Security Scan Tool Nikto simple to use

Security Scan Tool Nikto introduction to simple use

Nikto is an open source (GPL) Web server scanner that provides a comprehensive range of scanning of Web servers with more than 3300 potentially dangerous file/cgis, over 625 server versions, and over 230 specific server issues. Scan items and plug-ins can be updated automatically (if needed). Complete its underlying functionality based on Whisker/libwhisker.

Site
Https://cirt.net/Nikto2

GitHub source
Https://github.com/sullo/nikto

User manual
Https://cirt.net/nikto2-docs

Docker Speed Installation

The official said that before installing the program to install Perl, Perl Modules, OpenSSL, libwhisker or other dependencies, the most troublesome for users is the installation environment depends on, and recently has been trying to deploy a variety of Docker public services, Be decisive to see if there is a ready-made environment on Docker.

# Docker Search Niktoname DESCRIPTION STARS official Automa TEDK0ST/alpine-nikto Nikto Web Scanner on Alpine (size: ~ -MB)2[Ok]kenney/nikto Image with nikto-2.1.5That is useful for...2Activeshadow/nikto0[Ok]infoslack/nikto0[Ok]adamoss/nikto this was nikto with SSL support forX860Awilson/hydra-nikto Built on Ubuntu Trusty, have Thc-hydra and ...0 

Pick the Kenney/nikto, pull the mirror on the machine with the Docker.

Docker pull kenney/Niktodocker Inspect Kenney/nikto

The boot command that found the image was bash, stating that it was a scripted image instead of a service-type image.

        " ENV " : [            "path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ,             " files=nikto-2.1.5 "         ],         " CMD " : [            "bash"        ],

This image actually provides the environment and the installed script, the user has to do is to direct the execution of the command passed, the following simple example, specify the host and port for the default scan

Docker run--rm -t kenney/nikto:latest nikto-h www. 163 443

The – RM here means that the cleanup container is executed, so there will be no logs or anything left on the host.

Wait a while to see the result output

# Docker Run--RM-T kenney/nikto:latest nikto-h www.163. com-p443-Nikto v2.1.5---------------------------------------------------------------------------+ Target IP:122.228.237.158+ Target hostname:www.163. com+ Target Port:443---------------------------------------------------------------------------+ SSL info:subject:/c=cn/o=sinorail Ce Rtification AUTHORITY/OU=\X94\XC1\X8D\XEF[\XA2B7G\X0DR\XA1N-_\XC3/CN=KYFW.12306. CN Ciphers:ecdhe-rsa-aes256-gcm-SHA384 Issuer:/c=cn/o=sinorail Certification authority/cn=Srca+ Start Time: -- One- on  the: +: -(GMT0)---------------------------------------------------------------------------+ server:cdn Cache Server V2.0+ The anti-clickjacking x-frame-The Options header is not present.+ Uncommon Header'X-via'Found, with contents:1.0CZDX90: the(Cdn Cache Server V2.0),1.0Wenzhoudianxin53:Ten(Cdn Cache Server V2.0)+ No CGI directories found (use'- C All'To force check all possible dirs)+"robots.txt"Retrieved but it does no contain any'Disallow'Entries (whichis odd).+ Hostname'www.163.com'does not match certificate's CN'KYFW.12306. cn'+/kboard/: Kboard Forum0.3.0And prior have a security probleminchforum_edit_post.php, forum_post.php and forum_reply.php+/lists/admin/: Phplist Pre2.6.4Contains a number of vulnerabilities including remote administrative access, harvesting userInfoand More. DefaultLoginTo admin interface is admin/phplist+/ssdefs/: Siteseed Pre1.4.2Fa='Major'security problems.+/sshome/: Siteseed Pre1.4.2Fa='Major'security problems.+/tiki/tiki-Install. Php:tiki1.7.2And previous allowed restricted Wiki pages to Bes viewed via a'URL Trick'. DefaultLogin/pass could be admin/admin

Simple command Description

Nikto Scan the most basic is the need for host destination IP, host port. The default scan is 80 ports. Scan host Destination IP address can use option-H (Host), specify the port can use option-p (port). As shown below:

　　Perl 192.168. 0.1 443

Nikto can also scan multiple ports at the same time, using the option-p (port), you can scan a range (for example: 80-90), or you can scan multiple ports (such as: 80,88,90). Scan the host's 80/88/443 port below as follows:

192.168. 0.1 443 ,

If the host running Nikto is using HTTP proxy to access the Internet, you can also use the proxy to scan, using the option-U (useproxy). The following will be scanned by HTTP proxy,

Nikto upgrades can be updated by downloading plugins and databases from the http://updates.cirt.net/Web site, or by updating plugins and databases with-update commands:

Perl nikto.pl –update

Nikto Option Description:

• -cgidirs

  Scan the CGI directory.

• -config

  Replaces the locally installed Config.txt file with the specified config file

• -dbcheck

  Select the scan database for syntax errors.

• -evasion

You can use the following types of evasion techniques for IDs in Libwhisker:

1. Random URL encoding (non-UTF-8 mode)

2. Self-select path (/./)

3. End of False request

4. Long URL Requests

5. Parameter hiding

6. Use tab as the delimiter for the command

7. Case sensitive

8. Use the Windows path delimiter \ replace/

9. Session Reorganization

• -findonly

  Only used to discover HTTP and HTTPS ports without executing detection rules

• -format

  Specifies the format of the test report output file, which defaults to the TXT file format (csv/txt/htm)

• -host

  Destination host, host name, IP address, host list file.

• -id

  ID and password for authorized HTTP authentication. Format: Id:password

• -mutate

  Change guessing technology

  1. Use all root directories to test all files

  2. Guess the password file name

  3. Enumerate the Apache user names (/~user)

  4. List the user name of Cgiwrap (/cgi-bin/cgiwrap/~user)

• -nolookup

  Do not perform host name lookups

• -output

  Report output specified location

• -port

  The scan port specifies that the default is 80 ports.

• -pause

  Delay time between each operation

• -display

  Control the display of the Nikto output

  1. Direct display of information

  2. Information displayed for cookies

  3. Show the reaction of all 200/ok

  4. URLs that display authentication requests

  5.Debug output

• -ssl

  Forcing SSL mode on the port

• -single

  Performs a single request operation on the target service.

• -timeout

  Time-out for each request, default is 10 seconds

• -tuning

  The Tuning option controls Nikto use different ways to scan the target.

  0. File Upload

  1. log files

  2. The default file

  3. Information disclosure

  4. Injection (xss/script/html)

  5. Remote file retrieval (in Web directory)

  6. Denial of Service

  7. Remote file Retrieval (server)

  8. Code Execution-Remote shell

  9.SQL Injection

  A. Authentication bypass

  B. Software Association

  G. Attributes (do not depend on Lazy banner information)

  X. Reverse connection options

• -useproxy

  Scan with the specified agent

• -update

  Updating plugins and databases

View Results

Mount the local directory to the container and output the results to that directory so that we can get the results after the run is finished

Docker run-v/home/root/data/:/root--rm -T kenney/nikto:latest nikto-h c.163 443-o/root/re Sult.html-f htm

View the host directory when you are finished running

ls -8drwxr24096 Nov  1: Log 1 3825 Nov  1: result.html

The results are as follows

Security Scan Tool Nikto simple to use