Nikto主页:

 

简介:

Nikto是一款开放源代码的、功能强大的WEB扫描评估软件,能对web服务器多种安全项目进行测试的扫描软件,能在230多种服务器上扫描出 2600多种有潜在危险的文件、CGI及其他问题,它可以扫描指定主机的WEB类型、主机名、特定目录、COOKIE、特定CGI漏洞、返回主机允许的 http模式等等。它也使用LibWhiske库,但通常比Whisker更新的更为频繁。

 

以下在10.46.170.167上部署测试:

 

  1. 下载最新版Nikto

  1. 安装Nikto

[root@gyfd ~]# tar jxvf nikto-2.1.5.tar.bz2

[root@gyfd ~]# mv nikto-2.1.5 /usr/local/

  1. 使用

(1). 基本测试

[root@gyfd ~]# cd /usr/local/nikto-2.1.5

----------------------------------------------------------------------------------------------------------------------------

[root@gyfd nikto-2.1.5]# perl nikto.pl -h 10.46.169.24 -p80 -output text.txt

说明:-h 指定被扫描的IP或者主机名

           -p 指定被扫描的端口,没有指定则默认80,可指定扫描范围或者多个端口

           -output 指定扫描结果保存文件。可保存的格式为text, CSV, HTML, XML, NBE等。

扫描结果:(会在终端中显示,同时保存到指定的文件中)

[root@gyfd nikto-2.1.5]# perl nikto.pl -h10.46.169.24 -p 80 -output text.txt               

- ***** SSL support not available (see docsfor SSL install) *****

- Nikto v2.1.5

---------------------------------------------------------------------------

+ Target IP:          10.46.169.24

+ Target Hostname:    10.46.169.24

+ Target Port:        80

+ Start Time:         2014-08-20 17:08:58 (GMT8)

---------------------------------------------------------------------------

+ Server: Apache

+ Uncommon header 'x-frame-options' found,with contents: SAMEORIGIN

+ No CGI Directories found (use '-C all' toforce check all possible dirs)

+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS

+ 6544 items checked: 0 error(s) and 2item(s) reported on remote host

+ End Time:           2014-08-20 17:09:15 (GMT8) (17seconds)

---------------------------------------------------------------------------

+ 1 host(s) tested

----------------------------------------------------------------------------------------------------------------------------

扫描https地址:

perl nikto.pl -h https://10.46.169.24:443/

 

perl nikto.pl -h 10.46.169.24 -p 443 -ssl

多端口扫描:

perl nikto.pl -h 10.46.169.24 -p 80,12580,12306

spacer.gif

主机扫描:

nmap -p80 192.168.0.0/24 -oG - | nikto.pl -h -

 

 

(2).Nikto的更新

[root@gyfd nikto-2.1.5]# perl nikto.pl -update

+ Retrieving 'nikto_report_csv.plugin'

+ Retrieving 'nikto_headers.plugin'

+ Retrieving 'nikto_cookies.plugin'

+ Retrieving 'db_tests'

+ Retrieving 'db_parked_strings'

+ Retrieving 'CHANGES.txt'

+ CIRT.net message: Please submit Niktobugs to

(3).Nikto的交互性

During an active scan, pressing any of thekeys below will turn on or off the listed feature or perform the listed action.Note that these are case sensitive.

·       SPACE - Report current scanstatus

·       v - Turn verbose mode on/off

·       d - Turn debug mode on/off

·       e - Turn error reporting on/off

·       p - Turn progress reportingon/off

·       r - Turn redirect display on/off

·       c - Turn cookie display on/off

·       o - Turn OK display on/off

·       a - Turn auth display on/off

·       q - Quit

·       N - Next host

·       P - Pause