config.txt

一个用perl写的功能强大的cgi漏洞检测程序

#########################################################################################################
# CONFIG STUFF
#########################################################################################################
# default command line options, can't be an option that requires a value.  used for ALL runs.
# CLIOPTS=-g -a

# location of nmap to use with port scanning (rather than Nikto internals)
#NMAP=/usr/bin/nmap

# ports never to scan
SKIPPORTS=21 111

# if Nikto is having difficulty finding 'plugins', set the full path here
# PLUGINDIR=/usr/local/nikto/plugins

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.1

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;)  *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes  #-- ask before each submission if it should send
# UPDATES=no   #-- don't ask, don't send
# UPDATES=auto #-- automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=30

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

#########################################################################################################
# PROXY STUFF
#########################################################################################################
# PROXYHOST=10.10.10.10
# PROXYPORT=8080
# PROXYUSER=proxyuserid
# PROXYPASS=proxypassword

#########################################################################################################
# COOKIE STUFF
#########################################################################################################
# send a cookie with all requests, helpful if auth cookie is needed
#STATIC-COOKIE=cookiename=cookievalue

#########################################################################################################
# VARIABLE'S STUFF
#########################################################################################################
# User defined values may be added here, which will be used as replacements for values in
# the scan_database.db and user_scan_database.db files. They work the same as @CGIDIRS do.
# Any values to be replaced must start with the @ character, such as: @CGIDIRS. An example
# line would look like (minus the #):
# @ADMINDIRS=/admin/ /administrator/ /adm/
# and the corresponding DB entry would look like (minus the #):
# "generic","@ADMINDIRS/passwords.txt","200","GET","Got admin?"
# @IP and @HOSTNAME are done automagically
# Variables currently only work for the requested file portion of a check 
#########################################################################################################
# this must be defined or just /cgi-bin/ will be tried
@CGIDIRS=/cgi.cgi/ /webcgi/ /cgi-914/ /cgi-915/ /bin/ /cgi/ /mpcgi/ /cgi-bin/ /ows-bin/ /cgi-sys/ /cgi-local/ /htbin/ /cgibin/ /cgis/ /scripts/ /cgi-win/ /fcgi-bin/ /cgi-exe/ /cgi-home/ /cgi-perl/

# These are for nikto_mutate.plugin. Each will be substituted with *every* file and path!
# This can make for an insane number of checks.
@MUTATEDIRS=/....../ /members/ /porn/ /restricted/ /xxx/
@MUTATEFILES=xxx.htm xxx.html porn.htm porn.html

# Other variables that can be used in the scan DB
@ADMINDIRS=/admin/ /adm/
@USERS=adm bin daemon ftp guest listen lp mysql noaccess nobody nobody4 nuucp operator root smmsp smtp sshd sys test unknown uucp web www