Reconnaissance tool:
httrack: Copy URL information
Scan tool :( proxy mode and active scanning mode)
Nobody
nikto -update # Masu级 nikto 插件
nikto -list-plugins # View plug-in
nikto -host http: //1.1.1.1# scan the specified URL address
nikto -host 192.168.1.2 -port 80,443 # specified IP and port
nikto -host 192.168.1.2 -port 443 -ssl # support https scanning
nikto -host host.txt # import batch scanning
nmap -p80 192.168.1.0/24 -oG - | nikto -host - # find all open ports 80 and 11 IP scan
nikto -host 192.168.1.1 -useproxy http: // localhost: 8087 # using a proxy to scan
nobody -vhost
When nikto being scanned commonly used shortcut keys:
space-report current scan status # report the current scan status
v - verbose mode on / off # show details
d - debug mode no / off # debug information
Error e -error reporting on / off # scan
p - progress reporting on / off # scan progress
r - redirect display on / off # redirect display information
c - cookie display on / off # display cookie
a - auth display on / off # display authentication process
q -quit # exit
N - at a host next host #
P - Pause # pause
nikto configuration (/etc/nikto.conf)
STATIC-COOKIE = "cookie1" = "cookie value"; "cookie2" = "cookie value" # Scan Authentication URL when you need to set a cookie value
-evasion x (1-8): Use in LibWhisker evasions of the IDS can be used the following types:
1, a random URL encoding (non UTF-8 mode)
2, since the path selection (/../)
3, premature spend the night URL
4, a long random string priority
5, parameters cheat
6, as a command using the TAB delimiter
7, using the change of URL
8, using the Windows path separator "\"
Vega graphical scanning tool (scan mode, proxy mode)
Set external agent:
user-Agent deleted information
After opening the scan, login required crawling target sites, each page manual crawling
Information crawled taken:
Add Scan Scope
Start scanning
Select the scanning module
Fill in the authentication information site (if login authentication URL is not blank):
All the way next start scanning:
For data communications between a truncated, modified data:
Skipfish (only supports active mode)
Advantages: detecting dictionary, faster (multiple single-threaded, full asynchronous network I / O, memory management and scheduling overhead elimination), heuristic automatic content identification, relatively low false alarm rate based.
skipfish -o test http://1.1.1.1 # -o output directory
skipfish -o test @ url.txt # url address file, scan multiple URLs targets
skipfish -o test -S complet.wl -W a.wl http://1.1.1.1 # -S -W specified dictionary to record the current directory feature characters that can be found in the dictionary left-use scanning hidden directory
-I: check only the URL contains a 'string' of
-X: Do not check the URL contains 'string' of
-K: not specified parameters Fuzz testing
-D: Cross-site climb another domain
-l: The maximum number of requests per second
-m: The maximum number of concurrent connections per IP
--config: specify the configuration file
Authentication:
skipfish -A user:pass -o test http://1.1.1.1 #使用账号密码进行身份认证扫描
skipfish -C "name=val" -o test http://1.1.1.1 #使用cookie进行身份认证扫描
