In our this post we will discuss some CLI tools of kali Linux to find vulnerabilities in websites and system because CLI tools are more powerful than GUI tools and give more information about vulnerabilities. So, let’s start.
a) SSLSCAN:
It is powerful vulnerability or weakness scanning tool of the kali Linux that is used to find the vulnerability and different version of TLS (transport layer security).It is very helpful tool when we are collection information about a website. It is easy to use and we must learn it to do our work in easy way. The main commands of the sslscan are following.
TO SEE AL OPTION OF SSLSCAN:
(sslscan --help )
TO SCAN AN IP ADDRESS:
(sslscan +ip address) e.g. (sslscan 192.168.0.1
TO SCAN A DOMAIN WEBSITE:
(ssl + domain of website) e.g. (sslscan kali.org)
sslscan output in kali Linux
TO SCAN DIFFERENT IP ADDRESSES OR DOMAINS SAVED IN A FILE:
(sslscan --target = +file path) e.g. (sslscan --target = /root/ssl.tx
TO SCAN AN IPV6:
(sslscan -6 +ipv6) e.g. (sslscan -6 fe80::481a:9e4b:aa01:e74f%13)
TO SET A SPECIFIC TIME FOR SCANNING:
(sslscan +domain or ip --timeout=time) e.g. (sslscan kali.org --timeout=4)
TO SAVE OUTPUT IN XML FILE:
(sslscan +domain orip --xml=path of XML file) e.g. (sslscan kali.org --xml=/root/kali.xml)
These we mostly used commands of sslscan. It has lot of options. You can use them but usually simple commands are use in sslscan that I discussed.
b) NIKTO:
It is the vulnerability scanning tool of the kali Linux that is used to find different vulnerability in a website. It is written in Perl language. It is very important tool when we are collecting information about a website.
The important commands of the nikto are following.
TO SEE ALL OPTION OF NIKTO:
(nikto -help)
TO SCAN A LINK:
(nikto -help + link of website) e.g. (nikto -help https://www.google.com/)
TO SCAN AN IP ADDRESS:
(nikto -h + ip address of website) e.g. (nikto -h 192.168.1.8)
TO SCAN A SPECIFIC PORT:
(nikto -h+ ip or link -port +port number) e.g. (nikto -h 192.168.1.8 -port 8080)
Output of nikto for vulnerabilities
TO DISABLE DNS LOOKUP WHEN SCANNING:
(nikto -h+ ip or link -nolookup) e.g. (nikto -h 192.168.1.8 -nolookup)
TO USE HTTP HEADERS -PLUGINS:
(nikto -h+ ip or link -plugins headers) e.g. (nikto -h 192.168.1.8 -plugins headers)
But by defult nikto loads all plugins.
TO SAVE OUTPUT IN FILE:
(nikto -h+ ip or link -o + path of file) e.g. (nikto -h 192.168.1.8 -o /root/Desktop/kali.txt)
TO FORCE NIKTO FOR CHECKING SSL VULNERABILITIES:
(nikto -h+ ip or link -ssl) e.g. (nikto –h 192.168.1.8 -ssl)
TO DISABLE NIKTO FOR NOT CHECKING SSL VULNERABILITIES:
(nikto -h+ ip or link -nossl) e.g. (nikto -h 192.168.1.8 -nossl)
TO FIND XSS VULNERABILITIES:
(nikto -h + ip or link -Tuning 4) e.g. (nikto -h 192.168.0.1 -Tuning 4)
TO FIND DOS ATTACKS VULNERABILITIES:
(nikto -h + ip or link -Tuning 6) e.g. (nikto -h 192.168.0.1 -Tuning 6)
TO FIND COMMAND INJECTION VULNERABILITIES:
(nikto -h + ip or link -Tuning 8) e.g. (nikto -h 192.168.0.1 -Tuning 8)
TO FIND SQL INJECTION VULNERABILITIES:
(nikto -h + ip or link -Tuning 9) e.g. (nikto -h 192.168.0.1 -Tuning 9)
TO CHECK AUTHENTICATION BYPASS VULNERABILITIES:
(nikto -h + ip or link -Tuning a) e.g. (nikto -h 192.168.0.1 -Tuning a)
TO FIND SOFTWARE VULNERABILITIES:
(nikto -h + ip or link -Tuning b) e.g. (nikto -h 192.168.0.1 Tuning b)
TO DISPLAY THE LINKS THAT REQUIRE AUTHENTICATION:
(nikto -h + ip or link -display 4) e.g. (nikto -h 192.168.0.1 -display 4)
TO DISPLAY COOKIES:
(nikto -h + ip or link -display 2) e.g. (nikto -h 192.168.0.1 -display 2)
TO ENABLE THE VERBOSE MODE IN NIKT FOR DETAIL:
(nikto -h + ip or link -display v) e.g. (nikto -h 192.168.0.1 -display v)
TO BYPASS THE WAF SECURITY PROTECTION OF WEBSITE DURING SCANNING:
(nikto -h + ip or link -pause + time) e.g. (nikto -h 192.168.0.1 -pause 5)
RANDOM URL ENCODING:
(nikto -h + ip or link -evasion 1) e.g. (nikto -h 192.168.0.1 -evasion 1)
FAKE PARAMETERS ENCODING:
(nikto -h + ip or link -evasion 5) e.g. (nikto -h 192.168.0.1 -evasion 5)
ENCODING IN FROM OF (/) SEPARATOR:
(nikto -h + ip or link -evasion 8) e.g. (nikto -h 192.168.0.1 -evasion 8)
ENCODING IN FROM OF BINARY VALUES:
(nikto -h + ip or link -evasion B) e.g. (nikto -h 192.168.0.1 -evasion B)
ENCODING IN FROM LONG STRING:
(nikto -h + ip or link -evasion 4) e.g. (nikto -h 192.168.0.1 -evasion 4)
ENCODING IN FROM OF DIRECTORY SELF-REFERENCE (/./):
(nikto -h + ip or link -evasion 2) e.g. (nikto -h 192.168.0.1 -evasion 2)
TO UPDATE THE PLUGIN OF NIKTO:
(nikto -update)
c) WAPITI:
It is very powerful and easy tool of kali Linux that is used to find the different vulnerabilities in any website link. It work like nikto and help to find SQL, XSS, etc. types of vulnerabilities in smooth managed way. It is pre-installed in new version of kali Linux or you can install it using command;
(apt-get install wapiti -y)
Now, we will discuss the main command of wapiti to find different vulnerabilities in a website.
TO SEE ALL OPTIONS OF WAPITI:
(wapiti -h)
TO SEE THE LIST OF MODULES OF WAPITI:
(wapiti --list-module)
TO UPDATE THE MODULE OF WAPITI:
(wapiti --update)
TO SCAN A WEBSITE SIMPLY:
(wapiti -u + link of website to scan) e.g. (wapiti -u https://www.vulnweb.com)
TO SET AN ATTACK LEVEL IN WAPITI:
(wapiti -u + link of web -l + level) e.g. (wapiti -u http://GitHub.com/ -l 5)
TO SET A DEPTH LEVEL FOR MORE DETAIL SCANNING:
(wapiti -u + link of website -d + depth level) e.g. (wapiti -u http://testweb.com/ -d 5)
TO SET NUMBER OF VULNERABLE LINK FINDING PER ATTACK:
(wapiti -u + link of website --max-links-per-page + number) e.g. (wapiti -u https://bwapp.com/ --max-links-per-page 5)
Vulnerabilities shown by wapiti
TO SET NUMBER OF FILES PER DIRECTORY OF WEBSITE TO FIND:
(wapiti -u + link of website --max-files-per-dir + number) (wapiti -u https://example.com/ --max-files-per-dir 5)
TO SET A TIME TO ACCEPT REQUEST DURING ATTACK:
(wapiti -u + link of website --max-scan-time +Time) e.g. (wapiti -u https://www.vulnweb.com/ --max-scan-time 30)
TO SET A TIME TO COMPLETE A SCANNING:
(wapiti -u + link of website --max-attack-time +Time) e.g. (wapiti -u https://GitHub.com/ --max-attack-time 50)
TO FORCE WAPITI FOR INSANE SCANNING R DANGEROUS SCANNING:
(wapiti -u + link of website -S + attack mode) e.g. (wapiti -u http://GitHub.com/ -S insane)
TO SET A DELAY TIME BETWEEN TWO REQUESTS OR ATTACK:
(wapiti -u + link of web -T + Time) e.g. (wapiti -u http://facebook.com/ -t 5)
TO SEE COLORED OUTPUT DURING SCANNING IN TERMINAL:
(wapiti -u + link of web --color) e.g. (wapiti -u http://GitHub.com/ --color)
TO SEE DETAIL OUTPUT DURING SCANNING:
(wapiti -u + link of web -v 2) e.g. (wapiti -u http://GitHub.com/ -v 2)
These were some main and useful commands of wapiti. You can use some other options in your commands and also you can use the mixture of options in your commands, you must do it. Always use important options. So best of luck for vulnerability scanning by wapiti.