diff options
Diffstat (limited to 'net-analyzer/nikto/files/nikto.conf')
| -rw-r--r-- | net-analyzer/nikto/files/nikto.conf | 43 |
1 files changed, 29 insertions, 14 deletions
diff --git a/net-analyzer/nikto/files/nikto.conf b/net-analyzer/nikto/files/nikto.conf index ddf3b31a4..a5493e884 100644 --- a/net-analyzer/nikto/files/nikto.conf +++ b/net-analyzer/nikto/files/nikto.conf @@ -1,34 +1,46 @@ ######################################################################################################### # CONFIG STUFF -# $Id: config.txt 94 2009-01-21 22:47:25Z deity $ +# $Id: nikto.conf 539 2010-09-06 03:33:19Z sullo $ ######################################################################################################### # default command line options, can't be an option that requires a value. used for ALL runs. # CLIOPTS=-g -a -NIKTODTD=/usr/share/nikto/docs/nikto.dtd - -# location of nmap to use with port scanning (rather than Nikto internals) -# and any options to pass to it -NMAP=/usr/bin/nmap -NMAPOPTS=-P0 # ports never to scan SKIPPORTS=21 111 +# User-Agent variables: + # @VERSION - Nikto version + # @TESTID - Test identifier + # @EVASIONS - List of active evasions +USERAGENT=Mozilla/4.75 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID) + +# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?> +# You may use the one below, if you like. +RFIURL=http://cirt.net/rfiinc.txt? + # IDs never to alert on (Note: this only works for IDs loaded from db_tests) #SKIPIDS= # if Nikto is having difficulty finding the 'plugins', set the full install path here # EXECDIR=/usr/local/nikto +# The DTD +NIKTODTD=/usr/share/nikto-2.1.3/nikto.dtd + +# location of nmap to use with port scanning (rather than Nikto internals) +# and any options to pass to it +NMAP=/usr/bin/nmap +NMAPOPTS=-P0 + # the default HTTP version to try... can/will be changed as necessary DEFAULTHTTPVER=1.0 # Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should # send updates because it makes the data better for everyone ;) *NO* server specific information # such as IP or name is sent, just the relevant version information. -# UPDATES=yes #-- ask before each submission if it should send -# UPDATES=no #-- don't ask, don't send -# UPDATES=auto #-- automatically attempt submission *without prompting* +# UPDATES=yes - ask before each submission if it should send +# UPDATES=no - don't ask, don't send +# UPDATES=auto - automatically attempt submission *without prompting* UPDATES=yes # Warning if MAX_WARN OK or MOVED responses are retrieved @@ -43,8 +55,8 @@ CIRT=174.142.17.165 ######################################################################################################### # PROXY STUFF ######################################################################################################### -#PROXYHOST=127.0.0.1 -#PROXYPORT=3128 +#PROXYHOST=10.10.10.221 +#PROXYPORT=8080 #PROXYUSER=proxyuserid #PROXYPASS=proxypassword @@ -63,6 +75,9 @@ CHECKMETHODS=HEAD GET EXECDIR=/usr/bin/nikto PLUGINDIR=/var/lib/nikto/plugins TEMPLATEDIR=/var/lib/nikto/templates -DOCDIR=/usr/share/doc/nikto-2.1.1 +DOCDIR=/usr/share/doc/nikto-2.1.3 NIKTOCONFIG=/etc/nikto -DOCUMENTDIR=/usr/share/nikto/docs + +# Default plugin macros +@@MUTATE=dictionary;subdomain +@@DEFAULT=@@ALL;-@@MUTATE;tests(report:500) |