Bermain Dengan Nitko Tool

Ambil sourcenya dari sini install

root@repo:/usr/local/src# tar zxf nikto-current.tar.gz

root@repo:/usr/local/src# ls
CHANGELOG   Desktop  idefisk131.tar.gz  index.html.1  libiaxclient.so  nikto-current.tar.gz  X-Lite_Install.tar.gz
config.zip  idefisk  index.html         install.txt   nikto-2.02       untangle-vpn          xten-xlite

root@repo:/usr/local/src# cd nikto-2.02

root@repo:/usr/local/src/nikto-2.02# ls
config.txt  docs  nikto.pl  plugins  templates

Nitko hampir sama fungsi kerjanya dengan Nmap (coba bedakan sendiri yaah)
root@repo:/usr/local/src/nikto-2.02# perl nikto.pl -h localhost
– ***** SSL support not available (see docs for SSL install instructions) *****
—————————————————————————
– Nikto 2.02/2.03     –     cirt.net
+ Target IP:       127.0.0.1
+ Target Hostname: localhost
+ Target Port:     80
+ Start Time:      2008-07-31 1:20:01
—————————————————————————
+ Server: Apache/2.2.8 (Ubuntu)
– Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP method (‘Allow’ Header): ‘TRACE’ is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-48: GET /doc/ : The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-561: GET /server-status : This reveals Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 4347 items checked: 7 item(s) reported on remote host
+ End Time:        2008-07-31 1:20:01 (14 seconds)
—————————————————————————
+ 1 host(s) tested
============================================================

contoh hasil scaning pada localhost

=====================

root@repo:/usr/local/src/nikto-2.02# perl nikto.pl -h pemko-batam.go.id
– ***** SSL support not available (see docs for SSL install instructions) *****
—————————————————————————
– Nikto 2.02/2.03     –     cirt.net
+ Target IP:       222.124.9.53
+ Target Hostname: pemko-batam.go.id
+ Target Port:     80
+ Start Time:      2008-07-31 1:22:01
—————————————————————————
+ Server: Apache/2.2.0 (Fedora)
====================

contoh hasil scaning pada situs pemko batam, ooh” ternyata webservernya masih fedora 🙂

====================

:perhatikan, gunakan selalu perintah “perl”

keterangan lebih lanjut silahkan klik di sini

Advertisements

One thought on “Bermain Dengan Nitko Tool

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s