diff --git a/pentesting/pentesting-web/cgi.md b/pentesting/pentesting-web/cgi.md
index 54b2f3a74..6aa9cb237 100644
--- a/pentesting/pentesting-web/cgi.md
+++ b/pentesting/pentesting-web/cgi.md
@@ -2,7 +2,8 @@
 
 ## Information
 
-The **CGI scripts are perl script**, so, if you have compromised a server that can execute _**.cgi**_ scripts you can **upload a perl reverse shell** \(`/usr/share/webshells/perl/perl-reverse-shell.pl`\), **change the extension** from **.pl** to **.cgi**, give **execute permissions** \(`chmod +x`\) and **access** the reverse shell **from the web browser** to execute it.
+The **CGI scripts are perl script**, so, if you have compromised a server that can execute _**.cgi**_ scripts you can **upload a perl reverse shell** \(`/usr/share/webshells/perl/perl-reverse-shell.pl`\), **change the extension** from **.pl** to **.cgi**, give **execute permissions** \(`chmod +x`\) and **access** the reverse shell **from the web browser** to execute it.  
+In order to test for **CGI vulns** it's recommended to use `nikto -C all` \(and all the plugins\)
 
 ## **ShellShock**