切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
297 : Nikto2[复制链接]
发表于 2012-10-9 00:03:46 | 显示全部楼层 |!read_mode!
安装
  1. root@Dis9Team:/pen/web# apt-get install nikto
复制代码

结构
  1. root@Dis9Team:/pen/web# ls -l /usr/share/nikto/
  2. total 8
  3. drwxr-xr-x 2 root root 4096 2012-09-16 23:12  plugins  #插件
  4. drwxr-xr-x 2 root root 4096 2012-09-16 23:12 templates  #模板
  5. root@Dis9Team:/pen/web#
复制代码

帮助
  1. root@Dis9Team:/pen/web# nikto -h
  2. Option host requires an argument

  3.        -Cgidirs+           scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi-a/"
  4.        -dbcheck            check database and other key files for syntax errors (cannot be abbreviated)
  5.        -evasion+           ids evasion technique
  6.        -Format+            save file (-o) format
  7.        -host+              target host
  8.        -Help               Extended help information
  9.        -id+                host authentication to use, format is userid:password
  10.        -list-plugins       List all available plugins
  11.        -mutate+            Guess additional file names
  12.        -mutate-options+    Provide extra information for mutations
  13.        -output+            Write output to this file
  14.        -nocache            Disables the URI cache
  15.        -nossl              Disables using SSL
  16.        -no404              Disables 404 checks
  17.        -Plugins                   List of plugins to run (default ALL)
  18.        -port+              Port to use (default 80)
  19.        -Display+           Turn on/off display outputs
  20.        -ssl                Force ssl mode on port
  21.        -Single             Single request mode
  22.        -timeout+           Timeout (default 2 seconds)
  23.        -Tuning+            Scan tuning
  24.        -update             Update databases and plugins from cirt.net (cannot be abbreviated)
  25.        -Version            Print plugin and database versions
  26.        -vhost+             Virtual host (for Host header)
  27.    + requires a value
  28.    
  29. root@Dis9Team:/pen/web#
复制代码

默认扫描一个主机
  1. root@Dis9Team:/pen/web# nikto -h 5.5.5.8
  2. - Nikto v2.1.1
  3. ---------------------------------------------------------------------------
  4. + Target IP:          5.5.5.8
  5. + Target Hostname:    5.5.5.8
  6. + Target Port:        80
  7. + Start Time:         2012-09-17 23:15:55
  8. ---------------------------------------------------------------------------
  9. + Server: Apache/2.2.16 (Ubuntu)
  10. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  11. + /./: Appending '/./' to a directory allows indexing
  12. + /%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. http://www.securityfocus.com/bid/2513.
  13. + OSVDB-3233: /phpinfo.php: Contains PHP configuration information
  14. + OSVDB-119: /?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269.
  15. + OSVDB-119: /?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269.
  16. + OSVDB-3092: /info/: This might be interesting...
  17. + OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  18. + OSVDB-3093: /.htaccess: Contains authorization information
  19. + OSVDB-3268: /icons/: Directory indexing is enabled: /icons
  20. + OSVDB-3233: /icons/README: Apache default file found.
  21. + 3818 items checked: 11 item(s) reported on remote host
  22. + End Time:           2012-09-17 23:15:59 (4 seconds)
  23. ---------------------------------------------------------------------------
  24. + 1 host(s) tested
  25. root@Dis9Team:/pen/web#
复制代码

他都有漏洞编号,你可以GOOGLE一下
SSL
  1. root@Dis9Team:/pen/web# nikto -h google.com -p 443 -ssl
  2. - Nikto v2.1.1
  3. ---------------------------------------------------------------------------
  4. + Target IP:          74.125.128.138
  5. + Target Hostname:    google.com
  6. + Target Port:        443
  7. ---------------------------------------------------------------------------
  8. + SSL Info:        Ciphers: Unknown
  9.                    Info:    Unknown
  10.                    Subject: Unknown
  11. + Start Time:         2012-09-17 23:18:14
  12. ---------------------------------------------------------------------------
  13. + Server: gws
  14. - Root page / redirects to: http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1347862726568145&usg=AFQjCNHt0rii6Htef9R2fMEzxBv4hvyQcQ
复制代码

扫描一段IP
  1. root@Dis9Team:/pen/web# ping google.com
  2. PING google.com (74.125.128.113) 56(84) bytes of data.
  3. ^C^C64 bytes from 74.125.128.113: icmp_req=1 ttl=128 time=258 ms

  4. --- google.com ping statistics ---
  5. root@Dis9Team:/pen/web# nmap -p 80 74.125.128.0/24 -oG - | nikto -h -
  6. - Nikto v2.1.1
复制代码

Formatcsv – a comma-seperated list
htm – an HTML report
msf – log to Metasploit
txt – a text report
xml – an XML report
  1. root@Dis9Team:/pen/web# nikto -h 5.5.5.8 -p 80 -o 1.txt
复制代码

列出插件
  1. root@Dis9Team:/pen/web# nikto -list-plugins
  2. Plugin report_text
  3. Text reports - Produces a text report.
  4. Written by Deity, Copyright (C) 2008 CIRT Inc.

  5. Plugin report_xml
  6. Report as XML - Produces an XML report.
  7. Written by Sullo/Jabra, Copyright (C) 2008 CIRT Inc.

  8. Plugin httpoptions
  9. HTTP Options - Performs a variety of checks against the HTTP options returned from the server.
  10. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  11. Plugin subdomain
  12. Sub-domain forcer - Attempts to bruteforce commonly known sub-domains
  13. Written by Ryan Dewhurst, Copyright (C) 2009 Ryan Dewhurst

  14. Plugin report_html
  15. Report as HTML - Produces an HTML report.
  16. Written by Sullo/Jabra, Copyright (C) 2008 CIRT Inc.

  17. Plugin msgs
  18. Server Messages - Checks the server version against known issues.
  19. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  20. Plugin put_del_test
  21. Put/Delete test - Attempts to upload and delete files through the PUT and DELETE HTTP methods.
  22. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  23. Plugin outdated
  24. Outdated - Checks to see whether the web server is the latest version.
  25. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  26. Plugin apache_export_xss
  27. Apache Expect XSS - Checks whether the web servers has a cross-site scripting vulnerability through the Expect: HTTP header
  28. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  29. Plugin favicon
  30. Favicon - Checks the web server's favicon against known favicons.
  31. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  32. Plugin apacheusers
  33. Apache Users - Checks whether we can enumerate usernames directly from the web server
  34. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  35. Plugin cgi
  36. CGI - Enumerates possible CGI directories.
  37. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  38. Plugin embedded
  39. Embedded Detection - Checks to see whether the host is an embedded server.
  40. Written by Deity, Copyright (C) 2009 CIRT Inc.

  41. Plugin user_enum_apache
  42. Apache User Enumeration - Attempts to enumerate usernames by guessing usernames.
  43. Written by Javier Fernandez-Sanguinoi Pena, Copyright (C) 2008 CIRT Inc.

  44. Plugin headers
  45. HTTP Headers - Performs various checks against the headers returned from a HTTP request.
  46. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  47. Plugin Tests
  48. Nikto Tests - Test host with the standard Nikto tests
  49. Written by Sullo, Deity, Copyright (C) 2008 CIRT Inc.

  50. Plugin mutiple_index
  51. Multiple Index - Checks for multiple index files
  52. Written by deity, Copyright (C) 2009 CIRT Inc

  53. Plugin dictionary
  54. Dictionary attack - Attempts to dictionary attack commonly known directories/files
  55. Written by Deity, Copyright (C) 2009 CIRT Inc

  56. Plugin report_csv
  57. CSV reports - Produces a CSV report.
  58. Written by Deity, Copyright (C) 2008 CIRT Inc.

  59. Plugin mutate
  60. Mutate - Performs various extra independant checks that may not be needed for each scan.
  61. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  62. Plugin passfiles
  63. Password Files - Checks for any files that may potentially contain passwords.
  64. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  65. Plugin robots
  66. Robots - Checks whether there's anything within the robots.txt file and analyses it for other paths to pass to other scripts.
  67. Written by Sullo, Copyright (C) 2008 CIRT Inc.

  68. root@Dis9Team:/pen/web#
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 07:24

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部