100个最佳网络安全工具里找了下,排12的是个Nikto,也是[10个最佳web扫描器](http://sectools.org/web- scanners.html)里排第一个的,装了试一下,挺不错

wang@wang-laptop:~$ sudo apt install nokto

wang@wang-laptop:~$ nikto -Help
   Options:
       -config+       		use this config file
       -Cgidirs+       		scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi-a/"
       -Display+       		turn on/off display outputs:
       		       	           1     Show redirects
       		       	           2     Show cookies received
       		       	           3     Show all 200/OK responses
       		       	           4     Show URLs which require authentication
       		       	           D     Debug Output
       		       	           V     Verbose Output
       -dbcheck       		check database and other key files for syntax errors (cannot be abbreviated)
       -evasion+        	ids evasion technique:
       		       	           1     Random URI encoding (non-UTF8)
       		       	           2     Directory self-reference (/./)
       		       	           3     Premature URL ending
       		       	           4     Prepend long random string
       		       	           5     Fake parameter
       		       	           6     TAB as request spacer
       		       	           7     Change the case of the URL
       		       	           8     Use Windows directory separator (\)
       -findonly      		find http(s) ports only, don't perform a full scan
       -Format+     		save file (-o) format:
       		       	           htm   HTML Format
       		       	           csv   Comma-separated-value
       		      	           txt   Plain text (default if not specified)
                                   xml   XML Format
       -host+       		target host
       -Help        		Extended help information
       -id+          		host authentication to use, format is userid:password
       -mutate+           	Guess additional file names:
       		       	           1     Test all files with all root directories
       		       	           2     Guess for password file names
       		       	           3     Enumerate user names via Apache (/~user type requests)
       		       	           4     Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
       -nolookup       		skip name lookup
       -output+       		write output to this file
       -port+       		port to use (default 80)
       -Pause+       		pause between tests (seconds)
       -root+       		prepend root value to all requests, format is /directory
       -ssl 	     		force ssl mode on port
       -Single 	     		Single request mode
       -timeout+     		timeout (default 2 seconds)
       -Tuning+	     		scan tuning:
       		       	           0     File Upload
       		       	           1     Interesting File / Seen in logs
       		       	           2     Misconfiguration / Default File
       		       	           3     Information Disclosure
       		       	           4     Injection (XSS/Script/HTML)
       		       	           5     Remote File Retrieval - Inside Web Root
       		       	           6     Denial of Service
       		       	           7     Remote File Retrieval - Server Wide
       		       	           8     Command Execution / Remote Shell
       		       	           9     SQL Injection
       		       	           a     Authentication Bypass
       		       	           b     Software Identification
       		       	           c     Remote Source Inclusion
       		       	           x     Reverse Tuning Options (i.e., include all except specified)
       -useproxy         	use the proxy defined in config.txt
       -update      		update databases and plugins from cirt.net (cannot be abbreviated)
       -Version       		print plugin and database versions
       -vhost+       		virtual host (for Host header)
   + requires a value

试着扫了下自己的笔记本,发现还是扫到很有意思的东西 环境: ubuntu9.10 + apache2(默认配置) 居然有这么个地址 http://localhost/server-status 记录的是apache运行状态。

wang@wang-laptop:/opt/nessus/bin$ nikto -host localhost
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    localhost
+ Target Port:        80
+ Start Time:         2009-12-07 0:25:00
---------------------------------------------------------------------------
+ Server: Apache/2.2.12 (Ubuntu)
- Allowed HTTP Methods: GET, HEAD, POST, OPTIONS 
+ OSVDB-0: GET /./ : Appending '/./' to a directory allows indexing
+ OSVDB-0: GET /%2e/ : Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. http://www.securityfocus.com/bid/2513.
+ OSVDB-561: GET /server-status : This reveals Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
+ OSVDB-119: GET /?PageServices : The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269.
+ OSVDB-119: GET /?wp-cs-dump : The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269.
+ OSVDB-3092: GET /shop/ : This might be interesting...
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 9 item(s) reported on remote host
+ End Time:        2009-12-07 0:25:00 (15 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -host localhost
---------------------------------------------------------------------------