home *** CD-ROM | disk | FTP | other *** search
- # (c) 2001-2005 cirt.net, All Rights Reserved
- #########################################################################################################
- # CONFIG STUFF
- #########################################################################################################
- # default command line options, can't be an option that requires a value. used for ALL runs.
- # CLIOPTS=-g -a
-
- # location of nmap to use with port scanning (rather than Nikto internals)
- # and any options to pass to it
- NMAP=/usr/bin/nmap
- NMAPOPTS=
-
- # ports never to scan
- SKIPPORTS=21 111
-
- # if Nikto is having difficulty finding 'plugins', set the full path here
- PLUGINDIR=/usr/share/nikto/plugins
-
- # the default HTTP version to try... can/will be changed as necessary
- DEFAULTHTTPVER=1.1
-
- # Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
- # send updates because it makes the data better for everyone ;) *NO* server specific information
- # such as IP or name is sent, just the relevant version information.
- # UPDATES=yes #-- ask before each submission if it should send
- # UPDATES=no #-- don't ask, don't send
- # UPDATES=auto #-- automatically attempt submission *without prompting*
- UPDATES=yes
-
- # Warning if MAX_WARN OK or MOVED responses are retrieved
- MAX_WARN=20
-
- # Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
- #PROMPTS=no
-
- #########################################################################################################
- # PROXY STUFF
- #########################################################################################################
- # PROXYHOST=127.0.0.1
- # PROXYPORT=8080
- # PROXYUSER=proxyuserid
- # PROXYPASS=proxypassword
-
- #########################################################################################################
- # COOKIE STUFF
- #########################################################################################################
- # send a cookie with all requests, helpful if auth cookie is needed
- #STATIC-COOKIE=cookiename=cookievalue
-
- #########################################################################################################
- # VARIABLE'S STUFF
- #########################################################################################################
- # User defined values may be added here, which will be used as replacements for values in
- # the scan_database.db and user_scan_database.db files. They work the same as @CGIDIRS do.
- # Any values to be replaced must start with the @ character, such as: @CGIDIRS. An example
- # line would look like (minus the #):
- # @ADMINDIRS=/admin/ /administrator/ /adm/
- # and the corresponding DB entry would look like (minus the #):
- # "generic","@ADMINDIRS/passwords.txt","200","GET","Got admin?"
- # @IP and @HOSTNAME are done automagically
- # Variables currently only work for the requested file portion of a check
- #########################################################################################################
- # this must be defined or just /cgi-bin/ will be tried
- @CGIDIRS=/cgi.cgi/ /webcgi/ /cgi-914/ /cgi-915/ /bin/ /cgi/ /mpcgi/ /cgi-bin/ /ows-bin/ /cgi-sys/ /cgi-local/ /htbin/ /cgibin/ /cgis/ /scripts/ /cgi-win/ /fcgi-bin/ /cgi-exe/ /cgi-home/ /cgi-perl/
-
- # These are for nikto_mutate.plugin. Each will be substituted with *every* file and path!
- # This can make for an insane number of checks.
- @MUTATEDIRS=/....../ /members/ /porn/ /restricted/ /xxx/
- @MUTATEFILES=xxx.htm xxx.html porn.htm porn.html
-
- # Other variables that can be used in the scan DB
- @ADMINDIRS=/admin/ /adm/
- @USERS=adm bin daemon ftp guest listen lp mysql noaccess nobody nobody4 nuucp operator root smmsp smtp sshd sys test unknown uucp web www
- @NUKE=/ /postnuke/ /postnuke/html/ /modules/ /phpBB/ /forum/
-