Nikto’s Program Flow
At 200 lines of code the Nikto.pl file is relatively small. The following paragraphs briefly discuss what the program does on a macro level.
At the start of the program, you’ll notice a series
of global
variables. To avoid namespace collisions, plug-in developers
shouldn’t use these
variable names. Next,
load_configs( )
parses the configuration file
config.txt and initializes
%CONFIG
. Then the find_plugins( )
routine searches expected directories for the
plug-in file, and sets appropriate values in
%FILES
. The nikto_core
plug-in and LibWhisker are included with
the require
keyword, which makes all routines from
LW.pm and nikto_core.plugin
available to the rest of nikto.pl as well as to
its plug-ins. The general_config()
routine parses the command-line options and
sets %CLI
appropriately. Next,
LibWhisker’s http_init_request( )
initializes LibWhisker’s
%request
with default values.
The proxy_setup( )
function sets the
appropriate values in %request
, depending upon the
proxy settings in the configuration file. The open_output()
function opens a file handle for
writing program output, only if an output file was
specified on the command line. Next, set_targets( )
populates %TARGETS
with
the hostname or IP address of the target, along with specified ports.
The load_scan_items( )
function loads the
vulnerability checks found from
servers.db,
scan_database.db, and
user_scan_database.db (if the file exists) into
global arrays.
Finally, the main loop for the vulnerability ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.