Nikto Executor¶

Category: Web Application Scanners Script: nikto2.py Integration: CLI Faraday Plugin: NiktoPlugin Website: https://cirt.net/Nikto2

Description¶

Runs the Nikto web server scanner against a target URL, producing XML output that is parsed into Faraday. Nikto checks for dangerous files, outdated server software, version-specific vulnerabilities, and server configuration issues.

Prerequisites¶

Nikto installed and available in $PATH
Verify: nikto -Version

Configuration¶

Environment Variables (Setup)¶

(none required)

Execution Arguments¶

Parameter	Type	Mandatory	Description
`TARGET_URL`	url	Yes	Target URL to scan (e.g., `https://example.com`)

YAML Configuration Example¶

executors:
  nikto_scan:
    repo_executor: nikto2.py
    max_size: 65536
    varenvs: {}
    params:
      TARGET_URL:
        mandatory: true
        type: url
        base: string

How It Works¶

Runs nikto -h <url> -o <output.xml> to scan the target
Parses the XML output through NiktoPlugin and outputs Faraday JSON

Notes¶

Nikto performs comprehensive web server checks but can be noisy; consider running during authorized testing windows
The executor has minimal configuration — only the target URL is needed