Run attack scripts

To see how Contrast captures attack data, you can run an attack script using Nikto, an open-source web server scanner.


To run an attack script you must have a Contrast agent installed and an application with Contrast Protect enabled.

To run an attack script:

  1. Run ./ in your terminal to make sure Nikto is configured correctly. If it is, you'll see a default help message return.

  2. In Contrast, ensure that the IP address of the machine running Nikto isn’t denylisted.

  3. In the terminal, go to the program directory.

  4. Initiate a scan by running

    ./ -useragent “MyAgent (Demo/1.0)” -h


    If your web application has its files under a certain directory, use the -r option to prepend a directory.

  5. Once the script has finished running, Contrast will alert you about a new attack with an in-app notification and email.

  6. Select the alert or go to Attacks to see a summary of the attack. To learn more about an individual attack, select Source IP.