{"id":267,"date":"2019-10-22T20:43:05","date_gmt":"2019-10-22T12:43:05","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=267"},"modified":"2025-07-27T18:24:39","modified_gmt":"2025-07-27T10:24:39","slug":"nikto","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/267","title":{"rendered":"nikto"},"content":{"rendered":"\n

nikto<\/h3>\n

http:\/\/www.cirt.net\/
\nweb\u5f31\u6383\u5de5\u5177 \u53ef\u4ee5\u6383\u63cf\u6307\u5b9a\u4e3b\u6a5f\u7684web\u985e\u578b\u3001\u4e3b\u6a5f\u540d\u7a31\u3001\u7279\u5b9a\u76ee\u9304\u3001cookie\u3001\u7279\u5b9acgi \u6f0f\u6d1e\u3001xss\u6f0f\u6d1e\u3001sql\u6f0f\u6d1e\u3001\u7b49\u5b89\u5168\u554f\u9898
\n\u4f7f\u7528perl \u958b\u767c\uff0c\u4e5f\u662f\u4e00\u6b3e\u547d\u4ee4\u6a21\u5f0f\u7684\u5de5\u5177<\/p>\n

refer
\nhttps:\/\/blog.csdn.net\/mydriverc2\/article\/details\/41365687<\/p>\n

\u00a0<\/p>\n

\u7dad\u8b77<\/h3>\n

nikto -update #\u66f4\u65b0\u5916\u639b
\nnikto -list-plugins #\u6aa2\u8996\u5916\u639b
\n\u7d44\u614b\u6a94\u9810\u8a2d\u4f4d\u7f6e\/etc\/nikto.conf<\/p>\n

\u00a0<\/p>\n

\n

\u57fa\u672c\u4f7f\u7528<\/h3>\n

-h\/host \u6307\u5b9a\u6383\u63cf\u7684\u76ee\u6a19
\n-p\/port \u6307\u5b9a\u6383\u63cf\u7684\u57e0
\n-F < html|csv|msf|txt|xml>\u6307\u5b9a\u4fdd\u5b58\u7d50\u679c\u6587\u4ef6\u7684\u985e\u578b
\n-o\/output \u8f38\u51fa\u7d50\u679c\u7684\u6587\u4ef6\u540d\u7a31
\n-config < file> \u5728\u6383\u63cf\u4e2d\u7528\u6307\u5b9a\u7684\u7d44\u614b\u6a94
\n-useproxy \u900f\u904eproxy\u52d5\u4f5c<\/p>\n

ex:\n\u6383\u63cf\u7db2\u57df\n#Nikto -host http:\/\/1.1.1.1  \n\nex:\n\u6383\u63cfip\u548c\u57e0\u865f\n#Nikto -host 1.1.1.1 -port 80 \n\nex:\n\u6383\u63cfhttps\u7db2\u7ad9\n#Nikto -host www.baidu.com -port 443 -ssl \n\nex:\n\u6383\u63cf\u6587\u5b57\u6a94\u5167\u6240\u6709\u7684\u76ee\u6a19\n#Nikto -host domain_list.txt \n\nex:\n\u6383\u63cf\u4e26\u8f38\u51fa\u7d50\u679c\n#Nikto -host http:\/\/1.1.1.1 -output     \n\nex:\n\u6383\u63cf\u4e26\u8f38\u51fahtml\u7d50\u679c\n#nikto \u2013h www.google.com -F html -o test.html  \n\nex:\n#\u5229\u7528proxy\u6383\u63cf\nnikto -host 192.168.0.1 -useproxy http:\/\/localhost:8070 \n\nex:\n#\u6839\u64danmap\u7684\u7d50\u679c\u505a\u6383\u63cf \nnmap -p80 192.168.1.0\/24 -oG - | nikto -host -  \n<\/code><\/pre>\n
\u00a0<\/p>\n
\n
\u9032\u968e\u4f7f\u7528<\/h3>\n
-D\/display < parameter> \u63a7\u5236nikto\u7684\u8f93\u51fa\u65b9\u5f0f<\/h4>\n
< parameter> \u9078\u9805\u5982\u4e0b
\n1 \u76f4\u63a5\u8f38\u51fa\u8a0a\u606f
\n2 \u986f\u793acookie\u8a0a\u606f
\n3 \u986f\u793a\u6240\u6709 200 \/OK \u7684\u56de\u61c9
\n4 \u986f\u793a\u9700\u8981\u8a8d\u8b49\u7684URL
\nD Debug\u8f38\u51fa
\nV \u8a73\u7d30\u8f93\u51fa<\/p>\n
-T < parameter>  \u6307\u5b9a\u6383\u63cf\u578b\u5225<\/h4>\n
< parameter> \u53ef\u9078\u7684\u6709\u4ee5\u4e0b\uff0c\u9810\u8a2d\u662f\u5168\u90e8\u4f7f\u7528
\n0.\u6a94\u6848\u4e0a\u50b3
\n1.\u65e5\u8a8c\u6a94\u6848
\n2.\u9810\u8a2d\u7684\u6a94\u6848
\n3.\u8cc7\u8a0a\u6d29\u6f0f
\n4.XSS\/Script\/HTML\u7b49\u6ce8\u5165
\n5.\u9060\u7aefweb\u76ee\u9304\u6a94\u6848\u6aa2\u7d22
\n6.\u62d2\u7d55\u670d\u52d9
\n7.\u9060\u7aef\u4f3a\u670d\u5668\u6a94\u6848\u6aa2\u7d22
\n8.\u7a0b\u5f0f\u78bc\u57f7\u884c-\u9060\u7aefshell
\n9.SQL\u6ce8\u5165
\na.\u8a8d\u8b49\u7e5e\u904e
\nb.\u8edf\u9ad4\u95dc\u806f
\ng.\u5c6c\u6027(\u4e0d\u8981\u4f7f\u7528banner\u7684\u8cc7\u8a0a)
\nx.\u555f\u7528\u8868\u793a\u4e0a\u9762\u9078\u7684\u90fd\u4e0d\u8981\u6aa2\u67e5
\nex
\n\u53ea\u91dd\u5c0dxss\u548csql\u6ce8\u5165\u505a\u6aa2\u67e5
\n.\/nikto.pl -h www.google.com -T 49<\/p>\n
-e < parameter>  \u5c0d\u6383\u63cf\u5305\u9032\u884c\u4e00\u4e9b\u8b8a\u5f62\uff0c\u7e5e\u904eIDS\u6aa2\u6e2c<\/h4>\n
< parameter> \u9078\u9805\u5982\u4e0b
\n1 \u9032\u884c\u96a8\u6a5furl\u7de8\u78bc
\n2 \u4f7f\u7528\u76f8\u5c0d\u8def\u5f91\u53c3\u7167 (\/ .\/)
\n3 \u5118\u53ef\u80fd\u65e9\u7684\u7d50\u675furl\u8a2a\u554f
\n4 \u4f7f\u7528\u9577\u96a8\u6a5f\u5b57\u4e32
\n5 \u96b1\u85cf\u5f15\u6578
\n6 \u4f7f\u7528TAB\u4f5c\u70ba\u547d\u4ee4\u7684\u5206\u9694\u7b26\u865f
\n7 \u66f4\u6539URL\u5927\u5c0f\u5beb
\n8 \u4f7f\u7528windows \u8def\u5f91\u5206\u9694\u7b26
\nA \u4f7f\u7528\u78ba\u8a8d\u9375 (0x0d) \u4f5c\u70ba\u8acb\u6c42\u9593\u9694
\nB \u4f7f\u7528\u4e8c\u9032\u4f4d\u5236(0x0b) \u6700\u70ba\u8acb\u6c42\u9593\u9694
\nex
\n\u4f7f\u7528\u96a8\u6a5furl\u7de8\u78bc\u548c\u5118\u53ef\u80fd\u65e9\u7d50\u675furl\u5b58\u53d6\u4f86\u9583IDS\u6aa2\u6e2c
\n.\/nikto.pl \u2013h www.google.com -e 13<\/p>\n
-mutate < parameter>  \u731c\u989d\u5916\u7684\u6587\u4ef6\u540d<\/h4>\n
< parameter> \u9078\u9805\u5982\u4e0b
\n1 \u6e2c\u8a66\u6240\u6709\u7684\u6587\u4ef6\u548c\u6240\u6709\u7684\u6839\u76ee\u9304
\n2 \u731c\u6e2c\u5bc6\u78bc\u6587\u4ef6\u540d
\n3 \u900f\u904eApache\u5217\u8209\u7528\u6237\u540d(\/~user type requests)
\n4 \u900f\u904ecgiwrap\u5217\u8209\u7528\u6237\u540d(\/cgi-bin\/cgiwrap\/~user type requests)
\n5 \u66b4\u529b\u7834\u89e3\u5b50\u57df\u540d\uff0c\u5047\u8bbe\u4e3b\u673a\u540d\u79f0\u662f\u7236\u57df\u540d
\n6 \u7528\u5b57\u5178\u6a94\u731c\u76ee\u9304\u540d\u7a31<\/p>\n
\u00a0<\/p>\n
\n
refer
\nhttps:\/\/cirt.net\/nikto2-docs\/options.html
\nhttp:\/\/secpark.com.cn\/tools
\nhttps:\/\/www.itread01.com\/content\/1542381006.html
\nhttps:\/\/blog.csdn.net\/mydriverc2\/article\/details\/41365687<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[369],"tags":[3],"class_list":["post-267","post","type-post","status-publish","format-standard","hentry","category-red-team","tag-tool"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=267"}],"version-history":[{"count":1,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/267\/revisions"}],"predecessor-version":[{"id":2412,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/267\/revisions\/2412"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}