kali下敏感目錄掃描工具Nikto使用
NIkto介紹(來自百度百科)
Nikto是一款開源的(GPL)網頁伺服器掃描器,它可以對網頁伺服器進行全面的多種掃描,包含超過3300種有潛在危險的檔案/CGIs;超過625種伺服器版本;超過230種特定伺服器問題。掃描項和外掛可以自動更新(如果需要)。基於Whisker/libwhisker完成其底層功能。這是一款非常棒的工具,但其軟體本身並不經常更新,最新和最危險的可能檢測不到。 Nikto的作者是Chris Sullo,他是開放安全基金會(Open Security Foundation) 的財務總監。簡單測試示範
攻擊機:192.168.68.140 (kali linux)
靶機:192.168.68.39 ( Metasploitable2-Linux)
使用Nikto 進行敏感目錄掃描
引數解析:-h/-host 指定域名或者IP
掃描過程如下:
[email protected]:~# nikto -h 192.168.68.139
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.68.139
+ Target Hostname: 192.168.68.139
+ Target Port: 80
+ Start Time: 2017-11-29 16:04:46 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>: Output from the phpinfo() function was found.
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ Server leaks inodes via ETags, header found with file /phpMyAdmin/ChangeLog, inode: 92462, size: 40540, mtime: Wed Dec 10 01:24:00 2008
+ OSVDB-3092: /phpMyAdmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3268: /test/: Directory indexing found.
+ OSVDB-3092: /test/: This might be interesting...
+ /phpinfo.php: Output from the phpinfo() function was found.
+ OSVDB-3233: /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
+ OSVDB-3268: /icons/: Directory indexing found.
+ /phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>: Output from the phpinfo() function was found.
+ /phpinfo.php?cx[]=DYRhbTcSUbKV6ZzEKfMqFI20Bguei1qvRUvlAKgICHsHLVz3YkrHAXyyjtgp7uH0CQWukhJppL0Yhs94VRigXMOOTUAH2GtN8RMKadUagnAVfsJr3JHvDGl8K6JzW4wJfA9YZy1O8WUYhGncYae1vS0ZMTeRXS87VvC02MIbDiOLIChqvcYAjKdmphZoFyvjgNoh2FzE9esE0IOVoS5mM4fi8Shn994KKZSbG2WStgP29YHvzybz8ukb2ThUnZ5zZ7zH52KEIJWluTGi20bqVDK4IIHpfl1HwRt7xpNWW8mQJSdxeIZsuITLdZH6YkizeYyQdgP320k0gYQw9KtbwE91lmVfcQGfQV1ffTc39KgMITrVNVn3iBMq6G5HpMeg2GsKL2m7vcVqRF8hzCzWZ9KmjYi33aLNzALKddLqP7OgElgZNPdELQjNwBb86BMy1J91ErMMZlkQHpOfjO9aUlQ23sL36Ie0E7HQp8YKnYceOfYGa4lTA1ejfiXGMUsoLq5rDkhJr3BD4jiRiSvxQ8un30YKeV02ewWsj2Hk1rs3RnGry4I2ak3Ry5f1rXJmxDfy13PHLeGnuqekoymbeVhO33nzAtGhWlp3gMTml4oxNFSl3XShgozJY5yPAxlkeWrLyvCOSj53gdIZAXZlCCE1puSIqUC6uWILYMBF00Ww9PlB2TExSrEOowgMKC7ryRSwCcBwayPEelLMEVw3bSadQZoadohXsXjKkj9wIuHjpbj6hy7geJf0jeVLbmMjvvQOyQku0DySWB82JFxfmJhGhLZ42OLMpVRLk9DMtALJGRMnmTQGebKXnuVjWbgz3nMUoZ6QEw2aQehywCV3Qd8C3q5hc3DwehU5tpDg4cKcG2eJlafdYirWd1gm3k5t6nymH2iJjyOZUkCLpETkRwRdk7Rg7z31EyKzdxbnLe46RGrIB8s6Bej5tiM55q1XHfXbNnW3zP7krF4r1lotydTUM272naX66MC2NL1Zj5zsSnBH0F7qrj9P27sgOt8Qr2vp5XBqUL2t8EJk3JBsHIC1uZ9Ee7LWOd2TdE3zbqfPgpKQfoH8hzKyIk1Ah3TfdXqLJSpvDZZ2lzZeb6S9Lcmu5o6F4n7A4lwXzS4w27kqm9obxNUCZKtxUTRr0FDp9uVGBsxnZpnbG2FklbKP0uu0fmn2qbYRQWpBvqGSstzwvJm7wrqgom2dFc3RwvexMDLyooGsoCsdQRDElue02oSijbl90VUuDE144ND7YHQ6uNW2htOrh9Au4BQF4m79xzXb0cWkdpCeBTrTvYwrsdtGbXua54FmuB59JJbicGSIcLgdTnNGPHWyHba2DLmqrnRweZW9vIJhdnrqKVIwTAiUxvrEcz4bmooZBWUuoVnEA4VWV0E39m6HpNy4dsd20coHFm909ESvSnZCM5YG9mBbeyCjToXgFgCe1eBjbKfkQRT0pQYS8n6EtndTf3K2wvycQFyOfUcKBAWkK2NlK1dvZ8V8WiBJ8yyliQzTuRdVNOChYtzBxk2QMusHo1M6qFfnCqm9DlcgfdoGPNCQx8gfggGJFWcIQprfL21VRYBhGipH9mJ4nIhgp4elyK823QfbQ7eHRN2KSmMamNGNM83WrQYQA7M4DHFc3WT5OQm1YI3l8SFPrT6fqw5Z652sxWuck1BycgiCdp0P4W5ChlfliO2ginb9xgBQBCIFHvpYG9ISAybQagpNVY93n0MJ72BLRzc82aQwAO1SBY5mSifKBC3PzOpXJhODuoWqCJaNEa6dLyFuIzNVnNEoosJhqTDzIF15t354S5ApeaLHbaVA3P8PH5eqA2nplulHFKlRo0JrZujBoFPo2tpOWEtYkNakjviyclkXS1ctVdMhxEqbw2yvdNW3VQCgLPKPoe0pTWITdnxZ6jzCSzKLHpiUNCtN1vYHAut4RdtoAjwf9UqRk5dYEVrKFfVGM53LxwSWTOtGUVL6iopVz0BfRVPkba5Yqucs2nX9lNvbAym1ISuf1rqcKNBUFrXPA6pT57TQe11gg2eS0i1RNIU3MB1SyIBEEbdvANUudrKstzirZOMOjRToJZKLHZYeFqHfoo0iDzemuAp2gxI2Lgad2il1uRG35VvyOrBWZzXo5sMTQZTI7iTA4IA0RMyC09hPIAdqxqwaynfnyIYX13nIDJcR1zgVdz3NRS6emRqZGQN1pP5R87SsdoaA9bsZD1XeXYTEocJGWs3xMBbdvv3pxaCZMwaEMNZHR0dq51xFzj9sC4Gcms6nOofQeyI4qI9zBrkoZVeqWCkTkzIZQCGinnfOwDORhwr1uBEHWLv3O16QRnFjaUDL08SOyS9O4wrv18uScgikT64HmfdIQNiSuJtVIWg6tzE0Tbtq71mUfzebZ4HaiqGG6maRFKUkq7jLSuboUPNSWF8zqq6ZnSlXaLVVDEvPoIfVI8ImKtewKcpluacgsvZEtJpwPyoXZDZBToexaNZwQQ36m8pKmnNx4J7isrVDuQWNu1qbHhPdK6eT1DMUQCzGBCmALUqGJ5QOPJ61HNJm9pSPhaJM15v16BsGJ37JXqisgcGgE3d4Z4z72WTLaPMHu8PpMnEG1OGNJ5Fpt2M2yatn0CDlxQQHidlm66TKucTHrH9HoaN2zpplOPNGJIv3htsz5p8c4uEUnHimLCuQzXXTAS58LxAr9KGUg9yB5dDTSjKyraza94SsHiEKVBBmarPHovgIg34b2I80efGdqUnIcEivhuUD1lze71qRjXjDeUtoKzGbuZGIrWXERTLArgNwHIYb6aI4qGDwpYIk7WFicvJNGSWq05eLhqA7ARzPB6G3QO6bgMBP5qd8hMnnUGYfmj3OaIjHYdo8osX3WzWoupobaBc5OaaUHFWOWZRSl4uC6xGNYzncNgPWL6PDxbCcsINKmFc9g3c9Jdj1YPPr5IpthiyR4jENJPr8O1VdeDqKj5qlhaKu8UjN5D0mgCJzmJWivdl9OejpEjb95CgjWeJlYFjMPqrgc3Emksh3LEn8udUrvoOsvTBIXm0J90gAwXPh53yT0y1WvaBdY9q98FeQWVCXgCCZX5udA4anLAJkY39NoOCWWvQDTe7mLwMOzwIBfXZcmouNpLxOGJVy4h0Y3JZ0LhU6v9fJpDxdipUHFsx97uYdVsb8p361OUdOFZv7aFPVZyIebTzs5Nh6aLRGi3gI2z2L2WT98Rv5JCSKCo4FwfxuKW0BpBCkXW1T2xBKsWevlBX7zUO3S7ESGp65HDE4J7rew2ycSEVQ5HezQLVoHYbKUVlsS83T0hngNw1T3VDRbj8vFuWvImJuNsBOGoaqaSc1eqhwUvayEDgHrkd3FgwMPFuKN0qFevQo21TWcGbBNlMByNFDwL0eUQ5NAjaWdnjpsj8vejiSSNr2KYT7rkLtPsW0lyEs1r8zcS0dH5thxjYSkQkmcidsj0C9uqghK609ocnbAbptq25c5g73i7PllFydfj3OJGeJzQJ2tTs5vUKr97M5vJ2lY5smd5qEUfwrme1wzPcMz4hYp4HRfGEop3Zetp54QrBC86b7l4LJvuxHQrtkbj3HEj2LCAkR4x18iKERYSO2K216vGTQPQL5kdihcckHhyT4GSC74m7wnH3fq4WIjqVecCiacT0VEwOcq6kGxFYvumKk9XnF746HGrTLVfIT5RGE5o2CAa5Plyi297j11CWUdBaRPGFEwVKubL0BObkZuTSCQRtEYzbQxFIoTr3lgEwsU8a3yC0zRySHD7hGhTCHPEpMOERGmmVDryVzggZAVdPHseJdAKkhSNzqOpGoTAiffguf9UhfyfzekTapabKpQkBTd2OCueEl0krnM5uF8haRpHENaKhWmeTfHdzjyFMLIeKV5QNWoW6V9Jn367xU22sYkr0yS0DOeK3odRL9pc4RSZEM5r6fhzAd6fvTSAulUSuARKEMiEdqtHVQB17zJSmuxP6HivquZiEznLz09sUmtqmNYtbFLLcIxoyjsgFLQv4EmwauJkXaifqK9ecUIS9NnS3pWG5YWH2C8e5Xd8igWB7ioGytfglr4sR8YGEjSnJNyW4kOpf3G986gw5ugk8zIqql4x7k<script>alert(foo)</script>:
Output from the phpinfo() function was found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpMyAdmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpMyAdmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ 8347 requests: 0 error(s) and 29 item(s) reported on remote host
+ End Time: 2017-11-29 16:05:11 (GMT8) (25 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
可以發現掃描出了很多敏感資訊,真實性還需要我們手動去判斷