webapp-niktolisted

# Nikto Web Server Scanner ## Overview Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple security issues including dangerous files, outdated software versions, and server misconfigurations. This skill covers authorized security assessments of web servers and applications. **IMPORTANT**: Nikto generates significant traffic and is easily detected. Only use with proper written authorization on systems you own or have explicit permission to test. ## Quick Start Basic web server scanning: ```bash # Scan single host nikto -h http://example.com # Scan with SSL nikto -h https://example.com # Scan specific port nikto -h example.com -p 8080 # Scan multiple ports nikto -h example.com -p 80,443,8080 ``` ## Core Workflow ### Web Server Assessment Workflow Progress: [ ] 1. Verify authorization for web server testing [ ] 2. Identify target web servers and ports [ ] 3. Perform initial reconnaissance scan [ ] 4. Run comprehensive vulnerability assessment [ ] 5. Analyze and categorize findings [ ] 6. Document vulnerabilities with remediation [ ] 7. Generate and deliver security report [ ] 8. Verify no testing artifacts remain Work through each step systematically. Check off completed items. ### 1. Authorization Verification **CRITICAL**: Before any web server scanning: - Confirm written authorization from web server owner - Verify scope includes web server vulnerability assessment - Understand acceptable scanning window