Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/nikto

Name: nikto
Author: aeondave

offensive-tools/vuln-scanners/nikto/SKILL.md

npx skillsauth add aeondave/malskill nikto

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Nikto

Web server vulnerability and misconfiguration scanner.

Quick Start

nikto -h http://target.com
nikto -h https://target.com -ssl
nikto -h target.com -p 8443 -o nikto.txt -Format txt

Core Flags

| Flag | Purpose | |------|---------| | -h <host> | Target host/URL | | -p <port> | Port (default 80/443) | | -ssl | Force SSL | | -id <user:pass> | HTTP basic auth | | -useproxy <proxy> | Route through proxy (e.g., 127.0.0.1:8080) | | -Tuning <n> | Scan tuning bitmask (see below) | | -Plugins <list> | Run specific plugins | | -evasion <n> | IDS evasion technique (see below) | | -timeout <n> | Timeout per request (default 10s) | | -pause <n> | Pause between requests (stealth) | | -maxtime <n> | Max scan time in seconds | | -o <file> | Output file | | -Format <fmt> | csv / txt / xml / html / json | | -C all | Check all CGI dirs | | -nossl | Disable SSL | | -no404 | Disable 404 guess detection | | -followredirects | Follow HTTP redirects | | -mutate <n> | Guess additional file names | | -update | Update plugins/databases |

Tuning Values

Combine with + or - to include/exclude:

| Value | Meaning | |-------|---------| | 0 | File upload | | 1 | Interesting files / seen in logs | | 2 | Misconfiguration / default files | | 3 | Information disclosure | | 4 | Injection (XSS/Script) | | 5 | Remote file retrieval — inside web root | | 6 | Denial of service | | 7 | Remote file retrieval — server-wide | | 8 | Command execution / remote shell | | 9 | SQL injection | | a | Authentication bypass | | b | Software identification | | c | Remote source inclusion | | x | Reverse tuning (exclude selected) |

# Most useful combo: misconfigs + info disclosure + SQLi + XSS
nikto -h http://target.com -Tuning 234489a

# Aggressive: all checks
nikto -h http://target.com -Tuning 0123456789abc

# Skip DoS (safe for production):
nikto -h http://target.com -Tuning x6

IDS Evasion Techniques

| Value | Technique | |-------|-----------| | 1 | Random URI encoding | | 2 | Directory self-reference (/./) | | 3 | Premature URL ending | | 4 | Prepend long random string | | 5 | Fake parameter | | 6 | TAB as request spacer | | 7 | Random case sensitivity | | 8 | Use Windows directory separator () | | A | Use carriage return as spacer | | B | Use binary value 0x0b as spacer |

nikto -h http://target.com -evasion 1,2,3,7

Common Workflows

# Quick recon (most useful findings)
nikto -h http://target.com -Tuning 23b

# HTTPS with self-signed cert
nikto -h https://target.com -ssl -nointeractive

# Through Burp proxy (capture for manual review)
nikto -h http://target.com -useproxy http://127.0.0.1:8080

# Scan with basic auth
nikto -h http://target.com -id admin:password

# Scan with custom header (session cookie)
nikto -h http://target.com -C all \
    -H "Cookie: session=abc123"

# Scan multiple hosts from file
nikto -h hosts.txt -o results.csv -Format csv

# Save HTML report
nikto -h http://target.com -o report.html -Format html

# Quiet mode for clean output
nikto -h http://target.com -Display V

# Target non-standard port
nikto -h target.com -p 8080,8443,8888

Display Options

| Value | Output | |-------|--------| | 1 | Show redirects | | 2 | Show cookies received | | 3 | Show all 200 responses | | 4 | Show URLs requiring auth | | D | Debug output | | E | Display all HTTP errors | | P | Print progress to STDOUT | | V | Verbose output |

nikto -h http://target.com -Display 12

Output Parsing

# Extract only findings (exclude info lines)
nikto -h http://target.com -Format csv | grep -v "^#\|^-" | column -t -s ','

# Combine with httpx for batch scanning
httpx -l hosts.txt -silent | xargs -P5 -I{} nikto -h {} -Tuning 23b -o {}_nikto.txt

Resources

| File | When to load | |------|--------------| | references/plugins.md | Plugin list, authentication bypass techniques, custom checks |

aeondave/nikto

offensive-tools/vuln-scanners/nikto/SKILL.md

Auth/lab ref: open-source web server scanner checking for 6700+ known vulnerabilities, outdated software, misconfigurations, and dangerous CGI/default files.

4 stars

development

Updated Jun 8, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill nikto

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 8, 2026, 4:06 AM164.2s2 files scanned

SKILL.md

name:: nikto
description:: Auth/lab ref: open-source web server scanner checking for 6700+ known vulnerabilities, outdated software, misconfigurations, and dangerous CGI/default files.
license:: GPL-2.0
compatibility:: Linux / macOS / Windows (Perl 5); Pre-installed on Kali.
author:: AeonDave
version:: 1.1

Nikto

Web server vulnerability and misconfiguration scanner.

Quick Start

nikto -h http://target.com
nikto -h https://target.com -ssl
nikto -h target.com -p 8443 -o nikto.txt -Format txt

Core Flags

Tuning Values

Combine with + or - to include/exclude:

# Most useful combo: misconfigs + info disclosure + SQLi + XSS
nikto -h http://target.com -Tuning 234489a

# Aggressive: all checks
nikto -h http://target.com -Tuning 0123456789abc

# Skip DoS (safe for production):
nikto -h http://target.com -Tuning x6

IDS Evasion Techniques

nikto -h http://target.com -evasion 1,2,3,7

Common Workflows

# Quick recon (most useful findings)
nikto -h http://target.com -Tuning 23b

# HTTPS with self-signed cert
nikto -h https://target.com -ssl -nointeractive

# Through Burp proxy (capture for manual review)
nikto -h http://target.com -useproxy http://127.0.0.1:8080

# Scan with basic auth
nikto -h http://target.com -id admin:password

# Scan with custom header (session cookie)
nikto -h http://target.com -C all \
    -H "Cookie: session=abc123"

# Scan multiple hosts from file
nikto -h hosts.txt -o results.csv -Format csv

# Save HTML report
nikto -h http://target.com -o report.html -Format html

# Quiet mode for clean output
nikto -h http://target.com -Display V

# Target non-standard port
nikto -h target.com -p 8080,8443,8888

Display Options

nikto -h http://target.com -Display 12

Output Parsing

# Extract only findings (exclude info lines)
nikto -h http://target.com -Format csv | grep -v "^#\|^-" | column -t -s ','

# Combine with httpx for batch scanning
httpx -l hosts.txt -silent | xargs -P5 -I{} nikto -h {} -Tuning 23b -o {}_nikto.txt

Resources

| File | When to load | |------|--------------| | references/plugins.md | Plugin list, authentication bypass techniques, custom checks |

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/vuln-scanners/nikto ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT