Checando vulnerabilidades com o Nikto
Neste artigo vou mostrar como instalar, atualizar e usar o Nikto. Este programa é um scanner de vulnerabilidades bastante simples e fácil de usar.
[ Hits: 66.722 ]
Por: Perfil removido em 12/07/2006
-***** SSL support not available (see docs for SSL install instructions) ***** --------------------------------------------------------------------------- - Nikto 1.35/1.36 - www.cirt.net + Target IP: 192.168.131.1 + Target Hostname: 192.168.131.1 + Target Port: 80 + Start Time: Tue Jun 6 21:10:44 2006 --------------------------------------------------------------------------- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache/2.0.52 (Fedora) + Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE + HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-877. + Apache/2.0.52 appears to be outdated (current is at least Apache/2.0.55). Apache 1.3.33 is still maintained and considered secure. + /cgi-bin/.htaccess - Contains authorization information (GET) + /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used, the /icons directory should be removed. (GET) + /index.html.var - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET) + /manual/images/ - Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET) + /cgi-bin/.htaccess.old - Backup/Old copy of .htaccess - Contains authorization information (GET) + /cgi-bin/.htaccess.save - Backup/Old copy of .htaccess - Contains authorization information (GET) + /cgi-bin/.htaccess - Contains authorization information (GET) + /cgi-bin/.htaccess~ - Backup/Old copy of .htaccess - Contains authorization information (GET) + /cgi-bin/.htpasswd - Contains authorization information (GET) + /.htaccess - Contains authorization information (GET) + /.htpasswd - Contains authorization information (GET) + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE) + /manual/ - Web server manual? tsk tsk. (GET) + /webmail/ - Redirects to src/login.php , Web based mail package installed. + The IBM Web Traffic Express Caching Proxy is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /webmail/src/read_body.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + 2670 items checked - 15 item(s) found on remote host(s) + End Time: Tue Jun 6 21:10:50 2006 (6 seconds) --------------------------------------------------------------------------- + 1 host(s) testedAgora basta avaliar as opções de uso de Nikto e criar o relatório com as vulnerabilidades encontradas no seu sistema.
Instalando fontes true type no Linux via Kcontrol
Gerando gráficos para interfaces de rede com MRTG
Repensando o PID 1 - Lennart Poettering
Instalando Apache2, PHP4 e MySQL
Servidor de DNS com DNS reverso, DHCP3 e wpad.dat
Segurança em Software de Código Aberto
CheckSecurity - Ferramenta para segurança simples e eficaz, com opção para plugins
Conciliando o uso da ZRAM e SWAP em disco na sua máquina
Servidor de Backup com Ubuntu Server 24.04 LTS, RAID e Duplicati (Dell PowerEdge T420)
Visualizar câmeras IP ONVIF no Linux sem necessidade de instalar aplicativos
Autologin: praticidade ou não?
Instalação do Onion OS no Miyoo Mini e Miyoo Mini Plus
Proteja seu Linux Mint com o Timeshift: Restaure o sistema mesmo que ele não inicie!
Dúvidas sobre a originalidade de conteúdos online (1)
Google Crhome não abre desde que eu atualizei pelo "program... (3)
como instalar o amdgpu no linux manjaro no linux, pelo o repo e comand... (4)