GKLBB

当你经历了暴风雨,你也就成为了暴风雨

导航

KALI LINUX 工具大全之web分析 --- Nikto (尼克托人)

开源免费、轻量高效、插件式 的web漏扫器
 
http://cirt.net/nikto/
 
https://github.com/sullo/nikto/wiki
 
 截图

 

最佳命令
1.更新插件
nikto -update

但是由于wall的存在,不一定能更新成功
2.单个主机扫描,推荐使用url格式指定,因为如果没有指定端口,则假定端口80。
nikto -host 192.168.86.130 -port 80 或 nikto -host http://192.168.86.130 或 nikto -h 192.168.0.1
nikto -host www.baidu.com -port 443 -ssl 或 nikto -host https://192.168.86.130:443

没有必要指定端口443是加密的,因为Nikto将首先测试常规HTTP,如果失败,则测试HTTPS。如果您确定它是一个SSL/TLS服务器,稍微指定-s (-ssl)将会加快测试速度(这对于在端口443上响应HTTP的服务器也是有用的,即使只有在使用加密时才提供内容)。

perl nikto.pl -h 192.168.0.1 -p 443 -ssl

多个端口

perl nikto.pl -h 192.168.0.1 -p 80,88,443

perl nikto.pl -h 192.168.0.1 -p 80-90

3.扫描多个主机
Nikto支持通过主机名或IP的文本文件在同一会话中扫描多个主机。可以提供文件名,而不是为-h(--host)选项提供主机名或IP。主机文件必须格式化为每行一台主机,在每行的末尾加上端口号。端口可以通过冒号或逗号与主机和其他端口分隔开。如果没有指定端口,则假定端口80。
 
nikto -C all -h hostlist.txt -o bynikto.html
 
 hostlist.txt文件定义如下:

  192.168.0.123:80

  https://www.baidu.com:443/

  www.163.com

 4.与nmap联动
nmap -p80 192.168.1.4/24 -oG - | nikto -host -
5.设置cookie,用于需要登录才能访问的网站

/etc/nikto.conf中修改即可

6.全量命令

7.反ids

逃逸  nikto -host http://192.168.1.34/dvwa/ -evasion 167
代理  nikto -host https://www.baidu.com -useproxy htpp://localhost:1080
延时
 

 

 

 

功能如下:
检查服务器配置项(例如是否存在多个索引文件,HTTP服务器选项)
默认文件和程序
不安全的文件和程序
过时的服务器和程序
特定版本的问题
识别已安装的Web服务器和软件
插件自动更新。
SSL支持(带有OpenSSL的Unix或带有ActiveState的Perl / NetSSL的Windows)
全面的HTTP代理支持
以纯文本,XML,HTML,NBE或CSV保存报告
模板引擎可轻松自定义报告
扫描服务器上的多个端口,或通过输入文件(包括nmap输出)扫描多个服务器
LibWhisker的IDS编码技术
使用Basic和NTLM进行主机身份验证(包括许多默认的id / pw组合)
子域猜测
Apache和cgiwrap用户名枚举
诱捕技术以“捕获” Web服务器上的内容
扫描调整以包括或排除所有类别的漏洞检查
交互状态,暂停和详细设置更改

功能简介

Nikto本身只是一个包装脚本,用于管理CLI并传递给插件。

Nikto基于LibWhisker(由RFP构建),并且可以在具有Perl环境的任何平台上运行。 它支持SSL,代理,主机身份验证,IDS逃逸等。 nikto的工作流程大致为200和404的http状态检查,然后运行每个插件。
Nikto并非被设计为隐形工具。它将在最快的时间内测试Web服务器,并且在日志文件或IPS / IDS中显而易见。但是,如果您想尝试一下(或测试您的IDS系统),则支持LibWhisker的反IDS方法。

作者:

Nikto 由 Chris Sullo 和 David Lodge 编写和维护。
LibWhisker 由 Jeff Forristal(Rain Forrest Puppy)编写。

译者注:原来的代码托管在google现在在github

大小只有400k

 

选项详解

(译者注:下面的+应该表示有多种可能参数值)
-ask+ 是否询问提交更新
yes 询问每一个(默认)
no 不问,不发送
自动 不问,只发送
-check6 用于检查是否支持 IPv6,通过连接 ipv6.google.com 或在 nikto.conf 文件中设置的其他 IPv6 网址来验证。
-Cgidirs+ 给cgi插件指定目录参数,
none 不扫描,
all 扫描所有,
自定义 例如/cgi-test/(必须包含斜杠)。
未指定 将测试config.txt中列出的所有CGI目录。
-config+ 指定备用配置文件,而不是安装目录中的config.txt。
-Display+ 显示输出的开关(例如: -Display 1234EP或者-D dv):
1 显示重定向
2 显示收到的Cookie
3 显示所有200/OK的响应
4 显示需要认证的URL
D 调试输出
E 显示所有http错误
P 进度信息输出到标准输出流(STDOUT)
S 清除输出结果中的ip和主机名
V 详细输出
-dbcheck 检查数据库和其他密码文件的语法错误
-evasion+ 编码技术:
1 随机URI编码(非UTF8)
2 自参照目录 (/./)
3 过早结束的URL
4 前置长随机字符串
5 伪参数
6 TAB作为请求分隔符
7 更改URL的大小写
8 使用Windows目录分隔符(\)
A 用回车符(0x0d)作为请求空格符
B 用二进制值 0x0b 作为请求空格符。
-followredirects 按照3xx重定向到新的位置
-Format+ 指定保存文件-o(-output)的格式,例如-Format htm 如果未指定,则默认值将从-output选项中指定的文件扩展名中获取。 如果不能获取文件格式,那么输出将只发送到标准输出。有效格式为:
  csv    以逗号分隔的值
  json    JSON Format
  htm    HTML格式
  nbe    Nessus NBE格式
  sql    通用 SQL   SQL输出中使用的表的库可以在docs/nikto_schema.sql中找到。
  txt     纯文本
  xml    XML格式   Nikto XML格式的DTD可以在“docs”目录(nikto.dtd)中找到,并且在默认情况下应该可以找到。
-Help 显示扩展帮助信息。
-host+ 目标主机。可以是主机的IP地址,主机名或文本文件。例如:-host 192.168.0.102。 单破折号(-)可用于标准输出。 也可以解析nmap -oG样式输出
-404code 指定要忽略的 HTTP 状态码,这些状态码被视为负面响应。选项的格式应为 "302,301"
-404string 指定在响应正文内容中要忽略的字符串,这些字符串被视为负面响应。字符串可以是正则表达式,以更好地匹配不同的字符串模式。
-id+ 用于主机基本主机身份验证。 格式为 id:pass 或 id:pass:realm
-ipv4 IPv4 Only
-ipv6 IPv6 Only
-key+ 指定客户端证书私钥文件的命令行选项,用于 SSL / TLS 握手过程中使用客户端证书来验证客户端身份。通常,此选项需要与 "-cert+" 选项一起使用,后者指定了客户端证书文件。
-list-plugins 列出所有可用插件,不执行扫描即退出。
-maxtime+ 每台主机的最大扫描时间(e.g., 1h, 60m, 3600s)
-mutate+    用于生成可能的文件名猜测 。使用参考号指定类型,可以使用多个:
        1 测试所有根目录下的所有文件
        2 猜测密码文件名
        3 通过Apache枚举用户名(/~user类型请求)
        4 通过cgiwrap枚举用户名(/cgi-bin/cgiwrap/~user类型请求)
        5 尝试暴力破解子域名,假设主机名是父域
        6 尝试从提供的字典文件中猜测目录名称
-mutate-options 提供有关突变的其他信息,例如 字典文件
-nointeractive 禁用交互功能
-nolookup 禁止DNS lookups
-nossl 禁止SSL
-no404 禁止猜测404页面。这将减少对Web服务器的请求总数,在通过慢速链接或嵌入式设备检查服务器时可能更可取。 这通常会导致发现更多的误报。
-Option 允许用户在运行时覆盖 nikto.conf 文件中的选项。此选项可重复使用,允许用户设置或更改多个选项值。比如“-Option maxtime=60”,更改工具的最大扫描时间为 60 秒。
-output+ 指定输出文件 ('.' 为自动命名)使用的格式将从文件扩展名中获取。例如- o report.html 可以使用-Format选项来覆盖此设置(例如,以不同的扩展名写入文本文件。现有文件将附加新信息。
-Pause+ 每次测试之间延迟的秒数。 (seconds, integer or float)
-Plugins+ 指定运行的插件。 应该提供一个用逗号分隔的列表,其中列出了插件的名称。 可以使用-list-plugins查找名称。(默认: ALL),这里的ALL表示宏定义。
-port+ 指定端口 。要测试同一主机上的多个端口,请在-p(-port)选项中指定端口列表。 例如 80-90或80,88,90。 如果未指定,则使用端口80。
-RSAcert+ 客户端证书文件
-root+ 为所有请求指定 web根目录 将指定的值放在每个请求的开头。 这对于测试所有文件都位于某个目录下的应用程序或Web服务器很有用。 格式为 /directory
-Save 保存正面响应到目录下,这将为每个发现创建一个包含文本文件的输出目录,其中包含原始请求和响应、有关测试触发原因的附加信息以及请求和响应的 JSON 表示。此外,检查 replay.pl 以根据 JSON 输出重放请求。 ('.' 为自动命名)(译者注:在 HTTP 中,正面响应是指请求得到成功处理和返回相应的结果的情况,通常情况下,这些结果应该也是符合期望的,比如请求的页面成功加载、资源获取成功等。负面响应则是指请求未得到处理,或请求处理失败,返回错误代码或无效结果的情况。比如,请求的资源不存在、请求被拒绝、服务器内部发生错误等。)
-ssl 在端口上强制ssl模式。使用此选项将大大加快对HTTPS端口的请求,因为否HTTP请求将必须首先超时才测试。
-Single

对目标服务器执行单个请求。 (译者注:这个选项可能废弃)
-Tuning+   测试类型调整。扫描优化可用于减少对目标执行的测试次数。通过指定包含或排除的测试类型,可以完成更快、更集中的测试。这在不希望出现某些文件类型的情况下非常有用,例如XSS或简单的“有趣”文件。

通过将测试类型的标识符指定给-T (-Tuning)选项。在默认模式下,如果-T将只执行指定的测试类型。例如,只能对目标执行“远程文件检索”和“命令执行”测试:

perl nikto.pl -h 192.168.0.1 -T 58

如果将“x”传递给-T然后,这将否定x后面的所有类型的测试。这在测试可能检查几种不同类型的利用时非常有用。例如:

perl nikto.pl -h 192.168.0.1 -T 58xb

可多选,给定的字符串将从左到右进行解析,任何x字符都将应用于该字符右侧的所有字符。例如 -Tuning 123bde :

有效的优化选项包括:
         1 :感兴趣的文件/日志中看到的文件;在web服务器日志中发现的未知但可疑的文件或攻击
         2 :配置不当/默认文件;这可能是文档,也可能是受密码保护的资源。
         3 :信息泄露;揭示目标信息的资源。这可能是文件系统路径或帐户名。
         4 :注入(XSS/脚本/HTML);这不包括命令注入。
         5 :内部web根目录的远程文件检索;资源允许远程用户从web服务器的根目录中检索未经授权的文件。
         6 :拒绝服务;资源允许针对目标应用程序、web服务器或主机的拒绝服务攻击(注意:没有试图进行有意的DoS攻击)。
         7 :服务器范围内的远程文件检索;资源允许远程用户从目标上的任何位置检索未经授权的文件。
         8 :命令执行/远程 shell;资源允许用户执行系统命令或生成远程外壳。
         9 :SQL 注入;允许对数据库执行SQL的任何类型的攻击。
         0 :文件上传;允许将文件上传到目标服务器的攻击。
         a :身份验证绕过;允许客户端访问不应被允许访问的资源。
         b :软件识别;安装的软件或程序可以被肯定地识别。
         c :远程源包含;远程源代码包含是指在一个程序中,通过 URL 引入远程主机上的一个源代码文件的技术 ,通常被用来重用代码,简化编程和维护的过程。但如果没有经过正确的安全处理,这也可以被利用来攻击网站或服务器。攻击者可以利用远程源码包含漏洞,将其恶意代码作为参数传递给程序中的 include() 或者 require() 函数,由此可以利用代码注入漏洞,取得服务器的控制权。
         d :Web 服务;
         e :管理员控制台;
         x :反选(即包括所有选项,除了指定的选项)。

-timeout+ 请求超时时间(默认 10s)
-Userdbs 用于加载用户自定义的数据库,而不是标准数据库。默认情况下,Nikto 工具会加载其自带的标准数据库进行扫描。
all 禁用标准数据库,只加载用户数据库
tests 只禁用db_tests并加载udb_tests
-useragent 使用配置文件中定义的HTTP代理
-until 运行到指定时间或时间段
-url+ 目标 host/URL ( -host的别名)
-update 直接从cirt.net更新插件和数据库。 

虽然旧版本的Nikto使用-update选项,但从2.1.6版开始应该使用git(https://git-scm.com/)工具来更新(和安装)Nikto。大多数操作系统都有git的安装程序或包,也存在许多具有UI功能的程序。

git pull

维护人员尽了一切努力来确保git主分支始终稳定并正常工作。如果计划进行重大更改,这项工作将在新的分支机构中进行,以防止中断当前的用户和安装。


-usecookies 允许用户在今后的请求中使用来自响应的 cookies。
-useproxy 

在Nikto中使用HTTP(S)代理有两种方式——通过nikto.conf文件,或者直接通过命令行。

要使用nikto.conf文件中,设置 PROXY*变量,然后使用-useproxy选项执行Nikto。所有连接都将通过配置文件中指定的代理进行中继。

perl nikto.pl -h localhost -p 80 -useproxy

要在命令行上设置代理,还可以使用-useproxy选项,并将代理集作为参数,例如:

./nikto.pl -h localhost -useproxy http://localhost:8080/

SOCKS代理不直接支持,但是可以通过proxychains或类似程序使用。


-Version 显示Nikto软件,插件和数据库版本。
-vhost+ 指定要发送到目标的主机头。

相关文件
nikto.conf Nikto全局选项配置文件。 可能会存在几个nikto.conf文件,并按以下顺序对其进行解析。 加载每个配置文件后,将取代之前设置的任何配置:
系统范围(例如/etc/nikto.conf)
主目录(例如$ Home /nikto.conf)
当前目录(例如./nikto.conf)
${NIKTO_DIR}/plugins/db* 漏洞数据库
${NIKTO_DIR}/plugins/*.plugin 所有插件
${NIKTO_DIR}/templates 输出模板

 

交互功能

Nikto包含几个可以在主动扫描期间更改的选项,前提是它运行在提供POSIX支持的系统上(*nix和其他一些操作系统)。在不支持POSIX的系统上,这些特性将被自动禁用。

在主动扫描期间,按下下面的任意键将打开或关闭列出的功能或执行列出的操作。请注意这些区分大小写。每10个请求轮询一次输入,因此非常慢的扫描可能需要一段时间才能响应。

  • 空格-报告当前扫描状态
  • v-打开/关闭详细模式
  • d-打开/关闭调试模式
  • e-打开/关闭错误报告
  • p-打开/关闭进度报告
  • r-打开/关闭3xx/重定向显示
  • c-打开/关闭cookie显示
  • o-打开/关闭200/正常显示
  • a-打开/关闭授权显示
  • q-退出(优雅地)
  • N-下一个主机/工作
  • P-暂停

例子

  • 进度报告(空格)SPACE - Progress Report

  • 详细输出(v)Verbose Output

  • 调试输出(d)Debug output

  • 暂停(P)Pause

 

 

插件简介

插件:parked
Parked Detection - 检查主机是否停放在注册商或广告位置。(译者注:这里的停放是计算机术语 ,指的是这个域名或ip并没有被分配出去。可能会显示一些广告页面)
作者:Sullo,版权(C) 2011 Chris Sullo

插件:Cookie
HTTP Cookie内部IP - 寻找HTTP请求返回的cookie中的内部IP地址。
作者:Sullo,版权(C) 2010 Chris Sullo

插件: report_nbe
NBE报告 - 生成一个NBE报告。
作者:Seccubus, Copyright (C) 2010 Chris Sullo

插件: origin_reflection
CORS Origin Reflection - 检查一个给定的Origin头是否反映在一个Access-Control-Allow-Origin头中。
作者:ss23, Copyright (C) 2017 Chris Sullo

插件:paths
Path Search - 查看链接路径以帮助填充变量
作者:Sullo, Copyright (C) 2012 Chris Sullo

插件: apache_expect_xss
Apache Expect XSS - 检查Web服务器是否有一个跨站脚本漏洞,通过 Expect: HTTP 头
作者:Sullo,版权所有(C) 2008 Chris Sullo

插件: multiple_index
多重索引 - 检查是否有多重索引文件
作者:Tautology,版权(C) 2009 Chris Sullo

插件:headers
HTTP headers - 对从HTTP请求返回的头信息进行各种检查。
作者:Sullo, Copyright (C) 2008 Chris Sullo

插件: cgi
CGI - 枚举可能的CGI目录。
作者:Sullo, Copyright (C) 2008 Chris Sullo

插件: strutshock
strutshock - 寻找 "strutshock "漏洞。
作者:Jeremy Bae, Copyright (C) 2017 Chris Sullo

插件:Domino
IBM/Lotus Domino Specific Tests - 执行IBM/Louts Domino特定测试以识别无需身份验证即可访问的Domino特定文件和服务器版本
(译者注:IBM开发的服务器产品,提供企业级的电子邮件、协作能力以及一个可定制的应用平台。)
由RealRancor编写,版权(C) 2016 Chris Sullo

插件:apacheusers
Apache用户 - 检查是否可以直接从Web服务器上列举用户名
作者:Javier Fernandez-Sanguinoi Pena, Copyright (C) 2008 Chris Sullo
选项:
size: 如果进行暴力破解时最大用户名
enumerate: 标志表示是否尝试列举用户
home: 寻找~user来列举
cgiwrap: 用户cgi-bin/cgiwrap来列举
dictionary: 用户字典文件的文件名

插件: shellshock
shellshock - 寻找bash 'shellshock' 漏洞。
作者:sullo,版权(C)2014 Chris Sullo
选项:
uri: uri来评估

插件: auth
Test Authentication - 尝试猜测身份验证领域(译者注:身份验证领域通常由 Web 服务器、Web 应用程序服务器和 Web 应用程序架构中的安全组件实现。这些组件使用不同的技术来实现身份验证和会话管理,例如基本身份验证、摘要身份验证、表单身份验证等)
作者:Sullo/Tautology,版权(C)2010 Chris Sullo

插件:fileops
File Operations - 将结果保存到一个文本文件。
作者:Sullo, Copyright (C) 2012 Chris Sullo

插件:dishwasher
dishwasher - 寻找联网洗碗机目录遍历的漏洞。
作者:Jeremy Bae, Copyright (C) 2017 Chris Sullo

插件:put_del_test
Put/Delete测试 - 试图通过PUT和DELETE HTTP方法来上传和删除文件。
作者:Sullo,版权(C) 2008 Chris Sullo

插件: report_html
报告为HTML - 产生一个HTML报告。
作者:Sullo/Jabra,版权所有(C) 2008 Chris Sullo

插件:clientaccesspolicy
clientaccesspolicy.xml - 检查客户访问文件是否存在,以及它是否包含通配符条目。
作者:Dirk Sullo, Copyright (C) 2012 Chris Sullo and Dr. Wetter IT-Consulting

插件:drupal
Drupal Specific Tests - 执行一系列的Drupal特定测试。
作者:Tautology,版权(C)2014 Chris Sullo
选项:
path: 模块的基本路径(通常可以在页面源代码中找到)。
0:标志为告诉插件要列举模块。

插件:httpoptions
HTTP选项 - 对从服务器返回的HTTP选项进行各种检查。
作者:Sullo, Copyright (C) 2008 Chris Sullo

插件:embedded
嵌入式检测 - 检查主机是否是一个嵌入式服务器。
作者:Tautology, Copyright (C) 2009 Chris Sullo

插件:outdated
outdated - 检查网络服务器是否为最新版本。
作者:Sullo, Copyright (C) 2008 Chris Sullo

插件:sitefiles
网站文件 - 根据网站的IP/名称寻找有趣的文件
作者:Sullo, Copyright (C) 2014 Chris Sullo

插件:docker_registry
docker_registry - 寻找docker注册
作者:Jeremy Bae, Copyright (C) 2018 Chris Sullo

插件:Siebel
Siebel检查 - 对已安装的Siebel应用程序执行一系列检查
作者:Tautology,版权(C) 2011 Chris Sullo
选项:
applications: 应用程序的列表
application: 要攻击的应用程序
languages: 语言列表
enumerate: 标志,表示我们是否要尝试列举已知的应用程序

插件:dictionary
字典攻击 - 试图用字典攻击已知的目录/文件
作者:Tautology,版权(C) 2009 Chris Sullo
选项:
method: 用来列举的http方法。
dictionary: 要查找的路径的字典。

插件: msgs
服务器信息 - 根据已知问题检查服务器版本。
作者:Sullo, Copyright (C) 2008 Chris Sullo

插件:tests
Nikto测试 - 用标准的Nikto测试来测试主机
作者:Sullo, Tautology, Copyright (C) 2008 Chris Sullo
选项:
tids: 允许您指定要运行的测试ID范围。例如,要运行1到10的测试,您将使用选项`-T 1-10`。
以下是一些常见的 Nikto 测试ID:

- 0:测试是否可以打开指定 URL
- 1:查找敏感文件(robots.txt、sitemap.xml 等)
- 2:测试目标 Web 服务器软件的版本号和类型
- 3:测试是否存在备份/临时文件或目录
- 4:测试 Web 服务器是否支持 PUT 和 DELETE
- 5:测试是否存在未受限制的目录遍历/文件包含漏洞
- 6:测试是否存在未正确配置的身份验证和会话管理
- 7:测试是否存在敏感信息泄露(电子邮件、IP 地址等)
- 8:测试是否存在跨站点脚本(XSS)漏洞
- 9:测试是否存在 SQL 注入漏洞
- 10:测试是否存在本地文件包含漏洞
- 11:测试是否存在远程执行漏洞
- 12:测试是否存在代码注入漏洞
- 13:测试是否存在命令执行漏洞

注意:这只是一小部分可用的测试ID,Nikto 具有数百个测试,您可以在使用 Nikto 时使用其他相应的选项和插件进行配置。
passfiles: 标志,表示是否检查常见的密码文件
all: 标志表示是否检查所有目录的所有文件
report: 在通过的测试数量之后报告状态的标志。例如,要在每5个测试之后收到报告,您将使用选项`-r 5`。

插件: report_text
文本报告 - 生成一个文本报告。
由Tautology编写,版权(C) 2008 Chris Sullo

插件:favicon
Favicon - 针对已知的favicon检查Web服务器的favicon.
作者:Sullo, Copyright (C) 2008 Chris Sullo

插件: report_csv
CSV报告 - 产生一个CSV报告。
作者:Tautology, Copyright (C) 2008 Chris Sullo

插件: report_json
JSON报告 - 生成一个JSON报告。
作者:Gijs Kwakkel, Copyright (C) 2016 Chris Sullo

插件: robots
Robots - 检查 robots.txt 文件内是否有任何东西,并分析它的其他路径,以传递给其他脚本。
作者:Sullo,版权(C)2008 Chris Sullo
选项:
nocheck: 标志是禁止检查robots文件中的条目。

插件:ssl
SSL和证书检查 - 执行对SSL/证书的检查
作者:Sullo,版权所有(C)2010 Chris Sullo

插件:ms10_070
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070 检查 - 确定一个网站是否容易受到https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/MS10-070
作者:Sullo, Copyright (C) 2013 Chris Sullo

插件: content_search
内容搜索 - 搜索结果内容中的有趣字符串
作者:Sullo, Copyright (C) 2010 Chris Sullo

插件: report_xml
报告为XML - 产生一个XML报告。
作者:Sullo/Jabra, Copyright (C) 2008 Chris Sullo

插件: negotiate
协商 - 检查mod_negotiation的多视图。(译者注:`mod_negotiation` 可能指的是 Apache HTTP 服务器的一个模块,称为 "mod_negotiation"。它负责处理内容协商机制,该机制允许服务器根据客户端请求的首选项提供多种资源表示。例如,当客户端浏览器请求一个页面时,它可能支持多种语言和编码。通过 mod_negotiation,服务器可以选择和提供最符合客户端需求的资源版本。具体操作涉及文件类型、语言或字符集等元素的选择和协调。)
作者:Sullo, Copyright (C) 2013 Chris Sullo

插件: report_sqlg
通用SQL报告--产生对通用数据库的SQL插入。
作者:Sullo, Copyright (C) 2013 Chris Sullo

Defined plugin macros:
包含所有插件   @@ALL =  "parked;cookies;report_nbe;origin_reflection;paths;apache_expect_xss;multiple_index;headers;cgi;strutshock;domino;apacheusers;shellshock;auth;fileops;dishwasher;put_del_test;report_html;clientaccesspolicy;drupal;httpoptions;embedded;outdated;sitefiles;docker_registry;siebel;dictionary;msgs;tests;report_text;favicon;report_csv;report_json;robots;ssl;ms10_070;content_search;report_xml;negotiate;report_sqlg"
包含所有插件   @@EXTRAS = "dictionary;siebel;embedded"
包含除@@EXTRAS以外的所有插件,并且包含限制为500次数的测试报告  @@DEFAULT = "@@ALL;-@@EXTRAS;tests(report:500)"
(上面表达式展开) = "report_csv;shellshock;ssl;apache_expect_xss;auth;parked;favicon;headers;fileops;drupal;cookies;report_nbe;multiple_index;dishwasher;cgi;put_del_test;robots;domino;outdated;msgs;report_text;report_json;content_search;clientaccesspolicy;report_xml;origin_reflection;httpoptions;docker_registry;tests(report:500);apacheusers;report_sqlg;report_html;sitefiles;ms10_070;strutshock;paths;negotiate"
不包含任何插件  @@NONE = ""

这里的宏作用是提供给参数的选项

用法
nikto -Plugins @@ALL

从Nikto 2.1.2开始插件可以单独选择,并且可以直接向其传递参数。

插件选择字符串可以在命令行上通过-Plugin参数传递。它由分号分隔的插件名称列表组成,选项参数放在括号中。插件语句的简单形式如下:

plugin-name[(parameter name[:parameter value ][,other parameters] )]

例如我们可以这样做:

tests(report:500,verbose)

这会将参数report设置为值500,将verbose设置为值1。可以通过运行以下命令找到参数和插件名称:

./nikto.pl -list-plugins

这也意味着我们不再使用mutate选项,而是用传递给插件的参数来替换它们,因此mutate选项现在在内部被转换为:

    • tests(all)
    • tests(passfiles)
    • apacheusers(enumerate,home[,dictionary:dict.txt])
    • apacheusers(enumerate,cgiwrap[,dictionary:dict.txt])
    • subdomain
    • dictionary(dictionary:dict.txt)

通常运行的插件集的宏也可以在nikto.conf中定义,例如:

    • @@MUTATE=dictionary;subdomain
    • @@DEFAULT=@@ALL;-@@MUTATE;tests(report:500)

这些是通过使用-list-plugins扩展的,并且可以通过-plugins覆盖。

总之,这可以允许一组定制的插件,可能需要为特定的环境运行。例如,如果一个普通的测试认为服务器容易受到apache Expect头XSS攻击,而我们想通过添加调试来运行一个测试以查看它是否容易受到攻击,我们可以运行:

nikto.pl -host target.txt -Plugins "apache_expect_xss(verbose,debug)"

然后手动检查输出,看它是否真的易受攻击。

应该注意的是,报告也是插件,所以如果您需要定制插件字符串并想要输出,请直接包含报告插件:

nikto.pl -host targets.txt -Plugins "apacheusers(enumerate,dictionary:users.txt);report_xml" -output apacheusers.xml

 

 

 

 

软件安装

Unix

Perl语言

一般的unix/linux安装(包括Mac OS X)需要安装Perl 5。Nikto所需要的模块要么包括在内(如LibWhisker),要么在大多数标准安装中找到。

安装源代码

强烈建议你从git仓库运行安装,或者使用最新的自动生成的压缩文件,如果需要的话。Nikto目前没有被打包在任何发布计划中(git版本标识为v2.1.6)。

布局

Nikto的设计是独立的。将归档文件解压缩(使用您最喜欢的unzip、tar和gzip组合)到一个目录中,Nikto可以完全从该目录运行,而无需将文件放入整个系统。(译者注:win和linux安装的方式完全不同,win上安装软件会在一个目录下,但是linux会在整个系统目录的每个目录下放置文件)

要求

对于HTTPS支持:

  • Net::SSLeay,或者
  • Net::SSL

其他必需/有用的模块(大部分/全部包含在Perl安装中):

    • Getopt::Long
    • JSON::PP
    • MIME::Base64
    • MD5
    • Time::Local
    • Time::HiRes
    • POSIX
    • Socket
    • IO::Socket

不受支持的情况

一些操作系统,比如Kali Linux,已经为Nikto提供了软件包,或者预装了Nikto。虽然我们尽最大努力支持在这些平台上运行,但独立的便携式安装是我们的主要关注点,也是我们所支持的。如果您在使用这些替代安装时遇到困难,请考虑向操作系统/软件包维护者咨询,因为我们不知道Nikto或其布局可能发生了什么变化。

为了解决问题,通常最好安装一个干净的可移植版本的Nikto,并运行以确定它是否正常工作。请记住,路径问题和配置文件/插件的优先级可能会在运行一个安装和另一个安装时造成混淆。

 (译者注:

导致混淆的原因在于,不同的 Nikto 安装可能会拥有不同的配置文件、插件、或者安装路径。这些差异可能会影响 Nikto 在扫描 Web 服务器时的行为,导致扫描结果不准确或者无法得到预期的结果。如果使用了不同的配置文件或插件,或者文件路径被引用错误,就会影响 Nikto 的运行和结果输出。

例如,如果你使用了不同版本或不同分支的 Nikto,可能会使用不同的参数或不同的选项,这会影响 Nikto 扫描的效果以及输出的结果。另一个例子是安装路径的变化、环境变量或其他依赖包的改变,这些都会影响 Nikto 的运行,从而导致混淆和错误的结果。

因此,在使用 Nikto 时,最好使用干净的便携式版本,并在运行 Nikto 之前,了解不同安装之间的差异以及相关的配置问题,以避免混淆和错误的结果。

 DOCKER

Dockerfile文件已由提供保罗赛可以在repo中找到:

此处还提供了第三方Docker文件:

 Windows操作系统

kali(特别说明)

Kali操作系统自带了Nikto的安装。

因为Kali遵循一个软件安装位置的RFC,与Nikto默认的应用程序文件夹方法不同,我不支持Kali上的Nikto问题,除非从GitHub下载并手动安装。在Kali上解决任何问题的第一步应该是按照描述重新安装。此外,Kali版本的Nikto通常落后于GitHub版本。

 

nikto.conf

配置文件
像任何非平凡的程序一样,需要了解如何与当前环境进行工作的一些内容。对于大多数情况,使用默认配置文件即可。有时需要进行调整,或者需要进行一些更改。

Nikto将在三个位置寻找配置文件,如果找到,将按照严格的顺序应用它们,如下所示(请注意,在使用从Github安装的Kali时,已知存在问题)。稍后找到的配置文件将覆盖较早配置文件中设置的任何变量。这些位置是:

/etc/nikto.conf(这可能会根据平台进行更改)
$ HOME / nikto.conf
nikto.conf

格式
配置文件采用标准的Unix配置文件格式:空行被忽略,任何以#开头的行都被忽略,变量通过VariableName = Value行设置。

变量
有关所有配置变量,请参阅下面配置文件。

译者注:

“非琐碎(trivial)性程序”是指相对复杂的计算机程序,通常需要考虑多种因素的交互关系来正确地运行。相比之下,琐碎程序旨在解决相对简单的任务,而且通常不需要复杂的参数设置或配置。

例如,一个计算器程序可以被视为琐碎的程序,因为它只需要执行一些简单的数学计算,不需要对环境设置或其他参数进行调整。反之,一个像 Nikto 这样的 Web 漏洞扫描工具,需要考虑与目标 Web 应用程序的交互,以及不同网络配置和协议的变化,因此可以被认为是“非-trivial”程序。

通常,"非凡的程序" 运行时需要依赖各种参数和配置,以便在特定的系统环境中正常运行。这些配置可以通过配置文件进行设置,以便在程序启动时自动加载并应用设置。

 

 

配置文件

配置文件的格式类似于标准的Unix配置文件:空行被忽略,任何以#开头的行都被忽略,变量用VariableName=Value 行进行设置。

CLIOPTS

应该始终传递给命令行的默认选项。例如:

CLIOPTS=-output results.txt -Format text

默认设置

CLIOPTS=

NIKTODTD

用于XML输出的DTD的位置路径。如果路径不是绝对的,那么它将是执行Nikto的相对目录。

默认设置

NIKTODTD=docs/nikto.dtd

RFIURL

用于远程文件包含的文件的完整URL。这个文件应该包含对phpinfo()的调用,因为Nikto将查找该命令的输出,以确定RFI是否成功。您可以使用默认的cirt.net文件,但是请记住,从目标服务器到cirt.net必须有连接,这取决于cirt . net的可用性,并且成功的请求将被记录(由Apache)。我们建议您使用自己的。(译者注:这里所谓的远程文件包含意思是通过测试目标网站是否存在远程文件包含使用下面配置链接,如果存在则会检测到phpinfo函数的响应表示成功执行)

默认设置

RFIURL=http://cirt.net/rfiinc.txt?

SKIPPORTS

永远不会扫描的端口。

默认设置

SKIPPORTS=21 111

SKIPIDS

包含以空格分隔的测试id(tid)列表,Nikto不会在系统上运行这些测试id,例如:

SKIPIDS=000045 000345

注意,这个过滤器只适用于db_tests数据库中的测试

默认设置

SKIPIDS=

DEFAULTHTTPVER

定义Nikto将使用的HTTP的默认版本,除非被特定的测试取代。通常保持这个默认值就足够了,尽管有些web服务器可能只支持较新版本的HTTP协议。

默认设置

DEFAULTHTTPVER=1.1

UPDATES

如果过时的Nikto插件发现一个它不知道的web服务器,或者一个比db _ outdated中定义的版本更高的版本,那么它将把这些信息发送回cirt.net,以便包含在Nikto的未来版本中。不发送服务器特定信息(如IP地址或主机名)。

此项可设置为下列值之一:

UPDATES=yes

显示每个提交,并在发送前请求许可

UPDATES=no

不要将任何数据发送回cirt.net

UPDATES=auto

在没有提示的情况下将数据发送回cirt.net

默认设置

UPDATES=yes

LW_SSL_ENGINE

强制LibWhisker使用指定的SSL库,而不是默认的select (Net::SSLeay,如果可用的话)。

此项可设置为下列值之一:

LW_SSL_ENGINE=auto

使用自动选择

LW_SSL_ENGINE=SSL

使用Net::SSL

LW_SSL_ENGINE=SSLeay

使用Net::SSLeay

默认设置

LW_SSL_ENGINE=auto

MAX_WARN

生成一个警告,指出检索到了大量MOVED的响应。(

如果扫描的目标页面返回重定向响应,则 Nikto 将自动遵循重定向 URL,尝试访问重定向后的页面。但如果重定向数量过多,则可能发生诸如无限循环、资源枯竭、性能下降等问题,影响应用程序和整个系统的稳定性和可用性
例如,“-maxwarn 3”选项将限制 Nikto 最多只能遵循 3 次 HTTP 重定向,超过这个限制就会输出警告信息。但不会限制重定向次数。

默认设置

MAX_WARN=20

PROMPTS

如果设置为“no”,则禁用提示。

默认设置

PROMPTS=

CIRT

Nikto将用于更新数据库和插件,或者将版本信息发送回的IP地址(如UPDATES 中所述)。

默认设置

CIRT=107.170.99.251

PROXYHOST, PROXYPORT, PROXYUSER, PROXYPASS

用于中继所有请求的代理的地址、端口和用户名密码。注意,要使用代理,必须在配置文件中设置配置项,并在命令行中提供-useproxy开关。

默认设置

PROXYHOST=
PROXYPORT=
PROXYUSER=
PROXYPASS=

STATIC-COOKIE

将提供的cookie添加到通过Nikto发出的所有请求中。如果网站需要身份验证cookie,这通常很有用。用分号分隔cookies,例如:

STATIC-COOKIE="name=value";"something=nothing";

默认设置

STATIC-COOKIE=

CHECKMETHODS

Nikto将试图通过某些HTTP方法发送获取/URI的请求来识别目标为网络服务器。有些网络服务器没有实现所有的HTTP方法,如果它不支持所使用的方法,可能会导致Nikto无法正确识别网络服务器。

如果配置文件中缺少此设置,则Nikto将默认恢复为Nikto 2.02的HEAD默认值。

默认设置

CHECKMETHODS=HEAD GET

EXECDIR,PLUGINDIR,TEMPLATEDIR,DBDIR,DOCDIR

定义Nikto、其插件、数据库、XML/HTML模板和文档的位置。通常只有在重新打包Nikto以使用不同的文件系统标准时,才应该更改这一点。Nikto将使用EXECDIR项来猜测其他目录。

默认设置

EXECDIR=.
PLUGINDIR=EXECDIR/plugins
TEMPLATEDIR=EXECDIR/templates
DBDIR=EXECDIR/databases
DOCDIR=EXECDIR/docs

USERAGENT

设置Nikto的UA字符串。变量可以被设置为在请求时被替换:

  • @VERSION - Nikto版本
  • @TESTID -测试标识符
  • @EVASIONS-活动的规避列表

默认设置

USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)

FAILURES

放弃前的http失败次数。置0则完全禁用。

默认设置

FAILURES=20

 

报告是由位于templates目录下的模板文件生成的。变量被定义为#variable-name,并在报告生成时被替换。

对于HTML,文件htm_start.tmpl和htm_end.tmpl包括在报告的开头和结尾(分别)。htm_summary.tmpl也出现在报告的开头。htm_host_head为每台主机出现一次,htm_host_item.tmpl和htm_host_im.tmpl为每台主机上发现的每个项目和每个 "信息消息 "出现一次(分别)。XML的方案是用类似的文件名。

所有有效的变量都在这些模板中使用。

版权声明不能从htm_end.tmpl中删除,而不把它们放在另一个模板中。删除这些声明是违反Nikto许可证的。

 

 

 

 

扫描数据库字段值

虽然一些检查可以在其他插件中找到,但是db_tests包含了大部分的web测试。以下是这些字段的描述:

描述
testID Nikto测试ID
OSVDB-ID osvdb.org的相应漏洞条目编号(旧)
Server Type 通用服务器匹配类型
URI 检索的URI
HTTP方法 用于URI的HTTP方法
匹配1 为成功测试所匹配的字符串或代码
匹配1(或) 为成功测试而交替匹配的字符串或代码
匹配1(和) 也为成功测试所匹配的字符串或代码
失败1 测试失败时匹配的字符串或代码
失败2 测试失败时匹配的字符串或代码(可选)
摘要 报告成功测试的摘要消息
HTTP数据 POST测试期间要发送的HTTP数据
Headers 测试期间要发送的附加标头

 

 

 

 

 用户定义的测试

用户可以为任何数据库创建他们自己的私人测试。通过在databases目录下放置一个语法正确的数据库文件,文件名前加一个 "u",数据将与内置检查一起被加载。

例如,创建文件databases/udb_tests,它将在加载databases/db_tests的同时被加载。当使用-dbcheck时,这些文件也将被检查语法。

对于需要 "私有 "OSVDB ID的测试,使用OSVDB ID 0(零)。这应该用于所有在OSVDB中不存在(或不应该存在)的漏洞,因为ID 0仅用于测试。

对于 "测试ID",要求你使用400000到499999之间的唯一数字,以允许Nikto数据库的增长而不干扰你自己的测试(注意:500000以上的数字保留给其他测试)。

在可能的情况下,请通过发送测试更新到sullo@cirt.net,帮助Nikto继续取得成功。

 

 扫描数据库语法

扫描数据库是一个CSV分隔的文件,其中包含了大部分的测试。字段用引号括起来,用逗号分开。字段的顺序是:

测试ID,OSVDB-ID,调整类型,URI,HTTP方法,匹配1,匹配1或,匹配1和,失败1,失败2,总结,HTTP数据,头文件

下面是一个测试的例子:

 "120","3092","2","/manual/","GET","200","","","","","Web server manual","",""

 

 

 插件开发

插件
插件允许其他代码位hook进Nikto的处理,并执行无法通过标准插件实现的额外检查。(译者注:这里的hook是一种不修改程序下修改运行方式)

插件是在当前环境下用标准perl编写的。它们应该放在Nikto配置文件中定义的PLUGINDIR中,文件名必须以.plugin结尾。

关于插件和执行的顺序,需要掌握的一个重要概念是插件权重:每个阶段将按照权重定义的顺序执行所有定义的插件。一个插件的权重被定义为1到100之间的数字,其中1是高优先级,100是低优先级。重量相同的插件将以未定义的顺序执行。

 

初始化阶段
如前所述,所有的插件必须能够在初始化阶段执行,否则将被忽略。

必须存在一个名为filename_init的perl子。该子没有传递任何参数,应该返回一个哈希值,该哈希值应该包含以下条目:

name (强制性)

插件的短名称。这个名字用于识别该插件
在粗略记录期间用于识别该插件,并且在未来的版本中,将用于
选择插件的执行。这个名字应该是一个词,而且最好是、
小写。
full_name (强制性)

插件的全名。这个名字用于识别插件
用来识别插件,也可以在报告模块中用于
识别针对网络服务器运行的测试。
作者(强制性的)

插件作者的名字或手柄。这可能被用于
在报告过程中,可以用来识别针对网络服务器运行的测试的版权所有者
的版权所有者。
描述(强制性)

一个简短的句子来描述该插件的目的。这可能是
在报告过程中使用,或由前端来描述插件的目的。
插件的目的。
版权 (强制性)

该插件的版权字符串(或没有版权)。这可能被用于
在报告中使用,以确保适当的版权被分配给
报告。
钩子(可选)

这应该是一个哈希值,包含关于
的哈希值,包含插件可以响应的钩子的信息。

钩子元素的每个键应该是所需钩子的名称,并有一个详细的哈希值。
钩子的名字,并有一个详细的信息的哈希值。哈希值的组成
的成分应该是:
方法(强制)

这应该是一个为钩子调用的函数的引用。
cond (可选)

这是一个表达式,在插件被执行之前被评估。
如果为真,则执行该插件,如果为假,则跳过该插件。
被跳过。这可以用来最小化插件的执行。
weight (可选)

这是在侦察阶段用于安排插件运行的权重
在侦查阶段用于安排插件的运行。如果没有定义,它
将默认为50。
options (可选)

这是一个哈希值,包含关于任何参数的帮助信息
可以传递给该插件的帮助信息。这些信息将被显示,如果
使用`-list-plugins`参数,这些信息将被显示。

options元素的每个键应该是参数的名称、
的值是一个字符串,提供对该参数的简要描述。
参数。
report_head (可选)

这应该是一个在任何测试开始前执行的函数的引用
开始之前执行的函数的引用。如果没有定义,那么该插件将不会被调用以产生报告头。
产生一个报告头。
report_host_start (可选)

这应该是对一个函数的引用,该函数在每个主机的侦察阶段之前执行。
在每个主机的侦察阶段之前执行的函数。如果没有定义这个函数,那么这个
插件将不会被调用以产生一个主机头。
report_host_end (可选)

这应该是对每个主机的扫描阶段后执行的函数的一个引用
阶段后执行的函数。如果这个函数没有被定义,那么这个插件将
不会被调用以产生主机页脚。

report_item (可选)

这应该是对每个发现的漏洞后执行的函数的引用
漏洞后执行的函数的引用。如果没有定义这个函数,那么这个插件将不会被调用以产生一个项目记录。
调用以产生一个项目记录。
report_close (可选)

这应该是对一个函数的引用,该函数在所有主机的测试结束后执行。
所有主机的测试结束后执行的函数的引用。如果它没有被定义,那么
插件将不会被调用以关闭报告。
report_format (可选)

这应该描述该插件处理的文件格式。这
在内部与`-output`开关的内容相匹配,以减少对插件的过度调用。
减少对插件的过度调用。
report_weight (可选)

这是在报告阶段用于安排插件运行的权重。
报告阶段用于安排插件的运行。如果没有定义,它将默认为
为50。
初始化函数示例

    sub nikto_auth_init {
        my $id = { name             => 'auth',
                   full_name        => 'Guess authentication',
                   author           => 'Sullo/Deity',
                   description      => 'Attempt to guess authentication realms',
                   hooks            => {
                                        start => {
                                           method => \&nikto_auth_load,
                                           weight => 1,
                                        },
                                        postfetch => {
                                           method => \&nikto_auth,
                                           weight => 19,
                                           cond   => '$result->{whisker}->{code} eq 401',
                                        },
                                        prefetch => {
                                           method => \&nikto_auth_pre,
                                           weight => 19,
                                        },
                                       },
                   copyright        => "2010 CIRT Inc"
                   };

        return $id;
    }

 

 

开始钩子在目标和枚举以及扫描的开始之间被调用。它只会被调用一次,无论Nikto针对多少个目标运行。它将只针对以后执行的插件运行。

这使得它成为设置任何所需变量、分配变量或加载数据库的理想场所,以便在以后的钩子中使用该插件。

start方法没有传递任何参数,也不应该返回任何东西。

 

void start_method(void);

侦查阶段

侦查阶段的目的是用来获取有关网络服务器的信息,以便以后由该插件或其他插件使用。我们不鼓励在这个阶段报告漏洞。

侦查阶段的例子是对一个网站进行蜘蛛搜索,检查已知的应用程序等。

侦察阶段是在每次扫描开始时对每个目标执行的。

每个侦查方法都希望得到一个标记哈希值。它应该什么都不返回。

void recon_method(mark, parameters);
hashref mark
hashref parameters

扫描阶段是该插件的主要工作,在侦察阶段结束后,立即对每个目标进行扫描。

每次扫描都要检查它所知道的漏洞,并在发现漏洞时进行报告。

void scan_method(mark, parameters);

hashref mark
hashref parameters

预取钩子是在向目标发出任何请求之前执行的。它被设计为允许插件在请求前改变 libwhisker 哈希值。

在正常执行中,预取钩子不应该报告漏洞。

prefetch_method(mark, parameters, request, result);

hashref mark

hashref parameters

hashref request

hashref result

后取钩是在向目标发出任何请求后执行的。它的目的是让插件检查响应中的问题,比如有漏洞的头文件或内容。

在正常执行中,postfetch钩子应该报告它发现的任何漏洞。

postfetch_method(mark, parameters, request, result);

hashref mark

hashref parameters

hashref request

hashref result

报告阶段

这可能是最复杂的阶段,因为它有几个钩子,可能用于扫描寿命中的每个部分。

这些钩子是

报告头
这个钩子在目标获取之后和侦察阶段之前立即调用。它的目的是允许报告插件打开报告,并确保任何标题都被适当地写入。

handle report_head(filename);
string filename


文件名参数有点名不副实;它将是传递给-output开关的字符串的副本,可能表示,例如,一个数据库名称。

handle是一个句柄,将被传递给这个插件的其他报告函数,所以应该是内部一致的。

报告主机启动
这个钩子在每个目标的侦查阶段之前立即被调用。它被设计成允许报告插件写入任何主机规格的信息。

void report_host_start(rhandle, mark);
handle rhandle
hashref mark
rhandle参数是插件的报告头函数的输出。

mark参数是目标信息的哈希值(如下所述)。

报告主机结束
这个钩子在每个目标的扫描阶段结束后立即被调用。它被设计成允许报告插件关闭任何主机规格信息。

void report_host_end(rhandle, mark);
handle rhandle
hashref mark
rhandle参数是插件的报告头函数的输出。

mark参数是目标信息的哈希值(如下所述)。

报告项目
这个钩子对在目标上发现的每个漏洞都会被调用一次 这应该报告漏洞的细节。

void report_item(rhandle, mark, vulnerability);
handle rhandle
hashref mark
hashref vulnerbility


rhandle参数是插件的Report Head函数的输出。

mark参数是目标信息的哈希值(如下所述)。

vulnerability参数是漏洞信息的哈希值(如下所述)。

报告关闭
这个钩子在所有目标都被扫描后立即被调用。它的目的是允许报告插件优雅地关闭报告。

void report_close(rhandle);
handle rhandle


rhandle参数是插件的报告头函数的输出。

数据结构

下面的数据结构用于各种插件方法之间的通信。除非另有说明,它们都是带有详细成员的标准perl散列引用。

标记

标记散列包含关于目标的所有信息。它包含以下成员。它应该是只读的。

标记结构的成员

钥匙描述
识别 主机标识符,通常等同于在命令行上传递的内容。
主机名 目标的主机名。
互联网协议(Internet Protocol的缩写) 目标的IP地址。
港口 目标的TCP端口。
显示名称 目标的主机名或IP地址,具体取决于是否发现了主机名。
安全套接层 指示目标是否在SSL上运行的标志。如果设置为0,那么插件不应该使用SSL。任何其他值都表示应该使用SSL。
vhost 用于目标的虚拟主机名。
用于目标的根URI。
旗帜 目标web服务器的横幅。

因素

参数散列包含所有通过钩子直接传递给插件的参数。

散列有一个参数名的键和一个传递的参数值。值的实现和健全性检查由插件完成。

如果没有设置参数,它将不会出现在散列中。如果它被设置为一个未定义的值,它将被设置为哈希中的数字1。

一些参数,如verbosedebug将由Nikto自动处理,尽管参数仍将包含在散列中。

弱点

漏洞散列包含关于漏洞的所有信息。它包含以下成员。它应该是只读的,并且只能使用add_vulnerability方法。

漏洞结构的成员*

钥匙描述
标记 散列指是标记数据结构。
消息 漏洞的消息。
nikto_id 漏洞的测试ID (tid ),这应该是标识漏洞的唯一编号。
osvdb OSVDB引用开源漏洞数据库中的漏洞。如果OSVDB引用不相关或不存在,则该值可能为0。
方法 用于查找漏洞的HTTP方法。
上呼吸道感染 URI为结果。
结果 任何HTTP数据,不包括标头。

标准方法

中定义了几种标准方法nikto_core.plugin可以用于所有插件。强烈建议尽可能使用这些方法,而不是编写新的方法。

对于某些方法,如add_vulnerability写入全局变量,这些必须成为这些全局变量的唯一接口。

array change_variables(line);
string line

展开line参数中的任何变量。扩展是在全局数组中定义的变量@VARIABLES,可从中读取db_variables,或者通过侦察插件方法添加。

int is_404(uri, content, HTTPcode);
string uri
string content
string HTTPcode

猜测结果是真实网页还是错误网页。由于几个web服务器配置不良,并且在找不到页面时不返回HTTP 404代码,Nikto试图寻找常见的错误页面。如果页面看起来像错误,则返回1。

string get_ext(uri);
string uri

尝试计算出uri的扩展名。将返回扩展名或特殊情况:目录、点文件、无。

string date_disp();

以人类可读的格式返回当前时间(YYYY-mm-dd hh:mm:ss)

string rm_active(content)
string content

试图删除活动内容(如日期、广告等。)从一页。返回内容的过滤版本。

string get_banner(mark);
hashref mark

拉出web服务器横幅。在将标记传递给插件之前,会自动对所有目标执行此操作。

string HTTPcode

对照已知的“已找到”响应检查HTTPresponse。TRUE表示请求可能成功。

string HTTPCode, string content nfetch(mark, uri, method, content, headers, flags, testid);
hashref mark
string uri
string method
string content
hashref headers
hashref flags
string testid

用传递的参数通过libwhisker发出一个简单的请求。nfetch是钩子感知的,将使所有请求通过预取和后取钩子传递。

flags散列是可以修改请求行为的标志的选择。当前标志定义如下:

钥匙描述
诺克莱 告诉nfetch不要对结构执行健全性检查。通常会检查请求以确保包含有效的主机标头,并且内容长度标头匹配任何内容的大小,设置此标志会阻止检查
无预取 告诉nfetch不要运行预取挂钩。
nopostfetch 告诉nfetch不要运行postfetch挂钩。
没有错误 告诉nfetch不要报告请求的错误响应。 
hashref setup_hash(requesthash, mark;
hashref requesthash
hashref mark

用普通的Nikto变量设置一个libwhisker散列。如果使用了对libwhisker的任何自定义调用,就应该使用这个函数。

string char_escape(line);
string line

转义行中的任何字符。

array parse_csv(text);
string text

将一行CSV文本分成一个项目数组。

arrayref init_db(dbname);
string dbname

初始化位于中的数据库PLUGINDIR并返回一个arrayref。arrayref是一个hashrefs数组,每个hash成员由数据库文件中的第一行配置,例如:

"nikto_id","md5hash","description"

这将产生一个带有参数的hashrefs数组:

array[0]->{nikto_id}
array[0]->{md5hash}
array[0]->{description}

void add_vulnerability(mark, message, nikto_id, osvdb, method, uri, data);
hashref mark
string message
string nikto_id
string osvdb
string method
string uri
string data

为标记添加漏洞,将其显示到标准输出,并将其发送到任何报告插件。

void nprint(message, display);
string message
string display

印刷品message达到标准。Display指定消息的过滤器,目前可以是“v”表示详细,而“d”表示调试输出。

全局变量

Nikto中存在以下全局变量,其中大多数是为内部使用而定义的,不建议插件使用它们。有几个已经被弃用,插件不应该使用它们。

%模板(读/写)

Hash to store the HTML and XML report templates.

%CONTENTSEARCH(阅读)

Hash to contain all the entries in db_content_search - a list of
strings and related info to alert on from any request (regardless of
test result).

%CLI(阅读)

Hash of passed CLI parameters

%变量(读)(写)

Hash of contents of the entries in db_variables. Plugins should only
write to this hash in the reconnaisance phase.

测试百分比(读)(写)

Hash of the db_tests database. This is only intended to be used by
the tests plugin, though it could be used by a reconnaisance plugin
to add tests on the fly.

%NIKTO(阅读)

Hash which contains internal Nikto data, such as help for the
command line parameters.

%配置文件(阅读)

Hash containing the data read from the configuration files.

%请求(读)(写)(已弃用);%结果(读)(写)(已弃用)

Global libwhisker hash. This should not be used; nfetch or a local
hash should be used.

%计数器(读)(写)

Hash containing various global counters (e.g. number of requests)

% db _扩展(已读)(已弃用)

Hash containing a list of common extensions

%FoF(读)(写)

Hash containing data for each extension and what the server produces
if a request for a non-existent file is requested.

%更新(读)(写)

Hash containing any updates that need to be sent back to cirt.net

$DIV(阅读)

Divider mark for the items sent to standard out.

@DBFILE(阅读)

Placeholder used to hold the contents of the file db_tests.

$PROXYCHECKED(已读)(已弃用)

Flag to see whether connection through the proxy has been checked.

@结果(阅读)

Array of reported vulnerabilities, should only be written to through add_vulnerability().

@插件(阅读)

Array of hashrefs for each plugin. Used internally to run plugins.

@马克(阅读)

Array of marks to indicate each target.

@报告(阅读)

Ordered array that reporting plugins should be run in. Used for
efficency on calling reporting plugins.

 testid

每个测试,无论是来自数据库还是代码,都必须有一个惟一的标识符。编写测试的编号方案如下:

范围使用
000000 数据库测试
400000 用户定义的测试(udb*文件)
500000 数据库图标
600000 数据库_过期
700000 数据库领域
750000 数据库内容搜索
800000 数据库服务器消息
900000 代码中定义的测试

应该为代码(插件)中定义的每个新测试填充%TESTS散列中尽可能多的数据。这些字段包括测试的URI、成功时打印的消息、HTTP方法和OSVDB ID。如果%TESTS中没有“消息”值,输出将不会保存在报告中。并非所有的测试都应该有uri、方法或OSVDB ID。以下是设置这些字段的示例:

$TESTS{999999}{uri}="/~root";
$TESTS{999999}{message}="Enumeration of users is possible by requesting ~username";
$TESTS{999999}{method}="GET";
$TESTS{999999}{osvdb}=637;

 

 

 

Nikto不直接支持SOCKS代理,但是使用诸如代理链可以允许Nikto通过代理运行。此外,设置HTTP代理(例如burp)指向一个SOCKS监听器也有效。

 

其他相关项目

 

 

一些历史

Nikto 1.00测试版于2001年12月27日发布,(几天后发布了1.01 bug修复版!).

在两年的时间里,Nikto的代码变成了最受欢迎的免费web漏洞扫描器。2007年11月发布的2.0版本代表了几年来的改进。自2007年以来,主版本没有改变,但Github的开发仍在继续。

2008年,戴维·洛奇正式加入开发团队,担任Nikto的领导,而克里斯·苏洛则负责另一项任务。2009年,苏洛重新加入了这个项目。

原始的changelog可以在旧CHANGES.txt文件.

Gort!

“尼克托”这个名字取自电影《地球停转之日》,当然也是后来布鲁斯·坎贝尔在最优秀的《黑暗军团》中的滥用这个词出现在很多地方,包括《星球大战》,披头士的一张秘密专辑,等等——更多细节请看blather.net.

发音

多年来,作者听到了“Nikto”这个词的许多发音虽然我们倾向于忽略大多数尝试,并暗中为那些做对的人鼓掌,但也有少数错误得值得一提,比如“Nikito”(真的)。如果你一定要知道,“官方”的发音应该是“Nick-Toe”。

 

 

 

 

 

 

 

 CHANGES

2013-xx-xx Nikto 2.1.6 release
        - Add -Option to override nikto.conf settings
        - Removed JSON-PP.pm in favor of requiring JSON::PP be installed for -Savedir usage
        - Added check_modules() to check for required/optional perl modules in help output, version check, etc.
        - Added running average of last 10/100 requests to STATUS line output
        - Cleanup of load_modules to remove duplicate code
        - Added nikto.conf variable FAILURES, and nikto now terminate host scanning after this many HTTP request failures (not response codes, complete fails).
        - Added nikto_ms10070.plugin to check for MS10-070
        - Load modules inside a sub routine so errors can be reported
        - No longer optionally load some modules, namely POSIX, Time::Local and Time::HiRes--require them
        - Mask passwords from -id in report output, thanks to Iggy "I want a cameo" Frankovic
        - mtime is no longer mangled in inode output, thanks to Anna at qcic.nl
        - Moved development to Github (note new ticket numbers): https://github.com/sullo/nikto/
        - Added nikto_sitezip.plugin to look for compressed archives of sites
        - Fix Anti-IDS encoding
        - Added 'admin console' category to db_tests
        - Issue #106: Report total requests instead of total checks loaded
        - Issue #82: Added plugin to check for Apache mod_negotiation bruteforcing
        - Issue #46: Double directory names in report
        - Issue #24: Don't return headers distinctly from nfetch
        - Issue #22: Add location to db_favicon
        - Issue #11: Alert on HTTP PATCH available
2012-09-16 Nikto 2.1.5 release
        - Ticket 261: Update CSV report to include banner info and put data into proper columns
        - Ticket 247: Move etag header check to postfetch so no additional requests are made
        - Ticket 245: Liberal use of CDATA in XML report to prevent problems. Thanks to Peter Wang for reporting.
        - Ticket 242: nikto_headers.plugin now uses nfetch instead of direct LW calls
        - Ticket 234: Add plugin for crossdomain.xml (and clientaccesspolicy.xml) to look for wildcards and warn about entries
        - Ticket 233: Fix bad values in robots.txt from causing crashes
        - Ticket 229: Don't repeat XML headers if appending to an existing report file, thanks to digininja for idea
        - Ticket 228: Add client SSL certificate support. Thanks to monnerat for code submission!
        - Ticket 226: Add GMT offset to time outputs        - Ticket 225: Template variables now have terminating hash to prevent collisions
        - Ticket 224: Space in robots.txt kills scanner
        - Ticket 222: Fix problems with banner parsing related to spaces, should result in fewer missed matches which should be hits.
        - Ticket 220: Certificate wildcard matching incorrect
        - Ticket 217: Add -IgnoreCode option to allow db_404_strings' @CODE at the command line
        - Ticket 214: Relocate databases to 'databases/' directory from 'plugins/'
        - Ticket 211: Shuffled some information in HTML report and added more summary data. Added error count and total check count to XML (note: DTD change).
        - Ticket 209: Find IPs in HTTP headers
        - Ticket 202: -maxtime maximum execution time per host (seconds)
        - Ticket 175: -until run until specified time or duration
        - Ticket 174: Checked for sites parked at hosting providers or advertising pages
        - Ticket 161: robots.txt now checks for listed files (content search, etc.)
        - Ticket 91: Identification of WEBrick fails. Updates made to handle banners with multiple items but no spaces
        - Ticket 74: Removed 'single' mode code from nikto. There are better tools for this nowadays.
        - Ticket 57: nfetch no longer uses global request/response hashes
        - Ticket 1: Save full response on positive, plaintext & JSON
        - Completely remove cache functionality as it was near worthless and added a lot of overhead
        - Including JSON-PP source to not require JSON installation. http://search.cpan.org/~makamaka/JSON-2.53/lib/JSON/backportPP.pm
        - Add IP address to CSV output. NOTE: this changes a parse-able report format!
        - add_vulnerability now takes in %request and %response for saving of data
        - nfetch() now returns headers received as argument 6--no more hash reference over-writing headers to send
        - Added sub get_ips() to centralize IP extraction from strings
        - Output file name now takes '.' which will auto-generate output filename like nikto_hostname_port.EXT
        - Fix -root not appearing in report output, reported by Cédric Michel
        - nikto_favicon.plugin checks for icons in <link> tags
        - Add nikto_paths.plugin to look for things to add to db_variables values
        - Items found in robots.txt are now added to values from db_variables
        - Keep tokens from getting into %db_extensions, thanks to Erik Cabetas
        - Fix vhost not being set properly, thanks to Brian Poole
        - Fix crash on invalid regex chars in robots.txt (dis)allow lines
        - Default to use Net::SSL instead of Net::SSLeay as a result of too many memory issues in SSLeay
2011-06-14
        - Fix condition where match_1 or match_1_or are 4xx response code
        - Fix condition where blank prefix added via change_variables
        - Fix some cases where root dir not showing up in screen/report output
2011-03-30
        - Ticket 208: Strengthen IP matching in cookies (nikto_cookies.plugin)
        - Ticket 207: -findonly emulation now enables reporting plugins and screen output mimics versions < 2.1.4
        - Ticket 199: Allow user to specify SSL library to be used by LW2
        - Ticket 198: Add -Userdbs to run only user databases. 'all' loads all user databases and no standard. 'tests' or nothing only loads udb_tests instead of db_tests
        - Fix date_disp for incorrect mday increment, thanks noop.0352.ja for notification
        - Print web ports found in gnmap input files, thanks @mubix
2011-02-20 Nikto 2.1.4 release
        - Tickets 148, 160, 188: XML CHANGES: 
                - Removed 'cyphers' from DTD (was never populated via the code)
                - The 'niktoscan' element is now included (was in schema, but unused)
                - 'niktoscan' new variables: scanstart, scanend, scanelapsed
                - <statistics hoststotal="#TEMPL_NIKTO_HOSTS_TESTED" /> removed from templates (duplicate of hoststest)
                - <!ATTLIST statistics hoststotal CDATA #IMPLIED> removed from DTD
                - Removed duplicate <niktoscan> element from xml_summary.tpl
                - Properly close <niktoscan>
                - Incremented nxmlversion to 1.1
	- Tickets 202, 203: Rewrote set_targets to not accidentally collapse targets, which fixed terminate signal issues
	- Ticket 201: Rewritten & fixed authorization code work better and make fewer requests
	- Ticket 195: Update interactive status counts if mutate options are used
	- Ticket 194: Look for internal IPs in cookies
	- Ticket 192: Relabel IDS evasion as 'encoding techniques'
	- Ticket 186: Enable sleep for fractions of seconds
        - Ticket 185: Make multiple index file output links in html reports
	- Ticket 184: Fix -root option
	- Ticket 181: Fix COOKIE set via nikto.conf. Also allow multiple cookies.
	- Ticket 179: Update docs for -useproxy
	- Ticket 178: Add -Interactive-off to disable interactivity
	- Ticket 177: Enable http keep-alive
	- Ticket 173: Skip current host with 'N' in interactive mode
	- Ticket 169: Allow regular expressions in db_tests
	- Ticket 155: -findonly is deprecated in favor of -Plugins "@@NONE" (-f will replicate this functionality)
	- Ticket 82: Auth is now checked per realm, not per resource
	- Fix parsing of nmap greppable output so that any port descr matching http is checked. Thanks Moses Hernandez & @mubix for
		reporting & testing.
	- Fix a potential div by zero error
	- Fix a potential for false positives or negatives with version matches
        - Various cleanups in nikto_report_xml.plugin and nikto_report_html.plugin
	- Not all udb* files were loaded properly
	- Server name not properly printed in update/submission output
	- Created $mark->{'components'} to store server build items instead of @BUILDITEMS
	- Variable consolidation & memory usage cleanup
	- Move message on -root from notices to target host info (suggestion from YGN)
	- Automatically escape invalid regexes in databases at run-time, so no dying
	- Validate regex field syntax on -dbcheck
	- Move -root option to %mark so it works on a per-host level if passed via URI
        - Added nikto_ssl.plugin to check cert's CN vs hostname
	- Add basic retry on error in nfetch()
	- Change how db_404_strings are used by moving where they ae checked--should reduce FP
	- Fix missing url sent to rm_active_content during error mapping--shoudl prevent many FPs
	- Actually check for code-based nocache flag in cache_add and cache_fetch
	- Make nikto_multiple_index.plugin only look at 200 responses
2010-09-06 Nikto 2.1.3 release
	- Ticket 164: Error when proxy starts to give 502
	- Ticket 165: Don't show incorrect # of items checked in -findonly
	- Ticket 166: Allow interactive pause
	- Ticket 167: Update manual
	- Ticket 168: Fix scan not working behind proxy when domain can't resolve
	- Ticket 170: Implemented MSF output
	- Ticket 171: Allow proxy to be specified on command line
	- Fix incorrect running of some plugins
	- Interactive status report gives guess of time remaining
	- Don't print duplicate findings (such as indexing)
	- Minor standardization stuff
	- Documentation updates
	- Fixed broken cache
	- Cleaned up status report code
	- Version output now shows status of SSL and XMLRPC availability
2010-07-07 Nikto 2.1.2 release
	- Ticket 8: Interactive scan status.
	- Ticket 122: Cleanup db_404_strings to prevent over-matching.
	- Ticket 122: Use db_404_strings as a higher priority.
	- Ticket 125: fetch is dead, long live nfetch!
	- Ticket 126: subdomain plugin tries to guess domain on unqualified hostname. 
	- Ticket 127: dav methods are treated specially and reported all at once.
	- Ticket 129: Change references for config.txt to nikto.conf. 
	- Ticket 130: Added -D E to show HTTP errors, otherwise suppress. 
	- Ticket 132: Properly check for HTTP and HTTPS ports in cache.
	- Ticket 133: Regular expression matching causes errors. Removed char_escape and some other
		regexs in favor of the faster quotemeta(). Also set many regexs to non-capturing for speed.
	- Ticket 134: Added documentation of -config to usage_short.
	- Ticket 136: Moved set_scan_items to only run once, should speed things up with multiple targets.
	- Ticket 137: Added -ask to override nikto.conf's UPDATES value (same options).
	- Ticket 139: Partial fix: Moved URI error handling and reporting result to nfetch, rather than being in nikto_tests.
	- Ticket 141: pre-compile RE in content_search to give some speed-up.
	- Ticket 142: Enhancement to allow easier addition of hooks.
	- Ticket 144: Cleaned up map_codes to use general rules, still needs some for redirection.
	- Ticket 145: Added OSVDB 0 to orphan items in db_tests.
	- Ticket 146: Paritial fix: with new "start" hook which is run at the start after target enumeration.
	- Ticket 147: Grab HTTP information on the fly, deprecate get_banner.
	- Ticket 150: Special characters in XML output.
	- Ticket 152: HTTP Version set in nikto.conf over-ridden.
	- Ticket 153: Properly check for HTTP and HTTPS ports in cache.
	- Ticket 156: Update system couldn't update nikto_core.plugin.
	- Ticket 163: Scan details not appearing in XML reports.
	- Allow changing certain config settings during scans.
	- Optimized rm_active_content() a little by shuffling code and reducing some mem copies/regexs. Needs more work.
	- Update nikto.conf to switch tests to always have the (report:500) parameter.
	- Updates to read known headers on the fly, rather than make requests for them.
	- Fixed a bug with the order of parameters in hooks (broke parameters being passed to some plugins).
	- Added the parameter "report" to tests plugin to report when completed x number of tests.
	- Stop LibWhisker producing an error when talking HTTP to HTTPS during port_check.
	- Merged apacheusers and apache_enum_users.
	- Add facillity for a plugin to inform which options it can take.
	- Added nbe output plugin which written by Frank Breedijk of the Seccubus project.
	- Moved do_auth to a postfetch plugin. 
	- Removed dead code from fetch().
	- Optimizations in nfetch(), nikto.pl, & elsewhere.
	- Added support for prefetch and postfetch hooks.
	- Moved content_search to a plugin.
	- Some tuning around plugin execution.
	- Updated user_enum_apache to use Plugins instead of mutate.
	- Rewrote the macro expanding bit to make it more efficient.
	- Mutate 1 now wrapped into nikto_tests and doesn't take up anywhere near the amount of memory!
	- Starting to deprecate mutate by replacing with plugin options. -mutate 2 (passfiles) is now implemented within tests and uses less memory.
	- Updated -check_updates to use nfetch instead of fetch.
	- Updated -Plugins support.
	- Add filename support to rm_active_content.
	- Added basic support for -D s (scrub, removes some information from the log).
	- Match plugin names case-insensitive.
	- Warn if RFIURL is undefined.
2010-01-20 Nikto 2.1.1
	- Ticket 117: Fixed SKIPPORTS
	- Ticket 116: Moved User-Agent string to nikto.conf
	- Ticket 116: Added dynamic variables to User-Agent (Testid, Evasion methods)
	- Ticket 95: Added support for OSVDB, now the fun bit of filling it in
	- Ticket 111: Basic syntax checks for all databases
	- Ticket 109: Added an extra optional <ssl /> element to xml output to contain the SSL date. Need to do similar for html, txt and csv
	- Ticket 106: Shorts authentication being successful if an error is returned
	- Ticket 107: Support for short reads in LW2.5
	- Ticket 98: If -Format is missed guess the format based on file extension in -output. Default is none if -output is omitted.
	- Ticket 96: Multiple index file enhancements for groups and better unique file identification
	- Ticket 103: <description> content in xml report is now wrapped in CDATA 
	- Ticket 110: Mutate now respects db variables
	- Ticket 97: Fix for response caching
	- Ticket 99: Spelling disagreements between Brits and Americans
	- Added @RFIURL to nikto.conf for a remote file include location, and supporting code.
	- Added ~2300 RFI tests from the combined RSnake/OSVDB list
	- Removed NMAP and NMAPOPTS from nikto.conf as it is no longer used/supported
	- Reporting: simplify xml/html code, fix a bug when a space is in the uri, and load ony needed templates
	- Enable 2 new LW evasion tacticts (carriage return or binary value as request spacer)
	- Added support to select plugins via -Plugins and -list-plugins option to list current plugins
	- Major bug fix for proxy usage
	- Don't report p3p header as unusual
	- Various changes to aid future binary db usage for mutates
	- Various changes to aid future multi-threading
	- Fix for multiple index files
2009-12-21 nikto.pl
	- Ticket 100: Fix for reading home directory on Windows
	- Some new additions to db_realms and db_embedded
2009-08-29 templates/xml* docs/nikto.dtd
	- Added <statistics /> tag for scan/host statistics
2009-08-25 plugins/db_httpoptions
	- Ticket 89: - remove TRACE and TRACK from the db
2009-08-19 plugins/nikto_headers
	- Added test for asp source code disclosure through the Translate header
2009-08-13 plugins/* plugins/nikto_embedded plugins/db_embedded
	- Various fixes to use nfetch and fix proxy use
	- New plugin added to identify embedded devices
2009-08-12 plugins/nikto_core
	- New fetch (nfetch) sub added which uses a local request/result hash. All requests should use this instead of fetch.
	- Patch to add a URI cache within fetch, can be disabled with -nocache
2009-08-04 plugins/nikto_core
	- Patch to actually report the URI when it works out a password
	- Added test for DEBUG HTTP verb
2009-08-03 plugins/nikto.pl
	- Put in a quick catch for port ranges (e.g. 80-90) if people use the old style of port entries
	- Put in a simple signal handler to close reporting if a sigint is caught
2009-08-02 plugins/nikto_multiple_index db_multiple_index
	- Added check for multiple index files for request #16
	- Turned standard headers into a database file to close off #22
2009-08-01 plugins/* nikto.pl
	- Fixes for xml reporter to allow multiple hosts
	- Fixes for html, txt and csv exporters
	- Tickets 80 and 85
2009-07-31 plugins/* nikto.pl
	- Fix for ePO agent/HP iLO to not report for each known type of webserver
	- Big changes to the way nikto assigns targets to remove globals, have deliberately broken nmap scanning and allowing port ranges.
2009-07-20 plugins/nikto_core plugins/nikto_outdated db_tests db_outdated
	- Fix to ensure that -Tuning works as expected, fixes ticket #84
	- Fix to add a warning if a web server has been configured to restrict information on its server banner, fixes ticket #66
	- Minor amendment to lightttpd version to fix ticket #67
	- Fix to nikto_core to make dbcheck work!
	- New item for ticket #75
2009-06-30 plugins/nikto_dictionary_attack
	- Add plugin to use dirbuster lists with mutate 6 and mutate-options
	- couple of minor fixes to prevent errors on Windows and exporting as text
2009-06-27 plugins/nikto_user_enum_cgiwrap.plugin
	- Managled cgiwrap and apache plugins together and allow use of a dictionary (to speed things up). Also made it work with new reporting style
	- Added -mutate-options switch
2009-06-15 plugins/nikto_reports.plugin templates/xml_end
	- Fixed bug with xml not terminating correctly
2009-05-11 plugins/nikto_core.plugin plugins/nikto_subdomain.plugin
	- Added subdomain buteforcer as mutate option 5, thanks to Ryan DewHurst
	- Added extra tests to pull information if scanning ePO agent or HP WBEM
	- Added test to recognise a Dell Remote Access Console
	- Added -no404 switch to disable 404 checking. Warning, this produces a lot of false positives at the moment
2009-01-10 plugins/nikto_core.plugin
	- Added fix for #73 to apply multiple variables for tests, supplied by Laurent Licour
	- Removed test_target function as now done in the nikto_test plugin
	- Added support for Allow directive in robots.txt
	- Added exit if cannot connect to a defined proxy
2008-11-11 plugins/nikto_core.plugin nikto.pl plugins/nikto_reports.plugin
	- Added report phase to plugin runner
2008-10-09 plugins/nikto_core.plugin nikto.pl
	- Further tunings to authentication code to simplify it.
2008-10-02 plugins/nikto_core.plugin nikto.pl
	- Altered authentication code to make it simpler.
	- Now supports NTLM authentication.
2008-09-24 plugins/nikto_core.plugin db_tets
	- Fixed problem with nikto using authentication provided from the command line. It now adds it to the list of realms.
	- Added extra test to highlight localstart.asp if it is the default page.
	- Added tests to identify Ampache.
2008-09-23 plugins/*.plugin
	- Added support for conditional recon and scan plugins.
2008-09-21 plugins/*.plugin
	- Changes for new plugin running structure; it needs to be finished (conditional plugins and report methods) but it is good enough to release now.
2008-09-20 plugins/nikto_core.plugin plugins/nikto_cgi.plugin nikto.pl plugins/nikto_reports.plugin templates/xml_host_head.tmpl docs/nikto.dtd
	- Fixes to ensure nikto produces less perl warnings
	- Fix for ticket #59: add vhost to xml output
2008-09-16 plugins/nikto_core.plugin plugins/nikto_httpoptions.plugin
	- Fix for ticket #37
	- Allow fetch to optionally call LW2::http_fixup_request
	- Better handling of extra headers within fetch
2008-09-14 plugins/db_server_msgs plugins/nikto_*.plugin
	- Update server messages to dynamic database format
	- Altered all plugins to use a separate RESULTS array for storing results; meaning that it is easier to abstract
	- Added add_vulnerability method to nikto_core to report vulnerabilities and reduce code size.
	- Added ability to add an extra hash to fetch() to allow extra headers to be added.
2008-09-12 plugins/nikto_core.plugin plugins/nikto_httpoptions.plugin plugins/db_httpoptions plugins/nikto_favicon plugins/db_favicon
	- Fix for ticket #38: httpoptions are drawn from a database
	- Now setup to allow dynamic databases, rather than all being imported by nikto_core at start time
	- Altered favicon database to use dynamic database
2008-09-06 plugins/nikto_core.plugin tmpl/htm_close.tmpl
	- Fix for ticket #53: all plugins now show last mod date
	- Fix for ticket #51: updated copyright date in HTML
2008-09-04 plugins/nikto_core.plugin
	- Ticket 55: introduced by the solution for ticket #44
	- Ticket 53
2008-08-12 plugins/db_outdated -- Nikto 2.03
	- Fix for Jetty to latest version, fixes ticket #49
2008-08-07 docs/nikto_manual.html
	- New export of the manual from the docbook
	- Updated versions in nikto.pl
2008-08-06 plugins/db_outdated
	- Added various new versions
2008-08-05 plugins/db_favicon
	- Fix for ticket #45
	- Added favicons for Roku Soundbridge and Ampache
2008-07-14 plugins/nikto_headers.plugin
	- Changes to look at non-standard headers
	- Changes to examine Apache's ETag header
2008-07-07 nikto.pl plugins/nikto_core.plugin plugins/nikto_reports.plugin
	- Fix for ticket #41 - a rather nasty bug that's been in nikto 2 since its inception; where variables weren't fully expanded.
2008-07-02 plugins/nikto_core.plugin
	- Fix for ticket #11 - change CGIDIRS test so that they're not hardcoded. The reponse codes are now kept in a variable in db_variables
	- Applied same to enumerating apache users plugin
	- Fix for ticket #39 - we now check whether getoptions failed, show usage and exit with a code of one. This also means that it will exit gracefully if a parameter is missed out when one is required.
2008-06-24 plugins/nikto_core.plugin
	- Fix for ticket #35 - allow multiple HTTP methods to identify an HTTP server, these are set with the variable CHECKMETHODS in config.txt
	- Fix for a bug in the nmap reader where it would ignore the IP address if it nmap didn't return a hostname.
2008-06-22 plugins/db_tests
	- Fix for ticket #26 - stop domino tests producing false positives
2008-06-20 plugins/nikto_httpoptions.plugin
	- Fix for ticket #30 - ensure that propfind has the right OSVDB tag
2008-04-22 plugins/nikto_outdated.plugin
	- Change to allow stop duplication of items when scanning more than one host. Fix for bug 28
2008-04-16 plugins/nikto_core.plugin
	- Change to allow reading of a host list from stdin
	- Fix for enhancement 10: read from nmap output (only -oG)
2008-04-15 plugins/nikto_core.plugin
	- Fixes for bug 25: Unopen ports are now reported
2008-04-14 templates/htm*
	- Fixes for bug 24: HTML output is now valid HTML 4.01 Strict
2008-04-11 nikto.pl
	- Started using international dates instead of the weird US format
	- Added a fix for bug id 23: allow a range of ports instead of a comma separated list
2008-04-11 db_outdated
	- Updated current version of Apache to 2.2.8
01.06.2008 2.02
	- Added XML output thanks to the work of Jabra. XML format comes from templates (same as HTML). See the 'templates' dir for more info.
	- HTML reports changed by Jabra to remove some oddities and remove HTML from items
	- Fixed non-reporting of non-HTTP ports (or closed ports) when at least one port was HTTP.
	- Removed experimental knowledge base (KB) code, as XML output is more flexible for long-term scan tracking
	- Added unique identifiers to all tests from databases, and all tests created in code
	- Updated documentation
01.02.2008 nikto_core
	- Fixed improper parsing of long options (-update, etc.). Thanks to Frank Breedijk for figuring this out.
12.30.2007 db_servers
	- Removed as it is not used
12.19.2007 nikto_msgs.plugin
	- Add a boundary for regex on versions to cut down false positives
12.19.2007 niko_favicon.plugin
	- Added OSVDB ID
12.18.2007 niko_favicon.plugin
	- Fix false positive when favicon.ico doesn't exist
11.22.2007 Nikto 2.01 release
	- Fix anti ids encoding use. thanks to Francisco Amato
	- Fix virtual host usage if set via CLI. thanks Jon Hart
	- Fix Host header restoration when testing for IIS IP leak
	- Fix for plugindir & templatedir if EXECDIR is set in config.txt, thanks Shiraishi.M and Will Andrews for pointing it out.
	- Fix count of items--count now accurately reflects the number of items, not just number of vulns. thanks Frank Breedijk
	- Kick a few more things to KB that should be saved
	- Added SKIPIDS to config.txt to completely ignore some tests loaded from db_tests. Suggested by Christian Folini.
	- Enhanced rm_active_content to try to exclude the file/QUERYSTRING requested
	- Unset the auth header after guessing at it. Thanks Paul Woroshow for reporting the bug.
11.12.2007 nikto_headers.plugin
	 - Fix internal IP address snarfing for IIS, thanks Frank Breedijk for pointing it out
11.10.2007 Nikto 2.00 release
	 - Rewrite of nikto_httpoptions.plugin to read the Public header
	 - Fixups to prevent namespace violations in nikto.pl and nikto_core.plugin
	 - Add some normalizations to the -root option variable, suggested by Erik Cabetas
	 - Added -Display with options for suppressing redirects & cookies from being included in output
	 - Added -Tuning options to let users specify what they would like to test, or exclude certain categories
	 - Added config.txt's NMAPOPTS, thanks Sean Lewis for the suggestion
	 - All new HTML report
	 - Bugfix: a found cookie would report for every port/server after it was found
	 - Bugfix: all hosts scanned with all ports if hosts file used
	 - Bugfix: all hosts scanned with port 80 despite what the user wanted
	 - Bugfix: Reverse DNS inet_aton error fix, pointed out by Jason Peel @ Foundstone
	 - Changed auth checking so it will test any directory found, not just /, and removed nikto_realms.plugin as a consequence
	 - Changed scan_database.db format significantly (and name), (and all the code to deal with tests)
	 - Completely new 404 engine which causes less false-positives (see docs)
	 - Created dump_lw_hash instead of dump_request_hash & dump_result_hash
	 - Implemented a knowledge base which (should) store all the gory details of scans... probably use this later ;)
	 - Moved pre-defined variables from config.txt to variables.db so they can be automagically updated. Entries in config.txt are still read.
	 - Removed %CFG, storing vars in %NIKTO instead
	 - Removed -generic
	 - Removed extraneous global vars
	 - Removed load_realms, combined with load_variables
	 - Replaced %CONFIG with %NIKTOCONFIG
	 - Set MAX_WARN to trigger on any response code, skipping 404|403|401|400 to avoid common ones
	 - Added -Single single request mode
	 - Updates to use the RFP's LibWhisker 2.0
	 - Added -Help to show extended help ouput, changed default help screen to be shorter. Suggested by Jericho.
	 - Additional error checking on invalid reverse-dns (Paul Woroshow)
	 - Cleaned up comment/line parsing routines in multiple places, from Erik Cabetas
	 - Tightened some for loops with real values instead of guessing, from Erik Cabetas
	 - Addded error message if no host is specified, from Erik Cabetas
	 - Added more robust output file type checking (txt/htm/cvs), from Erik Cabetas
	 - Added more debug statements regarding which CGI directories will be scanned, from Erik Cabatas
	 - Bugfix: more 'half dead host' scanning issues resolved with Jericho. LW is much pickier now about calling http_close
	 - Added error if -F specified without -o, from Erik Cabetas
	 - Bugfix: server category match no longer matches partial strings, from Erik Cabetas
	 - Bugfix: mis-pasted line, pointed to by Erik Cabetas
	 - Send all errors to STDERR
	 - Added -config option to specify a config file, thanks to Pavel Kankovsky
	 - fixed regex issue on banner. thanks Alexander Ehlert for pointing it out
	 - All other plugins updated for v2 changes
	 - Added favicon.ico hash checking
	 - ... gobs more
02.06.2004 nikto_core.plugin 1.21
	- Cleaned up comment/line parsing routines in multiple places, from Erik Cabetas
	- Tightened some for loops with real values instead of guessing, from from Erik Cabetas
	- Removed duplicate bit of code, from Erik Cabetas
	- Addded error message if no host is specified, from Erik Cabetas
	- Added more robust output file type checking (txt/htm/cvs), from Erik Cabetas
	- Added more debug statements regarding which CGI directories will be scanned, from Erik Cabatas
12.17.2003 
	nikto_core.plugin 1.20
	 - Fixed BID links, thanks Richard Tortorella for the report.
10.27.2003 Nikto 1.32 release
	nikto_core.plugin 1.19
	 - Removed unecessary 'use IO::Socket' call from resolve()
	 - Removed unecessary counters
	 - Replaced some slow foreach counters
	 - Moved proxy_check earlier, before port_scan, so it will be set first
	 - Removed -allcgi option in favor of -CGIdir, which can specify to test 'all', 'none' or a specific directory.
	 - Bugfix: testing through proxy by making sure host name is set instead of ip, thanks to Fabrice Annic for the catch
	 - Bugfix: a regex/logic/if error in test_target, thanks Pavel Kankovsky for the bug report. 401/302 messages will now report regardless of test/pass fail.
	 - Bugfix: -dbcheck now identifies duplicates without relying on message text, thanks Jericho / Attrition.org for pointing this out
	nikto.pl	1.12
	 - Rearranged order of get_banner & setup so that it would be called right
	nikto_headers.plugin	1.08
	 - Added DAAP header check
10.02.2003
	nikto_core.plugin 1.18
	 - Fixed get_banner to properly handle multi host/port scans
10.01.2003
	nikto_outdated.plugin 1.12
	 - Fixed improper matching in version evals, reported by Paul Bakker

09.30.2003
	nikto_core.plugin 1.17
	 - Reordered loop code to make -f scans faster.
	 - Added a skip for "(Win32)" in the version updates back to cirt.net
	nikto_outdated.plugin	1.11
	 - Stripping () from version strings
09.24.2003  Nikto 1.31 release
	nikto_core.plugin 1.16
	 - Fixed a bug in resolve() that may prevent name lookups when host files used
	 - Fixed a bug in resolve() where scan would exit if 1 name resolution from host file failed
	 - Changed set_targets so that if the -h value exists as a file it reads that instead of resolving it as a name. This eliminates need for .csv or .txt file name endings.
	 - Added auto or semi-auto update of version strings to CIRT.net. This is done through a simple GET request. Controlled via config.txt's UPDATES variable.
	   *ABSOLUTELY NO* server info is sent... only versions from HTTP headers, i.e. "Apache/4.0". Thanks to Jericho for feedback/ideas.
	 - Added a host counter output at end & for every 10 hosts
	 - Set CHANGES.txt download only on *code* updates, not DBs
	 - Added MAX_WARN to config.txt for warning level on OK/Moved messages, thanks Jericho for the suggestion.
	 - Added PROMPTS to config.txt to allow user control of prompting--good for unattended scans
	 - Added a regex test to dbcheck() better catch errors in server_msgs.db
	 - Thanks again to Jericho for many updated tests/information.
	 - Cleaned up port scan code
	 - Fixed/improved scanning through proxies
	nikto_outdated.plugin 1.09
	 - Added support for sending updates of version strings to CIRT.net. See nikto_core.plugin version 1.15 notes.
    LW.pm - 1.8
	 - Updated to LW.pm v1.8, see the change log included with it (www.wiretrip.net/rfp/).
    nikto.pl - 1.10
	 - Implemented versioning on nikto.pl (!), many changes to support core 1.15
	 - Put 'require LW.pm' down *after* we know where it is.. duh. Thanks J Barber (ussysadmin.com) for the suggestion. Also changed it 'require' vs 'use' so in the future I can update it, if necessary.
	 - Hosts are now tested in the same order as the appear in an input file
08.18.2003
	nikto_outdated.plugin 1.08
	 - Fixed nasty regex bug in the version eval, and made more efficient. Pointed out by fr0stman, thx Zeno for assistance
07.22.2003
	nikto_headers.plugin 1.07
	 - Added Host header back after delete in IIS Content-Location check. Thanks to Abdi Ponce for the bug report & debug.
	nikto_httpoptions.plugin	1.04
	 - Changed PROPPATCH, TRACK, TRACE messages. Changed PROPFIND message, thanks to Jericho for tracking down some good info on it.  Added SEARCH message.
	nikto_core.plugin 1.14
	 - Added <title> tags to the HTML output for browser-neatness
	 - Removed a stray debug print
07.03.2003
	 - Thanks to Jeremy Bae for many Jeus Webserver tests.
06.29.2003
	nikto_core.plugin 1.13
	 - changed some &function calls to function() to keep $_ from being passed down another level..  thanks to zeno for the heads-up.
	nikto_headers.plugin 1.05
	 - fixed the IIS4 content-location check as it had a tendency to fail miserably...
06.29.2003
	nikto_core.plugin 1.12
	 - changed output of dump_request to be more like normal request text
06.29.2003
	nikto_core.plugin 1.11
	 - bug fix for scanning through proxies
06.19.2003
	nikto_core.plugin 1.10
	 - added 'csv' to file formats in -help output (doh!)
	 - minor speedups
06.17.2003
	nikto_user_enum_apache.plugin	1.02
	 - Bugfix: some user names not tested (zz, zzz, etc.)
	 - Major rewrite for speed improvements
	nikto_user_enum_cgiwrap.plugin	1.01
	 - Bugfix: some user names not tested (zz, zzz, etc.)
	 - Major rewrite for speed improvements
06.16.2003
	nikto_core.plugin 1.09
	 - dbcheck option enhanced: check that all plugins are in the order file
	 - dbcheck option enhanced: check that all plugins have properly named sub calls
	 - update option enhanced: retrieves updated CHANGES.txt file with code updates
	 - Bugfix: resolve() did not properly catch invalid IP addresses. Reported by Rick Tortorella.
06.12.2003
	nikto_core.plugin 1.08
	 - Removed iprint() entirely (finally)
	 - Made "Needs Auth" links active in HTML output
05.30.2003
	nikto_core.plugin 1.07
	 - Bugfix: 
05.30.2003 
	nikto_core.plugin 1.06
	 - Added number of elapsed seconds to final host/port output
	 - Bugfix: Changed CAN/CVE link to point to cve.mitre.org instead of ICAT
	 - Bugfix: Duplicate port 80 in nmap options if -p not specified but 80 specified in hosts file
05.28.2003
	nikto_core.plugin 1.05
	 - Bugfix: -update code prevented automatic updates. Found & fixed by Keith Young. Also reported by Paul Worshaw.
05.27.2003
	Nikto 1.30 release
    General changes
	  - removed nikto_google.plugin entirely (may add better plugin later)
	  - major "under the hood" changes to make things easier to maintain, read & modify
	  - killed as many global vars as I could stand in favor of a few global hashes (CLI input, etc.)
	  - added $CURRENT_HOST_ID and $CURRENT_PORT as globals--these are the pointers to "where you are" (mostly as in $TARGETS)
	  - added the ability to have basic conditional items for tests, i.e. "200!index" to designate a response of "200" but the 
	    content does not contain "index" (suggested by Paul Woroshow).
	  - added -V option, which displays versions of all code files & databases (suggested by Jericho)
	  - specifying -ssl now forces *all ports* on *all servers* to use ssl.  best that can be done for now. 
	  - added multi-host support via a text file with port specification in the file or via CLI
	  - all new save file routines
	  - unbuffered file output to keep partial/cancelled run data
	  - removed the -w option in favor of -F with multiple formats
	  - added support for NTLM authentication
	  - added cgiwrap plugin
	nikto_core.plugin 1.05
	- Many updates to support multiple host scans
	- Added UA for update agents
	- Changed all %SERVER hash refs to either %CLI or %TARGETS
	- Removed %BANNERS (now in %TARGETS)
	- Added set_targets() to handle various target input methods
	- Bugfix: non-SSL ports not found after first SSL port found on a host
	- Bugfix: authentication realms were not checked with the proper root if -r was specified on the CLI
	- Bugfix: can't call 'fprint' if core plugin is not found (duh!). Found by Erwin Paternotte.
	nikto_user_enum_cgiwrap.plugin 1.00
	- added
	nikto_mutate.plugin	1.05
	- change for using %CLI
	nikto_passfiles.plugin	1.01
	- change for using %CLI
	nikto_user_enum_apache.plugin	1.01
	- change for using %CLI
	- renamed from 'nikto_userenum.plugin'
	nikto_msgs.plugin	1.03
	- minor changes for multi-host support
	plugins_order.txt	1.03
	- removed nikto_google.plugin
02.23.2003 	
	nikto_core.plugin	1.04
	- Added a work around for servers that answer with blank www-authenticate headers with invalid id/pass combos
	nikto_realms.plugin 1.00
	- Added to distro
	realms.db 1.00
	- Added to distro
	plugins_order.txt 	1.02
	- Added nikto_realms.plugin
01.22.2003
	nikto_httpoptions.plugin 1.03	
	- standardized wording, added TRACE option, added more description to WebDAV msgs (thanks Jericho at attrition.org).
01.22.2003
	nikto_core.plugin 1.03	
	- fixed a bug with matching proper server categories, thanks to Paul Woroshow.
01.17.2003
	nikto_core.plugin 1.02	
	- fixed the GetOptions only looking for "-gener" instead of "-generic", thanks to Michel Arboi
01.02.2003
	nikto_core.plugin 1.01	
	- fixed proxy authentication not prompting for -update option
01.01.2003 
	Nikto 1.23
	- added nikto_plugin_order.txt to force plugin order to something we want rather than alpha
	- added nikto_core.plugin & removed most functions from nikto.pl
	- added -cookies option
	- enhanced db syntax error checking (spurred by syntax problems Thomas Reinke found)
	- started using the LW 1.6 libraries
	- fixed infinite loop output problem (no longer wrapping long lines)
	- removed usage from saved output (too long)
	- remove nikto_frontpage.plugin and put checks in scan_database.db
	- moved server categories from scan_database.db to servers.db
	- got rid of the leading "c," requirement from scan_database.db
	- added STATIC-COOKIE config item as suggested by Eyal Udassin
	- made CLI options case sensitive (to support more options, hosts files, etc)
	- added Javier Fernandez-Sanguino Pen~a's Apache user enumeration plugin
	- added -r (-root) file prepend as suggested by Eyal Udassin
	- many DB typo fixes from Jay Swofford
	- fixed a regex bug in nikto_robots.plugin and nikto_apacheusers.plugin
	- new update location (path) to better support upgrades that don't effect db syntax
08.21.2002
	Nikto 1.21	
	- Fixed all the proxy code--none of it was working due to where it was set in the initialization.
	- Added -update to the help output. Not sure why it wasn't there.
08.12.2002
	Nikto 1.20
	- Re-packaged to take out a testing line from LW.pm. Thanks to D Rhoades for the catch
08.11.2002
	Nikto 1.20	
	- Moved all mutate options to plugins
	- Added password file mutate plugin
	- Added better error messages if problems arise
	- Test for false-positives on all CGI directories
	- Added -useproxy CLI
	- Printing SSL certs the server accepts
	- Fixed port sorting if -f is used
	- Forked 1.20DCX edition for DefCon 10 CD: difference is only output
	- Fixed a bug where "findonly" was referenced as "findports" (thanks J DePriest)
	- Added properly wrapped text output in saved files
05.25.2002	
	Nikto 1.100	
	- stopped nikto from dying if no config.txt file found	
	- added Apache user enumeration plugin
	- added robots.txt plugin
	- set false-positive message to display at end of run as well as during
04.23.2002	
	Nikto 1.10BETA_3	
	- fixed CAN/CVE links, added BID/CA/MS links (suggested by Jericho).
	- prints total number of 'issues' found (suggested by Jericho).
	- fixed proxy usage in the cirt.net update function.
	- updated to use LW 1.4, which fixes an SSL infinite loop problem.
	- fixed 401 auth suppression (broken in beta 2).
	- added robots plugin to examine robots.txt & add items found to the mutate check
03.31.2002 
	Nikto 1.10BETA_2	
	- fixed the config.txt DEFAULTHTTPVER variable setting so it really works
	- made proxy_check run only once per session
	- removed all reference to "nikto" in the scan_database.db
03.23.2002	
	Nikto 1.10BETA_1
	- renamed plugins from .pl to .plugin, just for clarity. but they're still perl files
	- allowed nikto.pl to update plugins the same as .db files
	- usage of LW 1.2
	- countless "under the hood" type things
	- lowercase-incoming-headers to more easily handle case sensitive nonsense
	- compartmentalized a LOT more code to make things easier to read
	- created config.txt file configuration w/o midifying nikto.pl itself
	- added user_scan_database.db so that it won't get ovwr-written if the user adds checks
	- enabled RFP's LibWhisker anti-ids options
	- change "check," to "c," in scan_database, just to save a little bandwidth on cirt.net :)
	- added plugin to check HTTP methods
	- created a 'mutate' mode for really brute force finding stuff on servers
	- added the ability to set default CLI options via config file
	- added PLUGINDIR config variable
	- added plugin to check other HTTP headers (just x-powered-by for now)
	- added ability for nikto to auto-determine ssl v non-ssl on a port
	- added port scanning ability (with or without nmap)
	- added ability to send message via the update script's versions.txt file. I don't know why, but it may  be handy to let folks know if a new beta is out, or something.
	- implemented the virtual host headers as patched by Pasi Eronen
01.17.2002 
	Nikto 1.018 
	- Added /mpcgi/ to the @CGIDIRS array based on some suggestions.
	- Fixed a bug in the auth_check function (thanks RFP), and cleaned up error reporting on failed auths
01.12.2002	
	Nikto 1.017
	- Fixed a bug where the data portion of a request did not reset to null after some checks (thanks to Phil Brass for pointing me at it & letting me test against his server). 
01.10.2002
	Nikto 1.016
	- Add dump_*hash functions
	- Added pause (-x) in scan loop
	- Fixed a bug which caused a major slowdown
	- Added load_conf for setup for configuration files (future)
	- Fixed http vs. https links in output files
01.08.2002
	Nikto 1.015 
	- Fixed a bug (?) in Libwhisker PR4 (will check v1 code...)
	- Corrected an error which caused a few false-positives (404 really IS not found :)
01.07.2002	
	Nikto 1.014
	- Removed comment filtering from lines in scan_database.db to accommodate SSI includes
	- Fixed quoting removal for data portions in checks (so " is valid).
01.06.2002
	Nikto 1.013	
	- Made major globabl variable changes, moved tons of them to hashes
	- Wrote some basic plugin writing documentation & added 'docs' directory
01.03.2002
	Nikto 1.012
	- Added extended output for scan archival reasons (suggested by Steve Saady)
	- Changed host auth failure to a warning, not stoppage
	- Added "data" portion to scan_database.db
	- Added @IP and @HOSTNAME substitutions for scan_database.db checks (will be replaced by actual IP/hostname)
	- in case they are needed in the future.
	- Added JUNK() to scan_database.db checks to facilitate future buffer-overflows (non-DoS), and future DoS plugins
	- Added Proxy-agent as valid the same as Server result strings
	- Changed -l to -n ("nolookup") to be more accurate
01.02.2002
	Nikto 1.011
	- Added proxy auth for db update requests (oops).
	- Started .xxx version numbering scheme to make life easier
	- Fixed href tags in HTM output (< and > encoding and target host/ip)
	- Added "caseless" WWW-Authenticate finding (for iPlanet Proxy)
12.31.2001
	Nikto 1.01
	- Added regex to remove comments from scan_database.db in case they ever exist
	- Fixed extra 'Host:' line being sent to server (duh).
	- Fixed non 'GET' request data posting (duh).
	- Added -timeout option
12.27.2001	
	Nikto 1.00
	- Finalized beta version for release
 

 

源码分析

因为nikto的代码量只有400k,分析起来并不太费劲。而且使用的是perl语言,它是一个简洁的脚本语言。

 

 

 

 

 

posted on 2023-06-18 16:09  GKLBB  阅读(752)  评论(0)    收藏  举报