-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Data Structures
The below data structures are used to communicate between the various plugin methods. Unless otherwise mentioned, they are all standard perl hash references with the detailed members.
The mark hash contains all information about a target. It contains the below members. It should be read-only.
Members of the Mark structure
| Key | Description |
|---|---|
| ident | Host identifier, usually equivalent to what was passed on the command line. |
| hostname | Host name of the target. |
| ip | IP address of the target. |
| port | TCP port of the target. |
| display_name | Either the hostname, or the IP address of the target, dependant on whether a hostname has been discovered. |
| ssl | Flag to indicate whether the target runs over SSL. If it is set to 0, then the plugin should not use SSL. Any other value indicates SSL should be used. |
| vhost | Virtual hostname to use for the target. |
| root | Root URI to use for the target. |
| banner | Banner of the target's web server. |
The parameters hash contains all parameters that are passed directly to a plugin through one of the hooks.
The hash has a key of the parameter name and a value of the passed parameter. Implementation and sanity checking of the values is left up to the plugin.
If a parameter has not been set, it will not be in the hash. If it has been set to an undefined value, it will be set to the number 1 in the hash.
Some parameters, such as verbose and debug will be automatically
handled by the Nikto, though the parameters will still be included in
the hash.
The vulnerability hash contains all information about a vulnerability.
It contains the below members. It should be read-only and should only be
written using the add_vulnerability method.
Members of the Vulnerability structure*
| Key | Description |
|---|---|
| mark | Hash ref to a mark data structure. |
| message | Message for the vulnerability. |
| nikto_id | Test ID (tid) of the vulnerability, this should be a unique number which'll identify the vulnerability. |
| references | References to the vulnerability (CVE IDs, URLs, etc.). This may be empty if references are not relevant or don't exist. |
| method | HTTP method used to find the vulnerability. |
| uri | URI for the result. |
| result | Any HTTP data, excluding headers. |
**Documentation © 2012 ** - https://cirt.net/