-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Scan Database Field Values
sullo edited this page Feb 3, 2026
·
4 revisions
Though some checks can be found in other plugins, the db_tests contains the bulk of the web tests. Here is a description of the fields:
| Field | Description |
|---|---|
| ID | Unique test identifier (e.g., "000120") |
| References | CVE IDs, URLs, or other references (replaces old OSVDB-ID field) |
| Tuning | Tuning category (see Scan-Tuning.md for values: 0-9, a-e, x) |
| URI | URI to retrieve (supports variable expansion like @CGIDIRS, @LFI(), etc.) |
| Method | HTTP method to use (GET, POST, etc.) |
| DSL | Domain-Specific Language matcher for response matching (replaces old Match/Fail fields) |
| Message | Summary message to report for successful test |
| Data | HTTP data to be sent during POST tests (optional) |
| Headers | Additional headers to send during test (optional) |
Note: The database format has been updated to use a DSL (Domain-Specific Language) for matching responses instead of separate Match/Fail fields found in older Nikto releases. See Scan-Database-Syntax.md and DSL Guide for details.
**Documentation © 2012 ** - https://cirt.net/