Security:niktoを利用したアプリケーション脆弱性チェック
提供:KinusatiWiki
WEB サーバ & WEB アプリケーション向けセキュリティスキャナ Niktoを利用して脆弱性をチェックしてみた。 なおniktoはperlで動作するためプラットフォームを限定せずに実施。
インストール
Niktoのサイトからダウンロードしてインストールする
$ wget http://www.cirt.net/nikto/nikto-current.tar.gz $ tar xvzfp nikto-current.tar.gz $ cd nikto-2.02/
niktoを利用してスキャン実行
nikto.plを実行するだけ。
$ ./nikto.pl -host <ホスト> -port 80
実行例は以下。
$ ./nikto.pl -host www.hogehoge.fuga -port 80 - ***** SSL support not available (see docs for SSL install instructions) ***** --------------------------------------------------------------------------- - Nikto 2.02/2.03 - cirt.net + Target IP: xxx.xxx.xxx.xxx + Target Hostname: www.hogehoge.fuga + Target Port: 80 + Start Time: 2008-05-32 14:11:04 --------------------------------------------------------------------------- + Server: Apache + OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.5 + OSVDB-0: GET /index.php?module=My_eGallery : My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. + OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: GET /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: GET /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: GET /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-3093: GET /index.php?base=test%20 : This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3093: GET /index.php?IDAdmin=test : This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3093: GET /index.php?pymembs=admin : This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3093: GET /index.php?SqlQuery=test%20 : This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3093: GET /index.php?tampon=test%20 : This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3093: GET /index.php?topic=<script>alert(document.cookie)</script>%20 : This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3092: GET /xmlrpc.php : xmlrpc.php was found. + 4347 items checked: 13 item(s) reported on remote host + End Time: 2008-05-32 14:26:00 (896 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
