1, Nikto2
Introduction: Nikto2 is a multi-platform scanning software written in Perl and isa command-line mode tool that scans the Web type of a specified hosthost name, specific directory, Cookie, specific CGI vulnerability, XSS vulnerability, SQLinject vulnerabilities, return security issues such as HTTP methods allowed by the host.
Location:/pentest/web/nikto
usage 1:./nikto.pl-h host IP or domain name-o scan results
usage 2:./nikto.pl-h host IP or domain name-p 80,8080
usage 3:./nikto.pl-h host IP or domain-t scan type code
usage 4:./nikto.pl-h host IP or domain name-C-T#扫描所有类型
"Scan type code":
0-Check File upload page
1-Check the Web log for suspicious files or attacks
2-Check the error configuration or default file
3-Check for information disclosure issues
4-Check for injection (xss/script/html) issues
5-Remote File index (retrieves from the internal root whether there are unauthorized accessiblefiles)
6-Check for denial of service issues
7-Remote File index (retrieves from any location whether there are files that are not authorized to be accessed)
8-Check for system command execution vulnerability
9-Check SQL injection
A- Check the authentication bypass problem
B-Identify installed software versions, etc.
C-Check source code disclosure issues
x-Reverse connection option