These options cannot be abbreviated:
-debug debug mode
-dbcheck syntax check scan_database.db and user_scan_database.db
-update update databases and plugins from cirt.net
-verbose verbose mode
IDS Evasion Techniques:
1 Random URI encoding (non-UTF8)
2 Directory self-reference (/./)
3 Premature URL ending
4 Prepend long random string
5 Fake parameter
6 TAB as request spacer
7 Random case sensitivity
8 Use Windows directory separator (/)
9 Session splicing
Mutation Techniques:
1 Test all files with all root directories
2 Guess for password file names
3 Enumerate user names via Apache (/~user type requests)
4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
这些功能不能简写:
-debug 调试模式
-dbcheck 语法检错
-update 更新cirt.net数据库和插件
-verbose 冗长方式
IDS 规避技术
1 随机 URI 编码
2 自我参考目录
3 过早URL结尾
4 随机前置长字符串
5 伪造的参数
6 请求间隔标签
7 随机大小写敏感性
8 使用Windows文件夹分隔符(/)
9 字段拼接
变异技术
1 测试根目录下的所有文件
2 猜测文件密码和名字
3 通过Apache列举用户名(/~user 格式的请求)
4 通过cgiwrap列举用户名(/cgi-bin/cgiwrap/~user 格式的请求)
(乱七八糟的翻译,惨不忍睹,专业的翻译是要和别人讨论,查找相关资料的,但是我不是,我没有那么多时间去查阅资料,所以,真的是查极了)
“Nikto” is quite comprehensive in its reporting as you can see from the following scan :
“Nikto”的报告很全面,如下所示:
exceat:/# ./nikto.pl -host www.computersecurityonline.com
---------------------------------------------------------------------------
- Nikto 1.34/1.29 - www.cirt.net
+ Target IP: 217.30.114.2
+ Target Hostname: www.computersecurityonline.com
+ Target Port: 80
+ Start Time: Fri Jan 7 12:23:56 2005
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.27 Ben-SSL/1.48 (Unix) PHP/4.2.3
- Server did not understand HTTP 1.1, switching to HTTP 1.0
+ Server does not respond with '404' for error messages (uses '400').
+ This may increase false-positives.
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND,
PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE
+ HTTP method 'PUT' method may allow clients to save files on the web server.
+ HTTP method 'CONNECT' may allow server to proxy client requests.
+ HTTP method 'DELETE' may allow clients to remove files on the web server.
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get
directory listings if indexing is allowed but a default page exists.
+ HTTP method 'PROPPATCH' may indicate DAV/WebDAV is installed.
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled.
+ Apache/1.3.27 appears to be outdated (current is at least Apache/2.0.50). Apache 1.3.31 is
still maintained and considered secure.
+ Ben-SSL/1.48 appears to be outdated (current is at least 1.55)
+ PHP/4.2.3 appears to be outdated (current is at least 5.0.1)
+ PHP/4.2.3 - PHP below 4.3.3 may allow local attackers to safe mode and gain access to
unauthorized files. BID-8203.
+ Apache/1.3.27 - Windows and OS/2 version vulnerable to remote exploit. CAN-2003-0460
+ Apache/1.3.27 - Apache 1.3 below 1.3.29 are vulnerable to overflows in mod_rewrite and
mod_cgi. CAN-2003-0542.
+ /~root - Enumeration of users is possible by requesting ~username (responds with Forbidden
for real users, not found for non-existent users) (GET).
+ /icons/ - Directory indexing is enabled, it should only be enabled for specific directories
(if required). If indexing is not used all, the /icons directory should be removed. (GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /CVS/Entries - CVS Entries file may contain directory listing information. (GET)
+ /images/ - index of image directory available (GET)
+ /manual/ - Web server manual? tsk tsk. (GET)
+ /cgi-bin/cgiwrap - Some versions of cgiwrap allow anyone to execute commands remotely. (GET)
+ /cgi-bin/cgiwrap/~adm - cgiwrap can be used to enumerate user accounts. Recompile cgiwrap
with the '--with-quiet-errors' option to stop user enumeration. (GET)
+ /cgi-bin/cgiwrap/~bin - cgiwrap can be used to enumerate user accounts. Recompile cgiwrap
with the '--with-quiet-errors' option to stop user enumeration. (GET)
+ /cgi-bin/cgiwrap/~daemon - cgiwrap can be used to enumerate user accounts. Recompile cgiwrap
with the '--with-quiet-errors' option to stop user enumeration. (GET)
+ /cgi-bin/cgiwrap/~lp - cgiwrap can be used to enumerate user accounts. Recompile cgiwrap
with the '--with-quiet-errors' option to stop user enumeration. (GET)
+ /cgi-bin/cgiwrap/~root - cgiwrap can be used to enumerate user accounts. Recompile cgiwrap
with the '--with-quiet-errors' option to stop user enumeration. (GET)
+ /cgi-bin/cgiwrap/~xxxxx - Based on error message, cgiwrap can likely be used to find valid
user accounts. Recompile cgiwrap with the '--with-quiet-errors' option to stop user
enumeration. (GET)
+ /cgi-bin/cgiwrap/~root - cgiwrap can be used to enumerate user accounts. Recompile cgiwrap
with the '--with-quiet-errors' option to stop user enumeration. (GET)
+ /css - Redirects to http://www.computer-security-online.com/css/ , This might be
interesting...
+ 2449 items checked - 15 item(s) found on remote host(s)
+ End Time: Fri Jan 7 12:25:36 2005 (100 seconds)
---------------------------------------------------------------------------
• 1 host(s) tested
(上面这段不翻译了,因为是软件扫描结果报告)
Using the other options you can fine tune Nikto to do exactly what you need to achieve,
including stealth, mutation and cookie detection.
通过其它功能你可以微调 Nikto 做你想做的事,包括隐身、突变和cookies的侦测