Nikto - E Web Applikatioun Vulnerabilitéit a CGI Scanner fir Web Serveren
Nikto Web Scanner ass en anert gutt Tool fir all Linux Administrateur Arsenal. Et ass en Open Source Web Scanner, deen ënner der GPL Lizenz verëffentlecht gëtt, dee benotzt gëtt fir ëmfaassend Tester op Webserver fir verschidde Elementer auszeféieren, dorënner iwwer 6500 potenziell geféierlech Dateien/CGIs.
Et ass geschriwwen vum Chris Solo an David Lodge fir Vulnerabilitéit Bewäertung, et iwwerpréift fir al Versiounen iwwer 1250 Webserver an iwwer 270 Versiounsspezifesch Probleemer. Et scannt a mellt och fir verännert Webserver Software a Plugins.
Features vum Nikto Web Scanner
- Ënnerstëtzt SSL
- Ënnerstëtzt voll HTTP Proxy
- Ënnerstëtzt Text, HTML, XML an CSV fir Berichter ze späicheren.
- Scannen fir verschidde Ports
- Kann op verschidde Server scannen andeems Dir Inputen aus Dateie wéi nmap Output hëlt
- Support LibWhisker IDS
- Kapabel genuch fir installéiert Software mat Header, Dateien a Favicons z'identifizéieren
- Logbicher fir Metasploits
- Rapporte fir ongewéinlech Header.
- Apache a cgiwrap Benotzernumeratioun
- Authentifizéiere Hosten mat Basic an NTLM
- Scans kënnen zu enger spezifizéierter Zäit automatesch gepauséiert ginn.
Nikto Ufuerderunge
E System mat Basis Perl, Perl Moduler, OpenSSL Installatioun soll Nikto erlaben ze lafen. Et gouf grëndlech getest op Windows, Mac OSX a verschidde Unix/Linux Verdeelungen wéi Red Hat, Debian, Ubuntu, BackTrack, etc.
Installatioun vum Nikto Web Scanner op Linux
Déi meescht vun den heutigen Linux Systemer kommen mat virinstalléierten Perl, Perl Moduler, an OpenSSL Packagen. Wann net abegraff, kënnt Dir se installéieren mat dem Standard System Package Manager Utility genannt yum oder apt-get.
yum install perl perl-Net-SSLeay openssl
apt-get install perl openssl libnet-ssleay-perl
Als nächst, klon déi lescht stabil Nikto Quelldateien aus sengem Github Repository, plënnert an den Nikto/Programmer/ Verzeichnis a leeft se mat Perl aus:
$ git clone https://github.com/sullo/nikto.git $ cd nikto/programs $ perl nikto.pl -h
Option host requires an argument
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
Note: This is the short help output. Use -H for full help text.
De \Option Host requires an Argument\ seet kloer datt mir déi néideg Parameteren net abegraff hunn wärend engem Test. Also musse mir e Basis noutwendege Parameter derbäi fir en Testlaf ze maachen.
De Basis Scan erfuerdert e Host deen Dir wëllt zielen, par défaut scannt et den Hafen 80 wann näischt spezifizéiert ass. Den Host kann entweder e Hostnumm oder eng IP Adress vun engem System sinn. Dir kënnt en Host spezifizéieren mat der -h Optioun.
Zum Beispill wëll ech e Scan op engem IP 172.16.27.56 um TCP Hafen 80 maachen.
perl nikto.pl -h 172.16.27.56
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 80 + Start Time: 2014-01-10 00:48:12 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Retrieved x-powered-by header: PHP/5.3.3 + The anti-clickjacking X-Frame-Options header is not present. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 5956160, size: 24, mtime: 0x4d4865a054e32 + File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 1 entry which should be manually viewed. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. + Multiple index files found: index.php, index.htm, index.html + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3092: /test.html: This might be interesting... + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /icons/README: Apache default file found. + /connect.php?path=http://cirt.net/rfiinc.txt?: Potential PHP MySQL database connection string found. + OSVDB-3092: /test.php: This might be interesting... + 6544 items checked: 0 error(s) and 16 item(s) reported on remote host + End Time: 2014-01-10 00:48:23 (GMT5.5) (11 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
Wann Dir op eng aner Portnummer scannen wëllt, da füügt d'Optioun \-p [-port] derbäi. Zum Beispill wëll ech e Scan op IP 172.16.27.56 um TCP Hafen 443 maachen.
perl nikto.pl -h 172.16.27.56 -p 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 01:08:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Server leaks inodes via ETags, header found with file /, inode: 2817021, size: 5, mtime: 0x4d5123482b2e9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Server is using a wildcard certificate: '*.mid-day.com'
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6544 items checked: 0 error(s) and 8 item(s) reported on remote host
+ End Time: 2014-01-10 01:11:20 (GMT5.5) (174 seconds)
---------------------------------------------------------------------------
+ 1 host(s) testedDir kënnt och Hosten, Ports a Protokoller mat enger voller URL Syntax spezifizéieren, an et gëtt gescannt.
perl nikto.pl -h http://172.16.27.56:80
Dir kënnt och all Websäit scannen. Zum Beispill, hei hunn ech e Scan op google.com gemaach.
perl nikto.pl -h http://www.google.com
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 173.194.38.177 + Target Hostname: www.google.com + Target Port: 80 + Start Time: 2014-01-10 01:13:36 (GMT5.5) --------------------------------------------------------------------------- + Server: gws + Cookie PREF created without the httponly flag + Cookie NID created without the httponly flag + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN + Uncommon header 'x-xss-protection' found, with contents: 1; mode=block + Uncommon header 'alternate-protocol' found, with contents: 80:quic + Root page / redirects to: http://www.google.co.in/?gws_rd=cr&ei=xIrOUomsCoXBrAee34DwCQ + Server banner has changed from 'gws' to 'sffe' which may suggest a WAF, load balancer or proxy is in place + Uncommon header 'x-content-type-options' found, with contents: nosniff + No CGI Directories found (use '-C all' to force check all possible dirs) + File/dir '/groups/' in robots.txt returned a non-forbidden or redirect HTTP code (302) ….
Deen uewe genannte Kommando wäert eng Rëtsch http Ufroen ausféieren (dh méi wéi 2000 Tester) um Webserver.
Dir kënnt och verschidde Ports Scannen an der selwechter Sessioun maachen. Fir e puer Ports op dem selwechte Host ze scannen, füügt d'Optioun -p [-port] derbäi a spezifizéiert d'Lëscht vun den Ports. Häfen kënnen als Gamme definéiert ginn (dh 80-443), oder als Komma getrennt (dh 80.443). Zum Beispill, ech wëll e Ports scannen 80 an 443 op den Host 172.16.27.56.
perl nikto.pl -h 172.16.27.56 -p 80,443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ No web server found on cmsstage.mid-day.com:88
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2014-01-10 20:38:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.3
+ The anti-clickjacking X-Frame-Options header is not present.
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 20:38:36 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ All CGI directories 'found', use '-C none' to test none
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
.....Loosst eis soen datt e System wou Nikto leeft nëmmen Zougang zum Zilhost iwwer en HTTP Proxy huet, den Test kann nach ëmmer op zwou verschidde Weeër gemaach ginn. Ee benotzt nikto.conf Datei an eng aner Manéier ass direkt vun der Kommandozeil ze lafen.
Open nikto.conf Datei mat engem Kommandozeil Editor.
vi nikto.conf
Sich no der Variabel PROXY an decommentéiert den '#' vum Ufank vun de Linnen wéi gewisen. Füügt dann de Proxy Host, Port, Proxy Benotzer a Passwuert derbäi. Späichert an zou der Datei.
# Proxy settings -- still must be enabled by -useproxy PROXYHOST=172.16.16.37 PROXYPORT=8080 PROXYUSER=pg PROXYPASS=pg
Elo, ausféieren den Nikto mat der -useproxy Optioun. Notéiert w.e.g. datt all Verbindungen iwwer den HTTP Proxy weidergeleet ginn.
[email nikto-2.1.5]# perl nikto.pl -h localhost -p 80 -useproxy
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:28:29 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Fir den Nikto direkt vun der Kommandozeil auszeféieren mat der -useproxy Optioun andeems Dir de Proxy als Argument setzt.
[email nikto-2.1.5]# perl nikto.pl -h localhost -useproxy http://172.16.16.37:8080/
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:34:51 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Dir kënnt Nikto automatesch op déi lescht Plugins an Datenbanken aktualiséieren, einfach de Kommando -update ausféieren.
perl nikto.pl -update
Wann nei Aktualiséierunge verfügbar sinn, gesitt Dir eng Lëscht vun den neien erofgeluedene Updates.
+ Retrieving 'nikto_report_csv.plugin' + Retrieving 'nikto_headers.plugin' + Retrieving 'nikto_cookies.plugin' + Retrieving 'db_tests' + Retrieving 'db_parked_strings' + Retrieving 'CHANGES.txt' + CIRT.net message: Please submit Nikto bugs to http://trac2.assembla.com/Nikto_2/report/2
Dir kënnt och Nikto Plugins an Datenbanken manuell eroflueden an aktualiséieren vum http://cirt.net/nikto/UPDATES/.
Referenz Linken
Nikto Homepage