265 lines
8.5 KiB
HTML
265 lines
8.5 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<link rel="stylesheet" href="../assets/css/style.css">
|
|
<link rel="icon" type="image/x-icon" href="../favicon.ico">
|
|
<script>
|
|
// Apply theme immediately to prevent flash
|
|
(function() {
|
|
const theme = localStorage.getItem('theme') ||
|
|
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
|
|
document.documentElement.setAttribute('data-theme', theme);
|
|
})();
|
|
</script>
|
|
<title>nikto Cheatsheet - Cheatsheets - Launch Pad</title>
|
|
</head>
|
|
<body>
|
|
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
|
|
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
|
|
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
|
|
</button>
|
|
<br/><br/>
|
|
<div class="name">
|
|
__ _______________________ _________._________________________
|
|
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
|
|
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
|
|
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
|
|
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
|
|
\/ \/ \/ \/ \/ \/ \/
|
|
</div>
|
|
<div class="blog-page-header">
|
|
<div class="blog-header-content">
|
|
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
|
|
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
|
|
</a>
|
|
<h1 class="blog-page-title">nikto Cheatsheet</h1>
|
|
</div>
|
|
</div>
|
|
<div class="blog-post-container">
|
|
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
|
|
<div class="blog-post">
|
|
<div class="blog-post-content">
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
<hr>
|
|
<p>Nikto is an open source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, outdated versions, and version-specific problems.</p>
|
|
<hr>
|
|
<h2>Basic Usage</h2>
|
|
<ul>
|
|
<li>nikto -h <host> - Basic scan</li>
|
|
</ul>
|
|
<ul>
|
|
<li>nikto -h http://example.com - Scan with protocol</li>
|
|
</ul>
|
|
<ul>
|
|
<li>nikto -h 192.168.1.1 -p 8080 - Scan specific port</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Target Options</h2>
|
|
<ul>
|
|
<li>-h, -host - Target host</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-p, -port - Target port (default 80)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ssl - Force SSL mode</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-nossl - Disable SSL</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-vhost - Virtual host</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-root - Prepend path to all requests</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Scan Options</h2>
|
|
<ul>
|
|
<li>-Tuning <x> - Scan tuning (see below)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-Plugins <plugins> - Select plugins</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-list-plugins - List available plugins</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-update - Update databases and plugins</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-dbcheck - Check database syntax</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Tuning Options</h2>
|
|
<p>Use with -Tuning flag:</p>
|
|
<ul>
|
|
<li>0 - File upload</li>
|
|
<li>1 - Interesting file/log</li>
|
|
<li>2 - Misconfiguration/default file</li>
|
|
<li>3 - Information disclosure</li>
|
|
<li>4 - Injection (XSS/Script/HTML)</li>
|
|
<li>5 - Remote file retrieval (inside root)</li>
|
|
<li>6 - Denial of service</li>
|
|
<li>7 - Remote file retrieval (server wide)</li>
|
|
<li>8 - Command execution/remote shell</li>
|
|
<li>9 - SQL injection</li>
|
|
<li>a - Authentication bypass</li>
|
|
<li>b - Software identification</li>
|
|
<li>c - Remote source inclusion</li>
|
|
<li>x - Reverse tuning (exclude)</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Output Options</h2>
|
|
<ul>
|
|
<li>-o, -output - Output file</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-Format <format> - Output format (csv, htm, txt, xml, json)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-Display <option> - Display options</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-nointeractive - Disable interactive features</li>
|
|
</ul>
|
|
<h3>Display Options</h3>
|
|
<ul>
|
|
<li>1 - Show redirects</li>
|
|
<li>2 - Show cookies</li>
|
|
<li>3 - Show 200/OK responses</li>
|
|
<li>4 - Show URLs requiring auth</li>
|
|
<li>D - Debug output</li>
|
|
<li>E - HTTP errors</li>
|
|
<li>P - Print progress</li>
|
|
<li>V - Verbose</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Authentication</h2>
|
|
<ul>
|
|
<li>-id user:pass - HTTP basic auth</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-id user:pass:realm - Auth with realm</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Evasion Techniques</h2>
|
|
<ul>
|
|
<li>-evasion <technique> - IDS evasion</li>
|
|
</ul>
|
|
<h3>Evasion Options</h3>
|
|
<ul>
|
|
<li>1 - Random URI encoding</li>
|
|
<li>2 - Directory self-reference (/./)</li>
|
|
<li>3 - Premature URL ending</li>
|
|
<li>4 - Long random string</li>
|
|
<li>5 - Fake parameter</li>
|
|
<li>6 - TAB as request spacer</li>
|
|
<li>7 - Random case sensitivity</li>
|
|
<li>8 - Windows directory separator (\)</li>
|
|
<li>A - Use carriage return</li>
|
|
<li>B - Use binary value 0x0b</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Proxy Options</h2>
|
|
<ul>
|
|
<li>-useproxy - Use proxy from config</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-useproxy http://proxy:port - Use specific proxy</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Performance</h2>
|
|
<ul>
|
|
<li>-timeout - Request timeout (default 10)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-Pause - Pause between tests</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-maxtime - Max scan time per host</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-until - Run until specific time</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Examples</h2>
|
|
<h3>Basic Scan</h3>
|
|
<pre><code>nikto -h example.com</code></pre>
|
|
<p>Standard vulnerability scan.</p>
|
|
<h3>SSL Scan</h3>
|
|
<pre><code>nikto -h example.com -ssl</code></pre>
|
|
<p>Scan HTTPS site.</p>
|
|
<h3>Multiple Ports</h3>
|
|
<pre><code>nikto -h example.com -p 80,443,8080</code></pre>
|
|
<p>Scan multiple ports.</p>
|
|
<h3>Save Report</h3>
|
|
<pre><code>nikto -h example.com -o report.html -Format htm</code></pre>
|
|
<p>Generate HTML report.</p>
|
|
<h3>Specific Tests</h3>
|
|
<pre><code>nikto -h example.com -Tuning 9</code></pre>
|
|
<p>SQL injection tests only.</p>
|
|
<h3>Exclude Tests</h3>
|
|
<pre><code>nikto -h example.com -Tuning x6</code></pre>
|
|
<p>Skip DoS tests.</p>
|
|
<h3>With Authentication</h3>
|
|
<pre><code>nikto -h example.com -id admin:password</code></pre>
|
|
<p>Scan with HTTP basic auth.</p>
|
|
<h3>Evasion Mode</h3>
|
|
<pre><code>nikto -h example.com -evasion 1,2,7</code></pre>
|
|
<p>Use evasion techniques.</p>
|
|
<h3>Full Verbose Scan</h3>
|
|
<pre><code>nikto -h example.com -Display V -o full_scan.txt</code></pre>
|
|
<p>Verbose output with log.</p>
|
|
<hr>
|
|
<h2>Configuration</h2>
|
|
<h3>Config File</h3>
|
|
<ul>
|
|
<li>/etc/nikto.conf - System config</li>
|
|
<li>nikto.conf - Local config</li>
|
|
</ul>
|
|
<h3>Update Databases</h3>
|
|
<pre><code>nikto -update</code></pre>
|
|
<hr>
|
|
<h2>Tips</h2>
|
|
<ul>
|
|
<li>Run -update regularly for latest tests</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -Tuning to focus on specific vulnerability types</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Nikto is noisy - it will be detected by IDS</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -evasion for basic IDS evasion</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Combine with other tools like nmap and dirb</li>
|
|
</ul>
|
|
<ul>
|
|
<li>HTML reports are good for documentation</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Some tests can be harmful - use -Tuning x6 to skip DoS</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Always get authorization before scanning</li>
|
|
</ul>
|
|
<hr>
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script async type="text/javascript" src="../blog/analytics.js"></script>
|
|
<script src="../theme.js"></script>
|
|
</body>
|
|
</html>
|