Nikto的网络扫描仪是另一个好有任何的Linux管理员的武器库的工具。 它是在GPL许可下发布了一个开源的Web扫描仪,它是用来超过6500潜在危险的文件在Web服务器上进行综合测试多个项目,包括/ CGI的 。
Nikto Web扫描仪
这是写由克里斯·Solo和戴维·洛奇的脆弱性评估,它会检查过期版本超过1250个Web服务器和超过250个版本的具体问题。 它还扫描和报告过时的Web服务器软件和插件。
Nikto Web扫描仪的特点
- 支持SSL
- 支持完整的HTTP代理
- 支持文本,HTML,XML和CSV来保存报告。
- 扫描多个端口
- 可以通过从诸如nmap输出的文件输入来扫描多个服务器
- 支持LibWhisker IDS
- 能够足够识别已安装的软件与标题,文件和图标
- Metasploits的日志
- “不正常”标头的报告。
- Apache和cgiwrap用户枚举
- 使用Basic和NTLM验证主机
- 扫描可以在指定时间自动暂停。
Nikto要求
基本的Perl,Perl 的模块系统,OpenSSL的安装应使Nikto的运行。 它在Windows,Mac OSX和各种Unix / Linux发行版,例如红帽 ,Debian的,Ubuntu的 , 的BackTrack等进行了全面测试
在Linux上安装Nikto Web Scanner
大多数今天的Linux系统都带有预安装的Perl,Perl 的模块和OpenSSL包。 如果不包括在内,你可以使用一个名为Yum或apt-get的系统默认的包管理工具安装它们。
在Red Hat / CentOS / Fedora上
[root@youcl ]# yum install perl perl-Net-SSLeay openssl
在Debian / Ubuntu / Linux Mint
[root@youcl ]# apt-get install perl openssl libnet-ssleay-perl
其次,从官方项目页面下载最新的稳定Nikto的源码包,或者您可以使用下面的wget命令直接下载。
# wget http://www.cirt.net/nikto/nikto-2.1.5.tar.gz
使用归档管理器实用程序解压缩它或使用以下tar命令。
[root@youcl ]# tar -xvf nikto-2.1.5.tar.gz
现在,运行使用perl的命令,如下所示Nikto的脚本。
[root@youcl ]# cd nikto-2.1.5 [root@youcl nikto-2.1.5]# perl nikto.pl
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + ERROR: No host specified -config+ Use this config file -Display+ Turn on/off display outputs -dbcheck check database and other key files for syntax errors -Format+ save file (-o) format -Help Extended help information -host+ target host -id+ Host authentication to use, format is id:pass or id:pass:realm -list-plugins List all available plugins -output+ Write output to this file -nossl Disables using SSL -no404 Disables 404 checks -Plugins+ List of plugins to run (default: ALL) -port+ Port to use (default 80) -root+ Prepend root value to all requests, format is /directory -ssl Force ssl mode on port -Tuning+ Scan tuning -timeout+ Timeout for requests (default 10 seconds) -update Update databases and plugins from CIRT.net -Version Print plugin and database versions -vhost+ Virtual host (for Host header) + requires a value Note: This is the short help output. Use -H for full help text.
“ 错误:没有主机指定 ”显然是在告诉我们没有包括必要的参数,而做一个测试。 因此,我们需要添加一个基本的必要参数来进行测试运行。
基本测试
基本的扫描要求你想要的目标主机,默认情况下,如果未指定任何它扫描端口80。 主机可以是一个主机名或一个系统的一个IP地址 。 您可以使用“-h”选项指定的主机。 例如,我想对TCP端口80上的IP 172.16.27.56扫描。
[root@youcl nikto-2.1.5]# perl nikto.pl -h 172.16.27.56
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 80 + Start Time: 2014-01-10 00:48:12 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Retrieved x-powered-by header: PHP/5.3.3 + The anti-clickjacking X-Frame-Options header is not present. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 5956160, size: 24, mtime: 0x4d4865a054e32 + File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 1 entry which should be manually viewed. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. + Multiple index files found: index.php, index.htm, index.html + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3092: /test.html: This might be interesting... + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /icons/README: Apache default file found. + /connect.php?path=http://cirt.net/rfiinc.txt?: Potential PHP MySQL database connection string found. + OSVDB-3092: /test.php: This might be interesting... + 6544 items checked: 0 error(s) and 16 item(s) reported on remote host + End Time: 2014-01-10 00:48:23 (GMT5.5) (11 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
如果你想在扫描不同的端口号,然后添加“-p”[-port]选项。 例如,我想对IP 172.16.27.56扫描TCP端口443上。
[root@youcl nikto-2.1.5]# perl nikto.pl -h 172.16.27.56 -p 443
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com Ciphers: DHE-RSA-AES256-GCM-SHA384 Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435 + Start Time: 2014-01-10 01:08:26 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Server leaks inodes via ETags, header found with file /, inode: 2817021, size: 5, mtime: 0x4d5123482b2e9 + The anti-clickjacking X-Frame-Options header is not present. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. + Server is using a wildcard certificate: '*.mid-day.com' + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /icons/README: Apache default file found. + 6544 items checked: 0 error(s) and 8 item(s) reported on remote host + End Time: 2014-01-10 01:11:20 (GMT5.5) (174 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
您也可以使用完整的URL语法指定主机 , 端口和协议 ,它会被扫描。
[root@youcl nikto-2.1.5]# perl nikto.pl -h http://172.16.27.56:80
您还可以扫描任何网站。 例如,我在这里做了google.com扫描。
[root@youcl nikto-2.1.5]# perl nikto.pl -h http://www.google.com
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 173.194.38.177 + Target Hostname: www.google.com + Target Port: 80 + Start Time: 2014-01-10 01:13:36 (GMT5.5) --------------------------------------------------------------------------- + Server: gws + Cookie PREF created without the httponly flag + Cookie NID created without the httponly flag + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN + Uncommon header 'x-xss-protection' found, with contents: 1; mode=block + Uncommon header 'alternate-protocol' found, with contents: 80:quic + Root page / redirects to: http://www.google.co.in/?gws_rd=cr&ei=xIrOUomsCoXBrAee34DwCQ + Server banner has changed from 'gws' to 'sffe' which may suggest a WAF, load balancer or proxy is in place + Uncommon header 'x-content-type-options' found, with contents: nosniff + No CGI Directories found (use '-C all' to force check all possible dirs) + File/dir '/groups/' in robots.txt returned a non-forbidden or redirect HTTP code (302) ….
上面的命令将执行一堆Web服务器上的HTTP请求(即超过2000测试)的。
多端口测试
您也可以在同一会话中执行多个端口扫描。 扫描同一台主机上的多个端口,加上“-p”[-port]选项,并指定端口的列表。 端口可以被定义为一个范围(即,80-443),或作为逗号分隔(即,80,443)。 例如,我想扫描主机172.16.27.56上的端口80和443。
[root@youcl nikto-2.1.5]# perl nikto.pl -h 172.16.27.56 -p 80,443
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + No web server found on cmsstage.mid-day.com:88 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 80 + Start Time: 2014-01-10 20:38:26 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Retrieved x-powered-by header: PHP/5.3.3 + The anti-clickjacking X-Frame-Options header is not present. --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com Ciphers: DHE-RSA-AES256-GCM-SHA384 Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435 + Start Time: 2014-01-10 20:38:36 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + All CGI directories 'found', use '-C none' to test none + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. .....
使用代理
比方说,在这里Nikto的运行只有通过HTTP代理访问目标主机系统,测试仍然可以使用两种不同的方式进行。 一种是使用nikto.conf文件,另一种方式是直接在命令行运行。
使用Nikto.conf文件
使用任何命令行编辑器中打开nikto.conf文件。
[root@localhost nikto-2.1.5]# vi nikto.conf
搜索的变量“ 代理 ”,并从行开头注释的'#',如图所示。 然后添加代理主机 , 端口 , 代理用户名和密码 。 保存并关闭文件。
# Proxy settings -- still must be enabled by -useproxy PROXYHOST=172.16.16.37 PROXYPORT=8080 PROXYUSER=pg PROXYPASS=pg
现在,使用“-useproxy”选项执行的日高 。 请注意,所有的连接将通过HTTP代理中继。
root@localhost nikto-2.1.5]# perl nikto.pl -h localhost -p 80 -useproxy
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:28:29 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
使用命令行
要直接从使用“-useproxy”选项,通过设置代理作为参数从命令行运行的日高 。
root@localhost nikto-2.1.5]# perl nikto.pl -h localhost -useproxy http://172.16.16.37:8080/
示例输出
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:34:51 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
更新Nikto
您可以自动更新日高至最新的插件和数据库 ,只需运行“ -更新 ”命令。
[root@localhost nikto-2.1.5]# perl nikto.pl -update
如果有新更新可用,您将看到下载的新更新的列表。
+ Retrieving 'nikto_report_csv.plugin' + Retrieving 'nikto_headers.plugin' + Retrieving 'nikto_cookies.plugin' + Retrieving 'db_tests' + Retrieving 'db_parked_strings' + Retrieving 'CHANGES.txt' + CIRT.net message: Please submit Nikto bugs to http://trac2.assembla.com/Nikto_2/report/2
您也可以手动下载和更新来自Nikto的插件和数据库http://cirt.net/nikto/UPDATES/ 。
