Beberapa tool yang dapat digunakan untuk enumerasi adalah Nikto, W3bfukkor, sqlier.sh, hping, dan nmap. Nikto adalah scanner web server berbasis open source yang mampu melakukan pengujian komprehensif untuk berbagai aspek,termasuk lebih dari 3300 file/CGI berbahaya yang potensial 625 versi server, dan 230 masalah spesifik server.
Download Nikto di
http://www.net-security.org/. Setelah ter-download, unzip file nikto-current.tar.gz. Hasil unzip menghasilkan folder baru dengan nama nikto-2.1.1.
Untuk menjalankan Nikto, masuk ke folder nikto-2.1.1, lalu jalankan file nikto.pl.
[msmunir@localhost nikto-2.1.1]$ ./nikto.pl -h 202.46.3.71
- ***** SSL support not available (see docs for SSL install instructions) *****
- Nikto v2.1.1
---------------------------------------------------------------------------
+ Target IP: 202.46.3.71
+ Target Hostname: 202.46.3.71
+ Target Port: 80
+ Start Time: 2010-08-06 14:06:25
---------------------------------------------------------------------------
+ Server: Apache/2.2.13 (Fedora)
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'proxy-connection' found, with contents: close
+ Uncommon header 'x-cache' found, with contents: HIT from proxy.batan.go.id
+ Uncommon header 'x-cache-lookup' found, with contents: HIT from proxy.batan.go.id:8080
+ ETag header found on server, inode: 1254085, size: 441, mtime: 0x4668a5e45df00
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ Apache/2.2.13 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ OSVDB-3092: /download/: This might be interesting...
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3818 items checked: 11 item(s) reported on remote host
+ End Time: 2010-08-06 14:10:55 (270 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
[msmunir@localhost nikto-2.1.1]$
Lihat :
http://cirt.net/nikto2
OS : IGN2010
[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.35.6-37.ign5.i686.PAE #1 SMP Sun Oct 3 09:23:05 WIT 2010 i686 i686 i386 GNU/Linux
Install :
# yum install nikto
Menjalankan
# nikto -host x.y.70.165
Hasil :
[root@localhost ~]# nikto -host x.y.70.165
- ***** SSL support not available (see docs for SSL install instructions) *****
- Nikto v2.1.1
---------------------------------------------------------------------------
+ Target IP: x.y.70.165
+ Target Hostname: x.y.70.165
+ Target Port: 80
+ Start Time: 2011-05-09 4:35:04
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Fedora)
+ Number of sections in the version string differ from those in the database, the server reports: apache/2.2.8 while the database has: 2.2.14. This may cause false positives.
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ Retrieved X-Powered-By header: PHP/5.2.5
+ OSVDB-3233: /phpinfo.php: Contains PHP configuration information
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3092: /download/: This might be interesting...
+ OSVDB-3092: /temp/: This might be interesting...
+ 3818 items checked: 8 item(s) reported on remote host
+ End Time: 2011-05-09 4:50:04 (932 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's ident string (Apache/2.2.8) are not in
the Nikto database or is newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)? y
- Sent updated info to CIRT.net -- Thank you!
[root@localhost ~]#
[root@localhost ~]# nikto -host x.y.70.162
- ***** SSL support not available (see docs for SSL install instructions) *****
- Nikto v2.1.1
---------------------------------------------------------------------------
+ Target IP: x.y.70.162
+ Target Hostname: x.y.70.162
+ Target Port: 80
+ Start Time: 2011-05-09 7:21:07
---------------------------------------------------------------------------
+ Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2 PHP/5.3.3 with Suhosin-Patch
- Root page / redirects to: http://mail.batan.go.id/squirrelmail/index.php
+ mod_ssl/2.2.17 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ Number of sections in the version string differ from those in the database, the server reports: php/5.3.3 while the database has: 5.2.11. This may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ Retrieved X-Powered-By header: PHP/5.3.3
+ mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2 PHP/5.3.3 with Suhosin-Patch - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0082, OSVDB-756.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3093: /squirrelmail/src/read_body.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ 3818 items checked: 7 item(s) reported on remote host
+ End Time: 2011-05-09 7:42:07 (1260 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's ident string (OpenSSL/0.9.8n Apache/2.2.17 PHP/5.3.3) are not in
the Nikto database or is newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)? y
- Sent updated info to CIRT.net -- Thank you!
[root@localhost ~]#
[root@localhost ~]# nikto -host x.y.70.163
- ***** SSL support not available (see docs for SSL install instructions) *****
- Nikto v2.1.1
---------------------------------------------------------------------------
+ Target IP: x.y.70.163
+ Target Hostname: x.y.70.163
+ Target Port: 80
+ Start Time: 2011-05-09 8:16:08
---------------------------------------------------------------------------
+ Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/1.0.0d PHP/5.3.5 with Suhosin-Patch
+ mod_ssl/2.2.17 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ Number of sections in the version string differ from those in the database, the server reports: php/5.3.5 while the database has: 5.2.11. This may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ Retrieved X-Powered-By header: PHP/5.3.5
+ mod_ssl/2.2.17 OpenSSL/1.0.0d PHP/5.3.5 with Suhosin-Patch - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0082, OSVDB-756.
+ ERROR: /splashAdmin.php returned an error: error reading HTTP response
+ ERROR: /help.html returned an error: error reading HTTP response
+ ERROR: /blah_badfile.shtml returned an error: error reading HTTP response
+ ERROR: /SiteServer/Admin/commerce/foundation/DSN.asp returned an error: error reading HTTP response
+ ERROR: /fpdb/shop.mdb returned an error: error reading HTTP response
+ ERROR: /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter returned an error: error reading HTTP response
+ ERROR: /admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv returned an error: error reading HTTP response
+ ERROR: /servlet/sunexamples.BBoardServlet returned an error: error reading HTTP response
+ ERROR: /php/php.exe?c:\boot.ini returned an error: error reading HTTP response
+ ERROR: /samples/search.dll?query= returned an error: error reading HTTP response
+ ERROR: /phpimageview.php?pic=javascript:alert('Vulnerable') returned an error: error reading HTTP response
+ ERROR: /add.php3?url=ja&adurl=javascript: returned an error: error reading HTTP response
+ ERROR: /admin.html returned an error: error reading HTTP response
+ ERROR: /examples/jsp/snp/anything.snp returned an error: error reading HTTP response
+ ERROR: /cgi-bin/cgiwrap returned an error: error reading HTTP response
+ ERROR: /pmlite.php returned an error: error reading HTTP response
+ ERROR: /servlet/allaire.jrun.ssi.SSIFilter returned an error: error reading HTTP response
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3092: /download/: This might be interesting...
+ ERROR: /hits.txt returned an error: Total transaction timed out
+ OSVDB-3092: /img/: This may be interesting...
+ OSVDB-3092: /test/: This might be interesting...
+ OSVDB-3268: /images/: Directory indexing is enabled: /images
+ ERROR: /syshelp/stmex.stm?foo= returned an error: error reading HTTP response
+ OSVDB-3092: /qa/: This might be interesting... potential country code (Qatar)
+ 3818 items checked: 11 item(s) reported on remote host
+ End Time: 2011-05-09 8:37:08 (1280 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's ident string (Apache/2.2.17 PHP/5.3.5 OpenSSL/1.0.0d) are not in
the Nikto database or is newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)? y
- Sent updated info to CIRT.net -- Thank you!
[root@localhost ~]#
[root@localhost ~]# nikto -host x.y.z3.5
- ***** SSL support not available (see docs for SSL install instructions) *****
- Nikto v2.1.1
---------------------------------------------------------------------------
+ Target IP: x.y.z3.5
+ Target Hostname: x.y.z3.5
+ Target Port: 80
+ Start Time: 2011-05-09 11:47:57
---------------------------------------------------------------------------
+ Server: Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2
- Root page / redirects to: http:///xampp/
+ Number of sections in the version string differ from those in the database, the server reports: apache/2.2.4 while the database has: 2.2.14. This may cause false positives.
+ Number of sections in the version string differ from those in the database, the server reports: mod_ssl/2.2.4 while the database has: 2.8.31. This may cause false positives.
+ mod_ssl/2.2.4 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ OpenSSL/0.9.8e appears to be outdated (current is at least 0.9.8i) (may depend on server version)
+ Number of sections in the version string differ from those in the database, the server reports: php/5.2.2 while the database has: 5.2.11. This may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ Retrieved X-Powered-By header: PHP/5.2.2
+ ETag header found on server, inode: 12421, size: 202, mtime: 0x2cddf680
+ mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0082, OSVDB-756.
+ OSVDB-682: /webalizer/: Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS).
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /restricted/: This might be interesting...
+ OSVDB-3233: /info.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3818 items checked: 16 item(s) reported on remote host
+ End Time: 2011-05-09 12:08:15 (1218 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's ident string (PHP/5.2.2 (Win32) Apache/2.2.4) are not in
the Nikto database or is newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)? y
- Sent updated info to CIRT.net -- Thank you!
[root@localhost ~]#