Então não se assuste com o tar.gz, pois basta descompactar e sair usando o programa (Lógico se Perl estiver corretamente instalado em seu sistema).
O programa pode ser obtido em modo caractere através do wget. Caso prefira usar a opção gráfica a URL é a mesma.
# wget - c http://www.cirt.net/nikto/nikto-current.tar.gz
Após baixar o tar.gz é preciso descompactar. Será gerado um diretório com o nome nikto-x.zz, onde "x" é a versão e "zz" é o release atuais do programa. Neste exemplo, "nikto-1.35" corresponde a versão mais atual.
# tar -xzpf nikto-current.tar.gz
Atualizando a base de vulnerabilidades e iniciando varredura
Após descompactar o tar.gz, entre no diretório nikto-1.35 e execute a atualização da base de dados. É preciso estar conectado a Internet:# ./nikto.pl -update
+ Retrieving 'server_msgs.db'
+ Retrieving 'nikto_headers.plugin'
+ Retrieving 'nikto_outdated.plugin'
+ Retrieving 'servers.db'
+ Retrieving 'scan_database.db'
+ Retrieving 'scan_database.db'
+ Retrieving 'nikto_core.plugin'
+ Retrieving 'outdated.db'
+ Retrieving 'CHANGES.txt'
+ www.cirt.net message: Version 2.0 is still coming... Seriously.
Iniciando a varredura das vulnerabilidades
Nikto é para ser usado em ambientes de teste ou mesmo em pequenas redes internas.
Exemplo de relatório de varredura do Apache do servidor Fedora Core 3:
# ./nikto.pl -h 192.168.131.1 -o /root/nikto-1.35/192.168.131.1-e0.txt
-***** SSL support not available (see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.36 - www.cirt.net
+ Target IP: 192.168.131.1
+ Target Hostname: 192.168.131.1
+ Target Port: 80
+ Start Time: Tue Jun 6 21:10:44 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/2.0.52 (Fedora)
+ Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE
+ HTTP method 'TRACE' is typically only used for debugging. It should be
disabled. OSVDB-877.
+ Apache/2.0.52 appears to be outdated (current is at least Apache/2.0.55).
Apache 1.3.33 is still maintained and considered secure.
+ /cgi-bin/.htaccess - Contains authorization information (GET)
+ /icons/ - Directory indexing is enabled, it should only be enabled for
specific directories (if required). If indexing is not used, the /icons
directory should be removed. (GET)
+ /index.html.var - Apache default foreign language file found. All default
files should be removed from the web server as they may give an attacker
additional system information. (GET)
+ /manual/images/ - Apache 2.0 directory indexing is enabled, it should only
be enabled for specific directories (if required). Apache's manual should
be removed and directory indexing disabled. (GET)
+ /cgi-bin/.htaccess.old - Backup/Old copy of .htaccess - Contains
authorization information (GET)
+ /cgi-bin/.htaccess.save - Backup/Old copy of .htaccess - Contains
authorization information (GET)
+ /cgi-bin/.htaccess - Contains authorization information (GET)
+ /cgi-bin/.htaccess~ - Backup/Old copy of .htaccess - Contains authorization
information (GET)
+ /cgi-bin/.htpasswd - Contains authorization information (GET)
+ /.htaccess - Contains authorization information (GET)
+ /.htpasswd - Contains authorization information (GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
for details (TRACE)
+ /manual/ - Web server manual? tsk tsk. (GET)
+ /webmail/ - Redirects to src/login.php , Web based mail package installed.
+ The IBM Web Traffic Express Caching Proxy is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+ /webmail/src/read_body.php - This might be interesting... has been seen in
web logs from an unknown scanner. (GET)
+ 2670 items checked - 15 item(s) found on remote host(s)
+ End Time: Tue Jun 6 21:10:50 2006 (6 seconds)
Cya !
Nenhum comentário:
Postar um comentário