漏洞扫描工具—nikto

nikto

nikto是一款扫描指定主机的web类型，主机名。特定目录，cookie，特定cgi漏洞，xss漏洞，sql漏洞，返回主机允许的http方法等安全问题的工具。

 

1.下载nikto

http://www.cirt.net/nikto2

2.下载pl解读环境activeperl,如果是文件包格式要自己设置perl.exe环境变量

http://www.activestate.com/store/download.aspx?prdGUID=81fbce82-6bd5-49bc-a915-08d58c2648ca

 

3.设置nikto.pl环境变量。

在path中设置

 

 

4.使用示例

         在命令行中输入命令，输出结果文档，示例中为output.html文档

nikto.pl-h x.x.x.x -p 80,8080 -o report.log。指定ip、端口、输出文件。

nikto.pl-h www.baidu.com-F html -ooutput.html

        

5.常用参数

-ask+	yes	each
	no	do not ask|send
	auto	do not ask but send
-Cgidirs+	scan these CGI dirs	none|all|/cgi//cgi-a
-Display+	1	show redirects 重定向
	2	show cookies received
	3	show all 200/OK response
	4	show URLs which require authentication
	D	Debug output
	E	Display all HTTP errors
	P	Print progress to STDOUT
	S	Scrub output of IPs and hostnames清理IP和主机名的输出
	V	Verbose output详细输出
-dbcheck	Check database and key files for syntax errors	好像只能检查本地数据库
-evasion+	使用LibWhisker中对IDS的躲避技术   1	Random URI encoding<non-UTF8>
	2	Directory self-refer</./> 自选择路径（/./）
	3	Premature URL string 虚假的请求结束
	4	Prepend long random string
	5	Fake parameter 参数隐藏
	6	TAB as request spacer 使用TAB作为命令的分隔符
	7	Change the case of the URL 大小写敏感
	8	Use Windows directory separator<\> 使用Windows路径分隔符\替换/
	A	Use a carriage return <0X0d>as a request spacer 会话重组
	B	Use binary value 0X0b as a request spacer
-Format+	csv
	json
	HTML
	nbe	Nessus NBE format
	sql	Generic SQL
	txt	Plain text
	xml	xml Format
-Help	Extended help information
-host+	Target host	10.84.62.238
-404code	Ignore these HTTP codes as negative response<always>	Format is ；"301,302"
-id+	Host authentication to use. ID和密码对于授权的HTTP认证	format is id:pass or id:pass:realm
-key+	Client certification key file
-list-plugins	List all available plugins,perform no testing
-maxtime+	Maximum testing time per host<e.g.,1h,60m,3600s>
-mutate+ 变化猜测技术	1	Test all files with all root directories 使用所有的root目录测试所有文件
	2	Guess for password file names 猜测密码文件名字
	3	Enumerate user names via Apache </~user type requests> 列举Apache的用户名字(/~user)
	4	Enumerate user names via cgiwrap</cgi-bin/cgiwrap/~user typr requests> 列举cgiwrap的用户名字(/cgi-bin/cgiwrap/~user)
	5	Attempt to brute force sub-domain names ,asume that the host name is the parent domain
	6	Attempt to guess directory names form the supplied dictionary file
-mutate-options	Provide information for mutates
-nointeractive	Disables interactive features	禁用交互功能
-nolookup	Disables DNS lookups	禁用DNS查找
-nossl	Disables nikto attempting to guess a 404 page	禁止nikto尝试猜测404页面
-Option	Over-ride an option in niketo.conf,can be issued multiple times	在niketo.conf中重载一个选项，可以多次发出
-output+	Write output to this file<',' for auto-name>	将输出写入此文件<'，'用于自动名称>
-Pause+	Pause between tests<seconds,integer or float>
-Plugins+	List of plugins to run <default:ALL>
-port+	Port to use<default 80>	-port 80,8080,443
-RSAcert+	Client certificate file
-root+	Prepend root value to all requests,format is/directory	设定所有请求的根目录，格式为/directory
-Save	Save positive responses to this directory<'.' for auto-name>
-ssl	Force ssl mode on port	端口强制ssl模式
-Tuning+	1	Interesting File/Seen in logs 日志文件
	2	Misconfigurator/Default File 默认的文件
	3	Information Disclosure 信息泄漏
	4	Injection<XSS/Script/HTML> 注射（XSS/Script/HTML）
	5	Remote File Retrieval - Server Wide 远程文件检索（Web 目录中）
	6	Denial of Service 拒绝服务
	7	Remote File Execution/Remote Shell 远程文件检索（服务器）
	8	代码执行－远程shell
	9	SQL Injection
	0	File Upload
	a	Authentication Bypass 认证绕过
	b	Software Identification 软件关联
	c	Remote Source Inclusion
	d	WebService
	e	Administrative Console
	x	Reverse Turning Options<i.e.,include all expect specified> 反向连接选项
-timeout+	Timeout for requests<default 10 seconds>
-Userdbs	all	Load only user databases,not the standrad databases
	tests	Disable only db_tests and udb_tests
-useragent	Over-rides the default useragent
-until	Run until the specified time or duration
-update	Update databases and plugins from CIRT.net
-useproxy	Use the proxy defined in niko.conf, or argument http://server:port
-Version	Print plugins and database version
-vhost+	Virtual host<for Host header>+ requires a value