39
38

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

脆弱性スキャナー Nikto

Last updated at Posted at 2016-08-19

Nikto

https://cirt.net/Nikto2
Nikto はイギリスの Netspark 社がスポンサーをしている無料 Web アプリケーションセキュリティスキャナー。 Perl で開発されている。
安定版は 2015-07-09 にリリースされた Nikto 2.1.6 になる。
GitHub では継続的なメンテナンスが行われている様子。

インストール

EPEL

yum install epel-release
yum install nikto perl-Net-SSLeay

EPEL リポジトリでは 2018-06-08 にビルドされた 2.1.6-1 がインストールされる。

perl-Net-SSLeay パッケージは SSL のサイトの診断に必要。インストールされていないと ***** SSL support not available (see docs for SSL install) ***** というエラーが出力される。

Atomic

yum install wget
curl -s http://www.atomicorp.com/installers/atomic | sh
yum install nikto

Atomic リポジトリでは 2017-03-10 にビルドされた 2.1.6-1147 がインストールできる。

アップデート

nikto -update
出力例
+ Retrieving 'nikto_report_csv.plugin'
+ Retrieving 'nikto_headers.plugin'
+ Retrieving 'nikto_cookies.plugin'
+ Retrieving 'db_tests'
+ Retrieving 'db_parked_strings'
+ Retrieving 'CHANGES.txt'

スキャン

nikto -h localhost
出力例
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    localhost
+ Target Port:        80
+ Start Time:         2016-01-16 10:00:00 (GMT9)
---------------------------------------------------------------------------
+ Server: Apache/2.4.6 (CentOS) PHP/5.4.16
+ Server leaks inodes via ETags, header found with file /, fields: 0x220 0x529841bdd9a78
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ PHP/5.4.16 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
+ Apache/2.4.6 appears to be outdated (current is at least Apache/2.4.16). Apache 2.2.31 is also current for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ Retrieved x-powered-by header: PHP/5.4.16
+ OSVDB-3092: /test.php: This might be interesting...
+ 8225 requests: 0 error(s) and 10 item(s) reported on remote host
+ End Time:           2016-01-16 10:00:11 (GMT9) (11 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

設定ファイル

/etc/nikto/config
#########################################################################################################
# CONFIG STUFF
# $Id: config.txt 94 2009-01-21 22:47:25Z deity $
#########################################################################################################

# default command line options, can't be an option that requires a value.  used for ALL runs.
# CLIOPTS=-g -a

# ports never to scan
SKIPPORTS=21 111

# User-Agent variables:
 # @VERSION     - Nikto version
 # @TESTID      - Test identifier
 # @EVASIONS    - List of active evasions
USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)

# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?>
# You may use the one below, if you like.
#RFIURL=http://cirt.net/rfiinc.txt?

# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=

# The DTD
NIKTODTD=docs/nikto.dtd

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.0

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;)  *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes   - ask before each submission if it should send
# UPDATES=no    - don't ask, don't send
# UPDATES=auto  - automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=20

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

# cirt.net : set the IP so that updates can work without name resolution -- just in case
CIRT=174.142.17.165

# Proxy settings -- still must be enabled by -useproxy
#PROXYHOST=127.0.0.1
#PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword

# Cookies: send cookies with all requests
# Multiple can be set by separating with a semi-colon, e.g.:
# "cookie1"="cookie value";"cookie2"="cookie val"
#STATIC-COOKIE=

# The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server
# is running. Some web servers, such as the autopsy web server do not implement the HEAD method
CHECKMETHODS=HEAD GET

# If you want to specify the location of any of the files, specify them here
EXECDIR=/usr/share/nikto                                # Location of Nikto
PLUGINDIR=/usr/share/nikto/plugins                      # Location of plugin dir
# DBDIR=/opt/nikto/databases                    # Location of plugin dir
TEMPLATEDIR=/usr/share/nikto/templates          # Location of tempmlate dir
DOCDIR=/usr/share/nikto/docs                    # Location of docs dir

# Default plugin macros
@@MUTATE=dictionary;subdomain
@@DEFAULT=@@ALL;-@@MUTATE;tests(report:500)

#Choose SSL libs
# Options:
# SSLeay        - use Net::SSLeay
# SSL           - use Net::SSL
# auto          - automatically choose whats available
#                 (SSLeay wins if both are available)
LW_SSL_ENGINE=auto

セキュリティ関連記事

39
38
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
39
38

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?