nikto-1.34.man

Ubuntu packages of security software。 相当不错的源码

If the \fBPROXYHOST\fP requires a password for \fBPROXYUSER\fP, use this
password.  Nikto will prompt for it if this is not set & it is needed.
.TP
.B PLUGINDIR
If Nikto can't find it's plugin directory for some reason, enter the full
path and the problem is solved.
.TP
.B UPDATES
Turns data push to cirt.net on. Please see the \fBCIRT.NET UPDATES\fP
section for details.
.TP
.B MAX_WARN
If the number of OK or MOVED messages reaches this number, a warning will
printed.
.TP
.B PROMPTS
If set to "no", Nikto will \fBnever\fP prompt for anything--proxy auth,
updates, nothing...
.TP
.B DEFAULTHTTPVER
First try this HTTP method. If this fails, Nikto will attempt to find a
valid one. Useful if you want try something non-standard.
.TP
.B STATIC-COOKIE
The name/value of this cookie, if set, will be sent for every request
(useful for auth cookies).
.PP
Variables that start with the 'at' sign (@) will be used when scan rules
are loaded. For each value (seperated by space), the rule will be
duplicated. See the \fBTEST DATABASES\fP section for more information.
.PP
Predefined variables are:
.TP
.B @CGIDIRS
CGI directories to look for, valid ones (or all) will be used for CGI
checks against the remote host.
.TP
.B @MUTATEDIRS
Additional directories to use when operating under the Mutate mode besides
ones already defined the .db files.
.TP
.B @MUTATEFILES
Additional files to use when operating under the Mutate mode besides ones
already defined the .db files.
.TP
.B @ADMINDIRS
Typical administration directories.
.TP
.B @USERS
Typical user names for the user guessing plugins.
.
.SH CIRT.NET UPDATES
.
In order to help keep the Nikto databases up-to-date, you have the ability
to easily submit some updates back to cirt.net for inclusion in new copies
of the databases.  Currently, this only includes software versions (such as
"Apache/7.0.3"). If Nikto scans a host and sees a newer version on the host
than it has in the database, or it is missing entirely, (and your databases
are fairly recent), this information can be automatically (or manually)
sent back to cirt.net.
.PP
Behaviour of this option is controlled in config.txt through the
\fBUPDATES\fP variable. If \fBUPDATES\fP is set to "no", Nikto will not
send or ask about sending values to cirt.net. If set to "auto", it will
automatically send the data through an HTTP request. If set to "yes" (which
is the default), when there are updates it will ask if you would like to
submit and show you the data (unless PROMPTS=no).
.PP
There is only one thing submitted to cirt.net when you do this: the
"updated" version string.  No information specific to the host tested is
sent.  No information from the scanning source is sent (it does log your IP
address as seen by cirt.net's web server, but... nothing else).
.PP
If you're not comfortable with this, you may also email it to me at
sullo@cirt.net or just set UPDATES=no. Please don't complain and say I'm
stealing your data... just trying to save me some work ;)
.PP
Again: the default configuration of Nikto does \fBnot\fP send \fBany\fP
data to cirt.net.
.
.SH TEST DATABASES
.
Rules in the scan databases can use dynamic variables from config.txt. Any
variable that starts with the 'at' sign (@) will be substited in rules. For
example: A rule of
.IP
"generic","@CGIDIRStest.html","200","GET","Test"
.PP
with "@CGIDIRS=/cgi-bin/ /cgi-sys/"
will test for:
.RS
.IP \(bu 4
/cgi-bin/test.html
.IP \(bu 4
/cgi-sys/test.html
.RE
.PP
Any number of these variables can be set, and any number can be used in a
rule (i.e., "@CGIDIRS@ADMINDIRStest.html").  Additionally, the generic
@HOSTNAME and @IP are available, which use the current target's
hostname or IP.
.PP
Rules can be specified which also have conditionals for test success. This
can allow a test to look for a 200 HTTP response but not contain the word
"home". This would look like "200!home" in the \fIscan_database.db\fP file.
.
.SH EXAMPLES
.
A basic scan of a web server on port 80. The \fB\-h\fP option is the
only option that is required for a basic scan of a web server on the
standard HTTP port.
.IP ""
nikto.pl \-h 10.100.100.10
.PP
A basic scan of a web server on port 443, forcing SSL encryption and
ignoring the Server header.  Note that Nikto does not assume port 443
to be SSL, but if HTTP fails it will try HTTPS.
.IP ""
nikto.pl \-h 10.100.100.10 \-p 443 \-s \-g
.PP
Scanning multiple ports on the server, letting Nikto determine if they are
HTTP and SSL encrypted.
.IP ""
nikto.pl \-h 10.100.100.10 \-p 80\-90
.PP
Scanning specific ports on the system.
.IP ""
nikto.pl \-h 10.100.100.10 \-p 80,443,8000,8080
.PP
You may combine IDS evasion techniques as desired.
.IP ""
nikto.pl \-h 10.100.100.10 \-p 80 \-e 167
.
.SH IMPORTANT FILES
.
.TP
.I config.txt
run-time configuration options, see the CONFIG FILE section
.TP
.I nikto_core.plugin
main Nikto code, absolutely required
.TP
.I nikto_plugin_order.txt
determines the order in which plugins are executed
.TP
.I LW.pm
The stand-alone LibWhisker file.
.TP
.I user_scan_database.db
If it exists in the plugins directory, it will load these checks as well.
Same syntax as \fIscan_database.db\fP
.
.SH ADDITIONAL SOFTWARE
.
LibWhisker is required for proper execution of Nikto. The LW.pm library is
included with Nikto, but it is recommended that you download and install
the full LibWhisker module from http://www.wiretrip.net/. If you are not
using an installed Libwhisker, you will need to change Nikto.pl so that it
includes the proper LW.pm file.  Edit Nikto.pl and comment the line:
.IP ""
require "$NIKTO{plugindir}/LW.pm";
.PP
and uncomment the line below it:
.IP ""
use LW;
.PP
nmap can be used to speed up port scans. This should be much faster than
relying on PERL code to perform port scans. Nmap can be obtained from
http://www.nmap.org/, it is not included with Nikto.
.PP
SSL software is required to test using HTTPS.  For Windows systems, the SSL
software and libraries can be obtained from http://www.activestate.com/.
For unix systems, OpenSSL from http://www.openssl.org/ and the Net::SSLeay
module from http://www.cpan.org/ are required.
.
.SH CHECKS
.
Checks, both information and actual security problems, are derived from a
number of sources. These include the mailing lists BugTraq, NTBugTraq,
WebAppSec (WWW-Mobile-Code), and others. The web sites
www.securitytracker.com, www.securiteam.com, www.packetstormsecurity.com
and www.securityfocus.com.  Additionally, updates to Nessus are watched and
many thanks to all the plugin writers (and to Renaud for Nessus itself)
(http://www.nessus.org/).
.
.SH WARNINGS
.
Nikto can cause harm to your local system, the remote system and/or the
network.  Some options can generate over 70,000 HTTP requests to a target.
Do not run Nikto againsts hosts you are not authorized to perform testing
against. Cirt.net takes no responsibility for anything done with this
software, any problems it may cause or problems it may find.
.PP
Plugins are standard PERL.  They are included and executed when Nikto is
run. If you run the \fB\-update\fP option, new and updated plugins will be
downloaded from cirt.net. This means you are downloading code, and
potentially running it, without viewing it yourself.  Please consider the
implications.  Do not assume code distributed from Cirt.net is not harmful,
as accidents happen and a malicious third party may have inserted a
dangerous plugin. Cirt.net assumes no responsibility if any malicious code
is delivered via the \fB\-update\fP option.
.
.SH DISTRIBUTION
.
Nikto and updated databases and plugins is distributed from
http://www.cirt.net/
.
.SH "SEE ALSO"
.
.TP
.B LibWhisker
http://www.wiretrip.net/
.TP
.B Nmap
http://www.nmap.org/
.TP
.B OpenSSL
http://www.openssl.org/
.TP
.B CPAN
http://www.cpan.org/
.TP
.B ActiveState
http://www.activestate.com/
.TP
.B Nessus
http://www.nessus.org/
.
.SH LICENSE
.
This copyright applies to all code included in this distribution, but
does not include the LibWhisker software, which is distributed under
its own license.
.PP
Copyright (C) 2001-2005 Sullo/CIRT.net
.PP
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2  of the License, or (at
your option) any later version.
.PP
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.
.PP
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
USA.
.PP
Contact Information: See the \fBAUTHOR\fP section.
.
.SH AUTHOR
.
Sullo, sullo@cirt.net
.br
http://www.cirt.net/
.PP
Suggestions/fixes/support from: Jericho/attrition.org,
rfp/wiretrip.net, Zel/firewallmonkeys.com, Zeno/cgisecurity.com,
Darby/cirt.net, Valdez/cirt.net, S Saady, P Eronen/nixu.com, M Arboi,
T Seyrat, J DePriest, P Woroshow, fr0stman, E Udassin, H Heimann and
more
.PP
Many tests and contributed/suggested by: M Richardson,
Jericho/attrition.org, Prickley Paw, M Arboi, H Heimann and more
.PP
And Xiola.net for kicking ass.
.