2012年12月15日 星期六

[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 6.3 x86)



[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 6.3 x86)
2012-12-15
盧紹榮

Nikto2 是 Web Server Scanner

官方網站
http://www.cirt.net/nikto2

安裝
wget  http://www.cirt.net/nikto/nikto-current.tar.gz
tar  zxvf  nikto-current.tar.gz
cd  nikto-2.1.5

請從這台去攻擊受測主機

測試 (-h 參數表示目的主機)
[root@localhost nikto-2.1.5]# ./nikto.pl -h 192.168.128.102
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          192.168.128.102
+ Target Hostname:    192.168.128.102
+ Target Port:        80
+ Start Time:         2012-11-22 06:34:30 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Server leaks inodes via ETags, header found with file /, inode: 786755, size: 5, mtime: 0x4cf07d649d419
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6544 items checked: 0 error(s) and 7 item(s) reported on remote host
+ End Time:           2012-11-22 06:35:29 (GMT8) (59 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
[root@localhost nikto-2.1.5]#

PS : VM 時間忘了修正,所以日期很舊

(完)

參考

[研究] Nikto2 v2.1.4 安裝與使用 (Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20385

[研究] Nikto2 v2.1.4 Web Scanner 安裝與使用 (CentOS 6.0 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?p=63655

沒有留言:

張貼留言