Nikto
Introduction
Nikto is an Open Source (GPL) web server
scanner which performs comprehensive tests against web servers for multiple
items, including over 6400 potentially dangerous files/CGIs, checks for
outdated versions of over 1200 servers, and version specific problems on over
270 servers. It also checks for server configuration items such as the presence
of multiple index files, HTTP server options, and will attempt to identify
installed web servers and software. Scan items and plugins are frequently
updated and can be automatically updated.
Nikto is not designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.
Nikto is written by Chris
Sullo and David Lodge.
Features
of Nikto
Here are some of the major features of Nikto. See
the documentation for a full list of features and how to use them.
·
SSL Support (Unix with OpenSSL or maybe Windows
with ActiveState's
·
Perl/NetSSL)
·
Full HTTP proxy support
·
Checks for outdated server components
·
Save reports in plain text, XML, HTML, NBE or CSV
·
Template engine to easily customize reports
·
Scan multiple ports on a server, or multiple servers
via input file (including nmap output)
·
LibWhisker's IDS evasion techniques
·
Easily updates via command line
·
Identifies installed software via headers,
favicons and files
·
Host authentication with Basic and NTLM
·
Subdomain guessing
·
Apache and cgiwrap username enumeration
·
Mutation techniques to "fish" for
content on web servers
·
Scan tuning to include or exclude entire classes
of vulnerability
·
checks
·
Guess credentials for authorization realms
(including many default id/pw combos)
·
Authorization guessing handles any directory, not
just the root
·
directory
·
Enhanced false positive reduction via multiple
methods: headers,
·
page content, and content hashing
·
A "single" scan mode that allows you to
craft an HTTP request by
·
hand
·
Reports "unusual" headers seen
·
Interactive status, pause and changes to
verbosity settings
·
Logging to Metasploit
·
Thorough documentation
Download nikto:
wget http://www.cirt.net/nikto/nikto-current.tar.gz
Installation Procedure
tar zxvf nikto-current.tar.gz
Nikto Help:
[root@localhost nikto]# ./nikto.pl -h
Option host requires an argument
-Cgidirs+ scan these CGI dirs: ‘none’, ‘all’, or values like "/cgi/ /cgi-a/"
-dbcheck check database and other key files for syntax errors (cannot be abbreviated)
-evasion+ ids evasion technique
-Format+ save file (-o) format
-host+ target host
-Help Extended help information
-id+ host authentication to use, format is userid:password
-mutate+ Guess additional file names
-output+ write output to this file
-port+ port to use (default 80)
-Display+ turn on/off display outputs
-ssl force ssl mode on port
-Single Single request mode
-timeout+ timeout (default 2 seconds)
-Tuning+ scan tuning
-update update databases and plugins from cirt.net (cannot be abbreviated)
-Version print plugin and database versions
-vhost+ virtual host (for Host header)
+ requires a value
Example:
1. Basic Testing
The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.0.1 on TCP port 80:
perl nikto.pl -h 192.168.1.10
To check on a different port, specify the port number with the -p (-port) option. This will scan the IP 192.168.0.1 on TCP port 443:
perl nikto.pl -h 192.168.1.10 -p 443
Hosts, ports and protocols may also be specified by using a full URL syntax, and it will be scanned:
perl nikto.pl -h https://192.168.1.10:443/
There is no need to specify that port 443 may be SSL, as Nikto will first test regular HTTP and if that fails, HTTPS. If you are sure it is an SSL server, specifying -s (-ssl) will speed up the test.
perl nikto.pl -h 192.168.1.10 -p 443 –ssl
2. Multiple Port Testing
Nikto can scan multiple ports in the same scanning session. To test more than one port on the same host, specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list, (i.e., 80,88,90). This will scan the host on ports 80, 88 and 443.
perl nikto.pl -h 192.168.1.10 -p 80,88,443
3. Multiple Host Testing
Nikto support scanning multiple hosts in the same session via a text file of host names or IPs. Instead of giving a host name or IP for the -h (-host) option, a file name can be given. A file of hosts must be formatted as one host per line, with the port number(s) at the end of each line. Ports can be separated from the host and other ports via a colon or a comma. If no port is specified, port 80 is assumed.
This is an example of a valid hosts file:
192.168.1.1:80
192.168.1.2,80
192.168.1.3
192.168.1.10,80,443
192.168.1.10:80:443
localhost:8888
4. Using a Proxy
If the machine running Nikto only has access to the target host (or update server) via an HTTP proxy, the test can still be performed. Set the PROXY* variables (as described in section 4), then execute Nikto with the -u (-useproxy) command. All connections will be relayed through the HTTP proxy specified in the configuration file.
perl nikto.pl -h 192.168.1.10 -p 80 –u
5. Updating
Nikto can be automatically updated, assuming you have Internet connectivity from the host Nikto is installed on. To update to the latest plugins and databases, simply run Nikto with the -update command.
perl nikto.pl -update
Note:
The -update option cannot be abbreviated.
If updates are required, you will see a list of the files downloaded:
perl nikto.pl –update
+ Retrieving ‘nikto_core.plugin’
+ Retrieving ‘CHANGES.txt’
Updates may also be manually downloaded from http://www.cirt.net/
Nikto Documentation
0 comments:
Post a Comment