# Run Authorized Nikto Web Server Assessments

Web server misconfigurations and outdated components are hard to review consistently. This skill guides authorized Nikto scans, result handling, and remediation-focused reporting.

## Install

```bash
npx skillstore add agentsecops/webapp-nikto
```

## Metadata

- - Slug: agentsecops-webapp-nikto
- - Version: 0.1.0
- - Author: AgentSecOps
- - GitHub username: AgentSecOps
- - License: MIT
- - Repository: https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/offsec/webapp-nikto
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: high
- - Risk factors: external\_commands, network, filesystem, env\_access, scripts
- - Quality score: 38
- - Quality tier: warning
- - Public page: https://skillstore.pages.dev/skills/agentsecops-webapp-nikto
- - Manifest: https://skillstore.pages.dev/api/skills/agentsecops-webapp-nikto/manifest

## Capabilities

- Guides single-host, multi-port, SSL, authenticated, and bulk Nikto scan workflows.
- Explains Nikto tuning options, plugins, timeouts, redirects, and output formats.
- Provides report generation patterns for text, HTML, CSV, XML, and CI artifacts.
- Maps web server assessment activity to OWASP, CWE, NIST, PCI-DSS, and ISO 27001 concepts.
- Includes operational safeguards for written authorization, scan windows, rate limiting, and audit logging.
- Supplies templates for CI security scanning and security rule documentation.

## Use Cases

- External Web Server Review: Plan and run authorized Nikto checks against approved internet-facing web servers, then prepare findings for remediation.
- Internal Hardening Validation: Validate web server patching, configuration, headers, and exposed files before release or after infrastructure changes.
- Compliance Evidence Collection: Generate structured scan artifacts and audit notes that support vulnerability management and web server hardening controls.

## Prompt Templates

### Prepare a Basic Scan

```
Help me plan a Nikto scan for one web server I am authorized to test. Include scope, command options, and output format.
```

### Tune Scan Coverage

```
Build a Nikto scan plan for approved targets that focuses on misconfiguration, information disclosure, and outdated software checks.
```

### Create a CI Scan Workflow

```
Design a CI workflow that runs authorized Nikto scans, stores reports, and fails only on agreed severity criteria.
```

### Analyze and Prioritize Results

```
Review these Nikto findings, group likely false positives, map confirmed issues to OWASP and CWE, and recommend remediation priorities.
```

## Limitations

- Requires Nikto and Perl to be installed in the execution environment.
- Does not verify legal authorization or ownership of target systems.
- Nikto findings can include false positives that need manual validation.
- Active scans can create traffic, logs, alerts, and service impact on production systems.

## Best Practices

- Confirm written authorization, target scope, ports, and approved scan windows before running active scans.
- Start with conservative timing and focused tuning, then expand coverage only when impact is acceptable.
- Manually validate findings before reporting severity or assigning remediation work.

## Anti Patterns

- Do not scan systems without explicit permission from the owner.
- Do not put real passwords, tokens, or session cookies directly in shared command lines.
- Do not treat Nikto output as final proof without context and manual verification.

## Security Audit

- - Safe to publish: false
- - Audited at: 2026-06-28T06:32:42.832\+00:00
- - Summary: Static analysis found many command, network, script, environment, and filesystem patterns. Most are false positives from documentation templates or expected Nikto usage, but the skill contains confirmed dual-use scanning guidance, IDS/WAF evasion examples, and a CI template that pipes a remote installer into a shell. No evidence found of prompt injection, credential exfiltration, or malicious payloads, so this is not blocked as malware.

## Stats

- - Views: 209
- - Downloads: 5
- - Favorites: 0
- - Popularity score: 0