Nikto - Web serwerleri üçin web programmasynyň gowşaklygy we CGI skaneri
Nikto Web Scanner, islendik Linux administratorynyň arsenaly üçin gural bolmagy başga bir gowy zat. GPL ygtyýarnamasy boýunça çykarylan açyk çeşme web skaneri, web serwerlerinde köp sanly zat üçin 6500-den gowrak howply faýl/CGI-ler üçin giňişleýin synaglary geçirmek üçin ulanylýar.
Kris Solo we Deýwid Lodge tarapyndan gowşaklygy bahalandyrmak üçin ýazylan, 1250-den gowrak web serweriniň köne wersiýalaryny we 270-dan gowrak wersiýa aýratyn meselelerini barlaýar. Şeýle hem köne web serwer programma üpjünçiligi we pluginleri gözden geçirýär we hasabat berýär.
Nikto web skaneriniň aýratynlyklary
- SSL-i goldaýar
- Doly HTTP proksi goldaýar
- Hasabatlary ýatda saklamak üçin tekst, HTML, XML we CSV goldaýar.
- Birnäçe porty gözden geçiriň
- nmap çykyşy ýaly faýllardan giriş alyp, birnäçe serwerde skanirläp bilersiňiz
- LibWhisker IDS-i goldaň
- Gurnalan programma üpjünçiligini sözbaşylar, faýllar we favikonlar bilen kesgitlemek üçin ýeterlikdir
- Metasploits üçin ýazgylar
- Adaty däl sözbaşylar üçin hasabatlar.
- Apache we cgiwrap ulanyjy sanamak
- Basic we NTLM bilen öý eýelerini tassyklaň
- Skanerleri belli bir wagtda awtomatik duruzyp bolýar.
Nikto talaplary
Esasy Perl, Perl modullary, OpenSSL gurnama ulgamy Nikto işlemäge mümkinçilik bermeli. Windows, Mac OSX we Red Hat, Debian, Ubuntu, BackTrack we ş.m. ýaly dürli Unix/Linux paýlamalarynda düýpli synag edildi.
Linux-da Nikto web skanerini gurmak
Häzirki zaman Linux ulgamlarynyň köpüsi öňünden gurlan Perl, Perl modullary we OpenSSL paketleri bilen gelýär. Goşulmasa, olary yum ýa-da apt-get atly deslapky ulgam paket dolandyryjysynyň kömegi bilen gurup bilersiňiz.
yum install perl perl-Net-SSLeay openssl
apt-get install perl openssl libnet-ssleay-perl
Ondan soň, Github ammaryndan iň soňky durnukly Nikto çeşme faýllaryny klonlaň, Nikto/programmalar/kataloglara geçiň we perl ulanyp işlediň:
$ git clone https://github.com/sullo/nikto.git $ cd nikto/programs $ perl nikto.pl -h
Option host requires an argument
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
Note: This is the short help output. Use -H for full help text.
\ Opsiýa öý eýesi argument talap edýär synag geçirilende zerur parametrleri öz içine almaýandygymyzy aýdyň görkezýär. Şonuň üçin synag işini geçirmek üçin esasy zerur parametr goşmalydyrys.
Esasy skaner, nyşana almak isleýän öý eýesini talap edýär, hiç zat görkezilmedik bolsa, 80-nji porty gözden geçirýär. Öý eýesi ýa-da host ady ýa-da ulgamyň IP adresi bolup biler.\- h opsiýasyny ulanyp, öý eýesini kesgitläp bilersiňiz.
Mysal üçin, TCP port 80-de IP 172.16.27.56-da skaner etmek isleýärin.
perl nikto.pl -h 172.16.27.56
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 80 + Start Time: 2014-01-10 00:48:12 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Retrieved x-powered-by header: PHP/5.3.3 + The anti-clickjacking X-Frame-Options header is not present. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 5956160, size: 24, mtime: 0x4d4865a054e32 + File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 1 entry which should be manually viewed. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. + Multiple index files found: index.php, index.htm, index.html + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3092: /test.html: This might be interesting... + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /icons/README: Apache default file found. + /connect.php?path=http://cirt.net/rfiinc.txt?: Potential PHP MySQL database connection string found. + OSVDB-3092: /test.php: This might be interesting... + 6544 items checked: 0 error(s) and 16 item(s) reported on remote host + End Time: 2014-01-10 00:48:23 (GMT5.5) (11 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
Başga port belgisini skanirlemek isleseňiz,\- p [-port] opsiýasyny goşuň. Mysal üçin, TCP port 443 portunda IP 172.16.27.56-da skaner etmek isleýärin.
perl nikto.pl -h 172.16.27.56 -p 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 01:08:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Server leaks inodes via ETags, header found with file /, inode: 2817021, size: 5, mtime: 0x4d5123482b2e9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Server is using a wildcard certificate: '*.mid-day.com'
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6544 items checked: 0 error(s) and 8 item(s) reported on remote host
+ End Time: 2014-01-10 01:11:20 (GMT5.5) (174 seconds)
---------------------------------------------------------------------------
+ 1 host(s) testedŞeýle hem, doly URL sintaksisini ulanyp, öý eýelerini, portlary we protokollary kesgitläp bilersiňiz, ol skanerden geçiriler.
perl nikto.pl -h http://172.16.27.56:80
Şeýle hem islendik web sahypasyny skanirläp bilersiňiz. Mysal üçin, bu ýerde google.com-da skaner etdim.
perl nikto.pl -h http://www.google.com
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 173.194.38.177 + Target Hostname: www.google.com + Target Port: 80 + Start Time: 2014-01-10 01:13:36 (GMT5.5) --------------------------------------------------------------------------- + Server: gws + Cookie PREF created without the httponly flag + Cookie NID created without the httponly flag + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN + Uncommon header 'x-xss-protection' found, with contents: 1; mode=block + Uncommon header 'alternate-protocol' found, with contents: 80:quic + Root page / redirects to: http://www.google.co.in/?gws_rd=cr&ei=xIrOUomsCoXBrAee34DwCQ + Server banner has changed from 'gws' to 'sffe' which may suggest a WAF, load balancer or proxy is in place + Uncommon header 'x-content-type-options' found, with contents: nosniff + No CGI Directories found (use '-C all' to force check all possible dirs) + File/dir '/groups/' in robots.txt returned a non-forbidden or redirect HTTP code (302) ….
Aboveokardaky buýruk web serwerinde bir topar http haýyşyny (ýagny 2000-den gowrak synag) ýerine ýetirer.
Şol bir sessiýada birnäçe porty skanirläp bilersiňiz. Bir hostda birnäçe porty skanirlemek üçin “-p” [-port] opsiýasyny goşuň we portlaryň sanawyny görkeziň. Portlar diapazon (meselem, 80-443) ýa-da bölünen vergi hökmünde kesgitlenip bilner (meselem, 80,443). Mysal üçin, 172.16.27.56 öý eýesindäki 80 we 443 portlary skanirlemek isleýärin.
perl nikto.pl -h 172.16.27.56 -p 80,443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ No web server found on cmsstage.mid-day.com:88
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2014-01-10 20:38:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.3
+ The anti-clickjacking X-Frame-Options header is not present.
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 20:38:36 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ All CGI directories 'found', use '-C none' to test none
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
.....Nikto işleýän ulgamyň diňe HTTP proksi arkaly maksatly hosta girip biljekdigini aýdalyň, synag henizem iki dürli usul bilen amala aşyrylyp bilner. Biri nikto.conf faýly ulanýar, başga bir ýol bolsa buýruk setirinden göni işlemek.
Islendik buýruk setiriniň redaktoryny ulanyp nikto.conf faýly açyň.
vi nikto.conf
Üýtgeýjini “PROXY” gözläň we görkezilişi ýaly setirleriň başyndan “#” çykaryň. Soňra proksi öý eýesini, porty, proksi ulanyjyny we paroly goşuň. Faýly ýazdyryň we ýapyň.
# Proxy settings -- still must be enabled by -useproxy PROXYHOST=172.16.16.37 PROXYPORT=8080 PROXYUSER=pg PROXYPASS=pg
Indi, “-useproxy” opsiýasyny ulanyp, Nikto ýerine ýetiriň. Connectionhli birikmeleriň HTTP proksi arkaly beriljekdigine üns bermegiňizi haýyş edýäris.
[email nikto-2.1.5]# perl nikto.pl -h localhost -p 80 -useproxy
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:28:29 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
“Nikto” -ny proksi argument hökmünde belläp, “-useproxy” opsiýasyny ulanyp, buýruk setirinden göni işletmek.
[email nikto-2.1.5]# perl nikto.pl -h localhost -useproxy http://172.16.16.37:8080/
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:34:51 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Nikto-ny iň soňky pluginlere we maglumat bazalaryna awtomatiki täzeläp bilersiňiz, diňe -update buýrugyny işledip bilersiňiz.
perl nikto.pl -update
Täze täzelenmeler bar bolsa, göçürilen täze täzelenmeleriň sanawyny görersiňiz.
+ Retrieving 'nikto_report_csv.plugin' + Retrieving 'nikto_headers.plugin' + Retrieving 'nikto_cookies.plugin' + Retrieving 'db_tests' + Retrieving 'db_parked_strings' + Retrieving 'CHANGES.txt' + CIRT.net message: Please submit Nikto bugs to http://trac2.assembla.com/Nikto_2/report/2
Şeýle hem, http://cirt.net/nikto/UPDATES/ salgysyndan Nikto plaginlerini we maglumat bazalaryny el bilen göçürip alyp we täzeläp bilersiňiz.
Salgylanma baglanyşyklary
Nikto Baş sahypa