Home > Pentest Scripts > niktoHelper – Bridge between Nmap Grepable Output and Nikto

niktoHelper – Bridge between Nmap Grepable Output and Nikto

During a penetration test, Nikto is usually used after Nmap. However, sometimes the web servers are virtual hosts (serving more than one website on the same web server)

The usual steps after running Nmap against the hosts are
1. Go to Bing.com and do a reverse DNS lookup (e.g. IP: on the IPs.
2. If there are no results, check the SSL certificate on the host
3. Run nikto.pl with the vhost parameter. (e.g.)

perl nikto.pl -vhost www.bd-motor.com -maxtime 7200 -Cgidirs all -ssl -host -port 80 -output nikto_69.194.235.103-port443-www.bd-motor.com.txt

This script automates all of the above steps.

Below is what you see when you run niktoHelper.py without any arguments.

You are able to select the number of threads to use using the -child argument.
To only display the Nikto command output, use the -display argument.


To run nikto against a selected website, key in the number followed by comma
E.g. 1,4,10

To run nikto against all results, key in ALL and press enter
To skip all websites shown, press ENTER or key in NONE followed by enter key.Image

If you use the -display argument, the Nikto command is supposed to be used against the websites are shown on screen.


The script can be downloaded at https://github.com/milo2012/pentest_scripts/tree/master/niktohelper

If you have any feedback and suggestion, please send it to me below. Thank you

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: