About
-
NiktoRAT is a free open source utility that parses a plaintext Nikto report and outputs a series of navigable web pages for each finding with vulnerability information, HTTP request and response headers, and HTML dumps of the vulnerability URLs.
Requirements
NiktoRAT requires the following:
- Perl
- URI::Escape
- HTML::Entities
- cURL
- OpenSSL (optional, for cURL HTTPS support)
- and (obviously enough) a plaintext Nikto report
Running NiktoRAT
Running NiktoRAT is pretty straightforward. The script takes two arguments: the name of the Nikto report and the output directory for the HTML files. As NiktoRAT parses the report, it will announce when it identifies new hosts and processes vulnerability URLs. Below is sample output from processing a Nikto report named nikto.out with NiktoRAT:
% ./niktorat.pl nikto.out /usr/local/niktorat/testweb
************
* NiktoRAT *
************
Reading file: nikto.out
IP Address Found: 10.1.1.1
Hostname Found: testweb.xyzzycorp.tld
Port Found: 80
Processing URLs........
Done parsing file. Results begin here: /usr/local/niktorat/testweb/nikframe-0.html
After the report has been processed, point a frames-capable web browser at the appropriate location (in this example, file:///usr/local/niktorat/testweb/nikframe-0.html or a corresponding http-accessible location) to begin reviewing the results.
NOTE: NiktoRAT will generate HTTP requests for all of the URIs in a Nikto report. You should only run NiktoRAT against hosts that you have permission to do so.
Screenshots
Download Now
Source code is available here
Recent News
- 6/12/2006 - Watch for an article about Nikto and NiktoRAT in the August 2006 issue of SysAdmin Magazine
Links
Contact: niktorat at gmail dot com
© 2005-2006 Brian Reilly