summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/nikto/files/nikto.conf')
-rw-r--r--net-analyzer/nikto/files/nikto.conf43
1 files changed, 29 insertions, 14 deletions
diff --git a/net-analyzer/nikto/files/nikto.conf b/net-analyzer/nikto/files/nikto.conf
index ddf3b31a4..a5493e884 100644
--- a/net-analyzer/nikto/files/nikto.conf
+++ b/net-analyzer/nikto/files/nikto.conf
@@ -1,34 +1,46 @@
#########################################################################################################
# CONFIG STUFF
-# $Id: config.txt 94 2009-01-21 22:47:25Z deity $
+# $Id: nikto.conf 539 2010-09-06 03:33:19Z sullo $
#########################################################################################################
# default command line options, can't be an option that requires a value. used for ALL runs.
# CLIOPTS=-g -a
-NIKTODTD=/usr/share/nikto/docs/nikto.dtd
-
-# location of nmap to use with port scanning (rather than Nikto internals)
-# and any options to pass to it
-NMAP=/usr/bin/nmap
-NMAPOPTS=-P0
# ports never to scan
SKIPPORTS=21 111
+# User-Agent variables:
+ # @VERSION - Nikto version
+ # @TESTID - Test identifier
+ # @EVASIONS - List of active evasions
+USERAGENT=Mozilla/4.75 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)
+
+# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?>
+# You may use the one below, if you like.
+RFIURL=http://cirt.net/rfiinc.txt?
+
# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=
# if Nikto is having difficulty finding the 'plugins', set the full install path here
# EXECDIR=/usr/local/nikto
+# The DTD
+NIKTODTD=/usr/share/nikto-2.1.3/nikto.dtd
+
+# location of nmap to use with port scanning (rather than Nikto internals)
+# and any options to pass to it
+NMAP=/usr/bin/nmap
+NMAPOPTS=-P0
+
# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.0
# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;) *NO* server specific information
# such as IP or name is sent, just the relevant version information.
-# UPDATES=yes #-- ask before each submission if it should send
-# UPDATES=no #-- don't ask, don't send
-# UPDATES=auto #-- automatically attempt submission *without prompting*
+# UPDATES=yes - ask before each submission if it should send
+# UPDATES=no - don't ask, don't send
+# UPDATES=auto - automatically attempt submission *without prompting*
UPDATES=yes
# Warning if MAX_WARN OK or MOVED responses are retrieved
@@ -43,8 +55,8 @@ CIRT=174.142.17.165
#########################################################################################################
# PROXY STUFF
#########################################################################################################
-#PROXYHOST=127.0.0.1
-#PROXYPORT=3128
+#PROXYHOST=10.10.10.221
+#PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword
@@ -63,6 +75,9 @@ CHECKMETHODS=HEAD GET
EXECDIR=/usr/bin/nikto
PLUGINDIR=/var/lib/nikto/plugins
TEMPLATEDIR=/var/lib/nikto/templates
-DOCDIR=/usr/share/doc/nikto-2.1.1
+DOCDIR=/usr/share/doc/nikto-2.1.3
NIKTOCONFIG=/etc/nikto
-DOCUMENTDIR=/usr/share/nikto/docs
+
+# Default plugin macros
+@@MUTATE=dictionary;subdomain
+@@DEFAULT=@@ALL;-@@MUTATE;tests(report:500)