[Share dikit] Nikto di windows XP (buat scan target vulnerability)

Nikto buat scan website target vulnerabilities
Download ActivePerl:
[You must be registered and logged in to see this link.]
-----------------------------------------------
download nikto:
[You must be registered and logged in to see this link.]
---------------------------------------------------------------
Install activeperl
extract dan copy folder nikto-2.1.4 ke C:\perl\bin

kemudian edit nikto.conf ganti dengan config berikut:

Code:: #########################################################################################################
# CONFIG STUFF
# $Id: nikto.conf 632 2011-02-19 02:49:31Z sullo $
#########################################################################################################

# default command line options, can't be an option that requires a value. used for ALL runs.
# CLIOPTS=-g -a

# ports never to scan
SKIPPORTS=21 111

# User-Agent variables:
# @VERSION - Nikto version
# @TESTID - Test identifier
# @EVASIONS - List of active evasions
USERAGENT=Mozilla/4.75 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)

# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?>
# You may use the one below, if you like.
RFIURL=http://cirt.net/rfiinc.txt?

# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=

# if Nikto is having difficulty finding the 'plugins', set the full install path here
# EXECDIR=/usr/local/nikto

# The DTD
NIKTODTD=docs/nikto.dtd

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.0

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone ;) *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes - ask before each submission if it should send
# UPDATES=no - don't ask, don't send
# UPDATES=auto - automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=20

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

# cirt.net : set the IP so that updates can work without name resolution -- just in case
CIRT=174.142.17.165

# Proxy settings -- still must be enabled by -useproxy
#PROXYHOST=127.0.0.1
#PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword

# Cookies: send cookies with all requests
# Multiple can be set by separating with a semi-colon, e.g.:
# "cookie1"="cookie value";"cookie2"="cookie val"
#STATIC-COOKIE=

# The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server
# is running. Some web servers, such as the autopsy web server do not implement the HEAD method
CHECKMETHODS=HEAD GET

# If you want to specify the location of any of the files, specify them here
# EXECDIR=/opt/nikto
# PLUGINDIR=/opt/nikto/plugins
# TEMPLATEDIR=/opt/nikto/templates
# DOCDIR=/opt/nikto/docs

# Default plugin macros
@@MUTATE=dictionary;subdomain
@@DEFAULT=@@ALL;-@@MUTATE;tests(report:500)

cara menggunakan, buka CMD
----------------------------------------------
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\UserXP>cd..

C:\Documents and Settings>cd..

C:\>cd perl

C:\Perl>cd bin

C:\Perl\bin>perl nikto-2.1.4/nikto.pl -host [You must be registered and logged in to see this link.]
- Nikto v2.1.4
---------------------------------------------------------------------------
+ Target IP: 0.0.0.1
+ Target Hostname: [You must be registered and logged in to see this link.]
+ Target Port: 80
+ Start Time: 2012-02-29 08:30:34
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (Fedora)
+ ETag header found on server, inode: 12748, size: 1475, mtime: 0x4996d177f5c3b
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6448 items checked: 1 error(s) and 6 item(s) reported on remote host
+ End Time: 2011-12-29 06:50:37 (34 seconds)

---------------------------------------------------------------------------

+ 1 host(s) tested

nah tuh folder icon yang ketemu,mari kita liat2 gambar iconnya

hehehe... kabur.. :ngacir

digitalcat wrote:: nah tuh folder icon yang ketemu,mari kita liat2 gambar iconnya

haha, iyo kk..kira2 iconnya apaan ya [Share dikit] Nikto di windows XP (buat scan target vulnerability) 3529815765

matep om

jangan-jangan icon efbiei maling

ajip gan

[Share dikit] Nikto di windows XP (buat scan target vulnerability) 772168924

datang lagi.. makasih om sama2

kok cant open perl script "nikto-2.1.4/nikto.pl-host": No Such File or directory

ini bsa buat wndws 7 gan?

cara liat iconnya gmn?

kok cant open perl script "nikto-2.1.4/nikto.pl-host": No Such File or directory
salah ketik gan, harusnya nikto-2.1.4/nikto.pl <spasi> -host
---
bisa buat win7 gan,
---cara liat iconnya gmn?
cara liat ikonnya disini gan = [You must be registered and logged in to see this link.]