Nikto Alternatives

    Nikto is described as 'Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers' and is an app in the Security & Privacy category. There are more than 10 alternatives to Nikto for a variety of platforms, including Windows, Linux, Online / Web-based, Mac and Self-Hosted solutions. The best alternative is OWASP Zed Attack Proxy (ZAP), which is both free and Open Source. Other great apps like Nikto are w3af (Free, Open Source), Acunetix (Paid), Websecurify (Paid) and wapiti (Free, Open Source).

    This page was last updated Dec 15, 2019

    1. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
      show more
      • FreeOpen Source
      • Windows
      • Linux
      w3af is a Web Application Attack and Audit Framework


      • Windows
      • Online
      • Wordpress
      Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!
      show more
    2. Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
      No screenshots yet
    3. Wapiti allows you to audit the security of your web applications. Wapiti is a command line tool.
      No screenshots yet


    4. Put yourself in the shoes of a hacker! Without technical expertise, launch an audit to detect security flaws on your website or web application. Online website vulnerability scanner. No installation required. ISO & RGPD compliant. How to avoid hackers?
      • FreeOpen Source
      • Mac
      • Windows
      • Linux
      Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
      No screenshots yet
    5. A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.

      Discontinued

      Skipfish is no longer maintained. Last version, 2.10 beta, released in December 2012, can be still downloaded from Google Code Archive

      show more
      • Mac
      Yang is yet another Nikto GUI; Software for analyzing and securing your servers. Yang establish diagnostics on : - HTTP and SSL elements. - Flaws in your server components. - Dangerous files/CGIs. - Leaked scripts. - Outdated server software and other problems.
    6. Intruder is a security monitoring platform for internet-facing systems. Intruder provides an easy to use security solution which continually scans your digital assets, highlighting vulnerabilities and outlining remediation advice in simple terms.
      No screenshots yet
    Showing 10 of 15 alternatives