首頁 » web

nikto (安全測試)

由 datahunter 在 三, 09/01/2008 - 21:17 發表

最後更新: 2022-12-07

介紹

nikto 是一個測驗網站安全程度的工具來

它可以找出

  • 3500 potentially dangerous files/CGIs
  • version specific problems on over 250 servers.

測試完後 , 它會有個 report 佈告可能潛藏的問題出來

主頁: http://www.cirt.net/code/nikto.shtml

目錄

  • V1
  • V2

V1

 

安裝

apt-get install nikto

用法

nikto -h datahunter.org

 

V2

 

Nikto2 is built on LibWhisker2 (by RFP) and can run on any platform which has a Perl environment.

  • Checks for outdated server components
  • Save reports in plain text, XML, HTML, NBE or CSV
  • LibWhisker's IDS encoding techniques
  • Auto-pause at a specified time
  • Authorization guessing handles any directory, not just the root directory
  • Host authentication with Basic and NTLM

Installation

# Ubuntu-12.04 (Nikto v2.1.4)

apt-get install nikto

 potentially dangerous files/CGIs: 6500
 outdated versions of servers: 1250
 version specific problems: 270

Usage Example
 
# Updating DB

nikto -update

+ Retrieving 'db_variables'
+ Retrieving 'db_favicon'
+ Retrieving 'db_server_msgs'
+ Retrieving 'nikto_robots.plugin'
+ Retrieving 'nikto_cookies.plugin'
+ Retrieving 'db_tests'
+ Retrieving 'db_outdated'
+ Retrieving 'CHANGES.txt'

# check database syntax errors

nikto -dbcheck

-->     Nikto Databases
Syntax Check: /var/lib/nikto/plugins/db_headers
        67 entries
Syntax Check: /var/lib/nikto/plugins/db_httpoptions
        12 entries
Syntax Check: /var/lib/nikto/plugins/db_multiple_index
        29 entries
Syntax Check: /var/lib/nikto/plugins/db_server_msgs
        257 entries
Syntax Check: /var/lib/nikto/plugins/db_subdomains
        293 entries
Syntax Check: /var/lib/nikto/plugins/db_favicon
        97 entries
Syntax Check: /var/lib/nikto/plugins/db_embedded
        15 entries
Syntax Check: /var/lib/nikto/plugins/db_404_strings
        29 entries
Syntax Check: /var/lib/nikto/plugins/db_outdated
        1239 entries
Syntax Check: /var/lib/nikto/plugins/db_realms
        154 entries
Syntax Check: /var/lib/nikto/plugins/db_tests
        6456 entries
Syntax Check: /var/lib/nikto/plugins/db_variables
        12 entries
Syntax Check: /var/lib/nikto/plugins/db_content_search
        9 entries

Scan

 perl nikto.pl -h 192.168.0.1 -p 80
 perl nikto.pl -h https://192.168.0.1:443/

Scan subnet 

 nmap -p80 192.168.0.0/24 -oG - | nikto.pl -h -

-id
    ID and password to use for host Basic host authentication. Format is "id:password".

Configuration Files

  • /etc/nikto.conf
  • $HOME/nikto.conf

Reports

# no -Format is specified, Nikto will try to guess the format from the file extension

-Format -output 

 
    

 

 

»
  • 瀏覽次數: 4444

Creative Commons license icon Creative Commons license icon