Hi,

I've tried to find out more about nikto's mutate option (and exactly what it does), but I've been unable to get my hands on anything useful. I even tried it on one of my own servers running some CGI scripts and I didn't get any different results to a standard nikto scan. Here's what I've seen:

Taken from Cirt

Mutate mode to "go fishing" on web servers for odd items

##-----------------------------------------------------

Taken from the man page

-mutate
Mutate checks. This causes Nikto put all files with all directories from the .db files and
can the host. You might find some oddities this way. Note that it generates a lot of checks.
There are also some values you can pass to -mutate, like -mutate1 does something diferent to -mutate4, but I can't post up the help file right now because I don't have access to it. Could someone please tell me what it does, because I really have no clue...

Thanks,

-jk