nikto.sh
#1
Simple Nikto scanner, made to prove a point.
(...Nikto is old BUT identifies a few interesting things)


-Tip-
Go with BurpSuite-Pro, I use it for EVERYTHING..


save:
Code:
#!/bin/bash
# ./ifsoe_One 818-909:.
#
# All credit goes 2 Original Nikto.pl
# It is VERY Loud!, and all results should be verified manually
# same for all scanner scripts....

echo ""
echo "_________"
echo "=Greysec="
echo "---------"
echo ""
sleep 4
echo ""
echo "================="
echo "::niktoScan::::::"
echo "================="
echo ""

read -p "Enter Targets-List: " targets

read -p "Port 80 -or- 443? " port

do_usage() {
echo "usage: ./nikto.sh"
echo "-Enter- List.txt"
echo "-Select- Port 80|443"

}

do_p80() {
echo $targets
for i in $(cat $targets); do
echo "Scan @$i Running....."
echo "Scan-1:::Interesting::Files"
nikto Display+P -maxtime 120s -T 1 -h http://$i:80 -Format csv -o $i.csv &
echo "Scan-2:::Misconfigurations"
nikto Display+P -maxtime 120s -T 2 -h http://$i:80 -Format csv -o $i.csv &
wait
echo "%25.."
echo "Scan-3:::Information::Disclosure"
nikto Display+P -maxtime 120s -T 3 -h http://$i:80 -Format csv -o $i.csv &
echo "Scan-4:::Remote::File::Retrieval(WebRoot)"
nikto Display+P -maxtime 120s -T 5 -h http://$i:80 -Format csv -o $i.csv &
wait
echo "..50%"
echo "Scan-5:::Remote::File::Retrieval(ServerSide)"
nikto Display+P -maxtime 120s -T 7 -h http://$i:80 -Format csv -o $i.csv &
echo "Scan-6:::Command::Execution"
nikto Display+P -maxtime 120s -T 8 -h http://$i:80 -Format csv -o $i.csv &
wait
echo "75%"
echo "Scan-6:::SQL::Injection"
nikto Display+P -maxtime 120s -T 9 -h http://$i:80 -Format csv -o $i.csv &
echo "Scan-7:::File::Upload"
nikto Display+P -maxtime 120s -T 0 -h http://$i:80 -Format csv -o $i.csv &
wait
echo "Scan @$i - Completed"
echo "Log -> $i.csv"
done;

}

do_443() {  
echo $targets
for i in $(cat $targets); do
echo "Scan @$i Running....."
nikto Display+P -maxtime 120s T+ 1 -h https://$i:443 -Format csv -o $i.csv &
nikto Display+P -maxtime 120s -T 2 -h https://$i:443 -Format csv -o $i.csv &
wait
echo "%25"
nikto Display+P -maxtime 120s -T 3 -h https://$i:443 -Format csv -o $i.csv &
nikto Display+P -maxtime 120s -T 5 -h https://$i:443 -Format csv -o $i.csv &
wait
echo "%..50"
nikto Display+P -maxtime 120s -T 7 -h https://$i:443 -Format csv -o $i.csv &
nikto Display+P -maxtime 120s -T 8 -h https://$i:443 -Format csv -o $i.csv &
wait
echo "..%75"
nikto Display+P -maxtime 120s -T 9 -h https://$i:443 -Format csv -o $i.csv &
nikto Display+P -maxtime 120s -T 0 -h https://$i:443 -Format csv -o $i.csv &
wait
echo "Scan @$i - Completed"
echo "Log -> $i.csv"
done;

}

if [ -z "$0" ]; then
    do_usage
    exit 0
fi

if [ "$port" == "80" ]; then
    do_p80
fi

if [ "$port" == "443" ]; then
    do_p443
fi
include a list of ip's or sites:
Code:
└──╼ #cat targets.txt
213.249.69.104
109.190.126.199
65.15.101.67
113.23.215.233
81.133.42.132
43.243.25.164
54.86.215.226
217.6.181.170
64.27.26.111
164.67.239.71
109.74.10.60
46.19.230.34
Reply