nikto
nikto是一款扫描指定主机的web类型,主机名。特定目录,cookie,特定cgi漏洞,xss漏洞,sql漏洞,返回主机允许的http方法等安全问题的工具。
1.下载nikto
2.下载pl解读环境activeperl,如果是文件包格式要自己设置perl.exe环境变量
http://www.activestate.com/store/download.aspx?prdGUID=81fbce82-6bd5-49bc-a915-08d58c2648ca
3.设置nikto.pl环境变量。
在path中设置
4.使用示例
在命令行中输入命令,输出结果文档,示例中为output.html文档
nikto.pl-h x.x.x.x -p 80,8080 -o report.log。指定ip、端口、输出文件。
nikto.pl-h www.baidu.com-F html -ooutput.html
5.常用参数
-ask+ | yes | each |
| no | do not ask|send |
| auto | do not ask but send |
-Cgidirs+ | scan these CGI dirs | none|all|/cgi//cgi-a |
-Display+ | 1 | show redirects 重定向 |
| 2 | show cookies received |
| 3 | show all 200/OK response |
| 4 | show URLs which require authentication |
| D | Debug output |
| E | Display all HTTP errors |
| P | Print progress to STDOUT |
| S | Scrub output of IPs and hostnames清理IP和主机名的输出 |
| V | Verbose output详细输出 |
-dbcheck | Check database and key files for syntax errors | 好像只能检查本地数据库 |
-evasion+ | 使用LibWhisker中对IDS的躲避技术
1 |
Random URI encoding<non-UTF8> |
| 2 | Directory self-refer</./> 自选择路径(/./) |
| 3 | Premature URL string 虚假的请求结束 |
| 4 | Prepend long random string |
| 5 | Fake parameter 参数隐藏 |
| 6 | TAB as request spacer 使用TAB作为命令的分隔符 |
| 7 | Change the case of the URL 大小写敏感 |
| 8 | Use Windows directory separator<\> 使用Windows路径分隔符\替换/ |
| A | Use a carriage return <0X0d>as a request spacer 会话重组 |
| B | Use binary value 0X0b as a request spacer |
-Format+ | csv |
|
| json |
|
| HTML |
|
| nbe | Nessus NBE format |
| sql | Generic SQL |
| txt | Plain text |
| xml | xml Format |
-Help | Extended help information |
|
-host+ | Target host | 10.84.62.238 |
-404code | Ignore these HTTP codes as negative response<always> | Format is ;"301,302" |
-id+ | Host authentication to use. ID和密码对于授权的HTTP认证 | format is id:pass or id:pass:realm |
-key+ | Client certification key file |
|
-list-plugins | List all available plugins,perform no testing |
|
-maxtime+ | Maximum testing time per host<e.g.,1h,60m,3600s> |
|
-mutate+ 变化猜测技术
| 1 | Test all files with all root directories 使用所有的root目录测试所有文件 |
| 2 | Guess for password file names 猜测密码文件名字 |
| 3 | Enumerate user names via Apache </~user type requests> 列举Apache的用户名字(/~user) |
| 4 | Enumerate user names via cgiwrap</cgi-bin/cgiwrap/~user typr requests> 列举cgiwrap的用户名字(/cgi-bin/cgiwrap/~user) |
| 5 | Attempt to brute force sub-domain names ,asume that the host name is the parent domain |
| 6 | Attempt to guess directory names form the supplied dictionary file |
-mutate-options | Provide information for mutates |
|
-nointeractive | Disables interactive features | 禁用交互功能 |
-nolookup | Disables DNS lookups | 禁用DNS查找 |
-nossl | Disables nikto attempting to guess a 404 page | 禁止nikto尝试猜测404页面 |
-Option | Over-ride an option in niketo.conf,can be issued multiple times | 在niketo.conf中重载一个选项,可以多次发出 |
-output+ | Write output to this file<',' for auto-name> | 将输出写入此文件<','用于自动名称> |
-Pause+ | Pause between tests<seconds,integer or float> |
|
-Plugins+ | List of plugins to run <default:ALL> |
|
-port+ | Port to use<default 80> | -port 80,8080,443 |
-RSAcert+ | Client certificate file |
|
-root+ | Prepend root value to all requests,format is/directory | 设定所有请求的根目录,格式为/directory |
-Save | Save positive responses to this directory<'.' for auto-name> |
|
-ssl | Force ssl mode on port | 端口强制ssl模式 |
-Tuning+ | 1 | Interesting File/Seen in logs 日志文件 |
| 2 | Misconfigurator/Default File 默认的文件 |
| 3 | Information Disclosure 信息泄漏 |
| 4 | Injection<XSS/Script/HTML> 注射(XSS/Script/HTML) |
| 5 | Remote File Retrieval - Server Wide 远程文件检索(Web 目录中) |
| 6 | Denial of Service 拒绝服务 |
| 7 | Remote File Execution/Remote Shell 远程文件检索(服务器) |
| 8 | 代码执行-远程shell |
| 9 | SQL Injection |
| 0 | File Upload |
| a | Authentication Bypass 认证绕过 |
| b | Software Identification 软件关联 |
| c | Remote Source Inclusion |
| d | WebService |
| e | Administrative Console
|
| x | Reverse Turning Options<i.e.,include all expect specified> 反向连接选项 |
-timeout+ | Timeout for requests<default 10 seconds> |
|
-Userdbs | all | Load only user databases,not the standrad databases |
| tests | Disable only db_tests and udb_tests |
-useragent | Over-rides the default useragent |
|
-until | Run until the specified time or duration |
|
-update | Update databases and plugins from CIRT.net |
|
-useproxy | Use the proxy defined in niko.conf, or argument http://server:port |
|
-Version | Print plugins and database version |
|
-vhost+ | Virtual host<for Host header>+ requires a value |
|