Nikto

free From $0/mo · Founded 2001 · self-hosted / CLI

Long-running open-source web server scanner — checks 6,700+ dangerous files and outdated software.

Free tier: fully free, open-source (GPL)

Scans for a large, well-established database of 6,700+ known dangerous files/CGIs.
Completely free and open-source (GPL) with no paid tiers or feature restrictions.
Lightweight and scriptable, making it easy to integrate into automated testing workflows.

Self-hosted and command-line only, with no managed service or graphical interface.
Generates 'noisy' scans that are easily detectable by firewalls and IDS/IPS systems.
Lacks sophisticated understanding of modern JavaScript-heavy single-page applications (SPAs).

Tags: web-appdastopen-sourcefree-tiersoloself-hosted

Alternatives to Nikto

free

Most popular free open-source DAST scanner — active/passive web scanning, intercepting proxy, CI/CD integration.

free

Template-driven fast scanner — community templates cover thousands of CVEs. Free CLI, paid managed cloud.

freemium

Online toolkit of 25+ pentest scanners (web, network, recon) — paid plans from $93/mo with unlimited scans.

free

Standard network discovery + port/service scanner — universal first step for any audit.