nikto_usage.txt

一个用perl写的功能强大的cgi漏洞检测程序

	SKIPPORTS - Port number never to scan (so you don't crash services, perhaps?).
	PROXYHOST - Server to use as a proxy, either IP or hostname, no 'http://' needed.
	PROXYPORT - Port number that PROXYHOST uses as a proxy.
	PROXYUSER - If the PROXYHOST requires authentication, use this ID. Nikto will prompt for it if this is not set & it is needed.
	PROXYPASS - If the PROXYHOST requires a password for PROXYUSER, use this password.  Nikto will prompt for it if this is not set & it is needed.
	PLUGINDIR - If Nikto can't find it's plugin directory for some reason, enter the full path and the problem is solved.
	UPDATES   - Turns data push to cirt.net on. Please see the CIRT.NET UPDATES section for details.
	MAX_WARN  - If the number of OK or MOVED messages reaches this number, a warning will printed.
	PROMPTS   - If set to "no", Nikto will *never* prompt for anything--proxy auth, updates, nothing...
	DEFAULTHTTPVER - First try this HTTP method. If this fails, Nikto will attempt to find a valid one. Useful if you want try something non-standard.
	STATIC-COOKIE  - The name/value of this cookie, if set, will be sent for every request (useful for auth cookies).
	
	Variables that start with the 'at' sign (@) will be used when scan rules are loaded. For each value (seperated by space), the rule
	will be duplicated. See the TEST DATABASES section for more information.
	
	Predefined variables are:
	@CGIDIRS     - CGI directories to look for, valid ones (or all) will be used for CGI checks against the remote host.
	@MUTATEDIRS  - Additional directories to use when operating under the Mutate mode besides ones already defined the .db files.
	@MUTATEFILES - Additional files to use when operating under the Mutate mode besides ones already defined the .db files.
	@ADMINDIRS   - Typical administration directories.
	@USERS       - Typical user names for the user guessing plugins.
	
	
CIRT.NET UPDATES
	In order to help keep the Nikto databases up-to-date, you have the ability to easily submit some updates back to cirt.net for inclusion
	in new copies of the databases.  Currently, this only includes software versions (such as "Apache/7.0.3"). If Nikto scans a host and sees a 
	newer version on the host than it has in the database, or it is missing entirely, (and your databases are fairly recent), this information can
	be automatically (or manually) sent back to cirt.net.  
    
	Behaviour of this option is controlled in config.txt through the UPDATES variable. If UPDATES is set to "no", Nikto will
	not send or ask about sending values to cirt.net. If set to "auto", it will automatically send the data through an HTTP request. If set to "yes"
	(which is the default), when there are updates it will ask if you would like to submit and show you the data (unless PROMPTS=no).
    
	There is only one thing submitted to cirt.net when you do this: the "updated" version string.  No information specific to the host tested is sent.
	No information from the scanning source is sent (it does log your IP address as seen by cirt.net's web server, but... nothing else). 
    
	If you're not comfortable with this, you may also email it to me at sullo@cirt.net or just set UPDATES=no. Please don't complain and say I'm 
	stealing your data... just trying to save me some work ;)
    
	Again: the default configuration of Nikto does *not* send *any* data to cirt.net.

	
TEST DATABASES
	Rules in the scan databases can use dynamic variables from config.txt. Any variable that starts with the 'at' sign (@)
	will be substited in rules. For example:
	
	A rule of "generic","@CGIDIRStest.html","200","GET","Test" with "@CGIDIRS=/cgi-bin/ /cgi-sys/" will test for:
		/cgi-bin/test.html
		/cgi-sys/test.html

	Any number of these variables can be set, and any number can be used in a rule (i.e., "@CGIDIRS@ADMINDIRStest.html").
	Additionally, the generic @HOSTNAME and @IP are available, which use the current target's hostname or IP.
	
	Rules can be specified which also have conditionals for test success. This can allow a test to look for a 200 HTTP response
	but not contain the word "home". This would look like "200!home" in the scan_database.db file.
	
EXAMPLES
	A basic scan of a web server on port 80. The -h option is the only option that is required for a basic scan of a web
	server on the standard HTTP port.
	
	nikto.pl -h 10.100.100.10
	
	A basic scan of a web server on port 443, forcing SSL encryption and ignoring the Server header.  Note that Nikto does
	not assume port 443 to be SSL, but if HTTP fails it will try HTTPS.
	
	nikto.pl -h 10.100.100.10 -p 443 -s -g
	
	Scanning multiple ports on the server, letting Nikto determine if they are HTTP and SSL encrypted.
	
	nikto.pl -h 10.100.100.10 -p 80-90 
	
	Scanning specific ports on the system.

	nikto.pl -h 10.100.100.10 -p 80,443,8000,8080

	You may combine IDS evasion techniques as desired.
	
	nikto.pl -h 10.100.100.10 -p 80 -e 167


IMPORTANT FILES
	config.txt  - run-time configuration options, see the CONFIG FILE section
	nikto_core.plugin - main Nikto code, absolutely required
	nikto_plugin_order.txt - determines the order in which plugins are executed
	LW.pm - The stand-alone LibWhisker file.
	user_scan_database.db - If it exists in the plugins directory, it will load these checks as well. Same syntax as scan_database.db


ADDITIONAL SOFTWARE
	LibWhisker is required for proper execution of Nikto. The LW.pm library is included with Nikto, but it is recommended
	that you download and install the full LibWhisker module from http://www.wiretrip.net/. If you are not using an installed
	Libwhisker, you will need to change Nikto.pl so that it includes the proper LW.pm file.  Edit Nikto.pl and comment the line:
		use LW;
	and uncomment the line below it:
		require "./plugins/LW.pm";
	
	nmap can be used to speed up port scans. This should be much faster than relying on PERL code to perform port scans. Nmap can
	be obtained from http://www.nmap.org/, it is not included with Nikto.
	
	SSL software is required to test using HTTPS.  For Windows systems, the SSL software and libraries can be obtained from
	http://www.activestate.com/.  For unix systems, OpenSSL from http://www.openssl.org/ and the Net::SSLeay module from
	http://www.cpan.org/ are required.

CHECKS
	Checks, both information and actual security problems, are derived from a number of sources. These include the mailing lists
	BugTraq, NTBugTraq, WebAppSec (WWW-Mobile-Code), and others. The web sites www.securitytracker.com, www.securiteam.com, 
	www.packetstormsecurity.com and www.securityfocus.com.  Additionally, updates to Nessus are watched and many thanks to
	all the plugin writers (and to Renaud for Nessus itself) (http://www.nessus.org/).

WARNINGS
	Nikto can cause harm to your local system, the remote system and/or the network.  Some options can generate over 70,000 
	HTTP requests to a target. Do not run Nikto againsts hosts you are not authorized to perform testing against. Cirt.net
	takes no responsibility for anything done with this software, any problems it may cause or problems it may find.
	
	Plugins are standard PERL.  They are included and executed when Nikto is run. If you run the -update option, new and
	updated plugins will be downloaded from cirt.net. This means you are downloading code, and potentially running it, 
	without viewing it yourself.  Please consider the implications.  Do not assume code distributed from Cirt.net is not
	harmful, as accidents happen and a malicious third party may have inserted a dangerous plugin. Cirt.net assumes no 
	responsibility if any malicious code is delivered via the -update option.
	

DISTRIBUTION
	Nikto and updated databases and plugins is distributed from http://www.cirt.net/
	
	
SEE ALSO
	LibWhisker - http://www.wiretrip.net/
	Nmap - http://www.nmap.org/
	OpenSSL - http://www.openssl.org/
	CPAN - http://www.cpan.org/
	ActiveState - http://www.activestate.com/
	Nessus - http://www.nessus.org/
	
	
LICENSE
	This copyright applies to all code included in this distribution, but does not include the LibWhisker software, which is
	distributed under its own license.

	Copyright (C) 2001-2003 Sullo/CIRT.net

	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2  of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.


	You should have received a copy of the GNU General Public License along with this program; if not, write to the 
	Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
	
	Contact Information: See the AUTHOR section.


AUTHOR
	Sullo, sullo@cirt.net
	http://www.cirt.net/
	
	Suggestions/fixes/support from: Jericho/attrition.org, rfp/wiretrip.net, Zel/firewallmonkeys.com, Zeno/cgisecurity.com, 
	Darby/cirt.net, Valdez/cirt.net, S Saady, P Eronen/nixu.com, M Arboi, T Seyrat, J DePriest, P Woroshow, fr0stman, E Udassin,
	H Heimann and more
	
	Many tests and contributed/suggested by: M Richardson, Jericho/attrition.org, Prickley Paw, M Arboi, H Heimann and more
	
	And Xiola.net for succeeding where everyone else has failed.