Using Nikto to detect the technology used in a website

Nikto is an open source (GPL) Web server scanner that can perform a full range of scanning of Web servers with more than 3300 potentially dangerous file/cgis, over 625 server versions, and over 230 specific server issues, including a variety of potentially dangerous files, CGI and other problems, it can scan the specified host Web type, host name, specific directory, COOKIE, specific CGI vulnerability, return to host allowed HTTP mode, and so on. This is a great tool, Nikto is one of the necessary web audit tools for network management security personnel.

Of course, it can also be used to detect what technology the target site is using.

Nikto the latest version is 2.1.5, Official Download website: Http://www.cirt.net/nikto2

Nikto is a Perl-based program, so you need a Perl environment. Nikto supports Windows (using the ActivePerl environment), MACOSX, multiple Linux or UNIX systems. Used under the Windows platform, need to use the ActivePerl environment, ActivePerl can download the official website, downloaded address: Http://www.activestate.com/activeperl

I use Linux here, I bring Perl, so the download can be used directly in the decompression.

wget https://cirt.net/nikto/nikto-2.1.5.tar.gztar-zxvf nikto-2.1.5.tar.gzcd Nikto-2.1.5perl./nikto.pl-h  Www.baidu.com[[email protected] nikto-2.1.5]# perl./nikto.pl-h www.baidu.com-* * * * SSL support not available (see Docs for SSL install) *****-Nikto v2.1.5--------------------------------------------------------------------------- + target ip:115.239.210.27+ target hostname:www.baidu.com+ target port:80+ Start time:2015- 02-20 18:25:34 (GMT8)---------------------------------------------------------------------------+ server:bws/1.1+ Cookie Baiduid created without the HttpOnly flag+ cookie Baidupsid created without the HttpOnly flag+ cookie Bdsvrtm creat Ed without the HttpOnly flag+ the anti-clickjacking x-frame-options header is not present.+ Uncommon header ' Bduserid ' fou nd, with contents:0+ uncommon headers ' bdqid ' found, with contents:0xfc103f47000ce711+ uncommon header ' Bdpagetype ' found , with contents:1+ Server banner have changed from 'bws/1.1 ' to ' Apache ' which may suggest a waf,load balancer or proxy are in place+ No CGI directories found (use '-C all ' to Force check all possible dirs) + Server leaks inodes via etags, header found with File/robots.txt, fields:0x91e 0x50b02d b060c00+ file/dir '/shifen/' in robots.txt returned a Non-forbidden or redirect HTTP code ($) + file/dir '/' in ROBOTS.TX T returned a Non-forbidden or redirect HTTP code (+) + "Robots.txt" contains 103 entries which should be manually viewed. + Multiple index files found:index.php, index.htm, index.html+ Osvdb-5737:weblogic may reveal its internal IP or Hostnam E in the location header. The value is ' http://www.baidu.com/search/error.html '. + OSVDB-3092:/home/: This might be interesting...+ OSVDB-3092:/TW /: This might be interesting ... potential country code (TAIWAN) + 6544 items checked:28 error (s) and the item (s) reported O N Remote host+ End time:2015-02-20 18:26:12 (GMT8) (seconds)---------------------------------------------------------------------------+ 1 Host (s) tested 

In some versions of Linux,-bash may appear:./nikto.pl:permission denied error prompts, you can try using the following command:

Nikto-h www.baidu.com./nikto.pl-h Www.baidu.comperl./nikto.pl-h www.baidu.com

Here are some of the parameter settings for Nikto:

-C (config): replaces the locally installed Config.txt file with the specified config file. -C (Cgidirs): Scans the CGI directory containing the specified content. The contained content is specified after-C. such as-c/cgi/. -D (Display): Turns the default output on or off.       Output Options: 1 Display redirect 2 show access to cookie Information 3 Show all 200/OK responses 4 display request authentication for URLs D debug output V Redundant output-dbcheck: Check the syntax errors of the database and other important files.       -E (evasion): Using the evasion technology of IDs in Libwhisker, you can use the following types: 1 random URL encoding (non-UTF-8 mode) 2 self-select path (/./) 3 prematurely ended URL 4 priority long random string 5 parameter Spoofing 6 use tab as the delimiter for the command 7 use the changed URL 8 using the Windows path delimiter "\"-F (Find only): Search only for HTTP or HTTPS ports and do not perform a full scan. -F (format): Specifies the format of the detection report output file, which defaults to the TXT file format (can be HTM, csv, txt, or XML format)-H (host): Specifies the target host, which can be an IP or domain name. -H: Displays help information. -I (ID): For host authentication, the format is: Userid:password-m (mutate): Guess more filenames: 1 Detect all files under the root directory 2 guess the password file name 3 via Apache (/~ User request type) enumerates username 4 through Cgiwrap (/cgi-bin/cgiwrap/~user request type) enumeration user name-N (nolookup): Do not perform host name lookups. -O (Output): Outputs to the specified file-p (port): Specifies the port to use, which defaults to 80. -P (Pause): The delay time between each operation. -R (Root): gives priority to root for all requests in the format:/directory name-S (SSL): Enforce SSL mode on port-S (single): RealThe request pattern for a single target is row. -T (Timeout): Timeout time, default is 2 seconds.       -T (Tuning): Control Nikto use different ways to scan targets 0 check file upload page 1 Check Web log 2 Check for error configuration or default file 3 Check for information disclosure issues       4 Check xss/script/html issues 5 remote file retrieval, check for accessible files from root 6 check for denial of service Issues 7 remote file retrieval, retrieving from any file for accessible files 8 Code Execution-Remote shell, check for system command execution Vulnerability 9 Check SQL injection vulnerability A check authentication bypass issue b identify installed software version C check source code Leak problem x Reverse Link option-u (useproxy): Use the proxy defined in Config.txt. -update: Upgrade the database and plugins from the cirt.net. -V (Version): Displays the release information for the plug-in and database. -V (vhost): Virtual host (for host header).

Some use:

• Nikto.pl-h 10.100.100.10 #扫描主机10.100.100.10 on the 80 port of the web
• Nikto.pl-h 10.100.100.10-p 443-s-G #扫描主机10.100.100.10 port 443 enforces the use of SSL mode??? -G
• Nikto.pl-h 10.100.100.10-p 80-90 Scan host 10.100.100.10 port 80-90, Nikto automatically determines whether it is HTTP or HTTPS
• Nikto.pl-h 10.100.100.10-p 80,443,8000,8080 Scan host 10.100.100.10 port 80 443 8000 8080
• Nikto.pl-h 10.100.100.10-p 80-e 167-e 167 using IDs circumvention technology 1 6 7

Using Nikto to detect the technology used in a website