So you have Nikto going, but you’re not really sure what’s happening, or how long the scan is going to take?
Nikto has several interactive features you can use while a scan is in progress. If you just want to find out the current status, simply press the space bar to find out what the program is doing, how many requests have been made, and a guesstimate of how long the rest is going to take. You can automate this output every 500 requests by turning on progress reporting by pressing ‘p’ (similarly, pressing it again will turn it off).
If you want to get a better feel for how the server is responding to each request, you can turn verbose mode on or off by pressing the ‘v’ key.
If you’d like a lot of info, debug is also available by pressing ‘d’.
If you’re running up against the end of your testing window, no need to cancel and start again later—simply press a ‘P’ to pause all operations. Nikto will sit around and wait until you’re ready to resume by hitting a ‘P’ again.
If you’re giving up or totally out of time, you can press ’N’ to move on to the next host/port (if you ran more than one, or finish up if not) or ‘q’ to quit scanning entirely. Both N/q will wrap up current operations and write report/save output, terminating the program normally and more gracefully than a hard exit will.
There are a few more interactive commands which you may find handy for debugging or getting more info from a server, such as reporting cookies, errors, redirections, etc. See the entire list below.
One last note: keyboard input is checked every 10 requests, so on very slow scans you might need to wait until input is polled.
Here’s the full list:
- SPACE - Report current scan status
- v - Turn verbose mode on/off
- d - Turn debug mode on/off
- e - Turn error reporting on/off
- p - Turn progress reporting on/off
- r - Turn redirect display on/off
- c - Turn cookie display on/off
- o - Turn OK display on/off
- a - Turn auth display on/off
- q - Quit
- N - Next host
- P - Pause