📄 nikto_apacheusers.plugin
字号:
#VERSION,2.02#LASTMOD,01.09.2008################################################################################ Copyright (C) 2004 CIRT, Inc.## This program is free software; you can redistribute it and/or# modify it under the terms of the GNU General Public License# as published by the Free Software Foundation; version 2# of the License only.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.############################################################################################################################################################### PURPOSE# Apache user enumeration###############################################################################sub nikto_apacheusers{ (my $RES, $CONTENT) = fetch("/~root", "GET"); $CONTENT = char_escape($CONTENT); if ($CONTENT =~ /forbidden/i) # good on "root" { (my $RES, $CONTENT) = fetch("/~" . LW2::utils_randstr(8), "GET"); $CONTENT = char_escape($CONTENT); if ($CONTENT !~ /forbidden/i) # Good, it gave an error instead of forbidden { $TESTS{999999}{uri} = "/~root"; $TESTS{999999}{message} = "Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users)."; $TESTS{999999}{method} = "GET"; $TESTS{999999}{osvdb} = 637; $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; $TARGETS{$CURRENT_HOST_ID}{positives}{999999} = 1; nprint("+ OSVDB-$TESTS{999999}{osvdb}: $TESTS{999999}{method} $TESTS{999999}{uri} - $TESTS{999999}{message}"); } }}1;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -