Nikto是一款强大的Web应用安全性扫描工具,能够帮助用户发现网站中存在的各种安全隐患,如漏洞、配置错误等。本文介绍了如何下载安装Nikto,并提供了详细的命令行参数说明,帮助读者更好地利用该工具进行安全评估。
nikto
nikto是一款扫描指定主机的web类型,主机名。特定目录,cookie,特定cgi漏洞,xss漏洞,sql漏洞,返回主机允许的http方法等安全问题的工具。
1.下载nikto
2.下载pl解读环境activeperl,如果是文件包格式要自己设置perl.exe环境变量
http://www.activestate.com/store/download.aspx?prdGUID=81fbce82-6bd5-49bc-a915-08d58c2648ca
3.设置nikto.pl环境变量。
在path中设置
4.使用示例
在命令行中输入命令,输出结果文档,示例中为output.html文档
nikto.pl-h x.x.x.x -p 80,8080 -o report.log。指定ip、端口、输出文件。
nikto.pl-h www.baidu.com-F html -ooutput.html
5.常用参数
| -ask+ | yes | each |
|
| no | do not ask|send |
|
| auto | do not ask but send |
| -Cgidirs+ | scan these CGI dirs | none|all|/cgi//cgi-a |
| -Display+ | 1 | show redirects 重定向 |
|
| 2 | show cookies received |
|
| 3 | show all 200/OK response |
|
| 4 | show URLs which require authentication |
|
| D | Debug output |
|
| E | Display all HTTP errors |
|
| P | Print progress to STDOUT |
|
| S | Scrub output of IPs and hostnames清理IP和主机名的输出 |
|
| V | Verbose output详细输出 |
| -dbcheck | Check database and key files for syntax errors | 好像只能检查本地数据库 |
| -evasion+ | 使用LibWhisker中对IDS的躲避技术
1 |
Random URI encoding<non-UTF8> |
|
| 2 | Directory self-refer</./> 自选择路径(/./) |
|
| 3 | Premature URL string 虚假的请求结束 |
|
| 4 | Prepend long random string |
|
| 5 | Fake parameter 参数隐藏 |
|
| 6 | TAB as request spacer 使用TAB作为命令的分隔符 |
|
| 7 | Change the case of the URL 大小写敏感 |
|
| 8 | Use Windows directory separator<\> 使用Windows路径分隔符\替换/ |
|
| A | Use a carriage return <0X0d>as a request spacer 会话重组 |
|
| B | Use binary value 0X0b as a request spacer |
| -Format+ | csv |
|
|
| json |
|
|
| HTML |
|
|
| nbe | Nessus NBE format |
|
| sql | Generic SQL |
|
| txt | Plain text |
|
| xml | xml Format |
| -Help | Extended help information |
|
| -host+ | Target host | 10.84.62.238 |
| -404code | Ignore these HTTP codes as negative response<always> | Format is ;"301,302" |
| -id+ | Host authentication to use. ID和密码对于授权的HTTP认证 | format is id:pass or id:pass:realm |
| -key+ | Client certification key file |
|
| -list-plugins | List all available plugins,perform no testing |
|
| -maxtime+ | Maximum testing time per host<e.g.,1h,60m,3600s> |
|
| -mutate+ 变化猜测技术
| 1 | Test all files with all root directories 使用所有的root目录测试所有文件 |
|
| 2 | Guess for password file names 猜测密码文件名字 |
|
| 3 | Enumerate user names via Apache </~user type requests> 列举Apache的用户名字(/~user) |
|
| 4 | Enumerate user names via cgiwrap</cgi-bin/cgiwrap/~user typr requests> 列举cgiwrap的用户名字(/cgi-bin/cgiwrap/~user) |
|
| 5 | Attempt to brute force sub-domain names ,asume that the host name is the parent domain |
|
| 6 | Attempt to guess directory names form the supplied dictionary file |
| -mutate-options | Provide information for mutates |
|
| -nointeractive | Disables interactive features | 禁用交互功能 |
| -nolookup | Disables DNS lookups | 禁用DNS查找 |
| -nossl | Disables nikto attempting to guess a 404 page | 禁止nikto尝试猜测404页面 |
| -Option | Over-ride an option in niketo.conf,can be issued multiple times | 在niketo.conf中重载一个选项,可以多次发出 |
| -output+ | Write output to this file<',' for auto-name> | 将输出写入此文件<','用于自动名称> |
| -Pause+ | Pause between tests<seconds,integer or float> |
|
| -Plugins+ | List of plugins to run <default:ALL> |
|
| -port+ | Port to use<default 80> | -port 80,8080,443 |
| -RSAcert+ | Client certificate file |
|
| -root+ | Prepend root value to all requests,format is/directory | 设定所有请求的根目录,格式为/directory |
| -Save | Save positive responses to this directory<'.' for auto-name> |
|
| -ssl | Force ssl mode on port | 端口强制ssl模式 |
| -Tuning+ | 1 | Interesting File/Seen in logs 日志文件 |
|
| 2 | Misconfigurator/Default File 默认的文件 |
|
| 3 | Information Disclosure 信息泄漏 |
|
| 4 | Injection<XSS/Script/HTML> 注射(XSS/Script/HTML) |
|
| 5 | Remote File Retrieval - Server Wide 远程文件检索(Web 目录中) |
|
| 6 | Denial of Service 拒绝服务 |
|
| 7 | Remote File Execution/Remote Shell 远程文件检索(服务器) |
|
| 8 | 代码执行-远程shell |
|
| 9 | SQL Injection |
|
| 0 | File Upload |
|
| a | Authentication Bypass 认证绕过 |
|
| b | Software Identification 软件关联 |
|
| c | Remote Source Inclusion |
|
| d | WebService |
|
| e | Administrative Console
|
|
| x | Reverse Turning Options<i.e.,include all expect specified> 反向连接选项 |
| -timeout+ | Timeout for requests<default 10 seconds> |
|
| -Userdbs | all | Load only user databases,not the standrad databases |
|
| tests | Disable only db_tests and udb_tests |
| -useragent | Over-rides the default useragent |
|
| -until | Run until the specified time or duration |
|
| -update | Update databases and plugins from CIRT.net |
|
| -useproxy | Use the proxy defined in niko.conf, or argument http://server:port |
|
| -Version | Print plugins and database version |
|
| -vhost+ | Virtual host<for Host header>+ requires a value |
|
扫一扫
3171
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
