[Nikto-discuss] Windows distribution and location of conf files
david lodge
resident.deity at gmail.com
Mon Nov 2 14:41:05 UTC 2009
I'm currently messing around with trying to get Nikto to work as a
pre-compiled Windows executable (so having perl installed is not a
requirement).
This does lead to a couple of interesting questions about how Nikto
should work on Windows and the distribution mechanism. At the moment
Nikto doesn't come in OS dependant installation packages, this is
simply to minimise work on releases of Nikto, so that the downstream
package providers can turn them into .deb or .rpm files and fit the
files in to their own distros requirements. With Windows this gets
more complicated: most of the time Windows users expect an executable
(or MSI) with it just working.
For Nikto, the biggest problem is reading the nikto.conf file: at the
moment we read the config files in the following way:
1. /etc/nikto.conf
2. ~/nikto.conf
3. ./nikto.conf
With each config file overwriting any duplicates, this way a user can
set up parameters for a single nikto session by configuring a
nikto.conf in the current directory.
With 2.1.0, in Windows, number 3 is the only one supported. I have a
patch which is easy to apply to allow nikto to read from either $HOME
or %USERPROFILE% depending on which ones are set, so number 2 is
covered. But I have no real idea of where we should site number 1.
At the moment this is hardcoded in nikto.pl with a comment for the
package maintainer to alter it if needed, which isn't the best. On
Windows this'd probably be best going in C:\program
files\nikto\nikto.conf. (Which can also be complicated if it's not
installed to c:\). But this also brings up the question of whether
/etc/nikto.conf is best on Unix like file systems, there could be
arguments made that /etc/nikto.conf is best, also
/usr/local/etc/nikto.conf, or even /etc/opt/nikto/nikto.conf.
Have any of the readers of this list done this in the past, or is it
just best to highlight a comment saying "package maintainers, alter
this path" above the line in the source?
Thoughts appreciated.
dave
More information about the Nikto-discuss
mailing list