De acordo com as Leis 12.965/2014 e 13.709/2018, que regulam o uso da Internet e o tratamento de dados pessoais no Brasil, ao me inscrever na newsletter do portal DICAS-L, autorizo o envio de notificações por e-mail ou outros meios e declaro estar ciente e concordar com seus Termos de Uso e Política de Privacidade.

Usando o Nikto webserver scanner

Colaboração: Alexandro Silva

Data de Publicação: 29 de fevereiro de 2008

O Nikto é web server scanner escrito em perl usado para detectar vulnerabilidades em servidores web. Ele é muito simples de ser usado e atualizado gerando relatórios em txt,html e csv.

Baixando o Nikto

  wget -c http://www.cirt.net/nikto/nikto-current.tar.gz

Não é necessário fazer a instalação do mesmo pois ele é um script perl.

Help do Nikto

-Cgidirs+ scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi-a/"
-dbcheck check database and other key files for syntax errors (cannot be abbreviated)
-evasion+ ids evasion technique
-Format+ save file (-o) format
-host+ target host
-Help Extended help information
-id+ host authentication to use, format is userid:password
-mutate+ Guess additional file names
-output+ write output to this file
-port+ port to use (default 80)
-Display+ turn on/off display outputs
-ssl force ssl mode on port
-Single Single request mode
-timeout+ timeout (default 2 seconds)
-Tuning+ scan tuning
-update update databases and plugins from cirt.net (cannot be abbreviated)
-Version print plugin and database versions
-vhost+ virtual host (for Host header)
+ requires a value

Atualizando os plugins

  ./nikto.pl -update

Usando o Nikto

  ./nikto.pl -C all -host 200.128.X.X -o vitima.txt
  • C all - Força a checagem de todos os diretórios em busca de cgi
  • host - Ip da vitima -o - Gera um arquivo de relatório

    ==Relatório gerado==
      - Nikto 2.02/2.03     -     cirt.net
      + Target IP:       200.128.X.X
      + Target Hostname: Vitima
      + Target Port:     80
      + Start Time:      2008-02-23 23:39:34
      
      + Server: Apache/2.0.54 (Win32) PHP/5.1.4
      - Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
      + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
      + Apache/2.0.54 appears to be outdated (current is at least Apache/2.2.6). Apache 1.3.39 and 2.0.61 are also current.
      + PHP/5.1.4 appears to be outdated (current is at least 5.2.5)
      + OSVDB-0: GET /................../config.sys : PWS allows files to be read by prepending multiple '.' characters.  At worst, IIS, not PWS, should be used.
      + OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
      + OSVDB-3092: GET /manual/ : Web server manual found.
      + OSVDB-3233: GET /index.html.var : Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
      + OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
      + OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
      + OSVDB-6659: GET /h2vP3F1siX65X0gGCoedXf11K8PpZSTPQP599a3I4u0TTqw1nGlL616opBSyM7IxVsF3TVoyZtpH59PqXNhFuRiEw4wGseD97ZeeLbLfvLoQcijFLIvNLslTZt3nd687RcPNpahPUA2FAPgiuADL5939Ic4es2fwarKmkKfW2XJrkRrQtPaOMYZnPCGDzZ7pw8xJ8b56GiWdh2nxFw5GE8z6TOgSWfJ< font>DEFACED&lt;!--//-- : MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version.
      + 17457 items checked: 11 item(s) reported on remote host
      + End Time:        2008-02-24 0:32:00 (3192 seconds)
      
      + 1 host(s) tested
      <!--more-->
    

Adicionar comentário

* Campos obrigatórios
5000
Powered by Commentics

Comentários

Nenhum comentário ainda. Seja o primeiro!


Veja a relação completa dos artigos de Alexandro Silva