nikto

Nikto is a web server scanner used to check websites and web servers for known security problems. You point it at a web address, it runs a series of automated tests, and it reports back what it finds: outdated software, misconfigured settings, exposed files that should not be public, login pages left open, and similar issues. It is a command-line tool, meaning you run it from a terminal rather than through a graphical interface.

The tool has been around for a long time and is widely used by security professionals and system administrators when they want a quick picture of what vulnerabilities a server might expose. It checks against a database of known issues and can be extended with plugins, so the list of things it looks for can grow over time.

Nikto supports a broad set of options. You can tell it which port to scan, whether to use a secure connection, how long to wait for responses, and whether to save its findings to a file. Output can be written in several formats including plain text, HTML, JSON, and XML, which makes it possible to feed results into other tools or reporting systems.

The project can be run directly on a machine that has Perl installed, since that is the language it is written in. It can also run as a containerized application using Docker, which means you do not need Perl installed locally at all. You simply pull the container image and pass your target address.

Nikto is free and open source. It comes with a note that it is meant for testing servers you have permission to scan. Running it against systems you do not own or operate without authorization is not a sanctioned use.