Target drone: metasploitable
Shooting range: DVWA "default account/Password: Admin/password"
#新手先将DVWA的安全性, to the lowest, can be easily detected vulnerability
Reconnaissance "reduce interaction with target systems"
HTTrack: Download a Web-downloadable page to your computer and check for local "Kali installation"
# #可到此网站获取代理: hidemyass.com "free agent should be careful"
#基于WEB的扫描工具, there are basically two scanning modes supported. Agent truncation mode, active scan mode
Manual Scan: A problem found on the page as a user action, but there may be omissions
Automatic scanning: Dictionary-based, improved speed, but with false positives and triggering warnings
Nikto is a powerful web scanning evaluation software developed by the Perl language that can be scanned for multiple security projects on a Web server.
1. Software version
2, search for security hidden files "such as: some Web maintenance personnel after the backup, the legacy of the compressed package, if downloaded, then get the site source code"
3. Server configuration Vulnerability "component may have default configuration"
4, WEB application level of security hidden trouble "xss,sql injection, etc."
5. Avoid 404 miscalculation
• Many servers do not comply with RFC standards and return 200 response codes for non-existent objects
• According to the content of the response file, the different extension "JSP, cji" file 404 response content is different
• MD5 value After removal of time information
• Parameter:-no404 "no miscarriage of judgment, there may be a miscarriage"
Nikto-update #直接更新数据库, the manufacturer's website may be wall "the latest version of http://cirt.net/nikto/UPDATES/on this site can be downloaded"
Nikto-host 192.168.1.1.109-port 80,443 #可指定多个端口 "plus-output: Output results"
Nikto-host Host.txt #扫描多个IP
Nmap-p80 192.168.1.0/24-og-| nikto-host-#结合nmap to scan a host that has 80 ports open in a network segment
Nikto-host Https://www.baidu.com-useproxy http://localhost:8087 #使用代理
-vhost "+ domain name" #虚拟IP, differentiate website "Use background: one IP corresponds to multiple websites"
The interactivity parameter "is used during the scanning process"
Enter: report Current status
V: Details of the scan (path, results, etc.) #再按v就停止
D: Extremely detailed information, including transmission of the content #
E: Error message #
P: Show Progress #
R: Redirect #
A: Identity authentication
N: Next host (for multiple IPs)
Nikto profile "Most need to log in to the website for scanning"
-id+ #使用http身份认证 "But now very little"
Support for specified cookies
#修改useagent "Default configuration, easy to find by administrators"
useragent=mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; trident/5.0)
#抓包分析, get cookies
#修改cookie信息 "Get Nikto authenticated for further scanning"
-evasion: Using the evasion techniques of IDs in Libwhisker, you can use the following types
1, Random URL encoding (non-UTF-8 mode)
2. Optional path (/./)
3. URL to end prematurely
4. Take precedence over long random strings
5. Parameter spoofing
6. Use tab as the delimiter for the command
7. Use the changed URL
8. Use the Windows path delimiter "\"
Small white diary 28:kali Penetration Testing Web penetration-scanning Tool-nikto