nikto.pl.1

Ubuntu packages of security software。 相当不错的源码

-debug
Print a huge amount of detail out. In most cases this is going to be more information than you need, so
try -verbose first.
.SS        
-update
This will connect to cirt.net and download updated scan_database.db and plugin files. Use this with
caution as you are downloading files--perhaps including code--from an "untrusted" source. This option
cannot be combined with any other, but required variables (like the PROXY settings) will be loaded
from the config.txt file.
.SS                
-verbose 
Print out a lot of extra data during a run. This can be useful if a scan or server is failing, or to see
exactly how a server responds to each request.
.SH HOSTNAME FILE
If a file is specified with -h instead of a hostname or IP, Nikto will open the file to use it as a list of targets. The file
should be formatted with one host per line. If no port is specified, port 80 is assumed. Multiple ports may be specified per
host. If a host file is used, any ports specified via -p are added to every host. Valid lines would be:
10.100.100.100
10.100.100.100:443
10.100.100.100,443
10.100.100.100:443:8443
10.100.100.100,443,8443
evilash.example.com,80
(etc)
.SS                

.SH CONFIG FILE
The 'config.txt' file provides a means to set variables at run-time without modifying the Nikto source itself. The
\fIoptions\fP below can be set in the file. Options that accept multiple values (CGIDIRS, SKIPPORTS, etc.) should just use
.TP
.B
a space to distinguish multiple values.
None of these are required unless you need them.
.SS        
CLIOPTS - Add any option here to be added to every Nikto execution, whether specified at the command line or not.
NMAP - Path to nmap. If defined, Nikto will use nmap to port scan a host rather than PERL code, and so should be faster.
SKIPPORTS - Port number never to scan (so you don't crash services, perhaps?).
PROXYHOST - Server to use as a proxy, either IP or hostname, no 'http://' needed.
PROXYPORT - Port number that PROXYHOST uses as a proxy.
PROXYUSER - If the PROXYHOST requires authentication, use this ID. Nikto will prompt for it if this is not set & it is needed.
.TP
.B
PROXYPASS - If the PROXYHOST requires a password for PROXYUSER, use this password.
Nikto will prompt for it if this is not set & it is needed.
DEFAULTHTTPVER - First try this HTTP method. If this fails, Nikto will attempt to find a valid one. Useful if you want try something non-standard.
PLUGINDIR - If Nikto can't find it's plugin directory for some reason, enter the full path and the problem is solved.
STATIC-COOKIE - The name/value of this cookie, if set, will be sent for every request (useful for auth cookies).
.SS        
Variables that start with the 'at' sign (@) will be used when scan rules are loaded. For each value (seperated by space), the rule
will be duplicated. See the TEST DATABASES section for more information.
.SS        
Predefined variables are:
.TP
.B
@CGIDIRS
- CGI directories to look for, valid ones (or all) will be used for CGI checks against the remote host.
.TP
.B
@MUTATEDIRS
- Additional directories to use when operating under the Mutate mode besides ones already defined the .db files.
@MUTATEFILES - Additional files to use when operating under the Mutate mode besides ones already defined the .db files.
.TP
.B
@ADMINDIRS
- Typical administration directories.
.SS        
.SH TEST DATABASES
Rules in the scan databases can use dynamic variables from config.txt. Any variable that starts with the 'at' sign (@)
will be substited in rules. For example:
.SS        
A rule of "generic","@CGIDIRStest.html","200","GET","Test" with "@CGIDIRS=/cgi-bin/ /cgi-sys/" will test for:
/cgi-bin/test.html
/cgi-sys/test.html
.PP
Any number of these variables can be set, and any number can be used in a rule (i.e., "@CGIDIRS@ADMINDIRStest.html").
Additionally, the generic @HOSTNAME and @IP are available, which use the current \fItarget\fP's hostname or IP.
.SS        
Rules can be specified which also have conditionals for test success. This can allow a test to look for a 200 HTTP response
but not contain the word "home". This would look like "200!home" in the scan_database.db file.
.SS        
.SH EXAMPLES
A basic scan of a web server on port 80. The -h option is the only option that is required for a basic scan of a web
server on the standard HTTP port.
.SS        
nikto.pl -h 10.100.100.10
.SS        
.TP
.B
A basic scan of a web server on port 443, forcing SSL encryption and ignoring the Server header.
Note that Nikto does
not assume port 443 to be SSL, but if HTTP fails it will try HTTPS.
.SS        
nikto.pl -h 10.100.100.10 -p 443 -s -g
.SS        
Scanning multiple ports on the server, letting Nikto determine if they are HTTP and SSL encrypted.
.SS        
nikto.pl -h 10.100.100.10 -p 80-90
.SS        
Scanning specific ports on the system.
.PP
nikto.pl -h 10.100.100.10 -p 80,443,8000,8080
.PP
You may combine IDS evasion techniques as desired.
.SS        
nikto.pl -h 10.100.100.10 -p 80 -e 167
.RE
.PP

.SH IMPORTANT FILES
config.txt - run-time configuration \fIoptions\fP, see the CONFIG FILE section
nikto_core.plugin - main Nikto code, absolutely required
nikto_plugin_order.txt - determines the order in which plugins are executed
LW.pm - The stand-alone LibWhisker file. It is probably better to install the LibWhisker module directly than to use this.
user_scan_database.db - If it exists in the plugins directory, it will load these checks as well. Same syntax as scan_database.db
.RE
.PP

.SH ADDITIONAL SOFTWARE
LibWhisker is required for proper execution of Nikto. The LW.pm library is included with Nikto, but it is recommended
that you download and install the full LibWhisker module from http://www.wiretrip.net/. If you are not using an installed
Libwhisker, you will need to change Nikto.pl so that it includes the proper LW.pm file. Edit Nikto.pl and comment the line:
use LW;
and uncomment the line below it:
require "./plugins/LW.pm";
.SS        
nmap can be used to speed up port scans. This should be much faster than relying on PERL code to perform port scans. Nmap can
be obtained from http://www.nmap.org/, it is not included with Nikto. Versions 3.0 and below should be fine.
.SS        
.TP
.B
SSL software is required to test using HTTPS.
For Windows systems, the SSL software and libraries can be obtained from
http://www.activestate.com/. For unix systems, OpenSSL from http://www.openssl.org/ and the Net::SSLeay module from
http://www.cpan.org/ are required.
.SH CHECKS
Checks, both information and actual security problems, are derived from a number of sources. These include the mailing lists
BugTraq, NTBugTraq, WebAppSec (WWW-Mobile-Code), and others. The web sites www.securitytracker.com, www.securiteam.com,
www.packetstormsecurity.com and www.securityfocus.com. Additionally, updates to Nessus are watched and many thanks to
all the plugin writers (and to Renaud for Nessus itself) (http://www.nessus.org/).
.SH WARNINGS
.TP
.B
Nikto can cause harm to your local system, the remote system and/or the network.
Some \fIoptions\fP can generate over 70,000 
HTTP requests to a \fItarget\fP. Do not run Nikto againsts hosts you are not authorized to perform testing against. Cirt.net
takes no responsibility for anything done with this software, any problems it may cause or problems it may find.
.SS        
.TP
.B
Plugins are standard PERL.
They are included and executed when Nikto is run. If you run the -update option, new and
updated plugins will be downloaded from cirt.net. This means you are downloading code, and potentially running it,
without viewing it yourself. Please consider the implications. Do not assume code distributed from Cirt.net is not
harmful, as accidents happen and a malicious third party may have inserted a dangerous plugin. Cirt.net assumes no
responsibility if any malicious code is delivered via the -update option.
.SS        

.SH DISTRIBUTION
Nikto and updated databases and plugins is distributed from http://www.cirt.net/
.SS        
.SS        
.SH SEE ALSO
LibWhisker - http://www.wiretrip.net/
Nmap - http://www.nmap.org/
OpenSSL - http://www.openssl.org/
CPAN - http://www.cpan.org/
ActiveState - http://www.activestate.com/
Nessus - http://www.nessus.org/
.SS        
.SS        
.SH LICENSE
This copyright applies to all code included in this distribution, but does not include the LibWhisker software, which is
distributed under its own license.
.PP
Copyright (C) 2001-2003 Sullo/CIRT.net
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License
.TP
.B
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
.TP
.B
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
.RE
.PP

.RS
You should have received a copy of the GNU General Public License along with this program; if not, write to the 
.TP
.B
Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA.
.SS        
Contact Information: See the AUTHOR section.
.RE
.PP

.SH AUTHOR
Sullo, sullo@cirt.net
http://www.cirt.net/
.SS        
Suggestions/fixes/support from: Jericho/attrition.org, rfp/wiretrip.net, Zel/firewallmonkeys.com, Zeno/cgisecurity.com,
Darby/cirt.net, Valdez/cirt.net, S Saady, P Eronen/nixu.com, M Arboi, T Seyrat, J DePriest, P Woroshow, fr0stman, E Udassin,
H Heimann
.SS        
Tests and contributed/suggested by: M Richardson, Jericho/attrition.org, Prickley Paw, M Arboi, H Heimann
.SS        
And Xiola.net for succeeding where everyone else has failed.
.SS