Raindrop.io.

Data & Research

zlibrary-to-notebooklm

242

from aiskillstore/marketplace

自动从 Z-Library 下载书籍并上传到 Google NotebookLM。支持 PDF/EPUB 格式，自动转换，一键创建知识库。

discover-skills

242

from aiskillstore/marketplace

当你发现当前可用的技能都不够合适（或用户明确要求你寻找技能）时使用。本技能会基于任务目标和约束，给出一份精简的候选技能清单，帮助你选出最适配当前任务的技能。

web-performance-seo

242

from aiskillstore/marketplace

Fix PageSpeed Insights/Lighthouse accessibility "!" errors caused by contrast audit failures (CSS filters, OKLCH/OKLAB, low opacity, gradient text, image backgrounds). Use for accessibility-driven SEO/performance debugging and remediation.

project-to-obsidian

242

from aiskillstore/marketplace

将代码项目转换为 Obsidian 知识库。当用户提到 obsidian、项目文档、知识库、分析项目、转换项目时激活。【激活后必须执行】： 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入规则（默认到 00_Inbox/AI/、追加式、统一 Schema） 3. 执行 STEP 0: 使用 AskUserQuestion 询问用户确认 4. 用户确认后才开始 STEP 1 项目扫描 5. 严格按 STEP 0 → 1 → 2 → 3 → 4 顺序执行【禁止行为】： - 禁止不读 SKILL.md 就开始分析项目 - 禁止跳过 STEP 0 用户确认 - 禁止直接在 30_Resources 创建（先到 00_Inbox/AI/） - 禁止自作主张决定输出位置

obsidian-helper

242

from aiskillstore/marketplace

Obsidian 智能笔记助手。当用户提到 obsidian、日记、笔记、知识库、capture、review 时激活。【激活后必须执行】： 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入三条硬规矩（00_Inbox/AI/、追加式、白名单字段） 3. 按 STEP 0 → STEP 1 → ... 顺序执行 4. 不要跳过任何步骤，不要自作主张【禁止行为】： - 禁止不读 SKILL.md 就开始工作 - 禁止跳过用户确认步骤 - 禁止在非 00_Inbox/AI/ 位置创建新笔记（除非用户明确指定）

internationalizing-websites

242

from aiskillstore/marketplace

Adds multi-language support to Next.js websites with proper SEO configuration including hreflang tags, localized sitemaps, and language-specific content. Use when adding new languages, setting up i18n, optimizing for international SEO, or when user mentions localization, translation, multi-language, or specific languages like Japanese, Korean, Chinese.

google-official-seo-guide

242

from aiskillstore/marketplace

Official Google SEO guide covering search optimization, best practices, Search Console, crawling, indexing, and improving website search visibility based on official Google documentation

github-release-assistant

242

from aiskillstore/marketplace

Generate bilingual GitHub release documentation (README.md + README.zh.md) from repo metadata and user input, and guide release prep with git add/commit/push. Use when the user asks to write or polish README files, create bilingual docs, prepare a GitHub release, or mentions release assistant/README generation.