# Nikto Cheat Sheet

> If you are looking for a more in-depth article about the usage of Nikto, see my blog about Nikto usage. [Click Here](https://matthewhard.com/web-vulnerability-scanning-with-nikto-a-quick-and-dirty-guide)

**Syntax:**

```python
nikto -h [Target] [Options]
```

**Example:**

```python
nikto -h http://example.com
```

**Options/Flags:**

* `-h`: Target URL or IP address
    
* `-id`: Host authentication username and password (e.g., `-id admin:password`)
    
* `-output`: Output file
    
* `-Format`: Output format (e.g., `-Format xml`)
    
* `-ssl`: Force SSL mode
    
* `-Cgidirs`: Scan for CGI directories
    
* `-Tuning`: Scan tuning (e.g., `-Tuning 3`)
    
* `-Evasion`: Evasion technique (e.g., `-Evasion 1`)
    
* `-Plugins`: Use specific plugins (e.g., `-Plugins tests/ssl`)
    
* `-list-plugins`: List available plugins
    
* `-dbcheck`: Check database support
    
* `-version`: Show Nikto version
    
* `-help`: Help
