Nikto - Athari ya Kuathiriwa na Programu ya Wavuti na Kichanganuzi cha CGI kwa Seva za Wavuti
Kichanganuzi cha Wavuti cha Nikto ni kifaa kingine kizuri cha kuwa na zana ya safu yoyote ya msimamizi wa Linux. Ni kichanganuzi cha tovuti huria kilichotolewa chini ya leseni ya GPL, ambayo hutumika kufanya majaribio ya kina kwenye seva za Wavuti kwa vipengee vingi ikijumuisha zaidi ya faili/CGI 6500 ambazo zinaweza kuwa hatari.
Imeandikwa na Chris Solo na David Lodge kwa tathmini ya Mazingira Hatarishi, inakagua matoleo ya zamani zaidi ya seva 1250 za Wavuti na zaidi ya matoleo 270 ya shida mahususi. Pia huchanganua na kuripoti programu na programu jalizi za seva ya wavuti zilizopitwa na wakati.
Vipengele vya Kichanganuzi cha Wavuti cha Nikto
- Inatumia SSL
- Inaauni seva mbadala kamili ya HTTP
- Inaauni maandishi, HTML, XML na CSV ili kuhifadhi ripoti.
- Changanua milango mingi
- Inaweza kuchanganua kwenye seva nyingi kwa kuchukua maingizo kutoka kwa faili kama vile pato la nmap
- Kusaidia Vitambulisho vya LibWhisker
- Ina uwezo wa kutosha kutambua programu iliyosakinishwa kwa vichwa, faili na favicons
- Kumbukumbu za Metasploits
- Ripoti za vichwa zisizo za kawaida.
- Uhesabuji wa watumiaji wa Apache na cgiwrap
- Thibitisha seva pangishi ukitumia Basic na NTLM
- Michanganuo inaweza kusimamishwa Kiotomatiki kwa wakati maalum.
Mahitaji ya Nikto
Mfumo ulio na Perl msingi, Module za Perl, usakinishaji wa OpenSSL unapaswa kuwezesha Nikto kufanya kazi. Imejaribiwa kikamilifu kwenye Windows, Mac OSX na usambazaji mbalimbali wa Unix/Linux kama vile Red Hat, Debian, Ubuntu, BackTrack, n.k.
Ufungaji wa Kichanganuzi cha Wavuti cha Nikto kwenye Linux
Mifumo mingi ya leo ya Linux inakuja na Perl iliyosakinishwa awali, Module za Perl, na vifurushi vya OpenSSL. Ikiwa haijajumuishwa, unaweza kuzisakinisha kwa kutumia kidhibiti chaguo-msingi cha kifurushi cha mfumo kinachoitwa yum au apt-get.
yum install perl perl-Net-SSLeay openssl
apt-get install perl openssl libnet-ssleay-perl
Ifuatayo, unganisha faili za chanzo za Nikto za hivi punde kutoka kwa hazina yake ya Github, nenda kwenye Nikto/programs/ saraka na uiendeshe kwa kutumia perl:
$ git clone https://github.com/sullo/nikto.git $ cd nikto/programs $ perl nikto.pl -h
Option host requires an argument
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
Note: This is the short help output. Use -H for full help text.
\Mpangilio wa chaguo unahitaji hoja inasema kwa uwazi kuwa hatukujumuisha vigezo vinavyohitajika wakati wa kufanya jaribio. Kwa hivyo, tunahitaji kuongeza kigezo cha msingi kinachohitajika kufanya jaribio.
Uchanganuzi wa kimsingi unahitaji seva pangishi unayetaka kulenga, kwa chaguo-msingi huchanganua port 80 ikiwa hakuna chochote kilichobainishwa. Kipangishi kinaweza kuwa jina la mpangishaji au Anwani ya IP ya mfumo. Unaweza kubainisha mwenyeji kwa kutumia chaguo la \-h.
Kwa mfano, ninataka kuchanganua kwenye IP 172.16.27.56 kwenye bandari ya TCP 80.
perl nikto.pl -h 172.16.27.56
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 172.16.27.56 + Target Hostname: example.com + Target Port: 80 + Start Time: 2014-01-10 00:48:12 (GMT5.5) --------------------------------------------------------------------------- + Server: Apache/2.2.15 (CentOS) + Retrieved x-powered-by header: PHP/5.3.3 + The anti-clickjacking X-Frame-Options header is not present. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 5956160, size: 24, mtime: 0x4d4865a054e32 + File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 1 entry which should be manually viewed. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current. + Multiple index files found: index.php, index.htm, index.html + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3092: /test.html: This might be interesting... + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /icons/README: Apache default file found. + /connect.php?path=http://cirt.net/rfiinc.txt?: Potential PHP MySQL database connection string found. + OSVDB-3092: /test.php: This might be interesting... + 6544 items checked: 0 error(s) and 16 item(s) reported on remote host + End Time: 2014-01-10 00:48:23 (GMT5.5) (11 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
Ikiwa ungependa kuchanganua kwenye nambari ya mlango tofauti, kisha ongeza chaguo \-p [-bandari]. Kwa mfano, ninataka kuchanganua kwenye IP 172.16.27.56 kwenye mlango wa TCP 443.
perl nikto.pl -h 172.16.27.56 -p 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 01:08:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Server leaks inodes via ETags, header found with file /, inode: 2817021, size: 5, mtime: 0x4d5123482b2e9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Server is using a wildcard certificate: '*.mid-day.com'
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6544 items checked: 0 error(s) and 8 item(s) reported on remote host
+ End Time: 2014-01-10 01:11:20 (GMT5.5) (174 seconds)
---------------------------------------------------------------------------
+ 1 host(s) testedUnaweza pia kubainisha wapangishi, milango na itifaki kwa kutumia sintaksia kamili ya URL, na itachanganuliwa.
perl nikto.pl -h http://172.16.27.56:80
Unaweza pia kuchanganua tovuti yoyote. Kwa mfano, hapa nilichanganua kwenye google.com.
perl nikto.pl -h http://www.google.com
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 173.194.38.177 + Target Hostname: www.google.com + Target Port: 80 + Start Time: 2014-01-10 01:13:36 (GMT5.5) --------------------------------------------------------------------------- + Server: gws + Cookie PREF created without the httponly flag + Cookie NID created without the httponly flag + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN + Uncommon header 'x-xss-protection' found, with contents: 1; mode=block + Uncommon header 'alternate-protocol' found, with contents: 80:quic + Root page / redirects to: http://www.google.co.in/?gws_rd=cr&ei=xIrOUomsCoXBrAee34DwCQ + Server banner has changed from 'gws' to 'sffe' which may suggest a WAF, load balancer or proxy is in place + Uncommon header 'x-content-type-options' found, with contents: nosniff + No CGI Directories found (use '-C all' to force check all possible dirs) + File/dir '/groups/' in robots.txt returned a non-forbidden or redirect HTTP code (302) ….
Amri iliyo hapo juu itafanya rundo la maombi ya http (yaani zaidi ya majaribio 2000) kwenye seva ya wavuti.
Unaweza pia kufanya uchanganuzi kwenye milango mingi katika kipindi kimoja. Ili kuchanganua milango mingi kwenye seva pangishi moja, ongeza chaguo la -p [-port] na ubainishe orodha ya milango. Bandari zinaweza kufafanuliwa kama safu (yaani, 80-443), au kama koma iliyotenganishwa (yaani, 80,443). Kwa mfano, nataka kuchambua bandari 80 na 443 kwenye mwenyeji 172.16.27.56.
perl nikto.pl -h 172.16.27.56 -p 80,443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ No web server found on cmsstage.mid-day.com:88
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2014-01-10 20:38:26 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.3
+ The anti-clickjacking X-Frame-Options header is not present.
---------------------------------------------------------------------------
+ Target IP: 172.16.27.56
+ Target Hostname: example.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /O=*.mid-day.com/OU=Domain Control Validated/CN=*.mid-day.com
Ciphers: DHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
+ Start Time: 2014-01-10 20:38:36 (GMT5.5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (CentOS)
+ All CGI directories 'found', use '-C none' to test none
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
.....Hebu tuseme mfumo ambao Nikto anaendesha unaweza tu kufikia seva pangishi inayolengwa kupitia seva mbadala ya HTTP, jaribio bado linaweza kufanywa kwa kutumia njia mbili tofauti. Moja inatumia faili ya nikto.conf na njia nyingine ni kukimbia moja kwa moja kutoka kwa safu ya amri.
Fungua faili ya nikto.conf kwa kutumia kihariri cha mstari wa amri.
vi nikto.conf
Tafuta kigezo cha PROXY na utoe maoni '#' kutoka mwanzo wa mistari kama inavyoonyeshwa. Kisha ongeza seva pangishi, mlango, mtumiaji wa seva mbadala na nenosiri. Hifadhi na funga faili.
# Proxy settings -- still must be enabled by -useproxy PROXYHOST=172.16.16.37 PROXYPORT=8080 PROXYUSER=pg PROXYPASS=pg
Sasa, tekeleza Nikto kwa kutumia chaguo la -useproxy. Tafadhali kumbuka miunganisho yote itatumwa kupitia proksi ya HTTP.
[email nikto-2.1.5]# perl nikto.pl -h localhost -p 80 -useproxy
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:28:29 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Kuendesha Nikto moja kwa moja kutoka kwa safu ya amri kwa kutumia chaguo la -useproxy kwa kuweka proksi kama hoja.
[email nikto-2.1.5]# perl nikto.pl -h localhost -useproxy http://172.16.16.37:8080/
- Nikto v2.1.5 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: 2014-01-10 21:34:51 (GMT5.5) --------------------------------------------------------------------------- + Server: squid/2.6.STABLE6 + Retrieved via header: 1.0 netserv:8080 (squid/2.6.STABLE6) + The anti-clickjacking X-Frame-Options header is not present. + Uncommon header 'x-squid-error' found, with contents: ERR_CACHE_ACCESS_DENIED 0 + Uncommon header 'x-cache-lookup' found, with contents: NONE from netserv:8080
Unaweza kusasisha Nikto hadi programu-jalizi na hifadhidata za hivi punde kiotomatiki, endesha kwa urahisi amri ya -sasisha.
perl nikto.pl -update
Ikiwa sasisho mpya zinapatikana, utaona orodha ya sasisho mpya zilizopakuliwa.
+ Retrieving 'nikto_report_csv.plugin' + Retrieving 'nikto_headers.plugin' + Retrieving 'nikto_cookies.plugin' + Retrieving 'db_tests' + Retrieving 'db_parked_strings' + Retrieving 'CHANGES.txt' + CIRT.net message: Please submit Nikto bugs to http://trac2.assembla.com/Nikto_2/report/2
Unaweza pia kupakua mwenyewe na kusasisha programu-jalizi za Nikto na hifadhidata kutoka kwa http://cirt.net/nikto/UPDATES/.
Viungo vya Marejeleo
Ukurasa wa nyumbani wa Nikto