A mutation will cause Nikto to combine tests or attempt to guess values. These techniques may cause a tremendous amount of tests to be launched against the target. Use the reference number to specify the type, multiple may be combined.

1.

Test all files with all root directories. This takes each test and splits it into a list of files and directories. A scan list is then created by combining each file with each directory.
2.

Guess for password file names. Takes a list of common password file names (such as “passwd”, “pass”, “password”) and file extensions (“txt”, “pwd”, “bak”, etc.) and builds a list of files to check for.
3.

Enumerate user names via Apache (/~user type requests). Exploit a misconfiguration with Apache UserDir setups which allows valid user names to be discovered. This will attempt to brute-force guess user names. A file of known users can also be supplied by supplying the file name in the -mutate-options parameter.
4.

Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests). Exploit a flaw in cgiwrap which allows valid user names to be discovered. This will attempt to brute-force guess user names. A file of known users can also be supplied by supplying the file name in the -mutate-options parameter.
5.

Attempt to brute force sub-domain names. This will attempt to brute force know domain names, it will assume the given host (without a www) is the parent domain.
6.

Attempt to brute directory names. This is the only mutate option that requires a file to be passed in the -mutate-options parameter. It will use the given file to attempt to guess directory names. Lists of common directories may be found in the OWASP DirBuster project.