بررسی Nikto

Nikto یک ابزار جهت اسکن های امنیتی بر روی وب سرورها است . این ابزار دارای تست های متنوع با قابلیت انتخاب چند ایتم در پروسه تست نفوذ است . این ابزار قابلیت شناسایی بیش از ۶۰۰۰ تحدید بالقوه را دارا می باشد . این ابزار دارای خاصیت ضد سیستم های تشخیص نفوذ نیز می باشد .

برنامه نویس و سازنده : Chris Sullo

زبان برنامه نویسی : Perl

لایسنس : GPL

وب سایت : https://github.com/sullo/nikto

اطلاعات و دستورات Nikto :

   Options:
       -ask+               Whether to ask about submitting updates
                               yes   Ask about each (default)
                               no    Don't ask, don't send
                               auto  Don't ask, just send
       -Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
       -config+            Use this config file
       -Display+           Turn on/off display outputs:
                               1     Show redirects
                               2     Show cookies received
                               3     Show all 200/OK responses
                               4     Show URLs which require authentication
                               D     Debug output
                               E     Display all HTTP errors
                               P     Print progress to STDOUT
                               S     Scrub output of IPs and hostnames
                               V     Verbose output
       -dbcheck           Check database and other key files for syntax errors
       -evasion+          Encoding technique:
                               1     Random URI encoding (non-UTF8)
                               2     Directory self-reference (/./)
                               3     Premature URL ending
                               4     Prepend long random string
                               5     Fake parameter
                               6     TAB as request spacer
                               7     Change the case of the URL
                               8     Use Windows directory separator (\)
                               A     Use a carriage return (0x0d) as a request spacer
                               B     Use binary value 0x0b as a request spacer
        -Format+           Save file (-o) format:
                               csv   Comma-separated-value
                               htm   HTML Format
                               msf+  Log to Metasploit
                               nbe   Nessus NBE format
                               txt   Plain text
                               xml   XML Format
                               (if not specified the format will be taken from the file extension passed to -output)
       -Help              Extended help information
       -host+             Target host
       -IgnoreCode        Ignore Codes--treat as negative responses
       -id+               Host authentication to use, format is id:pass or id:pass:realm
       -key+              Client certificate key file
       -list-plugins      List all available plugins, perform no testing
       -maxtime+          Maximum testing time per host
       -mutate+           Guess additional file names:
                               1     Test all files with all root directories
                               2     Guess for password file names
                               3     Enumerate user names via Apache (/~user type requests)
                               4     Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
                               5     Attempt to brute force sub-domain names, assume that the host name is the parent domain
                               6     Attempt to guess directory names from the supplied dictionary file
       -mutate-options    Provide information for mutates
       -nointeractive     Disables interactive features
       -nolookup          Disables DNS lookups
       -nossl             Disables the use of SSL
       -no404             Disables nikto attempting to guess a 404 page
       -output+           Write output to this file ('.' for auto-name)
       -Pause+            Pause between tests (seconds, integer or float)
       -Plugins+          List of plugins to run (default: ALL)
       -port+             Port to use (default 80)
       -RSAcert+          Client certificate file
       -root+             Prepend root value to all requests, format is /directory
       -Save              Save positive responses to this directory ('.' for auto-name)
       -ssl               Force ssl mode on port
       -Tuning+           Scan tuning:
                               1     Interesting File / Seen in logs
                               2     Misconfiguration / Default File
                               3     Information Disclosure
                               4     Injection (XSS/Script/HTML)
                               5     Remote File Retrieval - Inside Web Root
                               6     Denial of Service
                               7     Remote File Retrieval - Server Wide
                               8     Command Execution / Remote Shell
                               9     SQL Injection
                               0     File Upload
                               a     Authentication Bypass
                               b     Software Identification
                               c     Remote Source Inclusion
                               x     Reverse Tuning Options (i.e., include all except specified)
       -timeout+          Timeout for requests (default 10 seconds)
       -Userdbs           Load only user databases, not the standard databases
                               all   Disable standard dbs and load only user dbs
                               tests Disable only db_tests and load udb_tests
       -until             Run until the specified time or duration
       -update            Update databases and plugins from CIRT.net
       -useproxy          Use the proxy defined in nikto.conf
       -Version           Print plugin and database versions
       -vhost+            Virtual host (for Host header)
              + requires a value

Options:

-ask+ Whether to ask about submitting updates

yes Ask about each (default)

no Don't ask, don't send

auto Don't ask, just send

-Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"

-config+ Use this config file

-Display+ Turn on/off display outputs:

1 Show redirects

2 Show cookies received

3 Show all 200/OK responses

4 Show URLs which require authentication

D Debug output

E Display all HTTP errors

P Print progress to STDOUT

S Scrub output of IPs and hostnames

V Verbose output

-dbcheck Check database and other key files for syntax errors

-evasion+ Encoding technique:

1 Random URI encoding (non-UTF8)

2 Directory self-reference (/./)

3 Premature URL ending

4 Prepend long random string

5 Fake parameter

6 TAB as request spacer

7 Change the case of the URL

8 Use Windows directory separator (\)

A Use a carriage return (0x0d) as a request spacer

B Use binary value 0x0b as a request spacer

-Format+ Save file (-o) format:

csv Comma-separated-value

htm HTML Format

msf+ Log to Metasploit

nbe Nessus NBE format

txt Plain text

xml XML Format

(if not specified the format will be taken from the file extension passed to -output)

-Help Extended help information

-host+ Target host

-IgnoreCode Ignore Codes--treat as negative responses

-id+ Host authentication to use, format is id:pass or id:pass:realm

-key+ Client certificate key file

-list-plugins List all available plugins, perform no testing

-maxtime+ Maximum testing time per host

-mutate+ Guess additional file names:

1 Test all files with all root directories

2 Guess for password file names

3 Enumerate user names via Apache (/~user type requests)

4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)

5 Attempt to brute force sub-domain names, assume that the host name is the parent domain

6 Attempt to guess directory names from the supplied dictionary file

-mutate-options Provide information for mutates

-nointeractive Disables interactive features

-nolookup Disables DNS lookups

-nossl Disables the use of SSL

-no404 Disables nikto attempting to guess a 404 page

-output+ Write output to this file ('.' for auto-name)

-Pause+ Pause between tests (seconds, integer or float)

-Plugins+ List of plugins to run (default: ALL)

-port+ Port to use (default 80)

-RSAcert+ Client certificate file

-root+ Prepend root value to all requests, format is /directory

-Save Save positive responses to this directory ('.' for auto-name)

-ssl Force ssl mode on port

-Tuning+ Scan tuning:

1 Interesting File / Seen in logs

2 Misconfiguration / Default File

3 Information Disclosure

4 Injection (XSS/Script/HTML)

5 Remote File Retrieval - Inside Web Root

6 Denial of Service

7 Remote File Retrieval - Server Wide

8 Command Execution / Remote Shell

9 SQL Injection

0 File Upload

a Authentication Bypass

b Software Identification

c Remote Source Inclusion

x Reverse Tuning Options (i.e., include all except specified)

-timeout+ Timeout for requests (default 10 seconds)

-Userdbs Load only user databases, not the standard databases

all Disable standard dbs and load only user dbs

tests Disable only db_tests and load udb_tests

-until Run until the specified time or duration

-update Update databases and plugins from CIRT.net

-useproxy Use the proxy defined in nikto.conf

-Version Print plugin and database versions

-vhost+ Virtual host (for Host header)

+ requires a value

امتیاز به قابلیت های Nikto

72%

انعطاف

84%

سرعت

57%

تخریب

71%

کارایی

امتیاز دهی فوق به صورت کلی می باشد . امتیازهای داده شده به این ابزار بر اساس استانداردهای امنیتی تیم ابدال می باشد . میزان درصد کارایی ، نشان دهنده عملکرد مطلوب این ابزار در محیط عملیاتی و واقعی است .

درباره نویسنده

ابراهیم شفیعی

از همون ابتدای ورودم به دانشگاه متوجه شدم به مباحث امنیتی علاقه زیادی دارم و بهتر می تونم فعالیت کنم لذا تحقیق و بررسی تخصصی رو توی این زمینه شروع کردم و به صورت تمام وقت شبانه روز مطالعه داشتم تا حدی که دانشگاه رو رها کردم و چند سال روی مباحث ویژه تمرکز کردم ، در حال حاضر با یه شروع خوب و حرف های زیاد واسه گفتن در خدمت شما هستیم .

پست های مرتبط