10
7

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

Macで利用できる脆弱性診断・検査ツール 〜導入&簡易編〜

Last updated at Posted at 2018-10-18

脆弱性診断を簡易的に実施するってときに、手持ちのMacで簡単に導入して実施できるツールを調べてみました。

  • ポートスキャン用に Nmap
  • ミドルウェアの設定確認にNikto

Nmap

ポートスキャン機能が充実している。閉じているつもりで開いているのがポート。
そのチェックに利用できます。配布元:https://nmap.org/

導入

$ brew install nmap

利用

$ nmap '対象ホストIP'
$ nmap 192.168.xxx.xxx

Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-18 17:56 JST
Nmap scan report for 192.168.xxx.xxx
Host is up (0.00059s latency).
Not shown: 968 closed ports, 26 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 5.35 seconds

結果の見方

Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-18 17:56 JST

Nmapのバージョンと実行日時

Nmap scan report for 192.168.xxx.xxx

スキャン対象

Not shown: 968 closed ports, 26 filtered ports

閉じられたポート数(968ポート)と、フィルターにかかったポート数(26ポート)

PORT STATE SERVICE
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
993/tcp open imaps
995/tcp open pop3s

開いているポート番号とプロトコル

※注意する点

端末上に、ESETなどのセキュリティソフトが入っていると、Email Protection機能やWeb Access Protection機能のため結果が異なることがあります。

Nikto

公表済みのセキュリティホールを検出できるので、Apacheなどミドルウェアの設定し忘れなどを防ぐことができます。配布元:https://cirt.net/Nikto2

導入

$ brew install nikto

利用

$ nikto -h '対象ドメイン(httpとhttpsは別物)'
$ nikto -h https://hogehoge.com

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.xxx.xxx
+ Target Hostname:    hogehoge.com
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.example.com
                   Altnames: *.hogehoge.com, hogehoge.com
                   Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:   /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
+ Start Time:         2018-10-18 18:10:01 (GMT9)
---------------------------------------------------------------------------
+ Server: Apache
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server leaks inodes via ETags, header found with file /robots.txt, inode: 2238918, size: 27, mtime: Tue Jan 27 14:05:43 2015
+ Server is using a wildcard certificate: *.hogehoge.com
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE 

結果の見方

Nikto v2.1.6

Niktoのバージョン

Target IP: 192.168.xxx.xxx
Target Hostname: hogehoge.com
Target Port: 443

対象となったホストのIP、ドメイン、ポート番号

SSL Info: Subject: /OU=Domain Control Validated/OU=PositiveSSL > Wildcard/CN=*.example.com
Altnames: *.hogehoge.com, hogehoge.com
Ciphers: ECDHE-RSA-AES256-GCM-SHA384
Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO RSA Domain Validation Secure Server CA

SSLを利用していればSSLの詳細

Server: Apache
The anti-clickjacking X-Frame-Options header is not present.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The site uses SSL and the Strict-Transport-Security HTTP header is not defined.

1行1行が指摘事項。闇雲に調べて対応しているとアプリケーションの動作へ影響もあるので、動作確認しながら対応を行いましょう。

10
7
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
10
7

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?