Introduction
Nikto is an open source (GPL) web server scanner, using Perl based LibWhisker development. It can be a variety of web server full scan, including a plurality of 6400 potentially dangerous files / CGI, checking more than 1,200 servers and specific versions on over 270 servers to the version of the problem. It also checks the server configuration items, such as whether there are multiple index files, HTTP server option, and try to identify the Web server and the software installed. Scan items and plugins are frequently updated and can be automatically updated.
Command
1. Normal scan
nikto -h <IP or hostname>
Nikto is capable of scanning SSL and port 443 (HTTPS port site uses) (HTTP default port 80). Therefore, we can scan uses SSL site.
nikto -h <IP or hostname> -ssl
In fact, without specifying port 443 using ssl, nikto rule using HTTP first, and if that fails, then try to HTTPS rule. Of course, designated -ssl unnecessary steps can be omitted to save time scanning.
At the same time, nikto also support multi-domain / IP scan, write to txt file, one per line.
nikto -h host.txt
2. Scan the specified port
nikto -h xx.xx.xx.xx -p 80 #对80端口的扫描
3. The paired scan and Metasploit
Nikto can export information in the format Metasploit when performing scans can be read. Just above command to perform a scan, it will -Format msf + appended to the end of it. This format can help us use the vulnerability database with fast data retrieval.
no -h
4. Contents guess solution
-C scan CGI directory
nikto -h 192.168.3.111 -C all # all表示猜解CGI目录
5. Vulnerability Scanning
-T option contains little explanation of options:
0 Check the file upload page
1 Check web logs
2 to check for errors or default configuration file
3 Check information disclosure issue
4 Check XSS / Script / HTML question
5 can be accessed from the root directory to check for files
6 check the denial of service issue
7 retrieve whether there is access files from any file
8 to check whether there is a system command execution vulnerability
9 check the SQL injection vulnerabilities
a check authentication bypass issue
software recognize the installed version b
c examine the source code leak
x reverse link options
6. Use the specified proxy scanning
nikto -h localhost -useproxy
In nikto.conf proxy configuration file, you can also set up the command line
nikto -h localhost -useproxy http://localhost:8080/
7. Check the plug
nikto -list-plugins #列出可运行的插件
8. Select the plug-in run
nikto -Plugins
9. Update plug-ins and databases
nikto -update
10 used to find only HTTP and HTTPS port, without performing detection rule
nikto -findonly
The control output display nikto
nikto -Display 3
1 shows the redirection
cookie 2 received display
3 display 200 / OK response
4 that require authentication URLs
D Debug information
E ERROR all the HTTP
P print progress to stdout
V Output verbose
12.IDS Evasion Techniques
nikto -evasion
常用的参数:
1 随机的URI编码(no-UTF8)
2 Directory self-reference (/./)
3 Premature URL ending
4 Prepend long random string
5 Fake parameter
6 TAB as request spacer
7 Change the case of the URL
8 Use Windows directory separator ()
A Use a carriage return (0x0d) as a request spacer
B Use binary value 0x0b as a request spacer
13. A test report format designated output file
nikto -Format <csv/txt/html/msf/xml> #默认是txt文件格式
If not defined, will be determined in accordance with the suffix -o (-output) files
For details, see: Manual