Nikto 2.6.0 is now available on GitHub.
This is a major release with significant internal improvements, new capabilities, and long-term architectural upgrades.
⚠️ Important Note
This release introduces format changes to JSON and XML reports that may impact
existing parsers and integrations. Also the primary branch has been set to main.
🔧 What’s New in 2.6.0
Nikto 2.6.0 includes hundreds of improvements, with highlights below:
- ~10% faster scans through core engine optimizations
- New Domain Specific Language (DSL) for more expressive, accurate tests
- Rewritten JSON, XML, and SQL report plugins
- Multiple report formats per scan (generate several outputs at once)
- All-new cross-platform LFI testing with platform detection
- Cookies enabled by default for more realistic scanning
- Randomized User-Agent selection per request
- Bulk scanner script for running multiple Nikto instances using screen
- Legacy plugin and dead-code removal (no test coverage lost)
- Reference cleanup (OSVDB, Securiteam, SecurityFocus removed)
- License update: Nikto code is now GPLv3
- New and more accurate tests added
- Improved config loading to reduce distro-specific issues (including Kali)
- Bash wrapper util to execute multiple scans in screen
…and many additional fixes and refinements.
Getting Started
You can start using Nikto 2.6.0 by updating an existing installation from GitHub or by downloading a release archive from the repository.
Feedback & Issues
As always, if you encounter bugs or problems, please open an issue on GitHub.