Cyber Tool Stack
All tools
DASTOpen source · GPL-3.0

Nikto

Community project

A long-running, free command-line scanner that checks a web server for outdated software versions, dangerous default files, and known misconfigurations. Simpler and older than modern DAST platforms, but still commonly used as a quick first pass before a deeper authenticated scan.

Verified Source: 1

Product type
Community project
Deployment
CLI
Organization size
IndividualSMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

DAST

How Nikto measures up against the full Dynamic Application Security Testing taxonomy.

Black-box scanning — supported
Tests a running application from the outside, without access to source code.
Authenticated scanning — not supported
Crawls and tests pages that require a logged-in session.
API scanning — not supported
Tests REST and GraphQL APIs, not just traditional web pages.
CI/CD scan automation — not supported
Runs scans automatically as part of the build and deploy pipeline.
Automated finding verification — not supported
Confirms exploitability of findings to cut down false positives.
OWASP Top 10 coverage — not supported
Tests for the industry-standard set of common web application vulnerability classes.

Alternatives

Other Dynamic Application Security Testing tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.