[Nikto-discuss] Nikto tests

David Lodge dave at cirt.net
Mon Jul 13 22:02:11 UTC 2009


On Mon, 13 Jul 2009 22:41:30 +0100, Sammy Sossa <sammy.sossa20 at gmail.com>  
wrote:
>  How do I go about making Nikto run my User-defined tests only? Do I just
> delete the db files from plugin directory, and keep my udb files?

There's no current support for doing this, I could add it as a tuning  
option for Nikto 2.1.0 if required (as it would be quite easy). Possibly  
the easiest way would be to edit the db_ files and replace them with your  
tests. Deleting them will cause nikto to bring up errors.

The plugins will always run if present, this depends on which version of  
nikto you run. In nikto 2.03 you can edit nikto_plugin_order.txt and  
delete those you don't want run. One nikto 2.1.0 you will need to remove  
plugins you don't want to run. I do plan eventually to allow this through  
the command line.

>  Also, about changing nikto agent, can I put in anything I want in there?
> Like "this is a research project"?

There's no default option to change this - though one should probably be  
added and would be trivial). But, you can hack this by editing  
plugins/nikto_core.plugin and search for Mozilla and you should get a line  
like this:
  $NIKTO{useragent}="Mozilla/4.75 ($NIKTO{name}/$NIKTO{version})";

Edit this to have whatever you want, e.g.:
  $NIKTO{useragent}="Mozilla/4.75 (Research Project)";

It's advised to keep the Mozilla string in as some web servers may do  
filtering on the user agent string to remove bots.

Ta

dave



More information about the Nikto-discuss mailing list