######################################################################################################### # CONFIG STUFF # $Id: config.txt 94 2009-01-21 22:47:25Z deity $ ######################################################################################################### # default command line options, can't be an option that requires a value. used for ALL runs. # CLIOPTS=-g -a # ports never to scan SKIPPORTS=21 111 # User-Agent variables: # @VERSION - Nikto version # @TESTID - Test identifier # @EVASIONS - List of active evasions USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID) # RFI URL. This remote file should return a phpinfo call, for example: # You may use the one below, if you like. RFIURL=http://cirt.net/rfiinc.txt? # IDs never to alert on (Note: this only works for IDs loaded from db_tests) #SKIPIDS= # The DTD NIKTODTD=docs/nikto.dtd # the default HTTP version to try... can/will be changed as necessary DEFAULTHTTPVER=1.0 # Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should # send updates because it makes the data better for everyone ;) *NO* server specific information # such as IP or name is sent, just the relevant version information. # UPDATES=yes - ask before each submission if it should send # UPDATES=no - don't ask, don't send # UPDATES=auto - automatically attempt submission *without prompting* UPDATES=yes # Warning if MAX_WARN OK or MOVED responses are retrieved MAX_WARN=20 # Prompt... if set to 'no' you'll never be asked for anything. Good for automation. #PROMPTS=no # cirt.net : set the IP so that updates can work without name resolution -- just in case CIRT=174.142.17.165 # Proxy settings -- still must be enabled by -useproxy #PROXYHOST=127.0.0.1 #PROXYPORT=8080 #PROXYUSER=proxyuserid #PROXYPASS=proxypassword # Cookies: send cookies with all requests # Multiple can be set by separating with a semi-colon, e.g.: # "cookie1"="cookie value";"cookie2"="cookie val" #STATIC-COOKIE= # The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server # is running. Some web servers, such as the autopsy web server do not implement the HEAD method CHECKMETHODS=HEAD GET # If you want to specify the location of any of the files, specify them here EXECDIR=/etc/nikto # Location of Nikto PLUGINDIR=/etc/nikto/plugins # Location of plugin dir DBDIR=/etc/nikto/databases # Location of plugin dir TEMPLATEDIR=/etc/nikto/templates # Location of tempmlate dir DOCDIR=/etc/nikto/docs # Location of docs dir # Default plugin macros @@MUTATE=dictionary;subdomain @@DEFAULT=@@ALL;-@@MUTATE;tests(report:500) #Choose SSL libs # Options: # SSLeay - use Net::SSLeay # SSL - use Net::SSL # auto - automatically choose whats available # (SSLeay wins if both are available) LW_SSL_ENGINE=auto