Nikto Script
‫مقدمة‬
‫ من افظل السكربتات المختصه في فحص المواقع من الثغرات‬Perl ‫ مبرمج بلعة‬nikto ‫سكربت‬
nikto_cookies.plugin,db_404_strings,db_content_search,db_tests ‫حيث ان السكربت يعتمد على عدة اظافات ومنها‬
‫وا مايميز هاذا السكربت امكانية تحديثه للحصول على احدث الثغرات‬
www.cirt.net/nikto2 ‫لتحميل السكربت‬
nikto ‫خصائص‬
Option host requires an argument
­config+ Use this config file ­Cgidirs+ scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi­a/"
­dbcheck check database and other key files for syntax errors
­Display+ Turn on/off display outputs
­evasion+ ids evasion technique
­Format+ save file (­o) format
­host+ target host
­Help Extended help information
­id+ Host authentication to use, format is id:pass or id:pass:realm
­list­plugins List all available plugins
­mutate+ Guess additional file names
­mutate­options+ Provide extra information for mutations
­output+ Write output to this file
­nocache Disables the URI cache
­nossl Disables using SSL
­no404 Disables 404 checks
­port+ Port to use (default 80)
­Plugins+ List of plugins to run (default: ALL)
­root+ Prepend root value to all requests, format is /directory
­ssl Force ssl mode on port
­Single Single request mode
­timeout+ Timeout (default 2 seconds)
­Tuning+ Scan tuning
­update Update databases and plugins from CIRT.net
­vhost+ Virtual host (for Host header)
­Version Print plugin and database versions
+ requires a value
Note: This is the short help output. Use ­H for full help.
‫خصائصه كثيرة فا من الممكن استخدام بروكسي او فحص ملف معين او مجلد معين‬
‫لو اردنا فحص قحص موقع با ابسط طريقة‬
perl nikto.pl ­host website.com
‫وهاكذا راح يفحص الموقع بشكل كامل بنا على الظافات الموجوده في السكربت‬
‫لو اردنا ان نحدث هذة الظافات‬
perl nikto.pl ­update
‫لو اردنا فحص سكربت‬
perl nikto.pl ­host website.com ­root /wordpress
‫على سبيل ان السكربت المراد فحصه هو ورد برس‬
‫لو اردنا حفص موقع با بورت معين‬
perl nikto.pl -host website.com -port 80
‫لو اردنا حفظ تقرير بشكل مرتب‬
perl nikto.pl -host website.com -outpot repor.html -Format html
‫وا خيرات كثيرة اتركها لك تكتشفها‬
nikto ‫مثال لفحص سيرفر في سكربت‬
root@masnoor-K52F:/home/masnoor/nikto# perl nikto.pl -host 000a.biz -output report.html -Format html
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.4
--------------------------------------------------------------------------+ Target IP:
209.190.61.24
+ Target Hostname: 000a.biz
+ Target Port:
80
+ Start Time:
2011-06-16 16:59:30
--------------------------------------------------------------------------+ Server: Apache
+ Server banner has changed from Apache to squid/2.7.STABLE9, this may suggest a WAF or load balancer is in place
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail
access should be restricted as much as possible or a more secure solution found.
+ /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ Retrieved x-powered-by header: PHP/5.2.17
+ /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows
username enumeration via the user parameter.
+ OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via
web
+ OSVDB-3092: /cgi-sys/mchat.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: /forum/: This might be interesting...
+ OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
+ OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
+ 6456 items checked: 1 error(s) and 13 item(s) reported on remote host
+ End Time:
2011-06-16 18:37:43 (5893 seconds)
---------------------------------------------------------------------------
perl nikto.pl -host 000a.biz -output report.html -Format html
000a.biz ‫السيرفر المراد فحصه‬
repot.html ‫ويتم بعد الفحص حفظ التقرير با اسم‬
html ‫ويتم حفظه بصيغة‬
+ Server: Apache
+ Server banner has changed from Apache to squid/2.7.STABLE9, this may suggest a WAF or load balancer is in place
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail
access should be restricted as much as possible or a more secure solution found.
+ /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ Retrieved x-powered-by header: PHP/5.2.17
+ /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows
username enumeration via the user parameter.
+ OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via
web
+ OSVDB-3092: /cgi-sys/mchat.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: /forum/: This might be interesting...
+ OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
+ OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
6456 items checked: 1 error(s) and 13 item(s) reported on remote host
•
‫وهاذة جميع ما كشف السكربت من اخطأ وثغرات > ليسى با الشرط ان تكون صحيحه‬
‫ما يميز ايض ا ً هاذا السكربت با انه يزودك با المراجع وا المقالت عن بعظ الثغرات التي يكشفها‬
•
‫وا سوفا نجد التقرير با نفس مجلد السكربت با الشكل هاذا‬
‫•‬
‫•‬
‫•‬
‫•‬
‫)‪2011-06-16 18:37:43 (5893 seconds‬‬
‫‪+ End Time:‬‬
‫•‬
‫•‬
‫وهنا وقت انتها الفحص‬
‫وا اخيرا ً شكرا ً لكم‬