[Nikto-discuss] [Ask] nikto_core.plugin

a resident.deity at gmail.com
Fri Jul 11 02:46:52 CDT 2014


run_hooks pretty much *is* Nikto: it's the bit that runs all of the plugins.

In essence Nikto > 2.1.0 is just a plugin runner. The core component of
Nikto parses the command line, cleans up a lot of the gubbins, and the runs
all the plugins.

To run a plugin it will call run_hooks at various points, this then goes
through the plugin list and calls each registered plugin for that hook, the
phases (or hooks - phase was the 2.1.0 term; it became hook in 2.1.1 or
2.1.2) are described in the documentation:
http://cirt.net/nikto2-docs/expanding.html#id2792681

So, in essence, don't touch run_hooks unless you know what you're doing or
things will go weird.


On 4 July 2014 09:35, raymond lukanta <raymond_pluto at hotmail.com> wrote:

> I've found the answer for question number 2.
> It's because the host name has been set at the beginning of scanning.
>
> In fact, the second parameter of nfetch is URI. So, for example I set
> host to "localhost", then the URL will become localhost/www.google.com.
>
> I'm still waiting the answer for question 1. :-)
>
> --
> Raymond
>
> ------------------------------
> From: raymond_pluto at hotmail.com
> To: nikto-discuss at attrition.org
> Date: Fri, 4 Jul 2014 13:19:08 +0700
> Subject: [Nikto-discuss] [Ask] nikto_core.plugin
>
>
> Hi,
>
> I have 2 questions.
>
> 1. What's the function of subroutine named run_hooks? What I got from the
> code is the subroutine do some checking, but I don't understand what the
> function of those checkings.
>
> 2. I try to call: nfetch($mark, "www.google.com", "GET");
>    But the response is error code 400. What's wrong with my request?
>
> Thanks.
>
> --
> Raymond
>
> _______________________________________________ Nikto is sponsored by
> Netsparker, a false positive free web application security scanner. Visit
> https://www.netsparker.com/ for more information.
> _______________________________________________ Nikto-discuss mail list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
> _______________________________________________
> Nikto is sponsored by Netsparker, a false positive free web application
> security scanner.
> Visit https://www.netsparker.com/ for more information.
> _______________________________________________
> Nikto-discuss mail list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20140711/637eee48/attachment.html>


More information about the Nikto-discuss mailing list