Memeriksa keamanan webserver dengan NIKTO pada Windows 7

Proses Scanning sangat dibutuhkan untuk menganalisa web server apakah web server yang kita buat itu sudah tidak ada kekurangan atau malah masih banyak kekurangan, untuk kali ini saya mencoba untuk melakukan scanning web server dengan nikto. Nikto adalah tools untuk pemeriksaan vulnerability pada apache. Jadi anda dapat mengetahui dimana letak hole pada suatu web server. Tetapi ingat melakukan scanning server adalah ilegal jika Anda tidak mempunyai hak akses di dalamnya.
Langkah-langkah menggunakan Nikto pada Windows 7 adalah sebagai berikut : 1. Download dan Install ActivePerl 2. Download nikto-2.1.5 3. Extract dan copy folder nikto-2.1.5 ke C:\perl\bin 4. Edit nikto.conf ganti dengan config berikut: ######################################################################################################### # CONFIG STUFF # $Id: nikto.conf 632 2011-02-19 02:49:31Z sullo $ ######################################################################################################### # default command line options, can't be an option that requires a value.  used for ALL runs. # CLIOPTS=-g -a # ports never to scan SKIPPORTS=21 111 # User-Agent variables:  # @VERSION    - Nikto version  # @TESTID    - Test identifier  # @EVASIONS    - List of active evasions USERAGENT=Mozilla/4.75 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID) # RFI URL. This remote file should return a phpinfo call, for example: # You may use the one below, if you like. RFIURL=http://cirt.net/rfiinc.txt? # IDs never to alert on (Note: this only works for IDs loaded from db_tests) #SKIPIDS= # if Nikto is having difficulty finding the 'plugins', set the full install path here # EXECDIR=/usr/local/nikto # The DTD NIKTODTD=docs/nikto.dtd # the default HTTP version to try... can/will be changed as necessary DEFAULTHTTPVER=1.0 # Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should # send updates because it makes the data better for everyone ;)  *NO* server specific information # such as IP or name is sent, just the relevant version information. # UPDATES=yes     - ask before each submission if it should send # UPDATES=no     - don't ask, don't send # UPDATES=auto    - automatically attempt submission *without prompting* UPDATES=yes # Warning if MAX_WARN OK or MOVED responses are retrieved MAX_WARN=20 # Prompt... if set to 'no' you'll never be asked for anything. Good for automation. #PROMPTS=no # cirt.net : set the IP so that updates can work without name resolution -- just in case CIRT=174.142.17.165 # Proxy settings -- still must be enabled by -useproxy #PROXYHOST=127.0.0.1 #PROXYPORT=8080 #PROXYUSER=proxyuserid #PROXYPASS=proxypassword # Cookies: send cookies with all requests # Multiple can be set by separating with a semi-colon, e.g.: # "cookie1"="cookie value";"cookie2"="cookie val" #STATIC-COOKIE= # The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server # is running. Some web servers, such as the autopsy web server do not implement the HEAD method CHECKMETHODS=HEAD GET # If you want to specify the location of any of the files, specify them here # EXECDIR=/opt/nikto # PLUGINDIR=/opt/nikto/plugins # TEMPLATEDIR=/opt/nikto/templates # DOCDIR=/opt/nikto/docs # Default plugin macros @@MUTATE=dictionary;subdomain @@DEFAULT=@@ALL;-@@MUTATE;tests(report:500) 5. Cara menggunakan, buka CMD ---------------------------------------------- Microsoft Windows  [Version 6.7.7600] (C) Copyright 2009 Microsoft Corporation. All rights reserved. C:\Users\UserWin7>cd.. C:\Users>cd.. C:\>cd perl C:\Perl>cd bin C:\Perl\bin>perl nikto-2.1.5/nikto.pl -host target(contoh:www.example.com) - Nikto v2.1.5 ---------------------------------------------------------------------------   + Target IP: 192.168.0.1 + Target Hostname: example.com + Target Port: 80 + Start Time: 2012-01-26 10:23:04 ————————————————————————— + Server: Apache/2.2.12 (Ubuntu) + No CGI Directories found (use ‘-C all’ to force check all possible dirs) + Apache/2.2.12 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + /config.php: PHP Config file may contain database IDs and passwords. + OSVDB-3268: /tmp/: Directory indexing found. + OSVDB-3092: /tmp/: This might be interesting… + OSVDB-3268: /images/: Directory indexing found. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found. + 6448 items checked: 812 error(s) and 7 item(s) reported on remote host + End Time: 2012-01-26 10:37:42 (878 seconds) ————————————————————————— + 1 host(s) tested NB : Beberapa penggunaan dasar : perl nikto.pl -h 192.168.1.3 Untuk menguji port tertentu, gunakan opsi-p (port). Ini akan scan port IP 192.168.1.3  pada TCP 443: perl nikto.pl -h 192.168.1.3 -p 80 Berikut perintah untuk penggunaan pengujian multiport perl nikto.pl -h 192.168.1.3 -p 80,88,443 Untuk Penggunaan menyimpan log txt bt nikto # ./nikto.pl -e 1 -host hxxp://192.168.1.3/joomla1af -F Dari output hasil yang diberikan oleh nikto tarhadap hasil scan yang diberikan untuk website www.example.com diatas terlihat sangat sederhana sekali : + Server: Apache/2.2.12 (Ubuntu) + No CGI Directories found (use ‘-C all’ to force check all possible dirs) + Apache/2.2.12 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details. + /config.php: PHP Config file may contain database IDs and passwords. + OSVDB-3268: /tmp/: Directory indexing found. + OSVDB-3092: /tmp/: This might be interesting… + OSVDB-3268: /images/: Directory indexing found. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found. + 6448 items checked: 812 error(s) and 7 item(s) reported on remote host Kita bisa melihat versi apache dan OS yang digunakan, begitu juga masih terlihat ada file config.php dan beberapa direktori yang masih dapat dilihat langsung dari browser seperti /tmp dan /images. Dari hasil itu maka kita tinggal menutup semua innformasi atau celah seperti direktori tersebut agar tidak terlihat lagi jika dilakukan akses langsung via browser dengan melakukan beberapa konfigurasi di apache nya. Demikian, semoga bermanfaat.