nikto_scan
Scan websites for security vulnerabilities using Nikto web scanner to identify potential security issues and misconfigurations in web applications.
Instructions
Run Nikto web vulnerability scanner
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| port | No | Target port (default: 80/443) | |
| url | Yes | Target URL |
Input Schema (JSON Schema)
{
"properties": {
"port": {
"description": "Target port (default: 80/443)",
"type": "number"
},
"url": {
"description": "Target URL",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
}
Implementation Reference
- src/tools/vulnscan.ts:91-131 (handler)The main execution handler for the nikto_scan tool. Runs the Nikto command-line scanner, captures output, parses vulnerabilities, and returns structured ScanResult.async niktoScan(url: string, port?: number): Promise<ScanResult> { try { let command = `nikto -h ${url}`; if (port) { command += ` -p ${port}`; } // Output format command += ' -Format txt'; console.error(`Executing: ${command}`); const { stdout, stderr } = await execAsync(command, { timeout: 600000 // 10 min timeout }); const vulnerabilities = this.parseNiktoOutput(stdout, url); return { target: url, timestamp: new Date().toISOString(), tool: 'nikto', results: { vulnerabilities, total_found: vulnerabilities.length, raw_output: stdout }, status: 'success' }; } catch (error) { return { target: url, timestamp: new Date().toISOString(), tool: 'nikto', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:150-159 (schema)JSON schema defining the input parameters for the nikto_scan tool (url required, port optional), used in the MCP listTools response.name: "nikto_scan", description: "Run Nikto web vulnerability scanner", inputSchema: { type: "object", properties: { url: { type: "string", description: "Target URL" }, port: { type: "number", description: "Target port (default: 80/443)" } }, required: ["url"] }
- src/index.ts:521-522 (registration)Registration and dispatch logic in the MCP callTool handler's switch statement, routing requests to the appropriate VulnScanTools.niktoScan method.case "nikto_scan": return respond(await this.vulnScanTools.niktoScan(args.url, args.port));
- src/tools/vulnscan.ts:227-260 (helper)Helper function to parse Nikto's textual output into structured VulnerabilityResult objects, categorizing severity based on keywords.private parseNiktoOutput(output: string, target: string): VulnerabilityResult[] { const vulnerabilities: VulnerabilityResult[] = []; const lines = output.split('\n'); for (const line of lines) { if (line.includes('+ ') && !line.includes('Nikto v') && !line.includes('Target Host')) { let severity: 'info' | 'low' | 'medium' | 'high' | 'critical' = 'info'; // Determine severity based on content if (line.toLowerCase().includes('xss') || line.toLowerCase().includes('sql injection') || line.toLowerCase().includes('command injection')) { severity = 'high'; } else if (line.toLowerCase().includes('directory') || line.toLowerCase().includes('admin') || line.toLowerCase().includes('backup')) { severity = 'medium'; } else if (line.toLowerCase().includes('version') || line.toLowerCase().includes('information')) { severity = 'low'; } vulnerabilities.push({ id: `nikto-${vulnerabilities.length + 1}`, name: 'Nikto Finding', severity, description: line.trim(), affected_url: target }); } } return vulnerabilities; }