For NTLM realms, the format is
id:password:realm.
-mutate Mutate checks. This causes Nikto put all files
with all directories from the .db files and can the host.
You might find some oddities this way. Note that it
generates a lot of checks.
-nolookup Do not perform a hostname lookup.
-output
Write output to this file when
complete. Format is text unless specified via -Format.
-port Port number to scan; defaults to
port 80 if missing. This can also be a range or list of
ports, which Nikto will check for Web servers. If a Web
server is found, it will perform a full scan unless the -f
option is used.
-root Always prepend this to requests, i.e., changes a
request of "/password.txt" to "/directory/password.txt"
(assuming the value passed on the CLI was
"/directory").
-ssl Force SSL mode on port(s) listed. Note that Nikto
attempts to determine if a port is HTTP or HTTPS
automatically, but this can be slow if the server fails to
respond or is slow to respond to the incorrect one. This
sets SSL usage for *all* hosts and ports.
-timeout Timeout for each request; default is 10 seconds.
-useproxy Use the proxy defined in config.txt for all
requests.
-vhost Virtual host to use for the "Host:"
header, in case it is different from the target.
Appendix B : Tool Syntax � 719
Chapter Tool Syntax
Chapter 8
(continued)
Nikto -Version Print version numbers of Nikto, all plugins, and
all databases.
Pages:
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288