Thursday, October 31, 2013
Nikto : Open Source Web Server Scanner for Ubuntu / Debian Linux
Nikto is an Open Source (GPL) web server scanner which scans your webserver against more than 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It has a very good plugin support
What Nikto can do.
SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's
Perl/NetSSL)
Full HTTP proxy support
Checks for outdated server components
Save reports in plain text, XML, HTML, NBE or CSV
Template engine to easily customize reports
Scan multiple ports on a server, or multiple servers via input file (including nmap output)
LibWhisker's IDS encoding techniques
Easily updated via command line
Identifies installed software via headers, favicons and files
Host authentication with Basic and NTLM
Subdomain guessing
Apache and cgiwrap username enumeration
Mutation techniques to "fish" for content on web servers
Scan tuning to include or exclude entire classes of vulnerability
checks
Guess credentials for authorization realms (including many default id/pw combos)
Authorization guessing handles any directory, not just the root
directory
Enhanced false positive reduction via multiple methods: headers,
page content, and content hashing
Reports "unusual" headers seen
Interactive status, pause and changes to verbosity settings
Save full request/response for positive tests
Replay saved positive requests
Maximum execution time per target
Auto-pause at a specified time
Checks for common "parking" sites
Logging to Metasploit
Thorough documentation
Official site
To install in ubuntu / debian
$ sudo apt-get install nikto
Full installation of nikto will offer lot of options
$ nikto will give the list of options
For simple test
$ sudo nikto -h www.yoursite.com
output will we like this
abc@abc-desktop:~$ sudo nikto -h www.xxxx.com
- Nikto v2.1.4
---------------------------------------------------------------------------
+ Target IP: 202.18.233.233
+ Target Hostname: www.abcx.com
+ Target Port: 80
+ Start Time: 2013-10-32 08:29:09
---------------------------------------------------------------------------
+ Server: Apache/2.2.22 (Debian)
+ Retrieved x-powered-by header: PHP/5.4.4-14+deb7u5
+ Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
- Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-0: ETag header found on server, inode: 3965147, size: 2857, mtime: 0x433a88acc26c0
+ PHP/5.2.6-1+lenny3 appears to be outdated (current is at least 5.2.6RC4)
+ mod_perl/2.0.4 appears to be outdated (current is at least 5.8)
Wednesday, October 9, 2013
Linux Troubleshooting with dmesg command
During bootup process, kernel gets loaded into the system memory and it controls the entire system.
During the bootup process , kernel displays number of messages and hardware divice information.
These messages will keep in a ring buffer. You can use these messages for sytem Troubleshooting. You can see these messages by using dmesg command.
1. open a terminal and type
$ dmesg |more
2. To see the status of Network
$ dmesg | grep eth
3. To see the memory status
$ dmesg | grep Memory
4. for clearing dmesg buffer
$ dmesg -c
During the bootup process , kernel displays number of messages and hardware divice information.
These messages will keep in a ring buffer. You can use these messages for sytem Troubleshooting. You can see these messages by using dmesg command.
1. open a terminal and type
$ dmesg |more
2. To see the status of Network
$ dmesg | grep eth
3. To see the memory status
$ dmesg | grep Memory
4. for clearing dmesg buffer
$ dmesg -c
Subscribe to:
Posts (Atom)