?????蹤??nikto?????
???????????? ???????[ 2016/4/5 10:18:12 ] ????????????? ?????蹤??
???????
????Nikto?????????GPL???????????????????????????????????????????????裬????????3300???????Σ??????/CGIs??????625????????汾??????230?????????????????????????????????£???????????????Whisker/libwhisker??????????
???????
????https://cirt.net/Nikto2
????github???
????https://github.com/sullo/nikto
??????????
????https://cirt.net/nikto2-docs
????docker??????
?????????????????????Perl?? Perl Modules?? OpenSSL?? LibWhisker ???????????????????????????鷳??????????????????????????docker?????????????????????docker???????????????????
????# docker search nikto
????NAME DESCRIPTION STARS OFFICIAL AUTOMATED
????k0st/alpine-nikto Nikto web scanner on Alpine (size: ~50 MB) 2 [OK]
????kenney/nikto Image with nikto-2.1.5 that is useful for ... 2
????activeshadow/nikto 0 [OK]
????infoslack/nikto 0 [OK]
????adamoss/nikto this is nikto with ssl support for X86 0
????awilson/hydra-nikto Built on Ubuntu Trusty?? has THC-Hydra and ... 0
???????kenney/nikto????????????docker??????????????
????docker pull kenney/nikto
????docker inspect kenney/nikto
?????????????????????????bash??????????????????????????????????
????"Env": [
????"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"??
????"FILES=nikto-2.1.5"
????]??
????"Cmd": [
????"bash"
????]??
?????????????????????????????????????????????????????????????????????????????host??????????????
????docker run --rm -t kenney/nikto:latest nikto -h www.163.com -p 443
?????????–rm????????????????????????????????????????????????
??????????????????????
# docker run --rm -t kenney/nikto:latest nikto -h www.163.com -p 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 122.228.237.158
+ Target Hostname: www.163.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=CN/O=Sinorail Certification Authority/OU=x94xC1x8DxEF[xA2b7gx0DRxA1N-_xC3/CN=kyfw.12306.cn
Ciphers: ECDHE-RSA-AES256-GCM-SHA384
Issuer: /C=CN/O=Sinorail Certification Authority/CN=SRCA
+ Start Time: 2015-11-01 09:19:38 (GMT0)
---------------------------------------------------------------------------
+ Server: Cdn Cache Server V2.0
+ The anti-clickjacking X-Frame-Options header is not present.
+ Uncommon header 'x-via' found?? with contents: 1.0 czdx90:88 (Cdn Cache Server V2.0)?? 1.0 wenzhoudianxin53:10 (Cdn Cache Server V2.0)
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ "robots.txt" retrieved but it does not contain any 'disallow' entries (which is odd).
+ Hostname 'www.163.com' does not match certificate's CN 'kyfw.12306.cn'
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php?? forum_post.php and forum_reply.php
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access?? harvesting user info and more. Default login to admin interface is admin/phplist
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
?????????????
????Nikto????????????????????IP???????????????????80??????????????IP?????????????-h(host)?????????????????-p(port)???????????
????perl nikto.pl –h 192.168.0.1 –p 443
????Nikto??????????????????????-p(port)???????????η?Χ(???磺80-90)???????????????(???磺80??88??90)???????????????80/88/443?????????????
????Perl nikto.pl –h 192.168.0.1 –p 80??88??443
???????????Nikto???????????HTTP proxy?????????????????????????????裬??????-u(useproxy)?????潫???HTTP proxy????裬
????Nikto???????????????http://updates.cirt.net/????????????2?????????????????-update???????????2??????????????????
????Perl nikto.pl –update
????Nikto??????????
????-Cgidirs
???????CGI????
????-config
????????????config?????????????????config.txt???
????-dbcheck
??????????????????????
????-evasion
???????LibWhisker?ж?IDS??????????????????????????
????1. ???URL????(??UTF-8???)
????2. ?????·??(/./)
????3. ???????????
????4. ????URL????
????5. ????????
????6. ???TAB???????????
????7. ??Сд???
????8. ???Windows·???????滻/
????9. ??????
????-findonly
??????????????HTTP??HTTPS??????????м?????
????-Format
?????????????????????????????txt??????(csv/txt/htm)
????-host
?????????????????????IP??????????б??????
????-id
????ID??????????????HTTP??????????id:password
????-mutate
?????仯?2???
????1.??????е?root?????????????
????2.?2????????????
????3.?о?Apache?????????(/~user)
????4.?о?cgiwrap?????????(/cgi-bin/cgiwrap/~user)
????-nolookup
???????????????????
????-output
?????????????????
????-port
??????????????????80????
????-Pause
??????β?????????????
????-Display
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com