72、任务72——扫描工具Nikto(附带Httrack)
0x01、实验环境
1、靶机:Metasploitable(192.168.97.140)
浏览器访问:http://192.168.97.140/dvwa
Username=admin
Password=password
2、攻击机:kali(192.168.97.129)
0x02、Httrack工具
1、Httrack:是一种专门针对Web服务器的一种工具
//其可以把站点下所有文件拷贝下来
2、httrack实战
例子1:
靶机:Metasploitable(192.168.97.140)
攻击机:kali(192.168.97.129)kali上:
mkdir /root/dvwa
#httrack
dvwa
http://192.168.97.140
2
回车
*
回车
y如下图所示:
0x03、扫描工具Nikto
1、Nikto简介
①、Perl语言开发的开源web安全扫描器
②、用来搜索存在安全隐患的文件
③、扫描服务器配置漏洞
④、扫描Web Application层面的安全隐患
⑤、避免404误判:很多服务器不遵守RFC标准,对于不存在的对象返回200响应码;依据响应文件内容判断,不同扩展名的文件404响应内容不同;去除时间信息后的内容取MD5值;
⑥、-no404:提高性能,但是存在误判;
2、nikto命令
man nikto //查看使用手册nikto -list-plugins //查看插件nikto //查看版本等信息nikto -host //后可加url,可加ip、域名(d端口号)nikto -evasion //使用LibWhisker中对IDS的躲避技术
①、随机URL编码(非UTF-8方式)
②、自选择路径
③、过早结束路径(/./)
④、优先考虑长随机字符串
⑤、参数欺骗
⑥、使用TAB作为命令的分隔符
⑦、使用变化的URL
⑧、使用Windows路径分隔符"\"
3、nikto实战
例子1:利用nikto扫描站点
靶机:Metasploitable(192.168.97.140:80)或(http://192.168.97.140/dvwa)1、
# nikto -host http://192.168.97.140/dvwa
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.97.140
+ Target Hostname: 192.168.97.140
+ Target Port: 80
+ Start Time: 2020-02-18 20:42:42 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Cookie PHPSESSID created without the httponly flag
+ Cookie security created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: login.php
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /dvwa/robots.txt, inode: 93164, size: 26, mtime: Tue Mar 16 13:56:22 2010
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /dvwa/config/: Directory indexing found.
+ /dvwa/config/: Configuration information may be available remotely.
+ OSVDB-12184: /dvwa/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /dvwa/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /dvwa/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /dvwa/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /dvwa/login/: This might be interesting...
+ OSVDB-3268: /dvwa/docs/: Directory indexing found.
+ OSVDB-3092: /dvwa/CHANGELOG.txt: A changelog was found.
+ /dvwa/login.php: Admin login page/section found.
+ /dvwa/?-s: PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827
+ /dvwa/login.php?-s: PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827
+ /dvwa/CHANGELOG.txt: Version number implies that there is a SQL Injection in Drupal 7, can be used for authentication bypass (Drupageddon: see https://www.sektioneins.de/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html).
+ 7914 requests: 0 error(s) and 25 item(s) reported on remote host
+ End Time: 2020-02-18 20:43:09 (GMT8) (27 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested2、
# nikto -host 192.168.97.140:80
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.97.140
+ Target Hostname: 192.168.97.140
+ Target Port: 80
+ Start Time: 2020-02-18 20:43:53 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /phpinfo.php: Output from the phpinfo() function was found.
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ Server may leak inodes via ETags, header found with file /phpMyAdmin/ChangeLog, inode: 92462, size: 40540, mtime: Wed Dec 10 01:24:00 2008
+ OSVDB-3092: /phpMyAdmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3268: /test/: Directory indexing found.
+ OSVDB-3092: /test/: This might be interesting...
+ OSVDB-3233: /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpMyAdmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpMyAdmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpMyAdmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ 8726 requests: 0 error(s) and 27 item(s) reported on remote host
+ End Time: 2020-02-18 20:44:21 (GMT8) (28 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested3、
# nikto -host 192.168.97.140 -p 80
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.97.140
+ Target Hostname: 192.168.97.140
+ Target Port: 80
+ Start Time: 2020-02-18 20:47:19 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /phpinfo.php: Output from the phpinfo() function was found.
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ Server may leak inodes via ETags, header found with file /phpMyAdmin/ChangeLog, inode: 92462, size: 40540, mtime: Wed Dec 10 01:24:00 2008
+ OSVDB-3092: /phpMyAdmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3268: /test/: Directory indexing found.
+ OSVDB-3092: /test/: This might be interesting...
+ OSVDB-3233: /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpMyAdmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpMyAdmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpMyAdmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ 8726 requests: 0 error(s) and 27 item(s) reported on remote host
+ End Time: 2020-02-18 20:47:56 (GMT8) (37 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested4、
#vim host.txt
192.168.97.140:80
http://192.168.97.140/dvwa
:wq# nikto -host host.txt
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.97.140
+ Target Hostname: 192.168.97.140
+ Target Port: 80
+ Start Time: 2020-02-18 20:51:13 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Cookie PHPSESSID created without the httponly flag
+ Cookie security created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to pr otect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: login.php
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /dvwa/robots.txt, inode: 93164, size: 26, mtime: Tue Mar 16 13:56:22 2010
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brut e force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alt ernatives for 'index' were found: index.php
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 i s the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /dvwa/config/: Directory indexing found.
+ /dvwa/config/: Configuration information may be available remotely.
+ OSVDB-12184: /dvwa/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially se nsitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /dvwa/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially se nsitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /dvwa/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially se nsitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /dvwa/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially se nsitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /dvwa/login/: This might be interesting...
+ OSVDB-3268: /dvwa/docs/: Directory indexing found.
+ OSVDB-3092: /dvwa/CHANGELOG.txt: A changelog was found.
+ /dvwa/login.php: Admin login page/section found.
+ /dvwa/?-s: PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827
+ /dvwa/login.php?-s: PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827
+ /dvwa/CHANGELOG.txt: Version number implies that there is a SQL Injection in Drupal 7, can be used for authentication bypass (Drupageddon: see https://www.sektioneins.de/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html).
+ 7914 requests: 0 error(s) and 25 item(s) reported on remote host
+ End Time: 2020-02-18 20:51:39 (GMT8) (26 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested5、
# nikto -host www.baidu.com -port 443 --ssl
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 183.232.231.174
+ Target Hostname: www.baidu.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=CN/ST=beijing/L=beijing/OU=service operation department/O=Beijing Baidu Netc om Science Technology Co., Ltd/CN=baidu.comCiphers: ECDHE-RSA-AES128-GCM-SHA256Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
+ Message: Multiple IP addresses found: 183.232.231.174, 183.232.231.172
+ Start Time: 2020-02-18 20:53:08 (GMT8)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Cookie BAIDUID created without the secure flag
+ Cookie BAIDUID created without the httponly flag
+ Cookie BIDUPSID created without the secure flag
+ Cookie BIDUPSID created without the httponly flag
+ Cookie PSTM created without the secure flag
+ Cookie PSTM created without the httponly flag
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ Uncommon header 'traceid' found, with contents: 158203038802045693549898740171579656555
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
^C^Z
[1]+ 已停止 nikto -host www.baidu.com -port 443 --ssl6、namp+nikto
nmap -p 80 192.168.97.0/24 -oG - | nikto -host -
//-oG 输出结果
//- 输出到这里
//nikto -host - 这里的-是之前nmap出的结果
//先nmap扫描哪些ip开了80端口,再使用nikto扫描网站# nmap -p80 192.168.97.0/24 -oG - | nikto -host -
- Nikto v2.1.6
---------------------------------------------------------------------------
+ nmap Input Queued: 192.168.97.140:80
+ Target IP: 192.168.97.140
+ Target Hostname: 192.168.97.140
+ Target Port: 80
+ Start Time: 2020-02-18 20:54:54 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /phpinfo.php: Output from the phpinfo() function was found.
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ Server may leak inodes via ETags, header found with file /phpMyAdmin/ChangeLog, inode: 92462, size: 40540, mtime: Wed Dec 10 01:24:00 2008
+ OSVDB-3092: /phpMyAdmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3268: /test/: Directory indexing found.
+ OSVDB-3092: /test/: This might be interesting...
+ OSVDB-3233: /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpMyAdmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpMyAdmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpMyAdmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ 8726 requests: 0 error(s) and 27 item(s) reported on remote host
+ End Time: 2020-02-18 20:55:19 (GMT8) (25 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested7、总之:发现了以下目录,我们可以在浏览器里依次遍历
/doc
/usr/doc
/test
/icons
/icons/README
/phpMyAdmin
/phpMyAdmin/Documentation.html
/phpMyAdmin/README8、扫描过程中的一些操作:
//按一下on,再按一下off
回车 报告当前状态
v 查看扫描的过程,不只是看到扫描的结果
d 查看debug信息,最详细的扫描过程
e 查看错误
p 扫描的进度
r 显示重定向
c 显示cookie
a 显示身份认证
q 退出
N 扫下一个
P 暂停扫描9、nikto的配置文件:/etc/nikto.conf①、USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)
//可以把useragent修改为别的浏览器的useragent,从而隐藏自己②、RFIURL=http://cirt.net/rfiinc.txt?
//测试远程文件包含的文件③、Cookie
形如此格式:STATIC-COOKIE="cookie1"="cookie value";"cookie2"="cookie val";
修改为:COOKIE="PHPSESSID"="f78ecdb9ddabf004730e34d1c51dd450";"security"="high"
//其cookie值可以从浏览器里面获得:
第一步:进入浏览器,输入http://192.168.97.140/dvwa
第二步:键入F12(过程中可以多次刷新)
第三步:点击Storage查看cookie,把值给复制下来,粘贴到/etc/nikto.conf的配置文件里10、nikto -evasion
nikto -host http://192.168.97.140/dvwa -evasion 167
//这里使用了1、6、7规避技术nikto -host http://192.168.97.140/dvwa -evasion 167
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.97.140
+ Target Hostname: 192.168.97.140
+ Target Port: 80
+ Using Encoding: Random URI encoding (non-UTF8)
+ Using Encoding: TAB as request spacer
+ Using Encoding: Change the case of the URL
+ Start Time: 2020-02-18 21:04:39 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ /dvwa/fx29id1.txt: Payload for Fx29ID RFI exploit. The server may have been compromised to act as a repository for this file.
+ Cookie PHPSESSID created without the httponly flag
+ Cookie security created without the httponly flag
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ 7914 requests: 0 error(s) and 9 item(s) reported on remote host
+ End Time: 2020-02-18 21:05:00 (GMT8) (21 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
72、任务72——扫描工具Nikto(附带Httrack)相关推荐
- 【安全牛学习笔记】扫描工具-Nikto
╋━━━━━━━╋ ┃实验环境 ┃ ┃Metasploitable┃ ┃ Dvwa ┃ ╋━━━━━━━╋ Username admin password password ...
- 漏洞扫描工具-Nikto
漏洞扫描工具-Nikto Nikto原理: 基于perl语言开发的开源WEB安全扫描器 Nikto功能: 识别网站软件版本 搜索存在安全隐患的文件 检查服务器配置漏洞 检查WEB Applicatio ...
- wed渗透:记录kali系统下扫描工具nikto的使用
目录 前言 1 工具介绍 2 使用场景 3 使用方法 3.1 查看帮助信息 3.2 Nikto插件 3.3 扫描 3.3.1 常规扫描 3.3.2 指定端口扫描 3.3.3 指定协议扫描 3.3.4 ...
- web扫描工具---nikto
一.软件介绍 Nikto是基于perl语言开发的web页面扫描器,可以对web服务器进行多项安全测试,它可以扫描指定主机的web类型.主机名.指定目录.特定CGI漏洞.返回主机允许的HTTP模式等 二 ...
- 漏洞扫描工具Nikto的使用
目录 Nikto常用命令选项 Nikto使用实例 Nikto常用命令选项 -host:扫描目标URL -id:http认证接口 -list-plugins:列出所有可用的插件 -evasion:IDS ...
- nikto漏洞扫描工具的使用
nikto是perl语言开发的开源WEB安全扫描器:识别网站软件版本:搜索存在安全隐患的文件:检查服务器配置漏洞:检查WEB Application层面的安全隐患:避免404误判(原因:很多服务器不遵 ...
- 在 Linux 环境下,我用了这款端口扫描工具~
为了保护计算机不受攻击和各种病毒.木马的侵扰,其实我们可以在网络设备上采取措施,对某些数据包进行阻挡.过滤等,但重要的还是用户需要有一定的意识,采取措施对自己的计算机进行保护安全: 那么,今天杰哥主要 ...
- 网络扫描工具ncnmap
一.NC 1.nc安装 # yum install nc 2.nc详解 linux nc命令<netcat> 功能说明:功能强大的网络工具 语 法:nc [-hlnruz][-g<网 ...
- 端口扫描工具 NMAP使用详解,收藏这一篇就够了
前言 为了保护计算机不受攻击和各种病毒.木马的侵扰,其实我们可以在网络设备上采取措施,对某些数据包进行阻挡.过滤等,但重要的还是用户需要有一定的意识,采取措施对自己的计算机进行保护安全: 那么,今天主 ...
最新文章
- mvcc原理_MySQL MVCC原理
- 循序渐进学Oracle之索引、权限、角色
- Django学习小记[2] —— Model
- asp.net mvc4三层架构搭建
- B--Bookshelf 2
- 用正则判断字符串是否为中文的方法
- 问题解决 | maven包冲突了怎么办,这款插件你不容错过
- python字典api_python接口自动化(九)--python中字典和json的区别(详解)
- win10连接共享打印机_win7共享出来的打印机部分电脑无法连接的问题
- duilib 中list控件的扩展
- 七彩安卓影视APP源码独立解析接口
- vue 一个公式 编辑器 组件
- Vue3新特性——Composition API详解
- IDEA导入已有项目
- 如何在iPhone和iPad上的Safari中在网页上查找文本
- 《C语言入门经典》Ivor Horton 第九章 练习题
- sql 语句中count()有条件的时候为什么要加上or null
- Excel VBA 金融建模 培训
- 国密算法 SM2 SM3 SM4 及密钥生成
- lan pci 联想开机_电脑开机老是显示 Boot Menu ATA HDD0 PCI LAN 怎么办?禁用网卡启动...