[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (Fedora 36 x64_86)
2022-05-27Nikto - 維基百科,自由的百科全書
https://zh.wikipedia.org/wiki/Nikto
Nikto2 是 Web Server Scanner。
Nikto是一款開源的(GPL)網頁伺服器掃描器,它可以對網頁伺服器進行全面的多種掃描,包含超過3300種有潛在危險的文件/CGIs;超過625種伺服器版本;超過230種特定伺服器問題。掃描項和插件可以自動更新(如果需要)。基於Whisker/libwhisker完成其底層功能。這是一款非常棒的工具,但其軟體本身並不經常更新,最新和最危險的可能檢測不到。
官方網站
http://www.cirt.net/nikto2
Nikto 最新為 v2.1.6 版,釋出時間 2015-07-09。
[user1@fedora ~]$ sudo yum info nikto
Last metadata expiration check: 0:32:14 ago on Fri 27 May 2022 09:15:54 AM CST.
Available Packages
Name : nikto
Epoch : 1
Version : 2.1.6
Release : 10.fc36
Architecture : noarch
Size : 332 k
Source : nikto-2.1.6-10.fc36.src.rpm
Repository : fedora
Summary : Web server scanner
URL : https://www.cirt.net/Nikto2
License : GPLv2+ and Redistributable, no modification permitted
Description : Nikto is a web server scanner which performs comprehensive tests against web
: servers for multiple items, including over 3300 potentially dangerous
: files/CGIs, versions on over 625 servers, and version specific problems
: on over 230 servers. Scan items and plugins are frequently updated and
: can be automatically updated (if desired).
[user1@fedora ~]$
|
安裝
[user1@fedora ~]$ sudo yum install -y nikto
Last metadata expiration check: 0:32:48 ago on Fri 27 May 2022 09:15:54 AM CST.
Dependencies resolved.
============================================================================================================
Package Architecture Version Repository Size
============================================================================================================
Installing:
nikto noarch 1:2.1.6-10.fc36 fedora 332 k
Installing dependencies:
nmap x86_64 3:7.92-1.fc36 fedora 5.5 M
perl-JSON-PP noarch 1:4.07-2.fc36 fedora 66 k
perl-Math-BigInt noarch 1:1.9998.30-1.fc36 updates 199 k
perl-Math-BigRat noarch 0.2622-1.fc36 updates 41 k
perl-Math-Complex noarch 1.59-486.fc36 fedora 52 k
perl-Time-HiRes x86_64 4:1.9767-480.fc36 fedora 57 k
perl-bignum noarch 0.65-1.fc36 updates 50 k
perl-libwhisker2 noarch 2.5-33.fc36 fedora 88 k
Transaction Summary
============================================================================================================
Install 9 Packages
Total download size: 6.3 M
Installed size: 27 M
Downloading Packages:
(1/9): nikto-2.1.6-10.fc36.noarch.rpm 390 kB/s | 332 kB 00:00
(2/9): perl-JSON-PP-4.07-2.fc36.noarch.rpm 67 kB/s | 66 kB 00:00
(3/9): perl-Math-Complex-1.59-486.fc36.noarch.rpm 315 kB/s | 52 kB 00:00
(4/9): perl-Time-HiRes-1.9767-480.fc36.x86_64.rpm 298 kB/s | 57 kB 00:00
(5/9): perl-libwhisker2-2.5-33.fc36.noarch.rpm 397 kB/s | 88 kB 00:00
(6/9): perl-Math-BigRat-0.2622-1.fc36.noarch.rpm 262 kB/s | 41 kB 00:00
(7/9): perl-Math-BigInt-1.9998.30-1.fc36.noarch.rpm 711 kB/s | 199 kB 00:00
(8/9): perl-bignum-0.65-1.fc36.noarch.rpm 842 kB/s | 50 kB 00:00
(9/9): nmap-7.92-1.fc36.x86_64.rpm 1.4 MB/s | 5.5 MB 00:03
------------------------------------------------------------------------------------------------------------
Total 1.0 MB/s | 6.3 MB 00:06
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : perl-Math-Complex-1.59-486.fc36.noarch 1/9
Installing : perl-Math-BigInt-1:1.9998.30-1.fc36.noarch 2/9
Installing : perl-JSON-PP-1:4.07-2.fc36.noarch 3/9
Installing : perl-Math-BigRat-0.2622-1.fc36.noarch 4/9
Installing : perl-bignum-0.65-1.fc36.noarch 5/9
Installing : perl-libwhisker2-2.5-33.fc36.noarch 6/9
Installing : perl-Time-HiRes-4:1.9767-480.fc36.x86_64 7/9
Installing : nmap-3:7.92-1.fc36.x86_64 8/9
Installing : nikto-1:2.1.6-10.fc36.noarch 9/9
Running scriptlet: nikto-1:2.1.6-10.fc36.noarch 9/9
Verifying : nikto-1:2.1.6-10.fc36.noarch 1/9
Verifying : nmap-3:7.92-1.fc36.x86_64 2/9
Verifying : perl-JSON-PP-1:4.07-2.fc36.noarch 3/9
Verifying : perl-Math-Complex-1.59-486.fc36.noarch 4/9
Verifying : perl-Time-HiRes-4:1.9767-480.fc36.x86_64 5/9
Verifying : perl-libwhisker2-2.5-33.fc36.noarch 6/9
Verifying : perl-Math-BigInt-1:1.9998.30-1.fc36.noarch 7/9
Verifying : perl-Math-BigRat-0.2622-1.fc36.noarch 8/9
Verifying : perl-bignum-0.65-1.fc36.noarch 9/9
Installed:
nikto-1:2.1.6-10.fc36.noarch nmap-3:7.92-1.fc36.x86_64
perl-JSON-PP-1:4.07-2.fc36.noarch perl-Math-BigInt-1:1.9998.30-1.fc36.noarch
perl-Math-BigRat-0.2622-1.fc36.noarch perl-Math-Complex-1.59-486.fc36.noarch
perl-Time-HiRes-4:1.9767-480.fc36.x86_64 perl-bignum-0.65-1.fc36.noarch
perl-libwhisker2-2.5-33.fc36.noarch
Complete!
[user1@fedora ~]$
|
2.1.5版的nikto.pl,在2.1.6沒有看到了。
[user1@fedora bin]$ sudo find / -name nikto -print find: ‘/run/user/1000/doc’: Permission denied find: ‘/run/user/1000/gvfs’: Permission denied /etc/nikto /usr/bin/nikto /usr/share/doc/nikto /usr/share/licenses/nikto /usr/share/nikto [user1@fedora bin]$ |
參數說明
[user1@fedora ~]$ nikto -h
Option host requires an argument
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
Note: This is the short help output. Use -H for full help text.
[user1@fedora ~]$
|
測試一下自己這台 (-h 參數表示目的主機;某些版本測自己會出現 Permission denied,測別台才行。)
[user1@fedora ~]$ nikto -h 192.168.128.130
- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.128.130
+ Target Hostname: 192.168.128.130
+ Target Port: 80
+ Start Time: 2022-05-27 09:54:31 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.4.53 (Fedora Linux)
+ Server leaks inodes via ETags, header found with file /, fields: 0x211a 0x5db4c92a77a00
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 5896 requests: 0 error(s) and 9 item(s) reported on remote host
+ End Time: 2022-05-27 09:54:42 (GMT8) (11 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's headers (Apache/2.4.53) are not in
the Nikto database or are newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)? n
[user1@fedora ~]$
|
參考
[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (Fedora 36 x64_86)
https://shaurong.blogspot.com/2022/05/nikto2-v216-web-server-scanner-fedora.html
[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 7.0 x64_86)
http://shaurong.blogspot.tw/2014/08/nikto2-v215-centos-70-x6486.html
[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 6.3 x86)
http://shaurong.blogspot.tw/2012/12/nikto2-v215-centos-63-x86.html
[研究] Nikto2 v2.1.4 安裝與使用 (Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20385
[研究] Nikto2 v2.1.4 Web Scanner 安裝與使用 (CentOS 6.0 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?p=63655
沒有留言:
張貼留言