Depois de de procurar um scanner de vulnerabilidades que funcionasse com linux me deparei com o nikto.De fácil instalação e utilização ele se torna um dos grandes scanners para linux.
Baixando e Instalando:
1
2
3
| wget -c http://www.cirt.net/nikto/nikto-current.tar.gztar -xzpf nikto-current.tar.gz |
troque “versao” pela versão do nikto. Ex: nikto-2.1.3
1
| cd nikto-versao |
Um exemplo de utilização seria:
1
| ./nikto.pl -h 127.0.0.1 -o /nikto-1.35/192.168.131.1-e0.txt |
Exemplo de log:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| -***** SSL support not available (see docs for SSL install instructions) *****---------------------------------------------------------------------------- Nikto 1.35/1.36 - www.cirt.net+ Target IP: 192.168.131.1+ Target Hostname: 192.168.131.1+ Target Port: 80+ Start Time: Tue Jun 6 21:10:44 2006---------------------------------------------------------------------------- Scan is dependent on "Server" string which can be faked, use -g to override+ Server: Apache/2.0.52 (Fedora)+ Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-877.+ Apache/2.0.52 appears to be outdated (current is at least Apache/2.0.55). Apache 1.3.33 is still maintained and considered secure.+ /cgi-bin/.htaccess - Contains authorization information (GET)+ /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used, the /iconsdirectory should be removed. (GET)+ /index.html.var - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)+ /manual/images/ - Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET)+ /cgi-bin/.htaccess.old - Backup/Old copy of .htaccess - Contains authorization information (GET)+ /cgi-bin/.htaccess.save - Backup/Old copy of .htaccess - Contains authorization information (GET)+ /cgi-bin/.htaccess - Contains authorization information (GET)+ /cgi-bin/.htaccess~ - Backup/Old copy of .htaccess - Contains authorization information (GET)+ /cgi-bin/.htpasswd - Contains authorization information (GET)+ /.htaccess - Contains authorization information (GET)+ /.htpasswd - Contains authorization information (GET)+ / - TRACE option appears to allow XSS or credential theft. Seehttp://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)+ /manual/ - Web server manual? tsk tsk. (GET)+ /webmail/ - Redirects to src/login.php , Web based mail package installed.+ The IBM Web Traffic Express Caching Proxy is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)+ /webmail/src/read_body.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET)+ 2670 items checked - 15 item(s) found on remote host(s)+ End Time: Tue Jun 6 21:10:50 2006 (6 seconds)---------------------------------------------------------------------------+ 1 host(s) tested*Retirado de vivaolinux.com.br |
0 comentários:
Postar um comentário