Nikto Plugin Management

Learn how to manage, configure, and customize Nikto plugins for effective web server scanning

Nikto's plugin architecture is one of its most powerful features, allowing for extensible and customizable scanning capabilities. This guide covers how to effectively manage, configure, and customize Nikto plugins.

Understanding Nikto Plugins

Nikto plugins are specialized modules that perform specific types of checks against web servers. Each plugin focuses on a particular aspect of security testing, such as:

  • Common vulnerabilities and exposures (CVEs)
  • Misconfigurations
  • Default files and directories
  • Information disclosure
  • Authentication issues
  • And many more specialized tests

Plugin Structure

Nikto plugins are written in Perl and follow a specific structure:

# Plugin Name: example_plugin
# Description: Example plugin for demonstration

sub nikto_example_plugin_init {
    my $id = { 
        name        => "example_plugin",
        full_name   => "Example Plugin",
        author      => "Your Name",
        description => "This is an example plugin",
        version     => "1.0",
        hooks       => {
            scan => { method => \&scan, weight => 10 },
            start => { method => \&start, },
            postfetch => { method => \&postfetch, },
        },
    };
    return $id;
}

sub start {
    # Code executed when Nikto starts
}

sub scan {
    # Code executed during scanning
}

sub postfetch {
    # Code executed after a request is made
}

1;

Each plugin must have:

  • A unique name
  • An initialization function
  • At least one hook function

Managing Plugins

1
List Available Plugins

To see all available plugins in Nikto:

nikto -list-plugins

This command displays all plugins with their names and descriptions:

Plugin: apacheusers
   Apache users scan
Plugin: auth
   Checks for authentication configuration
Plugin: cgi
   CGI checks
Plugin: cookies
   Looks for cookie issues
...
2
Enable and Disable Plugins

Control which plugins are used during a scan:

Enable specific plugins:

nikto -h target.com -Plugins "apacheusers,headers,outdated"

Disable specific plugins:

nikto -h target.com -Plugins "!apacheusers,!headers"

Enable all plugins except specific ones:

nikto -h target.com -Plugins "@@DEFAULT,!headers,!outdated"

Note:

The @@DEFAULT keyword represents all default plugins. Use this when you want to enable most plugins but exclude a few.

3
Plugin Configuration

Many plugins have configurable options in the nikto.conf file:

# Sample nikto.conf plugin configuration

# Configure the outdated plugin
OUTDATED:WARN:1

# Configure the report_csv plugin
REPORT_CSV_SEPARATOR:,

# Configure the tests_ssl plugin
SSLCIPHERS:HIGH:MEDIUM:LOW

You can also pass configuration options via command line:

nikto -h target.com -config OUTDATED:WARN:0

Plugin Databases

Nikto plugins rely on databases that contain test patterns, signatures, and other information needed for scanning.

Database Structure

Nikto databases are text files with a specific format:

# Format: "ID","OSVDB","Server Type","URI","HTTP Method","Match String","Output","Threat Level"

"000001","0","","/.git/HEAD","GET","ref: refs/heads/","Git repository found at /.git/HEAD","2",""
"000002","0","","/.svn/entries","GET","dir\n","Subversion repository found at /.svn/entries","2",""
"000003","0","","/.hg/requires","GET","revlogv1","Mercurial repository found at /.hg/requires","2",""

Key database files include:

  • db_tests: Main database of tests
  • db_variables: Variables used in tests
  • db_headers: HTTP header tests
  • db_404_strings: Strings to identify 404 pages
  • db_outdated: Outdated software signatures

Advanced Plugin Usage

1
Plugin Tuning

Fine-tune which plugin tests are executed using the -Tuning option:

# Run only tests for file uploads and command execution
nikto -h target.com -Tuning 7

# Run all tests except error messages
nikto -h target.com -Tuning x+0123456789abc

Tuning options:

  • 0 - File Upload
  • 1 - Interesting File / Seen in logs
  • 2 - Misconfiguration / Default File
  • 3 - Information Disclosure
  • 4 - Injection (XSS/Script/HTML)
  • 5 - Remote File Retrieval
  • 6 - Denial of Service
  • 7 - Remote File Retrieval
  • 8 - Command Execution / Remote Shell
  • 9 - SQL Injection
  • a - Authentication Bypass
  • b - Software Identification
  • c - Remote Source Inclusion
  • x - Reverse Tuning Options (perform all except specified)
2
Plugin Debugging

Debug plugin execution with verbose output:

nikto -h target.com -Plugins apacheusers -Display V

For even more detailed debugging:

nikto -h target.com -Plugins apacheusers -Display 1234EP

Display options:

  • 1 - Show redirects
  • 2 - Show cookies received
  • 3 - Show all 200/OK responses
  • 4 - Show URLs which require authentication
  • D - Debug output
  • E - Display all HTTP errors
  • P - Print plugin and version details
  • V - Verbose output
3
Plugin Performance Optimization

Optimize plugin performance for large scans:

# Increase the number of concurrent hosts
nikto -h target.com -Plugins apacheusers,headers -Tuning 23 -maxhosts 10

# Adjust request timing
nikto -h target.com -Plugins apacheusers,headers -Tuning 23 -Sleep 1

Performance options:

  • -maxhosts: Maximum number of hosts to scan in parallel
  • -Sleep: Delay between requests (in seconds)
  • -Timeout: Connection timeout (in seconds)
  • -maxtime: Maximum scan time (in seconds)
  • -maxretry: Maximum number of retries

Creating Custom Plugins

Basic Custom Plugin

Create a simple custom plugin:

  1. Create a new file nikto_custom.plugin in the plugins directory:
# Plugin: custom
# Description: Custom plugin example

sub nikto_custom_init {
    my $id = {
        name        => "custom",
        full_name   => "Custom Plugin",
        author      => "Your Name",
        description => "A custom plugin for specific tests",
        version     => "1.0",
        hooks       => {
            scan => { method => \&scan, weight => 5 },
        },
    };
    return $id;
}

sub scan {
    my ($self, $mark, $parameters) = @_;
    my ($found, $requests, $responses) = (0, 0, 0);
    
    # Get the base URL
    my $target = $mark->{'root'} . "/custom-path.php";
    
    # Make the request
    my ($res, $content, $error, $request, $response) = nfetch($mark, $target, "GET", "", "", "", "custom plugin");
    $requests++;
    
    # Check the response
    if ($content =~ /sensitive information/i) {
        # Add a vulnerability
        add_vulnerability($mark, "Custom vulnerability found: $target", "999999", "custom", $target, $request, $response);
        $found++;
    }
    
    # Return statistics
    return ($found, $requests, $responses);
}

1;
  1. Use your custom plugin:
nikto -h target.com -Plugins custom

Best Practices for Plugin Management

1
Regular Updates
  • Update Nikto databases regularly with nikto -update
  • Check for new plugin versions
  • Follow security advisories for new web vulnerabilities
  • Consider automating updates in your security workflow
2
Plugin Selection
  • Use targeted plugin selection for specific testing scenarios
  • Avoid running unnecessary plugins to improve performance
  • Create custom plugin configurations for different testing scenarios
  • Document which plugins are used for specific testing requirements

Example plugin configurations:

# Quick scan configuration
nikto -h target.com -Plugins "@@DEFAULT,!outdated,!msgs"

# Thorough scan configuration
nikto -h target.com -Plugins "@@DEFAULT,report_xml"

# Custom scan configuration
nikto -h target.com -Plugins "headers,apacheusers,cgi,cookies,ssl"
3
Custom Plugin Development
  • Follow Nikto's plugin structure and coding standards
  • Document your custom plugins thoroughly
  • Use version control for plugin development
  • Test plugins in isolated environments before production use
  • Share useful plugins with the community
  • Maintain a repository of organization-specific plugins

Troubleshooting Plugin Issues

Common Plugin Issues

  1. Plugin Not Found

    • Verify the plugin exists in the plugins directory
    • Check plugin name spelling in the command
    • Ensure proper plugin directory path

  2. Plugin Not Running

    • Check if the plugin is disabled in configuration
    • Verify plugin compatibility with your Nikto version
    • Check for syntax errors in custom plugins

  3. Plugin Performance Issues

    • Too many plugins running simultaneously
    • Resource-intensive plugins slowing down scans
    • Network latency affecting plugin operation

  4. Database Issues

    • Corrupted or outdated databases
    • Missing database files
    • Incompatible database formats

Next Steps

Now that you understand Nikto plugin management, explore these related topics: