[Nikto-discuss] All options section

David Lodge dave at cirt.net
Wed May 6 15:29:29 UTC 2009

On Tue, 05 May 2009 21:19:11 +0100, titans team  
<titansteamadmin at gmail.com> wrote:
> in case you do not specify options in your command line, what are the
> default options assumed ?
> For instance, if I do not specify any -Cgidirs option or any -evasion
> option, how will the scan behave ?

Erm... You have to guess :-)

In reality it's not that difficult; the default is for a quick, nearly  
complete scan, so Cgidirs is set to "all" and evasion is "0" i.e. no  
evasion, no mutators, standard out output (text in nikto 2.03, no output  
file in nikto 2.10) and no tuning.

> Also, about the -mutate option how does it work ? Are there dictionnaries
> for guessing values ? Does it make sense to run a scan like -mutate 123  
> ? I
> am a bit lost on this one.

If you do a nikto.pl -Help (note the capital letter) it will list more  
details on the mutate, evasion and tuning options:
[dave at yggdrasil nikto-2.03]$ ./nikto.pl --Help
        -mutate+                 Guess additional file names:
                                    1     Test all files with all root  
                                    2     Guess for password file names
                                    3     Enumerate user names via Apache  
(/~user type requests)
                                    4     Enumerate user names via cgiwrap  
(/cgi-bin/cgiwrap/~user type requests)

I'm planning to expand these a wee bit - adding a 5 to attempt to brute  
force domains, and to expand it so that 3 and 4 can use a dictionary file.

> And finally, the -dbcehck option what does it check ?

This performs a consistency check on the internal databases to make sure  
that all tids (the unique nikto code) are unique and the databases are  
malformed. It's more useful for the nikto developers than the users.



More information about the Nikto-discuss mailing list