Nikto Cheat Sheet by milo.skoro

–host	Scan host
-port	Scan host targeting specific ports
-maxtime	Define maximum scan time
-until	Scan duration
-vhost	Define host header
-ssl	to use SSL
-dbcheck	Check database
-output	output results into specified file
-ipv4	Ipv4 only
-ipv6	Ipv6 only
-list-­plugins	List all available plugins
-nolookup	Disables DNS lookups
-nossl	Disables the use of ssl

-mutat­e<#>	1 - Test all files with all root direct­ories
	2 - Guess for password file names
	3 - Enumerate usernames via Apache
	4 - Enumerate usernames via cgiwrap
	5 - Attempt to brute force sub-domain names
	6 - Attempt to guess directory names form the supplied dictionary file

-Displ­ay<­#>	1 - Display redirects
	2 - Display cookies
	3 - Display 200 ok response
	4 - Display Web URLs requiring authen­tic­ation
-Displ­ay<­let­ter>	D - Display debug output
	E - Show HTTP errors
	P - Print to STDOUT
	V - Verbose output display

-Format	csv - Comma Separated Value
	htm - HTML Format
	txt - Plain text
	xml - XML Format

-evasi­on<­#>	1 - Random URI encoding (non-UTF8)
	2 - Directory self-r­efe­rence
	3 - Premature URL ending
	4 - Prepend long random string
	5 - Fake parameter
	6 - TAB as request spacer
	7 - Change the case of the URL
	8 - Use Windows directory separator (\)

-tunin­g<#>	0 - Upload files
	1 - View specific file in log
	2 - Default file miscon­fig­uration
	3 - Display inform­ation disclosure
	4 - Injection (XSS/S­cri­pt/­HTML)
	5 - Remote File Retrieval
	6 - Denial of Service
	7 - Remote File Retrieval - Server Wide
	8 - Remote Shell
	9 - SQL Injection
-tunin­g<l­ett­er>	a - Authen­tic­ation Bypass
	b - Software Identi­fic­ation
	c - Remote Source Inclusion
	x - Reverse Tuning Options