NiktoRAT is a free open source utility that parses a plaintext Nikto report and outputs a series of navigable web pages for each finding with vulnerability information, HTTP request and response headers, and HTML dumps of the vulnerability URLs.


NiktoRAT requires the following:

Running NiktoRAT

Running NiktoRAT is pretty straightforward. The script takes two arguments: the name of the Nikto report and the output directory for the HTML files. As NiktoRAT parses the report, it will announce when it identifies new hosts and processes vulnerability URLs. Below is sample output from processing a Nikto report named nikto.out with NiktoRAT:

% ./niktorat.pl nikto.out /usr/local/niktorat/testweb

* NiktoRAT *
Reading file: nikto.out

IP Address Found:
Hostname Found: testweb.xyzzycorp.tld
Port Found: 80
Processing URLs........
Done parsing file. Results begin here: /usr/local/niktorat/testweb/nikframe-0.html

After the report has been processed, point a frames-capable web browser at the appropriate location (in this example, file:///usr/local/niktorat/testweb/nikframe-0.html or a corresponding http-accessible location) to begin reviewing the results.

NOTE: NiktoRAT will generate HTTP requests for all of the URIs in a Nikto report. You should only run NiktoRAT against hosts that you have permission to do so.


NiktoRAT Web Interface

More screenshots coming soon!

Download Now

Source code is available here

Recent News

  • 6/12/2006 - Watch for an article about Nikto and NiktoRAT in the August 2006 issue of SysAdmin Magazine