### Define the Start hook method Source: https://github.com/sullo/nikto/wiki/Start-hook The start method requires no parameters and returns no value. ```C void start_method(void); ``` -------------------------------- ### Setup Request Hash Source: https://github.com/sullo/nikto/wiki/Standard-Methods Initializes a libwhisker request hash with standard Nikto variables. ```APIDOC ## setup_hash ### Description Sets up up a libwhisker hash with the normal Nikto variables. This should be used if any custom calls to libwhisker are used. ### Method N/A (Function Signature) ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body N/A ### Request Example ``` hashref setup_hash(requesthash, mark; hashref requesthash hashref mark ``` ### Response Returns a configured libwhisker hash. ``` -------------------------------- ### Nikto DSL Matcher Example Source: https://github.com/sullo/nikto/blob/main/README.md This example demonstrates combining multiple Nikto DSL matchers to refine response matching. It checks for 'login' in the body, excludes 'logout' from the body, requires 'X-Powered-By' in headers, and checks for the 'sessionid' cookie. ```text BODY:login&&!BODY:logout&&HEADER:X-Powered-By&&COOKIE:sessionid ``` -------------------------------- ### Clone and Run Nikto from Source Source: https://github.com/sullo/nikto/blob/main/README.md Clone the Nikto repository and run the scanner using the Perl script. Ensure you have Perl installed and the script is executable. ```bash git clone https://github.com/sullo/nikto # Main script is in program/ cd nikto/program # Run using the shebang interpreter ./nikto.pl -h http://www.example.com # Run using perl (if you forget to chmod) perl nikto.pl -h http://www.example.com ``` -------------------------------- ### Setup Libwhisker Request Hash Source: https://github.com/sullo/nikto/wiki/Standard-Methods Prepares a libwhisker request hash with standard Nikto variables. Use this for custom libwhisker calls. ```perl hashref setup_hash(requesthash, mark; hashref requesthash hashref mark ``` -------------------------------- ### DSL Matcher Syntax Examples Source: https://github.com/sullo/nikto/wiki/Scan-Database-Syntax Common patterns for matching HTTP responses using the DSL field. ```text CODE:200 ``` ```text BODY:admin ``` ```text CODE:200&&BODY:admin ``` ```text (CODE:200|CODE:301) ``` ```text @LFI() ``` -------------------------------- ### Start Hook Source: https://github.com/sullo/nikto/wiki/Start-hook The Start hook is called once before the enumeration and scanning process begins. It is ideal for setting up variables or loading databases required by plugins. ```APIDOC ## Start Hook ### Description The Start hook is called once before the enumeration and scanning process begins. It is ideal for setting up variables or loading databases required by plugins. ### Method N/A (Hook) ### Endpoint N/A (Hook) ### Parameters This hook is passed no parameters. ### Request Example N/A ### Response This hook should return nothing. ``` -------------------------------- ### Define Plugin Macros in nikto.conf Source: https://github.com/sullo/nikto/wiki/Selecting-Plugins Example macros for commonly run plugin sets defined in the nikto.conf file. These can be overridden via the -Plugins command-line option. ```ini @@MUTATE=dictionary ``` ```ini @@DEFAULT=@@ALL;-@@MUTATE;tests(report:500) ``` -------------------------------- ### Report Host Start Hook Source: https://github.com/sullo/nikto/wiki/Reporting-Phase Called before reconnaissance for each target to write host-specific information. ```APIDOC ## Report Host Start ### Description This hook is called immediately before the reconnaissance phase for each target. It is designed to allow the reporting plugin to write any host-specific information. ### Function Signature ``` void report_host_start(rhandle, mark); handle rhandle hashref mark ``` ### Parameters - **rhandle** (handle) - The output of the plugin's Report Head function. - **mark** (hashref) - A hashref for the target information. ``` -------------------------------- ### Report Host Start Hook Source: https://github.com/sullo/nikto/wiki/Reporting-Phase Called before the reconnaissance phase for each target to write host-specific information. ```text void report_host_start(rhandle, mark); handle rhandle hashref mark ``` -------------------------------- ### Run Specific Plugin with Parameters Source: https://github.com/sullo/nikto/wiki/Selecting-Plugins Execute a specific plugin with custom parameters. For example, to run the 'tests' plugin with 'report' set to 500 and 'verbose' enabled. ```bash tests(report:500,verbose) ``` -------------------------------- ### Get Banner Source: https://github.com/sullo/nikto/wiki/Standard-Methods Retrieves the web server's banner information. ```APIDOC ## get_banner ### Description Pulls the web servers banner. This is automatically performed for all targets before a mark is passed to the plugin. ### Method N/A (Function Signature) ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body N/A ### Request Example ``` string get_banner(mark); hashref mark ``` ### Response Returns the web server's banner as a string. ``` -------------------------------- ### Pull and Run Nikto Docker Container Source: https://github.com/sullo/nikto/blob/main/README.md Pull the latest Nikto Docker image from ghcr.io and run it. This is a quick way to start using Nikto in a containerized environment. ```bash docker pull ghcr.io/sullo/nikto:latest ``` -------------------------------- ### List Available Plugins Source: https://github.com/sullo/nikto/wiki/Selecting-Plugins Run this command to see a list of all available plugins and their parameters. ```bash ./nikto.pl -list-plugins ``` -------------------------------- ### Utilize Plugins Source: https://context7.com/sullo/nikto/llms.txt List available plugins or execute specific plugins with custom parameters and macros. ```bash # List all available plugins perl nikto.pl -list-plugins # Run specific plugin with parameters perl nikto.pl -h target.com -Plugins "tests(report:500,verbose)" # Run Apache Expect XSS check only with debug output perl nikto.pl -h target.com -Plugins "apache_expect_xss(verbose,debug)" # Run Apache user enumeration with custom dictionary perl nikto.pl -h targets.txt -Plugins "apacheusers(enumerate,dictionary:users.txt);report_xml" -o apacheusers.xml # Run dictionary attack plugin perl nikto.pl -h target.com -Plugins "dictionary(dictionary:dict.txt)" # Plugin macros (defined in nikto.conf): # @@ALL - All available plugins # @@DEFAULT - @@ALL;-@@EXTRAS;tests(report:500) # @@EXTRAS - dictionary;siebel ``` -------------------------------- ### Configuration File Source: https://context7.com/sullo/nikto/llms.txt Customize Nikto's default behavior, proxy settings, and database reporting using the nikto.conf file. ```ini # nikto.conf - Example configuration # Default command line options for all runs CLIOPTS=-output results.txt -Format text # RFI test URL (should return phpinfo() output) RFIURL=https://cirt.net/public/rfiinc.txt # Skip specific test IDs SKIPIDS=000045 000345 # HTTP version (1.0 or 1.1) DEFAULTHTTPVER=1.1 # Version update behavior: yes, no, or auto UPDATES=yes # Proxy configuration (must also use -useproxy flag) PROXYHOST=127.0.0.1 PROXYPORT=8080 PROXYUSER=proxyuserid PROXYPASS=proxypassword # Static cookies sent with all requests STATIC-COOKIE="sessionid=abc123";"auth=token456" # SSL library selection: auto, SSL, or SSLeay LW_SSL_ENGINE=auto # Number of failures before giving up (0 to disable) FAILURES=20 # Plugin macros @@EXTRAS=dictionary;siebel @@DEFAULT=@@ALL;-@@EXTRAS;tests(report:500) # Directory locations EXECDIR=/opt/nikto PLUGINDIR=/opt/nikto/plugins DBDIR=/opt/nikto/databases TEMPLATEDIR=/opt/nikto/templates # Custom User-Agent (supports @VERSION, @TESTID, @EVASIONS variables) USERAGENT=Mozilla/5.0 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID) # SQL Direct Database Reporting DB_TYPE=mysql DB_HOST=localhost DB_PORT=3306 DB_NAME=nikto DB_TABLE=nikto_table # Set credentials via environment: NIKTO_DB_USER, NIKTO_DB_PASS ``` -------------------------------- ### Nikto Plugin: siebel Source: https://github.com/sullo/nikto/wiki/Plugin-list Performs a set of checks against an installed Siebel application. ```APIDOC ## Plugin: siebel ### Description Siebel Checks - Performs a set of checks against an installed Siebel application ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters #### Query Parameters - **enumerate** (boolean) - Optional - Flag to indicate whether to attempt to enumerate known applications. - **applications** (array of strings) - Optional - List of applications to check. - **application** (string) - Optional - Specific application to attack. - **languages** (array of strings) - Optional - List of languages to consider. ### Request Example N/A ### Response N/A ``` -------------------------------- ### Replay utility command line options Source: https://github.com/sullo/nikto/wiki/Saving-Requests-Responses-&-Replaying The replay.pl script accepts a file path and an optional proxy configuration to re-execute saved Nikto requests. ```text -file -proxy (server:port) ``` -------------------------------- ### Use Nikto Proxy via Configuration File Source: https://github.com/sullo/nikto/wiki/Using-a-Proxy Configure Nikto to use a proxy by setting PROXY* variables in nikto.conf and using the -useproxy option. All connections will be relayed through the specified proxy. ```bash perl nikto.pl -h localhost -p 80 -useproxy ``` -------------------------------- ### Initialize Database Source: https://github.com/sullo/nikto/wiki/Standard-Methods Initializes a database file and returns its contents as an array of hashes. ```APIDOC ## init_db ### Description Initializes a database that is in `PLUGINDIR` and returns an arrayref. The arrayref is to an array of hashrefs, each hash member is configured by the first line in the database file, for example: "nikto_id","md5hash","description" This will result in an array of hashrefs with parameters: array[0]->{nikto_id} array[0]->{md5hash} array[0]->{description} ### Method N/A (Function Signature) ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body N/A ### Request Example ``` arrayref init_db(dbname); string dbname ``` ### Response Returns an array reference to an array of hashrefs, representing the database content. ``` -------------------------------- ### Configure CLI Options Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets default command-line arguments for Nikto execution. ```text CLIOPTS=-output results.txt -Format text ``` ```text CLIOPTS= ``` -------------------------------- ### Get Current Date and Time Source: https://github.com/sullo/nikto/wiki/Standard-Methods Returns the current system time formatted as YYYY-mm-dd hh:mm:ss. ```perl string date_disp(); ``` -------------------------------- ### Build and Run Nikto Docker Container Source: https://github.com/sullo/nikto/blob/main/README.md Build a Docker image from the Nikto Dockerfile and run it. This method is useful for consistent environments. ```bash git clone https://github.com/sullo/nikto.git cd nikto docker build -t sullo/nikto . # Call it without arguments to display the full help docker run --rm sullo/nikto # Basic usage docker run --rm sullo/nikto -h http://www.example.com ``` -------------------------------- ### Use Nikto Proxy via Command Line Source: https://github.com/sullo/nikto/wiki/Using-a-Proxy Specify the HTTP(S) proxy directly as an argument to the -useproxy option on the command line. This method allows for dynamic proxy configuration without modifying the nikto.conf file. ```bash ./nikto.pl -h localhost -useproxy http://localhost:8080/ ``` -------------------------------- ### Get URI Extension Source: https://github.com/sullo/nikto/wiki/Standard-Methods Attempts to extract the file extension from a given URI. Returns special cases like DIRECTORY, DOTFILE, or NONE if no extension is found. ```perl string get_ext(uri); string uri ``` -------------------------------- ### Nikto CLI Configuration Parameters Source: https://github.com/sullo/nikto/wiki/Annotated-Option-List A reference for the command-line arguments used to configure scan behavior, target settings, and database loading in Nikto. ```APIDOC ## Nikto CLI Configuration ### Description This section details the command-line flags used to control the Nikto scanning engine, including tuning scan types, setting timeouts, and defining target hosts. ### Parameters - **-Tuning** (string) - Optional - Scan tuning options: 1 (Interesting File), 2 (Misconfiguration), 3 (Information Disclosure), 4 (Injection), 5 (Remote File Retrieval - Web Root), 6 (DoS), 7 (Remote File Retrieval - Server Wide), 8 (Command Execution), 9 (SQL Injection), 0 (File Upload), a (Auth Bypass), b (Software ID), c (Remote Source Inclusion), d (WebService), e (Admin Console), x (Reverse Tuning). - **-timeout** (integer) - Optional - Timeout for requests in seconds (default 10). - **-Userdbs** (string) - Optional - Load user databases: 'all' (disable standard, load user), 'tests' (disable db_tests, load udb_tests). - **-useragent** (string) - Optional - Override default random user agents. - **-url** (string) - Optional - Target host/URL (alias of -host). - **-useproxy** (string) - Optional - Use proxy defined in nikto.conf or provided as http://server:port. - **-Version** (flag) - Optional - Print plugin and database versions. - **-vhost** (string) - Optional - Virtual host for the Host header. ``` -------------------------------- ### Define Nikto Test Fields Source: https://github.com/sullo/nikto/wiki/Test-Identifiers Example of setting URI, message, HTTP method, and references for a user-defined test in Nikto code. The 'message' field is required for saving test output in reports. ```perl $TESTS{999999}{uri}="/~root"; $TESTS{999999}{message}="Enumeration of users is possible by requesting ~username"; $TESTS{999999}{method}="GET"; $TESTS{999999}{references}="CVE-2023-1234"; ``` -------------------------------- ### Run Plugins with Custom Output and Dictionary Source: https://github.com/sullo/nikto/wiki/Selecting-Plugins Combine multiple plugins, including a report plugin, and specify a custom dictionary file for scanning. ```bash nikto.pl -host targets.txt -Plugins "apacheusers(enumerate,dictionary:users.txt);report_xml" -output apacheusers.xml ``` -------------------------------- ### Nikto Command-Line Options Source: https://github.com/sullo/nikto/blob/main/README.md A comprehensive list of command-line options for the Nikto web server scanner. ```APIDOC ## Nikto Command-Line Options ### Description These are the available command-line options for the Nikto web server scanner. ### Parameters #### Command-Line Options - **-Platform+** (string) - Platform of target (nix, win, all) - **-Plugins+** (list) - List of plugins to run (default: ALL) - **-port+** (integer) - Port to use (default 80) - **-RSAcert+** (file) - Client certificate file - **-root+** (string) - Prepend root value to all requests, format is /directory - **-Save** (directory) - Save positive responses to this directory ('.' for auto-name) - **-ssl** (boolean) - Force ssl mode on port - **-Tuning+** (integer) - Scan tuning options (1-9, 0, a-e, x) - **-timeout+** (integer) - Timeout for requests (default 10 seconds) - **-Userdbs** (string) - Load only user databases (all, tests) - **-useragent** (string) - Force User-Agent instead of pulling from database - **-url+** (string) - Target host/URL (alias of -host) - **-useproxy** (string) - Use the proxy defined in nikto.conf, or argument http://server:port - **-Version** (boolean) - Print plugin and database versions - **-vhost+** (string) - Virtual host (for Host header) - **-404code** (string) - Ignore these HTTP codes as negative responses (e.g., "302,301") - **-404string** (string) - Ignore this string in response body content as negative response (can be a regular expression) *Note: '+' indicates that the option requires a value.* ``` -------------------------------- ### Run Nikto via Docker Source: https://context7.com/sullo/nikto/llms.txt Utilize Docker containers for isolated scanning environments or build the tool from source. ```bash # Pull the latest Nikto image docker pull ghcr.io/sullo/nikto:latest # Display help docker run --rm sullo/nikto # Basic scan docker run --rm sullo/nikto -h http://www.example.com # Save report to local directory (mount /tmp as volume) docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json # Build from source git clone https://github.com/sullo/nikto.git cd nikto docker build -t sullo/nikto . docker run --rm sullo/nikto -h http://target.com ``` -------------------------------- ### Nikto Plugin: cgi Source: https://github.com/sullo/nikto/wiki/Plugin-list Enumerates potential CGI directories. ```APIDOC ## Plugin: cgi ### Description CGI - Enumerates possible CGI directories. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Configure Directory Paths Source: https://github.com/sullo/nikto/wiki/Config-Variables Defines the base directories for Nikto components. ```text EXECDIR=. PLUGINDIR=EXECDIR/plugins TEMPLATEDIR=EXECDIR/templates DBDIR=EXECDIR/databases DOCDIR=EXECDIR/docs ``` -------------------------------- ### Initialize Plugin Database Source: https://github.com/sullo/nikto/wiki/Standard-Methods Initializes a database file located in PLUGINDIR and returns an array reference. Each element in the array is a hash reference configured by the first line of the database file. ```perl arrayref init_db(dbname); string dbname ``` -------------------------------- ### Configure Proxy Settings Source: https://context7.com/sullo/nikto/llms.txt Route traffic through a proxy by defining settings in the configuration file or via command line arguments. ```bash # Use proxy defined in nikto.conf perl nikto.pl -h localhost -p 80 -useproxy # Specify proxy on command line perl nikto.pl -h localhost -useproxy http://localhost:8080/ # Configure proxy in nikto.conf: # PROXYHOST=127.0.0.1 # PROXYPORT=8080 # PROXYUSER=proxyuserid # PROXYPASS=proxypassword ``` -------------------------------- ### Nikto Plugin Initialization Subroutine Source: https://github.com/sullo/nikto/wiki/Initialization-Phase This Perl subroutine is mandatory for Nikto plugins and is responsible for initializing plugin-specific data. It must return a hash reference containing essential plugin metadata. ```perl sub nikto_auth_init { my $id = { name => 'auth', full_name => 'Guess authentication', author => 'Sullo/Deity', description => 'Attempt to guess authentication realms', hooks => { start => { method => \"&nikto_auth_load", weight => 1, }, postfetch => { method => \"&nikto_auth", weight => 19, cond => '$result->{whisker}->{code} eq 401', }, prefetch => { ``` -------------------------------- ### Configure IPv6 Connectivity Check Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets the host and port for verifying IPv6 connectivity. ```text CHECK6HOST=ipv6.google.com CHECK6PORT=443 ``` -------------------------------- ### Enable verbose and debug output in Nikto Source: https://github.com/sullo/nikto/wiki/Verbosity-Debug-Output Use the -Display parameter with 'd' and 'v' flags to output detailed request information. ```bash -D dv ``` -------------------------------- ### Nikto Database Integrity Check Source: https://context7.com/sullo/nikto/llms.txt Verify the syntax of Nikto's test databases and configuration files. Use these commands to ensure your configuration is valid. ```bash # Check all databases for syntax errors perl nikto.pl -dbcheck ``` ```bash # List all plugins and their options perl nikto.pl -list-plugins ``` ```bash # Print version information perl nikto.pl -Version ``` ```bash # Check IPv6 connectivity perl nikto.pl -check6 ``` -------------------------------- ### Authentication and Custom Headers Source: https://context7.com/sullo/nikto/llms.txt Use these commands to scan protected resources or inject custom headers into requests. ```bash # Basic authentication (id:password) perl nikto.pl -h 192.168.0.1 -id admin:password123 # Basic authentication with realm perl nikto.pl -h 192.168.0.1 -id admin:password123:SecureRealm # Add custom header to all requests perl nikto.pl -h 192.168.0.1 -Add-header "X-Custom-Header: value" # Add multiple custom headers perl nikto.pl -h 192.168.0.1 -Add-header "Authorization: Bearer token123" -Add-header "X-API-Key: mykey" # Use client certificate for SSL perl nikto.pl -h 192.168.0.1 -ssl -RSAcert client.crt -key client.key # Set custom User-Agent perl nikto.pl -h 192.168.0.1 -useragent "Mozilla/5.0 Custom Scanner" ``` -------------------------------- ### Scan Host Using Full URL Syntax Source: https://github.com/sullo/nikto/wiki/Basic-Testing Targets a host using a full URL, automatically detecting protocol and port. ```bash perl nikto.pl -h https://192.168.0.1:443/ ``` -------------------------------- ### Nikto Prepend Root Directory Source: https://context7.com/sullo/nikto/llms.txt Configure Nikto to prepend a root directory to all requests. This is useful for scanning specific web applications within a larger server. ```bash # Prepend root directory to all requests perl nikto.pl -h 192.168.0.1 -root /webapp ``` -------------------------------- ### Configure Proxy Settings Source: https://github.com/sullo/nikto/wiki/Config-Variables Defines proxy server connection details. ```text PROXYHOST= PROXYPORT= PROXYUSER= PROXYPASS= ``` -------------------------------- ### Configure Version API Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets the URL endpoint for checking Nikto version updates. ```text VERSION_API=https://nikto.cirt.net/products.json ``` -------------------------------- ### Run Plugin with Debugging and Verbose Output Source: https://github.com/sullo/nikto/wiki/Selecting-Plugins Execute the 'apache_expect_xss' plugin with 'verbose' and 'debug' parameters for detailed output, useful for specific vulnerability checks. ```bash nikto.pl -host target.txt -Plugins "apache_expect_xss(verbose,debug)" ``` -------------------------------- ### Nikto SQL Database Configuration Source: https://context7.com/sullo/nikto/llms.txt Configure Nikto to write results directly to MySQL/MariaDB or PostgreSQL databases. Set database connection details and credentials. ```bash # Configure in nikto.conf: # DB_TYPE=mysql # DB_HOST=localhost # DB_PORT=3306 # DB_NAME=nikto # DB_TABLE=nikto_table # Set credentials via environment variables export NIKTO_DB_USER=nikto_user export NIKTO_DB_PASS=secure_password # Run scan with direct SQL output perl nikto.pl -h 192.168.0.1 -Format sqld -o . ``` -------------------------------- ### Nikto Plugin: sitefiles Source: https://github.com/sullo/nikto/wiki/Plugin-list Searches for interesting files based on the site's IP or name. ```APIDOC ## Plugin: sitefiles ### Description Site Files - Look for interesting files based on the site's IP/name ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: parked Source: https://github.com/sullo/nikto/wiki/Plugin-list Detects if the host is parked at a registrar or ad location. ```APIDOC ## Plugin: parked ### Description Parked Detection - Checks to see whether the host is parked at a registrar or ad location. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: negotiate Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks the mod_negotiation MultiViews functionality. ```APIDOC ## Plugin: negotiate ### Description Negotiate - Checks the mod_negotiation MultiViews. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Configure Nikto User-Agent Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets a fixed User-Agent string for requests, overriding the default random selection. Supports dynamic variables like @VERSION, @EVASIONS, and @TESTID. ```text USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID) ``` -------------------------------- ### Nikto Plugin: tests Source: https://github.com/sullo/nikto/wiki/Plugin-list Runs standard Nikto tests against the host. ```APIDOC ## Plugin: tests ### Description Nikto Tests - Test host with the standard Nikto tests ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters #### Query Parameters - **tids** (string) - Optional - A range of test IDs that will only be run. - **report** (integer) - Optional - Report a status after the passed number of tests. - **passfiles** (boolean) - Optional - Flag to indicate whether to check for common password files. - **all** (boolean) - Optional - Flag to indicate whether to check all files with all directories. ### Request Example N/A ### Response N/A ``` -------------------------------- ### Scan Multiple Hosts from File Source: https://github.com/sullo/nikto/wiki/Basic-Testing Targets multiple hosts specified in a text file. Each line should contain a host and optionally its port(s), separated by colons or commas. Port 80 is assumed if not specified. ```text 192.168.0.1:80 http://192.168.0.1:8080/ 192.168.0.3 ``` -------------------------------- ### Configure HTTP Methods Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets the HTTP method used to identify web servers. ```text CHECKMETHODS=GET ``` -------------------------------- ### DSL Test Matchers Source: https://context7.com/sullo/nikto/llms.txt Syntax for matching HTTP responses within the Nikto test database. ```bash # DSL Matcher Syntax in db_tests: # BODY:string - Match string in response body ``` -------------------------------- ### Nikto Plugin: robots Source: https://github.com/sullo/nikto/wiki/Plugin-list Analyzes the robots.txt file for paths and checks its entries. ```APIDOC ## Plugin: robots ### Description Robots - Checks whether there's anything within the robots.txt file and analyses it for other paths to pass to other scripts. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters #### Query Parameters - **nocheck** (boolean) - Optional - Flag to disable checking entries in the robots file. ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: httpoptions Source: https://github.com/sullo/nikto/wiki/Plugin-list Performs checks against HTTP OPTIONS responses. ```APIDOC ## Plugin: httpoptions ### Description HTTP Options - Performs a variety of checks against the HTTP options returned from the server. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Perform Basic Security Scans Source: https://context7.com/sullo/nikto/llms.txt Execute security scans against target web servers using various host, port, and protocol configurations. ```bash # Basic scan on default port 80 perl nikto.pl -h 192.168.0.1 # Scan a specific port perl nikto.pl -h 192.168.0.1 -p 443 # Scan with SSL/TLS enabled perl nikto.pl -h 192.168.0.1 -p 443 -ssl # Scan using full URL syntax perl nikto.pl -h https://192.168.0.1:443/ # Scan multiple ports in one session perl nikto.pl -h 192.168.0.1 -p 80,88,443 # Scan with a maximum time limit (1 hour) perl nikto.pl -h 192.168.0.1 -maxtime 1h ``` -------------------------------- ### Saving and Replaying Requests Source: https://context7.com/sullo/nikto/llms.txt Save scan findings for evidence and use the replay utility to re-execute specific requests. ```bash # Save findings to a directory perl nikto.pl -h 192.168.0.1 -Save ./findings # Auto-generate save directory name perl nikto.pl -h 192.168.0.1 -Save . # Creates: savedir_HOST_PORT_DATETIME/ # Replay a saved request perl utils/replay.pl -file findings/hostname_80_20240101_000001.txt # Replay through a proxy (e.g., Burp Suite) perl utils/replay.pl -file findings/saved_test.txt -proxy localhost:8080 ``` -------------------------------- ### Nikto Plugin: outdated Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks if the web server is running the latest version. ```APIDOC ## Plugin: outdated ### Description Outdated - Checks to see whether the web server is the latest version. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Scan Host with SSL/TLS Enabled Source: https://github.com/sullo/nikto/wiki/Basic-Testing Enables SSL/TLS scanning for a host, useful for servers that require encryption. Use the -s or -ssl option. ```bash perl nikto.pl -h 192.168.0.1 -p 443 -ssl ``` -------------------------------- ### Configure Update Reporting Source: https://github.com/sullo/nikto/wiki/Config-Variables Controls whether Nikto sends server information back to cirt.net. ```text UPDATES=yes ``` ```text UPDATES=no ``` ```text UPDATES=auto ``` -------------------------------- ### Nikto Plugin: report_sqlg Source: https://github.com/sullo/nikto/wiki/Plugin-list Generates SQL insert statements for a generic database. ```APIDOC ## Plugin: report_sqlg ### Description Generic SQL reports - Produces SQL inserts into a generic database. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: paths Source: https://github.com/sullo/nikto/wiki/Plugin-list Examines link paths to assist in variable population. ```APIDOC ## Plugin: paths ### Description Path Search - Look at link paths to help populate variables ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Disable 404 Guessing Source: https://context7.com/sullo/nikto/llms.txt Configure advanced scanning behavior including 404 handling. Disable 404 guessing to prevent Nikto from treating non-existent pages as valid. ```bash # Disable 404 guessing perl nikto.pl -h 192.168.0.1 -no404 ``` -------------------------------- ### Virtual Host Testing Source: https://context7.com/sullo/nikto/llms.txt Specify a virtual host header to test servers behind load balancers or multi-homed environments. ```bash # Scan IP but use virtual host header perl nikto.pl -h 192.168.0.1 -vhost www.example.com # Useful for testing servers behind load balancers perl nikto.pl -h 10.0.0.1 -p 443 -ssl -vhost secure.example.com ``` -------------------------------- ### Configure Max Warnings Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets the threshold for MOVED response warnings. ```text MAX_WARN=20 ``` -------------------------------- ### Nikto Plugin: ms10_070 Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks for vulnerability to MS10-070. ```APIDOC ## Plugin: ms10_070 ### Description Determine if a site is vulnerable to [MS10-070](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070) ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: shellshock Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks for the 'shellshock' vulnerability in Bash. ```APIDOC ## Plugin: shellshock ### Description shellshock - Look for the bash 'shellshock' vulnerability. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters #### Query Parameters - **uri** (string) - Required - The URI to assess for the vulnerability. ### Request Example N/A ### Response N/A ``` -------------------------------- ### Configure SSL Engine Source: https://github.com/sullo/nikto/wiki/Config-Variables Forces LibWhisker to use a specific SSL library. ```text LW_SSL_ENGINE=auto ``` ```text LW_SSL_ENGINE=SSL ``` ```text LW_SSL_ENGINE=SSLeay ``` -------------------------------- ### Scan Single Host on Multiple Ports Source: https://github.com/sullo/nikto/wiki/Basic-Testing Scans a host on a comma-delimited list or range of ports. Use the -p or -port option. ```bash perl nikto.pl -h 192.168.0.1 -p 80,88,443 ``` -------------------------------- ### Nikto Follow Redirects Source: https://context7.com/sullo/nikto/llms.txt Configure advanced scanning behavior to follow 3xx redirects. This ensures Nikto scans pages that are linked via redirection. ```bash # Follow 3xx redirects perl nikto.pl -h 192.168.0.1 -followredirects ``` -------------------------------- ### Scan Single Host on Default Port Source: https://github.com/sullo/nikto/wiki/Basic-Testing Scans the specified IP address on the default port 80. Use the -h or -host option. ```bash perl nikto.pl -h 192.168.0.1 ``` -------------------------------- ### Multiple Host Scanning Source: https://context7.com/sullo/nikto/llms.txt Scan multiple targets by providing a file containing hostnames or IP addresses. ```bash # Create hosts file (hosts.txt): # 192.168.0.1:80 # http://192.168.0.2:8080/ # 192.168.0.3 # Scan all hosts in file perl nikto.pl -h hosts.txt # Scan with output per host perl nikto.pl -h hosts.txt -o . -Format json ``` -------------------------------- ### Configure Default HTTP Version Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets the default HTTP protocol version for requests. ```text DEFAULTHTTPVER=1.1 ``` -------------------------------- ### Nikto Plugin: auth Source: https://github.com/sullo/nikto/wiki/Plugin-list Attempts to guess authentication realms. ```APIDOC ## Plugin: auth ### Description Guess authentication - Attempt to guess authentication realms ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Configure DTD Path Source: https://github.com/sullo/nikto/wiki/Config-Variables Specifies the location of the DTD file for XML output, relative to the Nikto execution directory if not absolute. ```text NIKTODTD=docs/nikto.dtd ``` -------------------------------- ### Nikto Plugin: apache_expect_xss Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks for Cross-Site Scripting (XSS) vulnerabilities via the Expect HTTP header. ```APIDOC ## Plugin: apache_expect_xss ### Description Apache Expect XSS - Checks whether the web servers has a cross-site scripting vulnerability through the Expect: HTTP header ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: favicon Source: https://github.com/sullo/nikto/wiki/Plugin-list Compares the web server's favicon against a database of known favicons. ```APIDOC ## Plugin: favicon ### Description Favicon - Checks the web server's favicon against known favicons. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto DSL Matchers Source: https://github.com/sullo/nikto/blob/main/README.md Explanation of the mini-DSL used by Nikto for matching responses. ```APIDOC ## Nikto DSL Matchers ### Description Nikto's test database supports a mini-DSL for matching responses. The following matchers are supported: ### Matchers - `BODY:` and `!BODY:` — Match or exclude content in the response body. - `HEADER:` and `!HEADER:` — Match or exclude content in HTTP headers. - `COOKIE:` and `!COOKIE:` — Match or exclude content in HTTP cookies. - `CODE:` and `!CODE:` — Match or exclude HTTP status codes. ### Usage Multiple matchers can be combined with `&&` (AND). ### Example ``` BODY:login&&!BODY:logout&&HEADER:X-Powered-By&&COOKIE:sessionid ``` This will match if the response body contains "login", does not contain "logout", the headers include "X-Powered-By", and a cookie named "sessionid" is present. ``` -------------------------------- ### Retrieve Web Server Banner Source: https://github.com/sullo/nikto/wiki/Standard-Methods Fetches the web server's banner information. This is automatically done for all targets before plugins process a mark. ```perl string get_banner(mark); hashref mark ``` -------------------------------- ### Nikto Plugin: multiple_index Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks for the presence of multiple index files. ```APIDOC ## Plugin: multiple_index ### Description Multiple Index - Checks for multiple index files ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Configure Prompts Source: https://github.com/sullo/nikto/wiki/Config-Variables Disables interactive prompts when set to 'no'. ```text PROMPTS= ``` -------------------------------- ### Nikto Plugin: apacheusers Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks for the ability to enumerate usernames from the web server. ```APIDOC ## Plugin: apacheusers ### Description Apache Users - Checks whether we can enumerate usernames directly from the web server ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters #### Query Parameters - **enumerate** (boolean) - Optional - Flag to indicate whether to attempt to enumerate users. - **cgiwrap** (string) - Optional - User cgi-bin/cgiwrap to enumerate. - **dictionary** (string) - Optional - Filename for a dictionary file of users. - **size** (integer) - Optional - Maximum size of username if bruteforcing. - **home** (string) - Optional - Look for ~user to enumerate. ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Pause Between Requests Source: https://context7.com/sullo/nikto/llms.txt Configure advanced scanning behavior including rate limiting. Pause between requests to avoid overwhelming the server. ```bash # Pause between requests (rate limiting) perl nikto.pl -h 192.168.0.1 -Pause 2 ``` -------------------------------- ### Nikto Plugin: msgs Source: https://github.com/sullo/nikto/wiki/Plugin-list Checks the server version against known issues. ```APIDOC ## Plugin: msgs ### Description Server Messages - Checks the server version against known issues. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Scan Database Test Entry Source: https://github.com/sullo/nikto/wiki/Scan-Database-Syntax A sample row from the db_tests CSV file demonstrating the required field structure. ```csv "000120","https://example.com/ref","2","/manual/","GET","CODE:200","Web server manual","","" ``` -------------------------------- ### Perform specific Nikto tests Source: https://github.com/sullo/nikto/wiki/Scan-Tuning Execute only the specified test types against a target host. ```bash perl nikto.pl -h 192.168.0.1 -T 58 ``` -------------------------------- ### Nikto Plugin: dictionary_attack Source: https://github.com/sullo/nikto/wiki/Plugin-list Attempts a dictionary attack to find common directories and files. ```APIDOC ## Plugin: dictionary_attack ### Description Dictionary attack - Attempts to dictionary attack commonly known directories/files ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters #### Query Parameters - **method** (string) - Required - The method to use for enumeration. - **dictionary** (string) - Required - The dictionary file containing paths to look for. ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Plugin: report_html Source: https://github.com/sullo/nikto/wiki/Plugin-list Generates a report in HyperText Markup Language (HTML) format. ```APIDOC ## Plugin: report_html ### Description Report as HTML - Produces an HTML report. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto Authentication Configuration Source: https://github.com/sullo/nikto/wiki/Initialization-Phase Defines the authentication method and weight for Nikto scans. Ensure Nikto is properly configured for authentication before running scans. ```Perl method => &nikto_auth_pre, weight => 19, ``` -------------------------------- ### Define postfetch hook method Source: https://github.com/sullo/nikto/wiki/Postfetch-hook The postfetch_method signature requires four hashref arguments representing the mark, parameters, request, and result objects. ```perl postfetch_method(mark, parameters, request, result); hashref mark hashref parameters hashref request hashref result ``` -------------------------------- ### Report Head Hook Source: https://github.com/sullo/nikto/wiki/Reporting-Phase Called after target acquisition to initialize the report and write headers. ```text handle report_head(filename); string filename ``` -------------------------------- ### Configure CIRT Hostname Source: https://github.com/sullo/nikto/wiki/Config-Variables Sets the hostname used for database updates and version reporting. ```text CIRT=cirt.net ``` -------------------------------- ### Configure RFI URL Source: https://github.com/sullo/nikto/wiki/Config-Variables Defines the URL for remote file inclusion testing. ```text RFIURL=https://cirt.net/public/rfiinc.txt ``` -------------------------------- ### Nikto Plugin: report_text Source: https://github.com/sullo/nikto/wiki/Plugin-list Generates a report in plain text format. ```APIDOC ## Plugin: report_text ### Description Text reports - Produces a text report. ### Method N/A (This is a plugin description, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ``` -------------------------------- ### Nikto CGI Directory Scanning Source: https://context7.com/sullo/nikto/llms.txt Scan for CGI directories and common CGI vulnerabilities. Specify which CGI directories to scan or disable scanning. ```bash # Scan all known CGI directories perl nikto.pl -h 192.168.0.1 -Cgidirs all ``` ```bash # Scan specific CGI directories perl nikto.pl -h 192.168.0.1 -Cgidirs "/cgi/ /cgi-bin/ /scripts/" ``` ```bash # Disable CGI scanning perl nikto.pl -h 192.168.0.1 -Cgidirs none ``` -------------------------------- ### Prefetch Hook Function Signature Source: https://github.com/sullo/nikto/wiki/Prefetch-hook This snippet shows the function signature for the prefetch hook, detailing the arguments it accepts. ```APIDOC ## Prefetch Hook ### Description The prefetch hook is executed before any request is made to the target. It is designed to allow the plugin to alter the libwhisker hash before the request. In normal execution, the prefetch hook should not report vulnerabilities. ### Function Signature ```c prefetch_method(mark, parameters, request, result); ``` ### Parameters - **mark** (hashref) - A reference to a hash containing mark information. - **parameters** (hashref) - A reference to a hash containing plugin parameters. - **request** (hashref) - A reference to a hash representing the request object. - **result** (hashref) - A reference to a hash where results can be stored. ```