@dragonista said:
Hello everyone !
Nikto is one of the first tools I encountered when i started learning infosec, but then out of habits and because I watch a lot of ippsec’s videos, I quit using it altogether and did most of my recon with the very well known nmap, gobuster, wfuzz… well, you know them I suppose.
Sometimes though, when I’m out of idea, I fall back to Nikto , just in case it might see something other tools haven’t.
The thing is, I can’t recall one time where that actually happened. Never have I used Nikto in a way that in the end I would say that was game changing.So my question is, what’s the value of that tool ? In which context should I think of using it instead of something else ? Is it just a matter of preference or is there actually some things Nikto can do I’m unaware of and I’m missing on something big ?
All tools are a personal choice. Nikto is pretty useless unless there is a web app, for example.
I often use nikto as part of my enumeration process - along with dirb/gobuster/dirbuster etc. Often it is a case of scanning for folders with (say) Gobuster while Nikto is running.
There are a couple of boxes where this is definitely the fastest way to find things like an admin login page, or a robots.txt that has usable information in.
There aren’t many tools which are the only tool that does a thing.