漏洞扫描工具—nikto

nikto

nikto是一款扫描指定主机的web类型,主机名。特定目录,cookie,特定cgi漏洞,xss漏洞,sql漏洞,返回主机允许的http方法等安全问题的工具。

 

1.下载nikto

http://www.cirt.net/nikto2

2.下载pl解读环境activeperl,如果是文件包格式要自己设置perl.exe环境变量

http://www.activestate.com/store/download.aspx?prdGUID=81fbce82-6bd5-49bc-a915-08d58c2648ca

 

3.设置nikto.pl环境变量。

在path中设置

 

 

4.使用示例

         在命令行中输入命令,输出结果文档,示例中为output.html文档

nikto.pl-h x.x.x.x -p 80,8080 -o report.log。指定ip、端口、输出文件。

nikto.pl-h www.baidu.com-F html -ooutput.html

        

5.常用参数

-ask+

yes

each

 

no

do not ask|send

 

auto

do not ask but send

-Cgidirs+

scan these CGI dirs

none|all|/cgi//cgi-a

-Display+

1

show redirects 重定向

 

2

show cookies received

 

3

show all 200/OK response

 

4

show URLs which require authentication

 

D

Debug output

 

E

Display all HTTP errors

 

P

Print progress to STDOUT

 

S

Scrub output of IPs and hostnames清理IP和主机名的输出

 

V

Verbose output详细输出

-dbcheck

Check database and key files for syntax errors

好像只能检查本地数据库

-evasion+

使用LibWhisker中对IDS的躲避技术

 

1

 

 

 

Random URI encoding<non-UTF8>

 

2

Directory self-refer</./>

自选择路径(/./)

 

3

Premature URL string

虚假的请求结束

 

4

Prepend long random string

 

5

Fake parameter

参数隐藏

 

6

TAB as request spacer

使用TAB作为命令的分隔符

 

7

Change the case of the URL

大小写敏感

 

8

Use Windows directory separator<\>

使用Windows路径分隔符\替换/

 

A

Use a carriage return <0X0d>as a request spacer

会话重组

 

B

Use binary value 0X0b as a request spacer

-Format+

csv

 

 

json

 

 

HTML

 

 

nbe

Nessus NBE format

 

sql

Generic SQL

 

txt

Plain text

 

xml

xml Format

-Help

Extended help information

 

-host+

Target host

10.84.62.238

-404code

Ignore these HTTP codes as negative response<always>

Format is ;"301,302"

-id+

Host authentication to use.

ID和密码对于授权的HTTP认证

format is id:pass or id:pass:realm

-key+

Client certification key file

 

-list-plugins

List all available plugins,perform no testing

 

-maxtime+

Maximum testing time per host<e.g.,1h,60m,3600s>

 

-mutate+

变化猜测技术

 

1

Test all files with all root directories

使用所有的root目录测试所有文件

 

2

Guess for password file names

猜测密码文件名字

 

3

Enumerate user names via Apache </~user type requests>

列举Apache的用户名字(/~user)

 

4

Enumerate user names via cgiwrap</cgi-bin/cgiwrap/~user typr requests>

列举cgiwrap的用户名字(/cgi-bin/cgiwrap/~user)

 

5

Attempt to brute force sub-domain names ,asume that the host name is the parent domain

 

6

Attempt to guess directory names form the supplied dictionary file

-mutate-options

Provide information for mutates

 

-nointeractive

Disables interactive features

禁用交互功能

-nolookup

Disables DNS lookups

禁用DNS查找

-nossl

Disables nikto attempting to guess a 404 page

禁止nikto尝试猜测404页面

-Option

Over-ride an option in niketo.conf,can be issued multiple times

在niketo.conf中重载一个选项,可以多次发出

-output+

Write output to this file<',' for auto-name>

将输出写入此文件<','用于自动名称>

-Pause+

Pause between tests<seconds,integer or float>

 

-Plugins+

List of plugins to run <default:ALL>

 

-port+

Port to use<default 80>

-port 80,8080,443

-RSAcert+

Client certificate file

 

-root+

Prepend root value to all requests,format is/directory

设定所有请求的根目录,格式为/directory

-Save

Save positive responses to this directory<'.' for auto-name>

 

-ssl

Force ssl mode on port

端口强制ssl模式

-Tuning+

1

Interesting File/Seen in logs

日志文件

 

2

Misconfigurator/Default File

默认的文件

 

3

Information Disclosure

信息泄漏

 

4

Injection<XSS/Script/HTML>

注射(XSS/Script/HTML)

 

5

Remote File Retrieval - Server Wide

远程文件检索(Web 目录中)

 

6

Denial of Service

拒绝服务

 

7

Remote File Execution/Remote Shell

远程文件检索(服务器)

 

8

代码执行-远程shell

 

9

SQL Injection

 

0

File Upload

 

a

Authentication Bypass

认证绕过

 

b

Software Identification

软件关联

 

c

Remote Source Inclusion

 

d

WebService

 

e

Administrative Console

 

 

x

Reverse Turning Options<i.e.,include all expect specified>

反向连接选项

-timeout+

Timeout for requests<default 10 seconds>

 

-Userdbs

all

Load only user databases,not the standrad databases

 

tests

Disable only db_tests and udb_tests

-useragent

Over-rides the default useragent

 

-until

Run until the specified time or duration

 

-update

Update databases and plugins from CIRT.net

 

-useproxy

Use the proxy defined in niko.conf, or argument http://server:port

 

-Version

Print plugins and database version

 

-vhost+

Virtual host<for Host header>+ requires a value

 

 

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值