Nikto是一个扫描Web服务漏洞的一个工具,也是使用最广泛的扫描工具之一。

Nikto在它网站上的描述:

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

扫描的内容包括:

使用示例:

# nikto -h http://your_target.com -o result.HTML

rpc远程执行漏洞(使用Nikto扫描网站漏洞)(1)

-h参数指定要扫描的主机;-o指定把扫描结果保存到result.html文件中,输出格式也可以是CSV、TXT和XML。

它将会用不少时间扫描,扫描完成之后查看result.html文件:

rpc远程执行漏洞(使用Nikto扫描网站漏洞)(2)

更多常用选项:

更多信息查看man:

# man nikto

,