Nikto is long-time favorite of web penetration testers. Few features have been added to it recently, but its development continues. It is a feature-rich vulnerability scanner that you can use to test vulnerabilities on different web servers. It claims to check outdated versions of software and configuration issues on several of the popular web servers.

Some of the well-known features of Nikto are as follows:

• It generates output reports in several forms such as HTML, CSV, XML, and text
• It includes false positive reduction using multiple techniques to test for vulnerabilities
• It can directly login to Metasploit
• It does Apache username enumeration
• It finds subdomains via brute force attacks
• It can customize maximum execution time per target before moving on to the next target