Acunetix
Web vulnerability scanner for automated security testing of websites and web apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Comprehensive Perl-based web server vulnerability scanner that detects misconfigurations and known exploits
Nikto scans web servers for over 6,700 potentially dangerous files/CGIs, outdated software, and configuration issues, offering multiple output formats and Docker deployment for quick, automated security assessments.
Nikto is a Perl‑based web server scanner that probes for thousands of known vulnerabilities, outdated software versions, and insecure configurations. It is suited for security auditors, penetration testers, and DevOps engineers who need a fast, scriptable way to assess the security posture of HTTP/HTTPS services.
The tool ships with an extensive plugin database covering over 6,700 signatures and supports a wide range of command‑line options for tuning, evasion, and authentication. Results can be exported as plain text, HTML, CSV, XML, JSON, Nessus NBE, or Metasploit logs. Users may run Nikto directly from source on any system with Perl, or leverage the official Docker image for isolated, reproducible scans, including volume mounting for custom output locations. Its modular architecture also allows users to add custom plugins, extending detection capabilities beyond the default set.
When teams consider Nikto, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Pre‑deployment security audit
Identify outdated components and misconfigurations before a web application goes live.
CI/CD pipeline integration
Automatically scan built images for known web server vulnerabilities, failing builds on critical findings.
Incident response reconnaissance
Rapidly enumerate exposed files and scripts on a compromised host to guide remediation.
Compliance reporting
Generate HTML or CSV reports that satisfy audit requirements for web server hardening.
Yes, the source version runs on any system with Perl 5.x; the Docker image provides a ready‑to‑run environment without separate installation.
Nikto includes a built‑in update command (`-update`) that fetches the latest plugins and signatures from CIRT.net.
Nikto can produce plain text, HTML, CSV, XML, JSON, Nessus NBE, and Metasploit log files, selected with the `-Format` option or by file extension.
The `-maxtime` option sets a maximum testing time per host, and `-timeout` controls request timeouts.
Project at a glance
ActiveLast synced 4 days ago
