summaryrefslogtreecommitdiff
blob: ddf3b31a4c75034a7892e767cd891b7791870514 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#########################################################################################################
# CONFIG STUFF
# $Id: config.txt 94 2009-01-21 22:47:25Z deity $
#########################################################################################################
# default command line options, can't be an option that requires a value.  used for ALL runs.
# CLIOPTS=-g -a
NIKTODTD=/usr/share/nikto/docs/nikto.dtd

# location of nmap to use with port scanning (rather than Nikto internals)
# and any options to pass to it
NMAP=/usr/bin/nmap
NMAPOPTS=-P0

# ports never to scan
SKIPPORTS=21 111

# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=

# if Nikto is having difficulty finding the 'plugins', set the full install path here
# EXECDIR=/usr/local/nikto

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.0

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;)  *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes  #-- ask before each submission if it should send
# UPDATES=no   #-- don't ask, don't send
# UPDATES=auto #-- automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=20

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

# cirt.net : set the IP so that updates can work without name resolution
CIRT=174.142.17.165

#########################################################################################################
# PROXY STUFF
#########################################################################################################
#PROXYHOST=127.0.0.1
#PROXYPORT=3128
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword

#########################################################################################################
# COOKIE STUFF
#########################################################################################################
# send a cookie with all requests, helpful if auth cookie is needed
#STATIC-COOKIE=cookiename=cookievalue

# The below allows you to vary which HTTP methods are used to check whether
# an HTTP(s) server is running. Some web servers, such as the autopsy web
# server do not implement the HEAD method
CHECKMETHODS=HEAD GET

# If you want to specify the location of any of the files, specify them here
EXECDIR=/usr/bin/nikto
PLUGINDIR=/var/lib/nikto/plugins
TEMPLATEDIR=/var/lib/nikto/templates
DOCDIR=/usr/share/doc/nikto-2.1.1
NIKTOCONFIG=/etc/nikto
DOCUMENTDIR=/usr/share/nikto/docs