用 Nikto 扫描你网站的缺陷Nikto 网络扫描器是一个开源的 web 服务器的扫描软件,它可以用来扫描 web 服务器上的恶意的程序和文件。Nikto 也可以用来检查软件版本是否过期。Nikto 能进行简单而快速地扫描以发现服务器上危险的文件和程序。扫描结束后会给出一个日志文件。` 在 Linux 服务器上下载和安装 NiktoPerl 在 Linux 上是预先安装好的,所以你只需要从项目页面下载 nikto ,解压到一个目录里面,然后开始测试。 wget https://cirt.net/nikto/nikto-2.1.4.tar.gz 你可以用某个归档管理工具解包,或者如下同时使用 tar 和 gzip : tar zxvf nikto-2.1.4.tar.gz cd nikto-2.1.4 perl nikto.pl 安装正确的话会得到这样的结果: - ***** SSL support not available (see docs for SSL install) ***** - Nikto v2.1.4 --------------------------------------------------------------------------- + ERROR: No host specified -config+ Use this config file -Cgidirs+ scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi-a/" -dbcheck check database and other key files for syntax errors -Display+ Turn on/off display outputs -evasion+ ids evasion technique -Format+ save file (-o) format -host+ target host -Help Extended help information -id+ Host authentication to use, format is id:pass or id:pass:realm -list-plugins List all available plugins -mutate+ Guess additional file names -mutate-options+ Provide extra information for mutations -output+ Write output to this file -nocache Disables the URI cache -nossl Disables using SSL -no404 Disables 404 checks -port+ Port to use (default 80) -Plugins+ List of plugins to run (default: ALL) -root+ Prepend root value to all requests, format is /directory -ssl Force ssl mode on port -Single Single request mode -timeout+ Timeout (default 2 seconds) -Tuning+ Scan tuning -update Update databases and plugins from CIRT.net -vhost+ Virtual host (for Host header) -Version Print plugin and database versions + requires a value Note: This is the short help output. Use -H for full help. 这个报错只是告诉我们没有给出必要的参数。SSL 支持可以通过安装相关的 perl ssl 模块得到(sudo apt-get install libnet-ssleay-perl)。 更新 nikto 数据库在开始使用之前我们需要先更新 nikto 数据库: /usr/local/bin/nikto.pl -update 下面的命令可以列出可用的 nikto 插件。 nikto.pl -list-plugins // To list the installed plugins // 扫描以寻找缺陷我们用一个 url 来在做个简单的测试。 perl nikto.pl -h http://www.host-name.com 输出样例 会有十分冗长的输出,可能一开始会让人感到困惑。许多 Nikto 的警报会返回 OSVDB 序号。这是由开源缺陷数据库(http://osvdb.org/)所指定。你可以在 OSVDB 上找出相关缺陷的深入说明。 $ nikto -h http://www.host-name.com - Nikto v2.1.4 --------------------------------------------------------------------------- + Target IP: 1.2.3.4 + Target Hostname: host-name.com + Target Port: 80 + Start Time: 2012-08-11 14:27:31 --------------------------------------------------------------------------- + Server: Apache/2.2.22 (FreeBSD) mod_ssl/2.2.22 OpenSSL/1.0.1c DAV/2 + robots.txt contains 4 entries which should be manually viewed. + mod_ssl/2.2.22 appears to be outdated (current is at least 2.8.31) (may depend on server version) + ETag header found on server, inode: 5918348, size: 121, mtime: 0x48fc943691040 + mod_ssl/2.2.22 OpenSSL/1.0.1c DAV/2 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist + OSVDB-2322: /gallery/search.php?searchstring=<script>alert(document.cookie)</script>: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.securityfocus.com/bid/8288. + OSVDB-7022: /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05: DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-3092: /system/: This might be interesting... + OSVDB-3092: /template/: This may be interesting as the directory may hold sensitive files or reveal system information. + OSVDB-3092: /updates/: This might be interesting... + OSVDB-3092: /README: README file found. + 6448 items checked: 1 error(s) and 14 item(s) reported on remote host + End Time: 2012-08-11 15:52:57 (5126 seconds) --------------------------------------------------------------------------- + 1 host(s) tested $ Nikto 是一个非常轻量级的通用工具。因为 Nikto 是用 Perl 写的,所以它可以在几乎任何服务器的操作系统上运行。
希望这篇文章能在你检查 wordpress 站点的缺陷的时候给你一些提示。我之前的文章如何安全加固 WordPress 站点记录了一个清单,可以让你保护你的 WordPress 站点的工作变得更简单。
转载请保留固定链接: https://linuxeye.com/jianzhan/2455.html |