- Home
- MCP servers
- Nikto
Nikto
- typescript
3
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"weldpua2008-nikto-mcp": {
"command": "node",
"args": [
"/absolute/path/to/nikto-mcp/index.js"
],
"env": {
"LOG_LEVEL": "info",
"NIKTO_MODE": "local",
"NIKTO_BINARY": "/usr/local/bin/nikto",
"SCAN_TIMEOUT": "3600",
"MCP_STDOUT_LOGS": "allow",
"NIKTO_DOCKER_IMAGE": "(not set)",
"MAX_CONCURRENT_SCANS": "3",
"NIKTO_DOCKER_NETWORK": "(not set)"
}
}
}
}You can run the Nikto MCP Server as a secure bridge between AI agents and the Nikto web scanner. It exposes a controlled, typed interface to initiate scans, manage results, and configure where and how scans run, with built-in safety features and optional remote management.
How to use
Use an MCP client to connect to the Nikto MCP Server. You will send scan requests, monitor progress, and retrieve results. The server supports local execution (via node with a Nikto-compatible index) and can be configured to run Nikto inside Docker for isolation. For common workflows, configure the MCP client with the provided stdio entry and start scans directly from your AI agent or MCP client frontend.
How to install
Prerequisites: you need Node.js 20 or newer and the Nikto scanner installed and accessible in your PATH. You also need an MCP client (for example MCP Inspector, VS Code MCP integration, Cursor, Windsurf, Claude Desktop, Goose, or similar). Install the Nikto MCP server configuration in your MCP client using the following steps.
{
"mcpServers": {
"nikto": {
"command": "node",
"args": ["/absolute/path/to/nikto-mcp/index.js"],
"env": {
"NIKTO_BINARY": "/usr/local/bin/nikto",
"LOG_LEVEL": "info"
}
}
}
}
Additional installation and run options
If you prefer running Nikto MCP with Docker for isolation, you can configure the server to run in docker mode. The configuration below shows how to pass environment variables for docker execution and logging.
{
"mcpServers": {
"nikto": {
"command": "node",
"args": ["/absolute/path/to/nikto-mcp/index.js"],
"env": {
"NIKTO_MODE": "docker",
"NIKTO_DOCKER_IMAGE": "ghcr.io/sullo/nikto:latest",
"NIKTO_DOCKER_NETWORK": "host",
"LOG_LEVEL": "info"
}
}
}
}
Prerequisites for different clients
Concrete steps to install and run the Nikto MCP Server with your preferred MCP client are described in the client guides. Use the stdio configuration shown above to integrate the Nikto MCP Server into your workflow.
Configuration
Environment variables control how scans run and how results are produced. The server exposes a number of options that you can tune via environment variables. These include the execution mode, the Docker image to use, the network mode, and logging level.
Security features and practices
The server emphasizes secure operation: input sanitization, validated targets and ports, sandboxed execution, and sensible timeouts. It prevents unintended command execution and conflicts between options by design.
Available tools and usage patterns
The server provides a set of tools to perform scans, check ongoing scan status, and stop scans. You can initialize a scan with a target URL and adjust parameters such as port, SSL usage, timeout, output format, and whether to perform a dry run.
Example usage
Typical usage in an MCP client involves sending a scan request with a target, then polling for status and retrieving the JSON output when complete.
Troubleshooting
If a scan does not start, verify that Nikto is accessible via the configured path, confirm the environment variables are set correctly, and check the logs for any sandboxing or timeout messages. Ensure that the selected mode (local or docker) matches the configuration and that the Docker image is available if using docker mode.
Notes on running and testing
To test the server locally, install the MCP Inspector tool and run the inspector against your Nikto MCP Server configuration to validate the integration before using it in production.
Example configuration blocks
{
"mcpServers": {
"nikto": {
"command": "node",
"args": ["/absolute/path/to/nikto-mcp/index.js"],
"env": {
"NIKTO_BINARY": "/usr/local/bin/nikto",
"LOG_LEVEL": "info"
}
}
}
}
Docker build and run
If you want to containerize the MCP server, you can build and run a Docker image that includes Nikto and the MCP server. This enables isolated scans and consistent environments across runs.
# Build the MCP server image with embedded Nikto
docker build -t nikto-mcp .
# Run the containerized MCP server
docker run --rm -i nikto-mcp
# Run with a custom configuration (local mode)
docker run --rm -i \
-e NIKTO_MODE=local \
-e LOG_LEVEL=debug \
nikto-mcp
Environment variables
Key environment variables you may configure include: NIKTO_MODE, NIKTO_DOCKER_IMAGE, NIKTO_DOCKER_NETWORK, NIKTO_BINARY, LOG_LEVEL, MCP_STDOUT_LOGS, SCAN_TIMEOUT, MAX_CONCURRENT_SCANS.
Tools and endpoints
The Nikto MCP Server exposes tools for scanning, checking status, and stopping scans, enabling you to orchestrate comprehensive web security assessments from your MCP client.
Available tools
scan
Run Nikto Security Scan. Supports options to specify target, port, SSL, timeout, output format, and dry-run mode.
scan_status
Check the current status and results of an ongoing or completed scan by scanId.
stop_scan
Terminate a currently running scan by scanId.