Existing Nikto Plug-ins

Nikto is an open-source web server scanner that performs comprehensive tests against web servers to identify potential vulnerabilities. Nikto supports a range of plug-ins that extend its functionality and enable users to customize its scans.

Here are some of the existing Nikto plug-ins:

Auth Brute: This plug-in performs brute-force attacks against web server authentication mechanisms to test for weak or easily guessable passwords.
Caching: This plug-in checks if the server is properly configured to handle caching, which can have implications for performance and security.
Cookie: This plug-in tests if the web server is properly handling cookies, which can be used to hijack user sessions.
SSL: This plug-in performs checks on the SSL/TLS implementation of the server to detect weak ciphers, certificate issues, and other potential security issues.
File Limit: This plug-in tests if the server has any file limits configured that can be exploited by attackers to exhaust system resources.
Injection: This plug-in checks for common injection vulnerabilities such as SQL injection, LDAP injection, and command injection.
Outdated: This plug-in scans for outdated software and known vulnerabilities in the web server and its components.
Proxy: This plug-in tests if the server is properly configured to handle proxy requests and if it’s vulnerable to proxy abuse.
Redirect: This plug-in checks if the server is vulnerable to HTTP response splitting attacks through improperly configured redirections.
Headers: This plug-in analyzes the headers returned by the server to detect any potential security issues such as cross-site scripting (XSS) or clickjacking vulnerabilities.

Overall, Nikto’s plug-ins enable users to customize their web server scans to detect a wide range of vulnerabilities and security issues.