📄 nikto_usage.html
字号:
<b>NAME</b><br> Nikto - Web Server and CGI Scanner<br> Version - 1.32<br> <br> <br><b>SYNOPSIS</b><br> nikto [-h target] [options]<br> <br> <br><b>WARNING</b><br> Nikto is a tool for finding default web files and examing web server and CGI security.<br> It makes a lot of reqeusts to the remote server, which in some cases may cause the server<br> to crash. It may also be illegal to use this software against servers you do not have <br> permission to do test.<br><br><br><b>DESCRIPTION</b><br> Nikto is designed to examine web servers and look for items in multiple categories:<br> - misconfigurations<br> - default files and scripts<br> - insecure files and scripts<br> - outdated software<br> <br> It uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functionality, and can perform checks in <br> HTTP or HTTPS. It also supports basic port scanning and will determine if a web server<br> is running on any open ports.<br> <br> Nikto checks and code can be automatically udpated from the main distribution server by<br> using the 'update' option (see below) to ensure Nikto is checking the most recent vulnerabilities.<br> <br> Nikto will also load user defined checks at startup if they are placed in a file named "user_scan_database.db" in<br> the plugins directory. Unlike scan_database.db, this file will not be over-written if the -update option is used. This<br> should always be used if you add your own checks (and you should send those checks to sullo@cirt.net).<br> <br> Nikto leaves a footprint on a server it scans--both in an invalid 404 check and in the User-Agent header. This can<br> be changed by forcing the $NIKTO{fingerprint} and $NIKTO{useragent} to new values in the source code, OR, if any<br> IDS evasion (-e) option is used. Note that it's pretty obvious when Nikto is scanning a server anyway--the large<br> number of invalid requests sticks out a lot in the server logs, although with an IDS evasion technique it might not<br> be extremely obvious that it was Nikto.<br><br> Why the name Nikto? See the movies The Day the Earth Stood Still" and, of course "Army of Darkness" for the answer. For<br> a full list of pop-culture references to this, see http://www.blather.net/archives2/issue2no21.html which has a lot of<br> good information.<br> <br><b>OPTIONS</b><br> The options listed below are all optional except the -h target specification. They can all be abbreviated<br> to the first letter (i.e., -m for -mutate), with the exception of -verbose and -debug.<br> <br> -Cgidirs <br> Optionally force the CGI directories to scan. Valid values are 'none' to not check any, 'all' to force scan all<br> CGi directories (like the deprecated -allcgi), or a value to use as the CGI directory, i.e. '/cgi/'. <br><br> -cookies <br> Print out the cookie names and values that were received during the scan.<br><br> -evasion <evasion method><br> IDS evasion techniques. This enables the intrusion detection evasion in LibWhisker. Multiple options<br> can be used by stringing the numbers together, i.e. to enable methods 1 and 5, use "-e 15". The valid<br> options are (use the number preceeding each description):<br> 1 Random URI encoding (non-UTF8)<br> 2 Add directory self-reference /./<br> 3 Premature URL ending<br> 4 Prepend long random string to request<br> 5 Fake parameters to files<br> 6 TAB as request spacer instead of spaces<br> 7 Random case sensitivity<br> 8 Use Windows directory separator \ instead of /<br> 9 Session splicing<br> See the LibWhisker source for more information, or http://www.wiretrip.net/<br><br> -findonly<br> Use port scan to find valid HTTP and HTTPS ports only, but do not perform checks against them.<br><br> -Format<br> Output format for the file specified with the -output option. Valid formats are:<br> HTM - HTML output format.<br> TXT - Text output format. This is the default if -F is not specified.<br> CSV - Comma Seperated Value format.<br><br> -generic <br> Force full scan rather than trusting the "Server:" identification string, as many servers allow this<br> to be changed.<br><br> -host <ip, hostname or file><br> Target host(s) to check against. This can be an IP address or hostname, or a file of IPs or hostnames. <br> If this argument is a file, it should formatted as described below. This is the only required option.<br><br> -id <user:password:realm><br> HTTP Authentication use, format is userid:password for authorizing Nikto a web server realm. For NTLM<br> realms, format is id:password:realm.<br><br> -mutate <br> Mutate checks. This causes Nikto put all files with all directories from the .db files and <br> can the host. You might find some oddities this way. Note that it generates a lot of checks.<br><br> -nolookup<br> Don't perform a host name lookup.<br><br> -output <filename><br> Write output to this file when complete. Format is text unless specified via -Format.<br><br> -port <port number><br> Port number to scan, defaults to port 80 if missing. This can also be a range or list of ports, which<br> Nikto will check for web servers. If a web server is found, it will perform a full scan unless the<br> -f option is used.<br><br> -root<br> Always prepend this to requests, i.e., changes a request of "/password.txt" to "/directory/password.txt" <br> (assuming the value passed on the CLI was "/directory")<br><br> -ssl <br> Force SSL mode on port(s) listed. Note that Nikto attempts to determine if a port is HTTP or HTTPS <br> automatically, but this can be slow if the server fails to respond or is slow to respond to the <br> incorrect one. This sets SSL usage for *all* hosts and ports.<br><br> -timeout <br> Timeout for each request, default is 10 seconds<br> <br> -useproxy<br> Use the proxy defined in config.txt for all requests<br><br> -vhost <ip or hostname><br> Virtual host to use for the "Host:" header, in case it is different from the target.<br><br> -Version<br> Print version numbers of Nikto, all plugins and all databases.<br><br> These options cannot be abbreviated to the first letter:<br> -dbcheck<br> This option will check the syntax of the checks in the scan_database.db and user_scan_database.db files. This<br> is really only useful if you are adding checks or are having problems.<br><br> -debug<br> Print a huge amount of detail out. In most cases this is going to be more information than you need, so<br> try -verbose first.<br> <br> -update<br> This will connect to cirt.net and download updated scan_database.db and plugin files. Use this with<br> caution as you are downloading files--perhaps including code--from an "untrusted" source. This option<br> cannot be combined with any other, but required variables (like the PROXY settings) will be loaded<br> from the config.txt file.<br> <br> -verbose <br> Print out a lot of extra data during a run. This can be useful if a scan or server is failing, or to see<br> exactly how a server responds to each request.<br><br><b>HOSTNAME FILE</b><br> If a file is specified with -h instead of a hostname or IP, Nikto will open the file to use it as a list of targets. The file<br> should be formatted with one host per line. If no port is specified, port 80 is assumed. Multiple ports may be specified per<br> host. If a host file is used, any ports specified via -p are added to every host. Valid lines would be:<br> 10.100.100.100<br> 10.100.100.100:443<br> 10.100.100.100,443<br> 10.100.100.100:443:8443<br> 10.100.100.100,443,8443<br> evilash.example.com,80<br> (etc)<br> <br><br><b>CONFIG FILE</b><br> The 'config.txt' file provides a means to set variables at run-time without modifying the Nikto source itself. The<br> options below can be set in the file. Options that accept multiple values (CGIDIRS, SKIPPORTS, etc.) should just use<br> a space to distinguish multiple values. None of these are required unless you need them.<br> <br> CLIOPTS - Add any option here to be added to every Nikto execution, whether specified at the command line or not.<br> NMAP - Path to nmap. If defined, Nikto will use nmap to port scan a host rather than PERL code, and so should be faster.<br>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -