Automic VaultAutomic Vault

brew

Install nikto with Homebrew, apk, apt, MacPorts, Nix, pacman

Web server scanner. Version 2.6.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install nikto

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install nikto

MacPorts ports tree · www/nikto/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add nikto

Alpine Linux edge package indexes · nikto · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install nikto

Debian stable package indexes · nikto · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#nikto

nixpkgs package indexes · pkgs/by-name/ni/nikto/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S nikto

Arch Linux sync databases · nikto · source: geo.mirror.pkgbuild.com

overview

Package summary

Web server scanner

Commands and aliases

  • nikto
  • replay.pl

history

Project history and usage

Nikto is a long-running open source web server scanner aimed at penetration testers, security professionals, and system administrators. Its enduring value is not exploit automation but broad, noisy coverage: identifying dangerous files, outdated server components, common HTTP/server misconfigurations, odd headers, authentication defaults, and other findings that are useful early in web reconnaissance.

Project history

The project history published in the Nikto wiki says Nikto 1.00 Beta was released on December 27, 2001, followed shortly by a 1.01 bug-fix release. The same history describes the 2.0 release in November 2007 as the result of several years of improvements, with development continuing on GitHub afterward. The wiki also records David Lodge joining and taking project leadership in 2008 while Chris Sullo stepped away, and Sullo rejoining in 2009.

The GitHub repository and cirt.net page show the modern project still centered on the same Perl scanner lineage. The repository lists Nikto 2.6.0 as a release on February 11, 2026, and the project page describes a scanner with updateable scan items/plugins, multiple output formats, false-positive reduction, TLS fingerprinting checks, proxy support, and database/reporting integrations.

Adoption history

Nikto became part of the standard open-source web assessment toolkit because it is easy to run, has a large body of checks, and is available through mainstream package managers. The project's own history says that within two years of the 2001 beta it had become the most popular freely available web vulnerability scanner; modern adoption is reflected by its GitHub repository visibility and Homebrew packaging.

On 2026-07-01, the Homebrew formula page listed Nikto 2.6.0 with 7,916 installs over 365 days. That is modest compared with language/build tools, but healthy for a focused security scanner that many users run only during audits or lab work.

How it is used

Package nerds usually treat Nikto as a quick web-server coverage pass: install it, run `nikto -h https://target.example`, add ports with `-p`, feed host lists, tune check classes, and export text, JSON, XML, HTML, CSV, SQL, or database-backed reports. The official basic testing docs emphasize host/port scans, URL input, SSL handling, multiple ports, and host files.

In practice it is often paired with nmap and proxy tooling: nmap finds HTTP services, Nikto checks them for common files and server issues, then the output is fed into manual verification or reporting. Its value is breadth and repeatability, not stealth or perfect signal.

Why package nerds care

Nikto is the archetypal packaged Perl web scanner: old, portable, easy to bottle, still useful, and familiar enough that security distributions and package managers keep it around. For av.db, its history matters because it is a source-backed example of a security CLI whose adoption comes from workflow habit and test coverage rather than a fast-moving ecosystem.

Timeline

  • {'date': '2001-12-27', 'event': 'Nikto 1.00 Beta released.'}
  • {'date': '2007-11', 'event': 'Nikto 2.0 released after several years of improvements.'}
  • {'date': '2008', 'event': 'David Lodge joined and assumed project leadership.'}
  • {'date': '2009', 'event': 'Chris Sullo rejoined the project.'}
  • {'date': '2026-02-11', 'event': 'Nikto 2.6.0 listed as a GitHub release.'}

security posture

Risk level: yellow

broad file, network, media, or database tool signal. generalized runtime or code generation signal.

Risk classifier

yellow risk · medium confidence · runtime

Why

  • broad file, network, media, or database tool signal
  • generalized runtime or code generation signal

Signals

  • text:repl
  • text:server

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
./nikto.conf~/nikto.conf/etc/nikto.conf

executables

Installed executables

CommandKindExposureNote
niktocliglobal executable
replay.plcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-10
manager version2.6.0
manager updated
local dataok
upstreamcurrent
latest detected2.6.0

https://github.com/sullo/nikto

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:nikto
Version2.6.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/nikto
Homepagehttps://cirt.net/nikto/
Repositoryhttps://github.com/sullo/nikto
Upstream docshttps://cirt.net/Nikto2
LicenseGPL-3.0-only
Source archivehttps://github.com/sullo/nikto/archive/refs/tags/2.6.0.tar.gz
Uses from macOSperl
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenikto
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

nikto 1:2.1.5-3.1

web server security scanner

http://cirt.net/nikto2

sudo apt install nikto
  • Section: non-free/net
  • Architecture: all
  • 4 dependencies
  • 1 optional deps
  • normalized package name match
  • Matched by: Nikto
Debian stable package indexes · deb.debian.org · Debian stable package indexes: nikto from https://deb.debian.org/debian/dists/stable/non-free/binary-amd64/Packages.xz
Nix95%

nikto

nix profile install nixpkgs#nikto
  • normalized package name match
  • Matched by: Nikto
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ni/nikto/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

nikto 1:2.1.5-3.1

web server security scanner

http://cirt.net/nikto2

sudo apt install nikto
  • Section: multiverse/net
  • Architecture: all
  • 4 dependencies
  • 1 optional deps
  • normalized package name match
  • Matched by: Nikto
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: nikto from https://archive.ubuntu.com/ubuntu/dists/noble/multiverse/binary-amd64/Packages.gz
apk95%

nikto 2.6.0-r0

A web application security scanner

https://www.cirt.net/Nikto2

sudo apk add nikto
  • License: GPL-2.0-only
  • Architecture: x86_64
  • Source Package: nikto
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Nikto
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: nikto from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

nikto 2.6.0-2

A web server scanner which performs comprehensive tests against web servers for multiple items

https://github.com/sullo/nikto

sudo pacman -S nikto
  • License: GPL-3.0-only
  • Architecture: any
  • 5 dependencies
  • normalized package name match
  • Matched by: Nikto
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: nikto from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

nikto

sudo port install nikto
  • normalized package name match
  • Matched by: Nikto
MacPorts ports tree · api.github.com · MacPorts ports tree: www/nikto/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment