Nikto Cheat Blatt
Überblick
Nikto ist ein Open Source Webserver-Scanner, der umfassende Tests gegen Webserver für mehrere Objekte durchführt, einschließlich über 6700 potenziell gefährliche Dateien/Programme, Überprüfungen für veraltete Versionen von über 1250 Servern und Version spezifische Probleme auf über 270 Servern. Es überprüft auch die Serverkonfigurationselemente wie das Vorhandensein mehrerer Indexdateien, HTTP-Serveroptionen und versucht, installierte Webserver und Software zu identifizieren.
ZEIT Warning: Verwenden Sie Nikto nur gegen Webserver, die Sie besitzen oder eine ausdrückliche Erlaubnis zum Testen haben. Unberechtigtes Scannen kann gegen Nutzungsbedingungen oder lokale Gesetze verstoßen.
Installation
Systempaket Installation
```bash
Ubuntu/Debian
sudo apt update sudo apt install nikto
CentOS/RHEL/Fedora
sudo yum install nikto
or
sudo dnf install nikto
Arch Linux
sudo pacman -S nikto
macOS with Homebrew
brew install nikto ```_
Manuelle Installation
```bash
Clone from GitHub
git clone https://github.com/sullo/nikto.git cd nikto/program
Make executable
chmod +x nikto.pl
Install dependencies
sudo apt install perl libnet-ssleay-perl libcrypt-ssleay-perl libio-socket-ssl-perl
Create symlink for system-wide access
sudo ln -s $(pwd)/nikto.pl /usr/local/bin/nikto
Verify installation
nikto -Version ```_
Docker Installation
```bash
Pull Docker image
docker pull sullo/nikto
Run Nikto in Docker
docker run --rm sullo/nikto -h http://target.com
Create alias for easier usage
echo 'alias nikto="docker run --rm sullo/nikto"' >> ~/.bashrc source ~/.bashrc ```_
Das ist der Grund.
```bash
Nikto is pre-installed on Kali Linux
nikto -Version
Update Nikto database
nikto -update
If not installed
sudo apt update sudo apt install nikto ```_
Basisnutzung
Einfacher Webserver Scan
```bash
Basic scan
nikto -h http://target.com
Scan with HTTPS
nikto -h https://target.com
Scan specific port
nikto -h http://target.com:8080
Scan multiple hosts
nikto -h http://target1.com,http://target2.com
Scan from file
echo "http://target1.com" > targets.txt echo "http://target2.com" >> targets.txt nikto -h targets.txt ```_
Port- und Protokolloptionen
```bash
Scan specific port
nikto -h target.com -p 80,443,8080,8443
Scan port range
nikto -h target.com -p 80-90
Force SSL
nikto -h target.com -ssl
Disable SSL
nikto -h target.com -nossl
Use specific HTTP method
nikto -h target.com -method GET nikto -h target.com -method POST ```_
Authentication
```bash
Basic authentication
nikto -h http://target.com -id username:password
NTLM authentication
nikto -h http://target.com -id domain\username:password
Custom headers
nikto -h http://target.com -H "Authorization: Bearer token123"
Cookie authentication
nikto -h http://target.com -H "Cookie: sessionid=abc123"
Multiple headers
nikto -h http://target.com -H "Authorization: Bearer token" -H "X-API-Key: key123" ```_
Erweitertes Scannen
Tuning Optionen
```bash
Scan specific categories
nikto -h target.com -Tuning 1 # Interesting File / Seen in logs nikto -h target.com -Tuning 2 # Misconfiguration / Default File nikto -h target.com -Tuning 3 # Information Disclosure nikto -h target.com -Tuning 4 # Injection (XSS/Script/HTML) nikto -h target.com -Tuning 5 # Remote File Retrieval - Inside Web Root nikto -h target.com -Tuning 6 # Denial of Service nikto -h target.com -Tuning 7 # Remote File Retrieval - Server Wide nikto -h target.com -Tuning 8 # Command Execution - Remote Shell nikto -h target.com -Tuning 9 # SQL Injection nikto -h target.com -Tuning 0 # File Upload nikto -h target.com -Tuning a # Authentication Bypass nikto -h target.com -Tuning b # Software Identification nikto -h target.com -Tuning c # Remote Source Inclusion nikto -h target.com -Tuning x # Reverse Tuning Options (exclude)
Multiple tuning options
nikto -h target.com -Tuning 1,2,3,4
Exclude specific tests
nikto -h target.com -Tuning x6 # Exclude DoS tests ```_
Plugin Management
```bash
List available plugins
nikto -list-plugins
Use specific plugins
nikto -h target.com -Plugins "apacheusers,cgi"
Exclude plugins
nikto -h target.com -Plugins "@@DEFAULT" -Plugins "-outdated"
Custom plugin directory
nikto -h target.com -plugindir /path/to/plugins
Plugin-specific options
nikto -h target.com -Plugins "cgi(all)" nikto -h target.com -Plugins "headers(verbose)" ```_
Ausgabe und Reporting
```bash
Save output to file
nikto -h target.com -o scan_results.txt
Specify output format
nikto -h target.com -Format txt -o results.txt nikto -h target.com -Format xml -o results.xml nikto -h target.com -Format csv -o results.csv nikto -h target.com -Format htm -o results.html nikto -h target.com -Format json -o results.json
Multiple output formats
nikto -h target.com -Format txt,xml,csv -o results
Verbose output
nikto -h target.com -verbose
Display only specific findings
nikto -h target.com -Display 1 # Show redirects nikto -h target.com -Display 2 # Show cookies received nikto -h target.com -Display 3 # Show all 200/OK responses nikto -h target.com -Display 4 # Show URLs which require authentication nikto -h target.com -Display V # Verbose output nikto -h target.com -Display E # Debug output ```_
Spezielles Scannen
SSL/TLS Testing
```bash
SSL-specific scan
nikto -h https://target.com -ssl
Test SSL ciphers
nikto -h https://target.com -Plugins "ssl"
Ignore SSL certificate errors
nikto -h https://target.com -ssl -nossl
Test specific SSL version
nikto -h https://target.com -ssl -sslversion 3 ```_
CGI und Script Testing
```bash
CGI enumeration
nikto -h target.com -Plugins "cgi"
Test all CGI directories
nikto -h target.com -Plugins "cgi(all)"
Custom CGI directory
nikto -h target.com -Cgidirs "/scripts/,/cgi/,/custom-cgi/"
Test for dangerous CGI scripts
nikto -h target.com -Tuning 8 ```_
Verzeichnis und Dateientdeckung
```bash
Test for common files
nikto -h target.com -Tuning 1,2
Test for backup files
nikto -h target.com -Plugins "backup_files"
Test for interesting files
nikto -h target.com -Plugins "interesting_files"
Custom root directory
nikto -h target.com -root /app/
Test multiple directories
nikto -h target.com -root /,/app/,/admin/ ```_
Datenbank- und Anwendungstest
```bash
SQL injection tests
nikto -h target.com -Tuning 9
Test for database files
nikto -h target.com -Plugins "database_files"
Test for application-specific vulnerabilities
nikto -h target.com -Plugins "apache_expect_xss" nikto -h target.com -Plugins "shellshock" nikto -h target.com -Plugins "heartbleed"
Test for outdated software
nikto -h target.com -Plugins "outdated" ```_
Automatisierungsskripte
Batch-Scanning Script
```bash
!/bin/bash
Batch web server scanning with Nikto
TARGETS_FILE="$1" OUTPUT_DIR="nikto_scans_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGETS_FILE" ]; then
echo "Usage: $0
if [ ! -f "$TARGETS_FILE" ]; then echo "Error: Targets file not found: $TARGETS_FILE" exit 1 fi
mkdir -p "$OUTPUT_DIR"
echo "[+] Starting batch Nikto scan" echo "[+] Targets file: $TARGETS_FILE" echo "[+] Output directory: $OUTPUT_DIR"
Function to scan a single target
scan_target() \\{ local target="$1" | local target_name=$(echo "$target" | sed 's | https\?:// | | ' | sed 's | [:/] | _ | g') | local output_file="$OUTPUT_DIR/$\\{target_name\\}"
echo "[+] Scanning: $target"
# Run comprehensive scan
nikto -h "$target" \
-Tuning 1,2,3,4,5,7,8,9,a,b,c \
-Format txt,xml,csv \
-o "$output_file" \
-timeout 10 \
-maxtime 3600 \
2>&1|tee "$\\\\{output_file\\\\}_console.log"
if [ $? -eq 0 ]; then
echo " ✓ Scan completed: $target"
else
echo " ✗ Scan failed: $target"
fi
\\}
Read targets and scan
while IFS= read -r target; do # Skip empty lines and comments | [[ -z "$target" | | "$target" =~ ^#.*$ ]] && continue |
scan_target "$target"
# Wait between scans to be respectful
sleep 5
done < "$TARGETS_FILE"
echo "[+] Batch scanning completed" echo "[+] Results saved in: $OUTPUT_DIR"
Generate summary report
echo "[+] Generating summary report..."
cat > "$OUTPUT_DIR/summary.html" << 'EOF'
Nikto Scan Summary
Generated on: $(date)
| Target | Findings | Status |
|---|---|---|
| $target | $findings | $status |
EOF
echo "[+] Summary report created: $OUTPUT_DIR/summary.html" ```_
Continuous Monitoring Script
```bash
!/bin/bash
Continuous web application monitoring with Nikto
CONFIG_FILE="nikto_monitor.conf" LOG_DIR="nikto_monitoring" ALERT_EMAIL="security@company.com"
Create default config if it doesn't exist
if [ ! -f "$CONFIG_FILE" ]; then cat > "$CONFIG_FILE" << 'EOF'
Nikto monitoring configuration
| # Format: URL | SCAN_INTERVAL | ALERT_THRESHOLD | | https://app1.company.com | 86400 | 5 | | https://app2.company.com | 43200 | 3 | | http://internal.app.com:8080 | 21600 | 10 | EOF echo "Created default config: $CONFIG_FILE" echo "Edit the configuration and run again" exit 1 fi
mkdir -p "$LOG_DIR"
Function to send alert
send_alert() \\{ local target="$1" local findings="$2" local threshold="$3" local report_file="$4"
if [ "$findings" -gt "$threshold" ]; then
echo "ALERT: $target has $findings findings (threshold: $threshold)"|\
| mail -s "Nikto Alert: $target" -A "$report_file" "$ALERT_EMAIL" 2>/dev/null | | \ | echo "Alert: $target has $findings findings (email failed)" fi \\}
Function to scan target
monitor_target() \\{ local target="$1" local threshold="$2" local timestamp=$(date +%Y%m%d_%H%M%S) | local target_name=$(echo "$target" | sed 's | https\?:// | | ' | sed 's | [:/] | _ | g') | local report_file="$LOG_DIR/$\\{target_name\\}_$timestamp.txt"
echo "[$(date)] Scanning $target"
# Run Nikto scan
nikto -h "$target" \
-Tuning 1,2,3,4,5,7,8,9,a,b,c \
-Format txt \
-o "$report_file" \
-timeout 10 \
-maxtime 1800 \
> /dev/null 2>&1
if [ -f "$report_file" ]; then
# Count findings
| findings=$(grep -c "+" "$report_file" 2>/dev/null | | echo "0") |
echo "[$(date)] $target: $findings findings"
# Send alert if threshold exceeded
send_alert "$target" "$findings" "$threshold" "$report_file"
# Keep only last 10 reports per target
| ls -t "$LOG_DIR/$\\{target_name\\}_"*.txt 2>/dev/null | tail -n +11 | xargs rm -f 2>/dev/null |
return 0
else
echo "[$(date)] $target: Scan failed"
return 1
fi
\\}
Main monitoring loop
echo "[$(date)] Starting Nikto monitoring"
while true; do while IFS='|' read -r target interval threshold; do # Skip comments and empty lines | [[ "$target" =~ ^#.*$ | | -z "$target" ]] && continue |
# Check if it's time to scan this target
| target_name=$(echo "$target" | sed 's | https\?:// | | ' | sed 's | [:/] | _ | g') | last_scan_file="$LOG_DIR/.$\\{target_name\\}_last_scan"
current_time=$(date +%s)
if [ -f "$last_scan_file" ]; then
last_scan=$(cat "$last_scan_file")
time_diff=$((current_time - last_scan))
if [ "$time_diff" -lt "$interval" ]; then
continue # Not time to scan yet
fi
fi
# Update last scan time
echo "$current_time" > "$last_scan_file"
# Run scan in background
monitor_target "$target" "$threshold" &
done < "$CONFIG_FILE"
# Wait before next check
sleep 300 # Check every 5 minutes
done ```_
Schwachstelle Korrelation Skript
```bash
!/bin/bash
Correlate Nikto findings with CVE database
NIKTO_REPORT="$1" OUTPUT_FILE="nikto_cve_correlation.html"
| if [ -z "$NIKTO_REPORT" ] | | [ ! -f "$NIKTO_REPORT" ]; then |
echo "Usage: $0
echo "[+] Correlating Nikto findings with CVE database"
Extract findings from Nikto report
grep "+" "$NIKTO_REPORT"|while IFS= read -r line; do # Extract relevant information finding=$(echo "$line"|sed 's/^+ //')
# Search for CVE references
| cve_refs=$(echo "$finding" | grep -oE 'CVE-[0-9]\\{4\\}-[0-9]+' | sort -u) |
if [ -n "$cve_refs" ]; then
echo "Finding: $finding"
echo "CVE References: $cve_refs"
echo "---"
fi
done > nikto_cve_findings.txt
Generate HTML report with CVE links
python3 << 'EOF' import re import requests import json from datetime import datetime
Read Nikto findings
with open('nikto_cve_findings.txt', 'r') as f: content = f.read()
Parse findings
findings = [] current_finding = \\{\\}
for line in content.split('\n'): if line.startswith('Finding: '): if current_finding: findings.append(current_finding) current_finding = \\{'finding': line[9:], 'cves': []\\} elif line.startswith('CVE References: '): cve_refs = line[16:].split() current_finding['cves'] = cve_refs
if current_finding: findings.append(current_finding)
Generate HTML report
html_content = f"""
Nikto CVE Correlation Report
Generated on: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}
Total findings with CVE references: \\\\{len(findings)\\\\}
""" for finding in findings: html_content += f"""Finding
\\\\{finding['finding']\\\\}
CVE References
""" for cve in finding['cves']: cve_url = f"https://cve.mitre.org/cgi-bin/cvename.cgi?name=\\\\{cve\\\\}" nvd_url = f"https://nvd.nist.gov/vuln/detail/\\\\{cve\\\\}" html_content += f""" """ html_content += """"
with open('nikto_cve_correlation.html', 'w') as f: f.write(html_content)
print(f"CVE correlation report generated: nikto_cve_correlation.html") print(f"Found \\{len(findings)\\} findings with CVE references") EOF
echo "[+] CVE correlation completed" echo "[+] Report saved: nikto_cve_correlation.html" ```_
Integrationsskripte
Nmap + Nikto Integration
```bash
!/bin/bash
Discover web services with Nmap, then scan with Nikto
NETWORK="$1" OUTPUT_DIR="nmap_nikto_$(date +%Y%m%d_%H%M%S)"
if [ -z "$NETWORK" ]; then
echo "Usage: $0
mkdir -p "$OUTPUT_DIR"
echo "[+] Discovering web services with Nmap"
Discover web services
nmap -sS -p 80,443,8080,8443,8000,8888,9000,9090 \ --open \ -oG "$OUTPUT_DIR/nmap_web_services.gnmap" \ "$NETWORK"
Extract web services
| grep -E "(80 | 443 | 8080 | 8443 | 8000 | 8888 | 9000 | 9090)/open" "$OUTPUT_DIR/nmap_web_services.gnmap" | \ | awk '\\{print $2\\}'|sort -u > "$OUTPUT_DIR/web_hosts.txt"
echo "[+] Found $(wc -l < "$OUTPUT_DIR/web_hosts.txt") hosts with web services"
Scan each host with Nikto
while IFS= read -r host; do echo "[+] Scanning $host with Nikto"
# Get open ports for this host
ports=$(grep "$host" "$OUTPUT_DIR/nmap_web_services.gnmap"|\
| grep -oE '[0-9]+/open' | cut -d'/' -f1 | tr '\n' ',' | sed 's/,$//') |
if [ -n "$ports" ]; then
nikto -h "$host" -p "$ports" \
-Format txt,xml \
-o "$OUTPUT_DIR/$\\\\{host\\\\}_nikto" \
-timeout 10 \
-maxtime 1800
fi
sleep 5 # Be respectful
done < "$OUTPUT_DIR/web_hosts.txt"
echo "[+] Nmap + Nikto scan completed" echo "[+] Results saved in: $OUTPUT_DIR" ```_
Integration von Burp Suite
```bash
!/bin/bash
Export Nikto findings to Burp Suite format
NIKTO_REPORT="$1" BURP_OUTPUT="nikto_for_burp.xml"
| if [ -z "$NIKTO_REPORT" ] | | [ ! -f "$NIKTO_REPORT" ]; then |
echo "Usage: $0
echo "[+] Converting Nikto report to Burp Suite format"
python3 << 'EOF' import xml.etree.ElementTree as ET import sys
Read Nikto XML report
try: tree = ET.parse(sys.argv[1]) root = tree.getroot() except: print("Error: Could not parse Nikto XML report") sys.exit(1)
Create Burp Suite XML structure
burp_root = ET.Element("issues")
for scan in root.findall('.//scan'): target_host = scan.get('targethost', '') target_port = scan.get('targetport', '80')
for item in scan.findall('.//item'):
issue = ET.SubElement(burp_root, "issue")
# Basic issue information
ET.SubElement(issue, "serialNumber").text = item.get('id', '')
ET.SubElement(issue, "type").text = "5244416" # Information disclosure
ET.SubElement(issue, "name").text = "Nikto Finding"
ET.SubElement(issue, "host").text = target_host
ET.SubElement(issue, "port").text = target_port
ET.SubElement(issue, "protocol").text = "http"
ET.SubElement(issue, "path").text = item.get('uri', '/')
# Issue details
description = item.get('description', '')
ET.SubElement(issue, "issueDetail").text = description
# Severity mapping
osvdb_id = item.get('osvdb', '')
if 'critical' in description.lower() or 'high' in description.lower():
severity = "High"
elif 'medium' in description.lower():
severity = "Medium"
else:
severity = "Information"
ET.SubElement(issue, "severity").text = severity
ET.SubElement(issue, "confidence").text = "Certain"
Write Burp Suite XML
tree = ET.ElementTree(burp_root) tree.write('nikto_for_burp.xml', encoding='utf-8', xml_declaration=True)
print("Burp Suite XML generated: nikto_for_burp.xml") print("Import this file into Burp Suite via Target > Site map > Import") EOF
echo "[+] Conversion completed: $BURP_OUTPUT" ```_
Fehlerbehebung
Gemeinsame Themen
SSL/TLS Probleme
```bash
Test SSL connectivity
openssl s_client -connect target.com:443
Force SSL version
nikto -h https://target.com -ssl -sslversion 3
Ignore SSL certificate errors
nikto -h https://target.com -ssl -nossl
Debug SSL issues
nikto -h https://target.com -ssl -Display E ```_
Timeout-Ausgaben
```bash
Increase timeout
nikto -h target.com -timeout 30
Set maximum scan time
nikto -h target.com -maxtime 7200
Reduce scan scope
nikto -h target.com -Tuning 1,2,3
Use fewer plugins
nikto -h target.com -Plugins "headers,robots" ```_
Leistungsfragen
```bash
Reduce scan intensity
nikto -h target.com -Pause 5
Limit concurrent connections
nikto -h target.com -timeout 10 -maxtime 3600
Use specific tuning to reduce load
nikto -h target.com -Tuning x6 # Exclude DoS tests
Scan specific directories only
nikto -h target.com -root /app/ ```_
Datenbank-Updates
```bash
Update Nikto database
nikto -update
Check database version
nikto -Version
Manual database update
cd /var/lib/nikto wget https://cirt.net/nikto/UPDATES/2.1.6/db_tests ```_
Debugging und Logging
```bash
Enable debug output
nikto -h target.com -Display E
Verbose output
nikto -h target.com -verbose
Save debug information
nikto -h target.com -Display E -o debug.log
Check configuration
nikto -config ```_
Ressourcen
- [offizielle Nikto-Website](LINK_7 -%20[Nikto%20GitHub%20Repository](LINK_7 -%20Nikto-Dokumentation
- Web Application Security Test
- (__LINK_7___)
- [Web Server Security](_LINK_7__ -%20(LINK_7)
--
*Dieses Betrugsblatt bietet eine umfassende Referenz für die Verwendung von Nikto für Webserver Schwachstelle Scannen. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *