Как пользоваться Nikto?
Пользователи, просматривающие топик: none
|
Зашли как: Guest
|
Имя  |
| Сообщение |
<< Старые топики Новые топики >> |
|
|
Как пользоваться Nikto? - 2007-08-23 15:10:43.806666
|
|
|
KIBSOFT
Сообщений: 75
Оценки: 0
Присоединился: 2007-06-25 13:26:22.170000
|
Привет всем. Объясните пожалуйста как пользоваться Nikto сканером. Как вообще его запускать? Как я понял это Perl-скрипт? Заранее спасибо!
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 20:00:56.473333
|
|
|
Pashkela
Сообщений: 3756
Оценки: 736
Присоединился: 2007-01-03 06:19:40.900000
|
quote:
ORIGINAL: KIBSOFT
Привет всем. Объясните пожалуйста как пользоваться Nikto сканером. Как вообще его запускать? Как я понял это Perl-скрипт? Заранее спасибо!
Чо за никто ни знаю, а если это перл, то качай active perl, устанавливай, иди в диру где твой типо сркипт .pl, правая кнопочка, открыть с помощью, обзор, директория куда установил active perl, идешь в директорию /bin, выбираешь файл wperl.exe, ставишь галочку использовать всегда, тащишься
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 20:55:28.553333
|
|
|
KIBSOFT
Сообщений: 75
Оценки: 0
Присоединился: 2007-06-25 13:26:22.170000
|
Nikto - это сканер уязвимостей. Неужели никто его не юзал??? Pashkela, сделал как ты сказал, но как запускать скрипт с ключами? Например -update или типа того…
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 22:25:04.506666
|
|
|
adwokat
Сообщений: 252
Оценки: 0
Присоединился: 2005-11-12 14:19:05
|
SYNOPSIS
nikto [-h target] [options]
EXAMPLES
A basic scan of a web server on port 80. The -h option is the only option that is required for a basic scan of a web
server on the standard HTTP port.
nikto.pl -h 10.100.100.10
A basic scan of a web server on port 443, forcing SSL encryption and ignoring the Server header. Note that Nikto does
not assume port 443 to be SSL, but if HTTP fails it will try HTTPS.
nikto.pl -h 10.100.100.10 -p 443 -s -g
Scanning multiple ports on the server, letting Nikto determine if they are HTTP and SSL encrypted.
nikto.pl -h 10.100.100.10 -p 80-90
Scanning specific ports on the system.
nikto.pl -h 10.100.100.10 -p 80,443,8000,8080
You may combine IDS evasion techniques as desired.
nikto.pl -h 10.100.100.10 -p 80 -e 167
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 22:51:13.700000
|
|
|
KIBSOFT
Сообщений: 75
Оценки: 0
Присоединился: 2007-06-25 13:26:22.170000
|
adwokat, я имею ввиду куда это писать? В командной строке?
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 22:53:45.546666
|
|
|
KIBSOFT
Сообщений: 75
Оценки: 0
Присоединился: 2007-06-25 13:26:22.170000
|
Может кто-нибудь полностью, толково объяснить как его юзать? Или подсказать другой сканер? Буду очень благодарен…
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 23:22:45.056666
|
|
|
CtRl
Сообщений: 75
Оценки: 0
Присоединился: 2007-08-20 01:01:22.340000
|
Можешь использовать и другой сканер, всё в твоих руках :), несколько сканеров есть на www.securitylab.ru, там приведены их описания, сканеры есть и под win и под *nix, находяться они, по-моему, в разделе "скачать", уже не помню :(
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 23:27:55.893333
|
|
|
Pashkela
Сообщений: 3756
Оценки: 736
Присоединился: 2007-01-03 06:19:40.900000
|
quote:
ORIGINAL: KIBSOFT
Может кто-нибудь полностью, толково объяснить как его юзать? Или подсказать другой сканер? Буду очень благодарен…
открываешь блокнот, пишешь туда следующее (как пример, ибо не юзал я этот сканер, параметры запуска в хелпе смотри):
cmd /k C:\Perl\bin\perl.exe nikto.pl [-h target] [options]
Сохраняешь, меняешь расширение на .cmd, запускаешь, тащишься
Естественно, так будет работать, если ты предварительно в C:\Perl\bin\ скопируешь nikto.pl
Ну или пиши ту директорию, где nikto.pl реально лежит
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 23:29:14.553333
|
|
|
CtRl
Сообщений: 75
Оценки: 0
Присоединился: 2007-08-20 01:01:22.340000
|
Pashkela, можно ещё расширение .bat использовать, или я ошибаюсь?
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 23:31:48.400000
|
|
|
Pashkela
Сообщений: 3756
Оценки: 736
Присоединился: 2007-01-03 06:19:40.900000
|
quote:
ORIGINAL: CtRl
Pashkela, можно ещё расширение .bat использовать, или я ошибаюсь?
Можно, просто работу с командной строкой удобнее всего вести именно так. А опция "cmd /k" просто позволяет досмотреть до конца результаты выполнения команды и не закрывает окно после исполнения задуманного. Что гораздо удобнее, на мой взгляд. Ну и в блокноте гораздо легче редактировать параметры. Для сравнения попробуй так: пуск=>выполнить=>cmd (Хотя навыки корректной быстрописи осваиваются нараз:)
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-23 23:36:11.720000
|
|
|
CtRl
Сообщений: 75
Оценки: 0
Присоединился: 2007-08-20 01:01:22.340000
|
Pashkela, спасибо за объяснение и рассказ про опцию "cmd /k", мне это как-раз нужно было.
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-28 13:48:00.260000
|
|
|
xacneo
Сообщений: 190
Оценки: 0
Присоединился: 2006-08-16 16:58:14
|
NAME
Nikto - Web Server and CGI Scanner
Version - 1.36
SYNOPSIS
nikto [-h target] [options]
WARNING
Nikto is a tool for finding default web files and examing web server and CGI security.
It makes a lot of reqeusts to the remote server, which in some cases may cause the server
to crash. It may also be illegal to use this software against servers you do not have
permission to do test.
DESCRIPTION
Nikto is designed to examine web servers and look for items in multiple categories:
- misconfigurations
- default files and scripts
- insecure files and scripts
- outdated software
It uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functionality, and can perform checks in
HTTP or HTTPS. It also supports basic port scanning and will determine if a web server
is running on any open ports.
Nikto checks and code can be automatically udpated from the main distribution server by
using the 'update' option (see below) to ensure Nikto is checking the most recent vulnerabilities.
Nikto will also load user defined checks at startup if they are placed in a file named "user_scan_database.db" in
the plugins directory. Unlike scan_database.db, this file will not be over-written if the -update option is used. This
should always be used if you add your own checks (and you should send those checks to sullo@cirt.net).
Nikto leaves a footprint on a server it scans–both in an invalid 404 check and in the User-Agent header. This can
be changed by forcing the $NIKTO{fingerprint} and $NIKTO{useragent} to new values in the source code, OR, if any
IDS evasion (-e) option is used. Note that it's pretty obvious when Nikto is scanning a server anyway–the large
number of invalid requests sticks out a lot in the server logs, although with an IDS evasion technique it might not
be extremely obvious that it was Nikto.
Why the name Nikto? See the movies "The Day the Earth Stood Still" and, of course "Army of Darkness" for the answer. For
a full list of pop-culture references to Nikto, see http://www.blather.net/archives2/issue2no21.html which has a lot of
good information.
OPTIONS
The options listed below are all optional except the -h target specification. They can all be abbreviated
to the first letter (i.e., -m for -mutate), with the exception of -verbose and -debug.
-Cgidirs
Optionally force the CGI directories to scan. Valid values are 'none' to not check any, 'all' to force scan all
CGi directories (like the deprecated -allcgi), or a value to use as the CGI directory, i.e. '/cgi/'.
-cookies
Print out the cookie names and values that were received during the scan.
-evasion
IDS evasion techniques. This enables the intrusion detection evasion in LibWhisker. Multiple options
can be used by stringing the numbers together, i.e. to enable methods 1 and 5, use "-e 15". The valid
options are (use the number preceeding each description):
1 Random URI encoding (non-UTF8)
2 Add directory self-reference /./
3 Premature URL ending
4 Prepend long random string to request
5 Fake parameters to files
6 TAB as request spacer instead of spaces
7 Random case sensitivity
8 Use Windows directory separator \ instead of /
9 Session splicing
See the LibWhisker source for more information, or http://www.wiretrip.net/
-findonly
Use port scan to find valid HTTP and HTTPS ports only, but do not perform checks against them.
-Format
Output format for the file specified with the -output option. Valid formats are:
HTM - HTML output format.
TXT - Text output format. This is the default if -F is not specified.
CSV - Comma Seperated Value format.
-generic
Force full scan rather than trusting the "Server:" identification string, as many servers allow this
to be changed.
-host
Target host(s) to check against. This can be an IP address or hostname, or a file of IPs or hostnames.
If this argument is a file, it should formatted as described below. This is the only required option.
-id
HTTP Authentication use, format is userid:password for authorizing Nikto a web server realm. For NTLM
realms, format is id:password:realm.
-mutate
Mutate checks. This causes Nikto put all files with all directories from the .db files and
can the host. You might find some oddities this way. Note that it generates a lot of checks.
-nolookup
Don't perform a host name lookup.
-output
Write output to this file when complete. Format is text unless specified via -Format.
-port
Port number to scan, defaults to port 80 if missing. This can also be a range or list of ports, which
Nikto will check for web servers. If a web server is found, it will perform a full scan unless the
-f option is used.
-root
Always prepend this to requests, i.e., changes a request of "/password.txt" to "/directory/password.txt"
(assuming the value passed on the CLI was "/directory")
-ssl
Force SSL mode on port(s) listed. Note that Nikto attempts to determine if a port is HTTP or HTTPS
automatically, but this can be slow if the server fails to respond or is slow to respond to the
incorrect one. This sets SSL usage for *all* hosts and ports.
-timeout
Timeout for each request, default is 10 seconds
-useproxy
Use the proxy defined in config.txt for all requests
-vhost
Virtual host to use for the "Host:" header, in case it is different from the target.
-Version
Print version numbers of Nikto, all plugins and all databases.
-404
Pass a string to be matched against content. If a page matches to this string, it cannot be treated as a positive
(it will be skipped, like a 404 response).
These options cannot be abbreviated to the first letter:
-dbcheck
This option will check the syntax of the checks in the scan_database.db and user_scan_database.db files. This
is really only useful if you are adding checks or are having problems.
-debug
Print a huge amount of detail out. In most cases this is going to be more information than you need, so
try -verbose first.
-update
This will connect to cirt.net and download updated scan_database.db and plugin files. Use this with
caution as you are downloading files–perhaps including code–from an "untrusted" source. This option
cannot be combined with any other, but required variables (like the PROXY settings) will be loaded
from the config.txt file.
-verbose
Print out a lot of extra data during a run. This can be useful if a scan or server is failing, or to see
exactly how a server responds to each request.
HOSTNAME FILE
If a file is specified with -h instead of a hostname or IP, Nikto will open the file to use it as a list of targets. The file
should be formatted with one host per line. If no port is specified, port 80 is assumed. Multiple ports may be specified per
host. If a host file is used, any ports specified via -p are added to every host. Valid lines would be:
10.100.100.100
10.100.100.100:443
10.100.100.100,443
10.100.100.100:443:8443
10.100.100.100,443,8443
evilash.example.com,80
(etc)
CONFIG FILE
The 'config.txt' file provides a means to set variables at run-time without modifying the Nikto source itself. The
options below can be set in the file. Options that accept multiple values (CGIDIRS, SKIPPORTS, etc.) should just use
a space to distinguish multiple values. None of these are required unless you need them.
CLIOPTS - Add any option here to be added to every Nikto execution, whether specified at the command line or not.
NMAP - Path to nmap. If defined, Nikto will use nmap to port scan a host rather than PERL code, and so should be faster.
SKIPPORTS - Port number never to scan (so you don't crash services, perhaps?).
PROXYHOST - Server to use as a proxy, either IP or hostname, no 'http://' needed.
PROXYPORT - Port number that PROXYHOST uses as a proxy.
PROXYUSER - If the PROXYHOST requires authentication, use this ID. Nikto will prompt for it if this is not set & it is needed.
PROXYPASS - If the PROXYHOST requires a password for PROXYUSER, use this password. Nikto will prompt for it if this is not set & it is needed.
PLUGINDIR - If Nikto can't find it's plugin directory for some reason, enter the full path and the problem is solved.
UPDATES - Turns data push to cirt.net on. Please see the CIRT.NET UPDATES section for details.
MAX_WARN - If the number of OK or MOVED messages reaches this number, a warning will printed.
PROMPTS - If set to "no", Nikto will *never* prompt for anything–proxy auth, updates, nothing…
DEFAULTHTTPVER - First try this HTTP method. If this fails, Nikto will attempt to find a valid one. Useful if you want try something non-standard.
STATIC-COOKIE - The name/value of this cookie, if set, will be sent for every request (useful for auth cookies).
Variables that start with the 'at' sign (@) will be used when scan rules are loaded. For each value (seperated by space), the rule
will be duplicated. See the TEST DATABASES section for more information.
Predefined variables are:
@CGIDIRS - CGI directories to look for, valid ones (or all) will be used for CGI checks against the remote host.
@MUTATEDIRS - Additional directories to use when operating under the Mutate mode besides ones already defined the .db files.
@MUTATEFILES - Additional files to use when operating under the Mutate mode besides ones already defined the .db files.
@ADMINDIRS - Typical administration directories.
@USERS - Typical user names for the user guessing plugins.
CIRT.NET UPDATES
In order to help keep the Nikto databases up-to-date, you have the ability to easily submit some updates back to cirt.net for inclusion
in new copies of the databases. Currently, this only includes software versions (such as "Apache/7.0.3"). If Nikto scans a host and sees a
newer version on the host than it has in the database, or it is missing entirely, (and your databases are fairly recent), this information can
be automatically (or manually) sent back to cirt.net.
Behaviour of this option is controlled in config.txt through the UPDATES variable. If UPDATES is set to "no", Nikto will
not send or ask about sending values to cirt.net. If set to "auto", it will automatically send the data through an HTTP request. If set to "yes"
(which is the default), when there are updates it will ask if you would like to submit and show you the data (unless PROMPTS=no).
There is only one thing submitted to cirt.net when you do this: the "updated" version string. No information specific to the host tested is sent.
No information from the scanning source is sent (it does log your IP address as seen by cirt.net's web server, but… nothing else).
If you're not comfortable with this, you may also email it to me at sullo@cirt.net or just set UPDATES=no. Please don't complain and say I'm
stealing your data… just trying to save me some work ;)
Again: the default configuration of Nikto does *not* send *any* data to cirt.net.
TEST DATABASES
Rules in the scan databases can use dynamic variables from config.txt. Any variable that starts with the 'at' sign (@)
will be substited in rules. For example:
A rule of "generic","@CGIDIRStest.html","200","GET","Test" with "@CGIDIRS=/cgi-bin/ /cgi-sys/" will test for:
/cgi-bin/test.html
/cgi-sys/test.html
Any number of these variables can be set, and any number can be used in a rule (i.e., "@CGIDIRS@ADMINDIRStest.html").
Additionally, the generic @HOSTNAME and @IP are available, which use the current target's hostname or IP.
Rules can be specified which also have conditionals for test success. This can allow a test to look for a 200 HTTP response
but not contain the word "home". This would look like "200!home" in the scan_database.db file.
EXAMPLES
A basic scan of a web server on port 80. T
|
|
|
|
|
RE: Как пользоваться Nikto? - 2007-08-28 17:20:01.556666
|
|
|
Murad
Сообщений: 89
Оценки: 0
Присоединился: 2007-08-17 12:51:05.980000
|
Лучше юзай nMap или xSpider;)
|
|
|
|
|
|
