#########################################################################################################
# CONFIG STUFF
# $Id: config.txt 94 2009-01-21 22:47:25Z deity $
#########################################################################################################
# This is the default config file. If you want to change it, we strongly suggest you copy it to nikto.conf
# This will top it being over-ridden when you git pull

# default command line options, can't be an option that requires a value.  used for ALL runs.
# CLIOPTS=-g -a

# ports never to scan
SKIPPORTS=21 111

# User-Agent variables:
 # @VERSION 	- Nikto version
 # @TESTID 	- Test identifier
 # @EVASIONS 	- List of active evasions
 # Example: USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)
USERAGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?>
# You may use the one below, if you like.
#RFIURL=http://cirt.net/public/rfiinc.txt

# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=

# The DTD
NIKTODTD=docs/nikto.dtd

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.1

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;)  *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes  	- ask before each submission if it should send
# UPDATES=no   	- don't ask, don't send
# UPDATES=auto 	- automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=20

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

# cirt.net : set the IP so that updates can work without name resolution -- just in case
CIRT=107.170.99.251

# Proxy settings -- still must be enabled by -useproxy
#PROXYHOST=127.0.0.1
#PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword

# Cookies: send cookies with all requests
# Multiple can be set by separating with a semi-colon, e.g.:
# "cookie1=cookie value";"cookie2=cookie val" 
#STATIC-COOKIE="name=value";"something=nothing";

# The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server 
# is running. Some web servers, such as the autopsy web server do not implement the HEAD method
CHECKMETHODS=GET

# If you want to specify the location of any of the files, specify them here
EXECDIR=/usr/share/nikto                    # Location of Nikto
PLUGINDIR=/usr/share/nikto/plugins          # Location of plugin dir
# DBDIR=/opt/nikto/databases            # Location of database dir
TEMPLATEDIR=/usr/share/nikto/templates      # Location of template dir
DOCDIR=/usr/share/nikto/docs                # Location of docs dir

# Default plugin macros
# Remove plugins designed to be run standalone
@@EXTRAS=dictionary;siebel;embedded
@@DEFAULT=@@ALL;-@@EXTRAS;tests(report:500)

# Choose SSL libs: 
# SSLeay        - use Net::SSLeay 
# SSL           - use Net::SSL 
# auto          - automatically choose what's available 
#                 (SSLeay wins if both are available) 
LW_SSL_ENGINE=auto

# Number of failures before giving up
# Set to 0 to disable entirely
FAILURES=20

# Accessible IPv6 host for -check6 flag only
CHECK6HOST=ipv6.google.com
CHECK6PORT=443

