Home > Uncategorized > Usando o Nikto webserver scanner

Usando o Nikto webserver scanner

O Nikto é web server scanner escrito em perl usado para detectar vulnerabilidades em servidores web. Ele é muito simples de ser usado e atualizado gerando relatórios em txt,html e csv.

Baixando o Nikto

wget -c http://www.cirt.net/nikto/nikto-current.tar.gz

Não é necessário fazer a instalação do mesmo pois ele é um script perl.

Help do Nikto

-Cgidirs+ scan these CGI dirs: ‘none’, ‘all’, or values like “/cgi/ /cgi-a/”
-dbcheck check database and other key files for syntax errors (cannot be abbreviated)
-evasion+ ids evasion technique
-Format+ save file (-o) format
-host+ target host
-Help Extended help information
-id+ host authentication to use, format is userid:password
-mutate+ Guess additional file names
-output+ write output to this file
-port+ port to use (default 80)
-Display+ turn on/off display outputs
-ssl force ssl mode on port
-Single Single request mode
-timeout+ timeout (default 2 seconds)
-Tuning+ scan tuning
-update update databases and plugins from cirt.net (cannot be abbreviated)
-Version print plugin and database versions
-vhost+ virtual host (for Host header)
+ requires a value

Atualizando os plugins

./nikto.pl -update

Usando o Nikto

./nikto.pl -C all -host 200.128.X.X -o vitima.txt

– C all – Força a checagem de todos os diretórios em busca de cgi
– host – Ip da vitima
-o – Gera um arquivo de relatório

Relatório gerado

– Nikto 2.02/2.03 – cirt.net
+ Target IP: 200.128.X.X
+ Target Hostname: Vitima
+ Target Port: 80
+ Start Time: 2008-02-23 23:39:34
—————————————————————————
+ Server: Apache/2.0.54 (Win32) PHP/5.1.4
– Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP method (‘Allow’ Header): ‘TRACE’ is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ Apache/2.0.54 appears to be outdated (current is at least Apache/2.2.6). Apache 1.3.39 and 2.0.61 are also current.
+ PHP/5.1.4 appears to be outdated (current is at least 5.2.5)
+ OSVDB-0: GET /………………/config.sys : PWS allows files to be read by prepending multiple ‘.’ characters. At worst, IIS, not PWS, should be used.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3233: GET /index.html.var : Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-6659: GET /h2vP3F1siX65X0gGCoedXf11K8PpZSTPQP599a3I4u0TTqw1nGlL616opBSyM7IxVsF3TVoyZtpH59PqXNhFuRiEw4wGseD97ZeeLbLfvLoQcijFLIvNLslTZt3nd687RcPNpahPUA2FAPgiuADL5939Ic4es2fwarKmkKfW2XJrkRrQtPaOMYZnPCGDzZ7pw8xJ8b56GiWdh2nxFw5GE8z6TOgSWfJDEFACED<!–//– : MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version.
+ 17457 items checked: 11 item(s) reported on remote host
+ End Time: 2008-02-24 0:32:00 (3192 seconds)
—————————————————————————
+ 1 host(s) tested

Esse e outros artigos podem ser encontrados na Wiki do Time de Segurança

creysson

Categories: Uncategorized Tags: , , , ,
  1. 03/15/2013 at 8:53 PM

    Hi there! Would you mind if I share your blog with my facebook group?
    There’s a lot of people that I think would really appreciate your content. Please let me know. Thank you

  2. 04/20/2013 at 7:23 PM

    Hi! I know this is somewhat off topic but I was wondering which blog platform are you using
    for this website? I’m getting fed up of WordPress because I’ve had issues with hackers and I’m looking at options for another platform. I would be great if you could point me in the direction of a good platform.

  3. 04/24/2013 at 1:52 AM

    I’m really enjoying the design and layout of your site. It’s a
    very easy on the eyes which makes it much more enjoyable for
    me to come here and visit more often. Did you
    hire out a designer to create your theme? Great work!

  4. 04/25/2013 at 4:46 AM

    Nice write up. I study something similar here at Virginia
    Tech. It’s definitively exciting to know material from other people and observe a little bit from their source. If it’s okay, I’d seriously appreciate it if I re-post use some of the articles on your blog. And of course, I’ll put up a link
    to your site at wordpress.com on my own blog. Kudos
    for sharing.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s