Home » Blogs » michael's blog

Nikto (Tool scanner web server)

Apa itu Nikto ?

    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.
    ----------------------
    Singkatnya, nikto merupakan program Open Source buat scan web server. Apa ada (celah) penyakit (keamanan) jantung..? Oops !

Dapat download dimana yach ?

Cara Install ?

    Unpack, trus selesai ! Hehehe, tidak perlu kompile.
    tar -xvzf nikto-1.36.tar.bz2
    Atau download paket .tgz yang saya buat dengan makepkg di sini

Cara pakai :

    Karena program ini berupa script perl, maka untuk menjalankan, awali dengan kata perl. :p
      perl nikto.pl -h [target]

    Misal ingin scan localhost :

      perl nikto.pl -h localhost

    Ingin scan server luar :

      perl nikto.pl -h slackerbox.com
      atau
      perl nikto.pl -h 66.165.101.242

    Hati2 dengan letak direktory program nikto tersebut. Jika Anda meletakkan di /home/mic/nikto, maka Anda musti berada diworking direktory tersebut.

    Mungkin sekali tempo Anda ingin mengupdate nikto, maka lakukan instruksi dibawah :

      perl nikto.pl -update

    Oh ya ! Paket .tgz yang saya buat, nikto berada di direktory /usr/local/nikto.

Letak file konfigurasi ?

    Sama dengan (direktory)file nikto.pl. File tersebut bernama config.txt

Oke ! Anda dapat mencobanya lebih lanjut ;) Lihat sumber aslinya di http://www.cirt.net.

---------------------------------
Sejenak scan Web server :)
---------------------------------
1. Localhost Slackware 12


    mic@darkstar:/usr/local/nikto$ perl nikto.pl -h localhost
    -***** SSL support not available (see docs for SSL install instructions) *****
    ---------------------------------------------------------------------------
    - Nikto 1.36/1.37 - www.cirt.net
    + Target IP: 127.0.0.1
    + Target Hostname: localhost
    + Target Port: 80
    + Start Time: Thu Nov 1 19:07:48 2007
    ---------------------------------------------------------------------------
    - Scan is dependent on "Server" string which can be faked, use -g to override
    + Server: Apache/2.2.4 (Unix) DAV/2 PHP/5.2.4
    - Retrieved X-Powered-By header: PHP/5.2.4
    + /robots.txt - contains 40 'disallow' entries which should be manually viewed (added to mutation file lists) (GET).
    + /scripts/ - Directory indexing of CGI directory should be disabled. (GET)
    + /cgi-bin//htsearch?exclude=%60/etc/passwd%60 - htsearch may reveal file system paths. (GET)
    + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
    + /scripts - Redirects to http://localhost/scripts/ , Remote scripts directory is browsable.
    + 3294 items checked - 4 item(s) found on remote host(s)
    + End Time: Thu Nov 1 19:07:54 2007 (6 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested

2.Server slackerbox.com


    mic@darkstar:~/Nikto/nikto-1.36$ perl nikto.pl -h 66.165.101.251
    -***** SSL support not available (see docs for SSL install instructions) *****
    ---------------------------------------------------------------------------
    - Nikto 1.36/1.37 - www.cirt.net
    + Target IP: 66.165.101.251
    + Target Hostname: slackerbox.com
    + Target Port: 80
    + Start Time: Thu Nov 1 02:51:38 2007
    ---------------------------------------------------------------------------
    - Scan is dependent on "Server" string which can be faked, use -g to override
    + Server: Apache
    + No CGI Directories found (use '-C all' to force check all possible dirs)
    - Retrieved X-Powered-By header: PHP/4.4.7
    + /robots.txt - contains 40 'disallow' entries which should be manually viewed (added to mutation file lists) (GET).
    + PHP/4.4.7 appears to be outdated (current is at least 5.1.6)
    + /cgi-bin/test-cgi - Apache 2.0 default script is executable and reveals system information. All default scripts should be removed. (GET)
    + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
    + /scripts - Redirects to http://slackerbox.com/scripts/ , Remote scripts directory is browsable.
    + 2052 items checked - 3 item(s) found on remote host(s)
    + End Time: Thu Nov 1 03:45:41 2007 (3243 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested
    Gila ! Hampir satu jam ! Percuma kok meski Anda pakai Highspeed internet. Nikto mengirim lebih dari 1500 paket kecil (tanpa perlu bandwith besar).

Kesimpulan

  • Index CGI matikan bung ! (1)
  • Hooii ! PHP Anda (4.4.7) kelihatan kadaluwarsa !(2)
  • Opsi TRACE mengijinkan XSS (1)(2)
  • Remote script dapat di browse kawan !(1)(2)

    • Oke, ada peringatan, informasi, dan lain sebagainya. Yah, daripada tidak tahu sama sekali, info dari 'dokter' nikto ini lumayanlah :)

Semoga tulisan ini berguna ;)