webapp-nikto
Scan web servers for vulnerabilities with Nikto
Nikto is an open-source web server scanner that identifies dangerous files, outdated software versions, and server misconfigurations. Use this skill to conduct authorized security assessments and compliance scans against web servers and applications.
Baixar o ZIP da skill
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
Ative e comece a usar
Testar
A utilizar "webapp-nikto". Scan http://testserver.local for common web vulnerabilities
Resultado esperado:
- Nikto scan completed successfully
- Findings Summary: Critical: 0 | High: 2 | Medium: 5 | Low: 3
- Key Findings: /admin/: Directory indexing found, /server-status: Apache server-status exposed, PHP version 7.4.3 detected (outdated)
- Recommendations: Disable server-status endpoint, Update PHP to version 8.1+, Restrict /admin/ access
A utilizar "webapp-nikto". Run an SSL security assessment on https://api.example.com
Resultado esperado:
- SSL/TLS assessment completed
- Certificate Details: Issuer: DigiCert, Valid until: 2025-12-31
- SSL Findings: TLS 1.0 supported (deprecated), Weak cipher suite detected: TLS_RSA_WITH_AES_128_CBC_SHA
- Recommendations: Disable TLS 1.0 and 1.1, Upgrade to TLS 1.3, Remove weak cipher suites
Auditoria de Segurança
Baixo RiscoDocumentation-only skill providing guidance for the Nikto open-source web server scanner. All code examples are shell commands for the external Nikto tool which users install and run separately. Contains no executable scripts. Includes explicit authorization requirements and ethical usage guidelines. The static findings (external commands, network URLs, security vocabulary) are expected documentation content for a vulnerability scanning skill, not malicious patterns.
Problemas de Baixo Risco (1)
Fatores de risco
⚙️ Comandos externos (1)
🌐 Acesso à rede (1)
🔑 Variáveis de ambiente (1)
Pontuação de qualidade
O Que Você Pode Construir
Authorized penetration testing
Conduct comprehensive web server security assessments for clients with proper authorization documentation
Compliance vulnerability scans
Scan internal web applications to verify security controls meet PCI-DSS and OWASP requirements
Internal security hardening
Identify and remediate web server misconfigurations in pre-production environments
Tente Estes Prompts
Run a Nikto scan against http://example.com and output results to a text file
Perform an SSL-focused Nikto scan on https://secure.example.com with detailed SSL checks
Run an authenticated Nikto scan against http://internalapp.local using credentials admin:password123
Scan web1.example.com and web2.example.com, generate an HTML compliance report with vulnerability classifications
Melhores Práticas
- Always obtain written authorization before scanning any system
- Schedule scans during maintenance windows to minimize production impact
- Document all findings with remediation steps for compliance reporting
Evitar
- Scanning systems without documented authorization
- Running full scans on production systems during business hours
- Ignoring false positive verification before reporting