Nikto - Rashin Lafiyar Aikace-aikacen Yanar Gizo da CGI Scanner don Sabar Yanar Gizo
Nikto Web Scanner wani abu ne mai kyau don samun kayan aiki don kowane arsenal na mai gudanarwa na Linux. Yana da buɗaɗɗen na'urar daukar hotan takardu ta yanar gizo da aka saki a ƙarƙashin lasisin GPL, wanda ake amfani da shi don yin cikakkun gwaje-gwaje akan sabar gidan yanar gizo don abubuwa da yawa gami da sama da fayiloli 6500 masu haɗari/CGI.
Chris Solo da David Lodge ne suka rubuta shi don ƙima mai rauni, yana bincika tsoffin juzu'ai sama da sabar gidan yanar gizo 1250 da takamaiman matsalolin sigar 270. Hakanan yana dubawa da bayar da rahoto don tsoffin software na sabar yanar gizo da plugins.
Siffofin Nikto Web Scanner
- Tallafawa SSL
- Yana goyan bayan cikakken wakili na HTTP
- Yana goyan bayan rubutu, HTML, XML da CSV don adana rahotanni.
- Duba mashigai da yawa
- Za a iya bincika sabar sabar da yawa ta hanyar ɗaukar bayanai daga fayiloli kamar fitarwar nmap
- Goyi bayan IDS LibWhisker
- Mai ikon iya gano shigar software tare da kai, fayiloli, da favicons
- Logs don Metasploits
- Rahoto don masu kai “sabon”.
- Apache da cgiwrap mai amfani
- Gantatar da runduna tare da Basic da NTLM
- Ana iya dakatar da bincike ta atomatik a ƙayyadadden lokaci.
Nikto Bukatun
Tsarin tare da ainihin Perl, Perl Modules, shigarwar OpenSSL yakamata ya ba Nikto damar aiki. An gwada shi sosai akan Windows, Mac OSX da Unix/Linux daban-daban rarraba kamar Red Hat, Debian, Ubuntu, BackTrack, da sauransu.
Shigar da Nikto Web Scanner akan Linux
Yawancin tsarin Linux na yau suna zuwa tare da shigar da Perl, Perl Modules, da fakitin OpenSSL. Idan ba a haɗa su ba, zaku iya shigar da su ta amfani da tsohuwar tsarin sarrafa fakitin utility mai suna yum ko apt-get.
yum install perl perl-Net-SSLeay openssl
apt-get install perl openssl libnet-ssleay-perl
Na gaba, rufe sabbin fayilolin tushen tushen Nikto daga wurin ajiyar Github, matsa zuwa Nikto/shirye-shirye/ directory kuma gudanar da shi ta amfani da perl:
$ git clone https://github.com/sullo/nikto.git $ cd nikto/programs $ perl nikto.pl -h
Option host requires an argument
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
Note: This is the short help output. Use -H for full help text.
Mai watsa shiri na buƙatar hujja yana bayyana a sarari cewa ba mu haɗa da sigogin da ake buƙata ba yayin yin gwaji. Don haka, muna buƙatar ƙara mahimman ma'aunin mahimmanci don yin gwajin gwaji.
Ainihin sikanin yana buƙatar mai watsa shiri wanda kuke son yin niyya, ta tsohuwa yana bincika tashar jiragen ruwa 80 idan ba a bayyana komai ba. Mai watsa shiri na iya zama sunan mai masauki ko adireshin IP na tsarin. Kuna iya ƙayyade mai watsa shiri ta amfani da zaɓin \-h.
Misali, Ina so in yi scanning akan IP 172.16.27.56 akan tashar TCP 80.
perl nikto.pl -h 172.16.27.56
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 80 + Start Time: 2014-01-10 00:48:12 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Retrieved x-powered-by header: PHP/5.3.3 + The anti-clickjacking X-Frame-Options header is not present. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 5956160, size: 24, mtime: 0x4d4865a054e32 + File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 1 entry which should be manually viewed. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. + Multiple index files found: index.php, index.htm, index.html + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3092: /test.html: This might be interesting... + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /icons/README: Apache default file found. + /connect.php?path=http://cirt.net/rfiinc.txt?: Potential PHP MySQL database connection string found. + OSVDB-3092: /test.php: This might be interesting... + 6544 items checked: 0 error(s) and 16 item(s) reported on remote host + End Time: 2014-01-10 00:48:23 (GMT5.5) (11 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
Idan kuna son yin scan akan lambar tashar jiragen ruwa daban, to, ku ƙara zaɓin \-p [-port]. Misali, ina son yin scan akan IP 172.16.27.56 akan tashar TCP 443.
perl nikto.pl -h 172.16.27.56 -p 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 01:08:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Server leaks inodes via ETags, header found with file /, inode: 2817021, size: 5, mtime: 0x4d5123482b2e9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Server is using a wildcard certificate: '*.mid-day.com'
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6544 items checked: 0 error(s) and 8 item(s) reported on remote host
+ End Time: 2014-01-10 01:11:20 (GMT5.5) (174 seconds)
---------------------------------------------------------------------------
+ 1 host(s) testedHakanan zaka iya ƙayyade runduna, tashar jiragen ruwa da ka'idoji ta amfani da cikakken haɗin URL, kuma za a bincika.
perl nikto.pl -h http://172.16.27.56:80
Hakanan zaka iya bincika kowane gidan yanar gizo. Misali, anan na yi scanning akan google.com.
perl nikto.pl -h http://www.google.com
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 173.194.38.177 + Target Hostname: www.google.com + Target Port: 80 + Start Time: 2014-01-10 01:13:36 (GMT5.5) --------------------------------------------------------------------------- + Server: gws + Cookie PREF created without the httponly flag + Cookie NID created without the httponly flag + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN + Uncommon header 'x-xss-protection' found, with contents: 1; mode=block + Uncommon header 'alternate-protocol' found, with contents: 80:quic + Root page / redirects to: http://www.google.co.in/?gws_rd=cr&ei=xIrOUomsCoXBrAee34DwCQ + Server banner has changed from 'gws' to 'sffe' which may suggest a WAF, load balancer or proxy is in place + Uncommon header 'x-content-type-options' found, with contents: nosniff + No CGI Directories found (use '-C all' to force check all possible dirs) + File/dir '/groups/' in robots.txt returned a non-forbidden or redirect HTTP code (302) ….
Umurnin da ke sama zai yi gungun buƙatun http (watau fiye da gwaje-gwaje 2000) akan sabar gidan yanar gizo.
Hakanan zaka iya yin binciken tashoshin jiragen ruwa da yawa a cikin zama ɗaya. Don duba tashoshin jiragen ruwa da yawa akan mai masaukin baki ɗaya, ƙara zaɓin -p [-port] kuma saka jerin tashoshin jiragen ruwa. Ana iya bayyana tashoshin jiragen ruwa azaman kewayo (watau 80-443), ko azaman waƙafi (watau 80,443). Misali, Ina so in duba tashar jiragen ruwa 80 da 443 akan mai watsa shiri 172.16.27.56.
perl nikto.pl -h 172.16.27.56 -p 80,443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ No web server found on cmsstage.mid-day.com:88
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2014-01-10 20:38:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.3
+ The anti-clickjacking X-Frame-Options header is not present.
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 20:38:36 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ All CGI directories 'found', use '-C none' to test none
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
.....Bari mu ce tsarin da Nikto ke gudana kawai yana da damar yin amfani da mai watsa shiri ta hanyar wakili na HTTP, har yanzu ana iya yin gwajin ta amfani da hanyoyi daban-daban guda biyu. Ɗayan yana amfani da fayil na nikto.conf kuma wata hanya ita ce ta gudana kai tsaye daga layin umarni.
Buɗe fayil ɗin nikto.conf ta amfani da kowane editan layin umarni.
vi nikto.conf
Nemo madaidaicin “PROXY” kuma ba da amsa da ‘#’ daga farkon layin kamar yadda aka nuna. Sannan ƙara mai watsa shiri, tashar jiragen ruwa, mai amfani da wakili da kalmar wucewa. Ajiye kuma rufe fayil ɗin.
# Proxy settings -- still must be enabled by -useproxy PROXYHOST=172.16.16.37 PROXYPORT=8080 PROXYUSER=pg PROXYPASS=pg
Yanzu, aiwatar da Nikto ta amfani da zaɓin -useproxy. Da fatan za a lura cewa duk hanyoyin haɗin gwiwa za a ba da su ta hanyar wakili na HTTP.
[email nikto-2.1.5]# perl nikto.pl -h localhost -p 80 -useproxy
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:28:29 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Don gudanar da Nikto kai tsaye daga layin umarni ta amfani da zaɓin -useproxy ta hanyar saita wakili azaman hujja.
[email nikto-2.1.5]# perl nikto.pl -h localhost -useproxy http://172.16.16.37:8080/
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:34:51 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Kuna iya sabunta Nikto zuwa sabbin plugins da bayanan bayanai ta atomatik, kawai gudanar da umarnin -update.
perl nikto.pl -update
Idan ana samun sabbin sabuntawa, zaku ga jerin sabbin abubuwan da aka sauke.
+ Retrieving 'nikto_report_csv.plugin' + Retrieving 'nikto_headers.plugin' + Retrieving 'nikto_cookies.plugin' + Retrieving 'db_tests' + Retrieving 'db_parked_strings' + Retrieving 'CHANGES.txt' + CIRT.net message: Please submit Nikto bugs to http://trac2.assembla.com/Nikto_2/report/2
Hakanan zaka iya saukewa da sabunta Nikto plugins da bayanan bayanai daga http://cirt.net/nikto/UPDATES/.
Rubutun Magana
Nikto Homepage