Podemos decir que estas herramientas a veces nos traen informacion super importante para realizar algun TEST de penetracion .
Pues con la ayuda de Nikto version 2, un excelente proyecto basado en PERL , nos permite escanear todos los posibles directorios y archivos vulnerables en nuestro sistema web.
para ello solamente vamos a la web oficial de Nikto 2 http://cirt.net/nikto2 y descargamos el proyecto.
para ejecutarlo es muy sencillo.
Solamente descargarmos el tar.gz
lo descomprimimos en el directorio de nuestra preferencia.
y ejecutamos el siguiente comando:
perl nikto.pl -h www.domain.com
y apartir de ahi nos puede lansar informacon interesante como esta:
+ /admin/admin_news_bot.php?root_path=http://cirt.net/rfiinc.txt??: Potential PHP MSSQL database connection string found.
+ /admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/admin_users.php?phpbb_root_path=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/auth.php?xcart_dir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/auth.php?xcart_dir=http://cirt.net/rfiinc.txt??: Potential PHP MSSQL database connection string found.
+ /admin/auth/secure.php?cfgProgDir=http://cirt.net/rfiinc.txt??: Potential PHP MSSQL database connection string found.
+ /admin/autoprompter.php?CONFIG[BASE_PATH]=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/bin/patch.php?INSTALL_FOLDER=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/catagory.php?language=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/OLE/PPS.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/OLE/PPS/File.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/OLE/PPS/Root.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/code/index.php?load_page=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/comment.php?config[installdir]=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/common-menu.php?CONF[local_path]=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/components/com_fm/fm.install.php?lm_absolute_path=../../../&install_dir=http://cirt.net/rfiinc.txt??: Potential PHP MSSQL database connection string found.
+ /admin/config_settings.tpl.php?include_path=http://cirt.net/rfiinc.txt??&cmd=id: Potential PHP MSSQL database connection string found.
+ /admin/directory.php?config[installdir]=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/doeditconfig.php?thispath=../includes&config[path]=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/frontpage_right.php?loadadminpage=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/header.php?loc=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/inc/add.php?format_menue=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
+ /admin/inc/change_action.php?format_menue=http://cirt.net/rfiinc.txt?: Potential PHP MSSQL database connection string found.
Saludos
No hay comentarios:
Publicar un comentario