Erklärung

• Nikto Web Scanner ist ein Webserver-Scanner, der Webserver auf gefährliche Dateien/CGIs, veraltete Serversoftware und andere Probleme testet. Es führt generische und servertypspezifische Prüfungen durch. Außerdem erfasst und gibt alle empfangenen Cookies aus.

Installation

• apt-get install nikto

Anwendung

• nikto -h gustavo.xinux.lan -p 80

root@gustavo:~# nikto -h gustavo.xinux.lan -p 80
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          127.0.1.1
+ Target Hostname:    gustavo.xinux.lan
+ Target Port:        80
+ Start Time:         2018-11-15 16:32:30 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.4.18 (Ubuntu)
+ Server leaks inodes via ETags, header found with file /, fields: 0x2c39 0x57ab5a8c8fb1b 
+ The anti-clickjacking X-Frame-Options header is not present.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: POST, OPTIONS, GET, HEAD 
+ OSVDB-561: /server-status: This reveals Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6544 items checked: 0 error(s) and 5 item(s) reported on remote host
+ End Time:           2018-11-15 16:32:36 (GMT1) (6 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Weiteres

• -h = target host
• -p = port
• -l = List all available plugins
• -F = Format (z.B. HTML, TXT, XML)
• -o = Write output to this file (z.B. webscan.html)
• -s = Force ssl mode on port

Bericht in HTML Format