From a5c8ae2dd5a8d6cc43943b2d4c338f4e366490d6 Mon Sep 17 00:00:00 2001 From: Jefri Reynaldi <148523047+JefriReynaldi@users.noreply.github.com> Date: Wed, 21 Feb 2024 05:55:30 +0700 Subject: [PATCH] Create devcontainer.json --- .devcontainer/devcontainer.json | 110 ++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..1bac6cc6 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,110 @@ +{ + "image": "mcr.microsoft.com/devcontainers/universal:2", + "features": { + } +}git clone https://github.com/sullo/nikto.git +cd nikto +docker build -t sullo/nikto . +# Call it without arguments to display the full help +docker run --rm sullo/nikto +# Basic usage +docker run --rm sullo/nikto -h http://www.example.com +# To save the report in a specific format, mount /tmp as a volume: +docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.jsongit clone https://github.com/sullo/nikto +# Main script is in program/ +cd nikto/program +# Run using the shebang interpreter +./nikto.pl -h http://www.example.com +# Run using perl (if you forget to chmod) +perl nikto.pl -h http://www.example.comhttp://www.example.comhttps://github.com/sullo/nikto.gitnikto.confCIRT.net Options: + -ask+ Whether to ask about submitting updates + yes Ask about each (default) + no Don't ask, don't send + auto Don't ask, just send + -Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/" + -config+ Use this config file + -Display+ Turn on/off display outputs: + 1 Show redirects + 2 Show cookies received + 3 Show all 200/OK responses + 4 Show URLs which require authentication + D Debug output + E Display all HTTP errors + P Print progress to STDOUT + S Scrub output of IPs and hostnames + V Verbose output + -dbcheck Check database and other key files for syntax errors + -followredirects Follow 3xx redirects to new location + -evasion+ Encoding technique: + 1 Random URI encoding (non-UTF8) + 2 Directory self-reference (/./) + 3 Premature URL ending + 4 Prepend long random string + 5 Fake parameter + 6 TAB as request spacer + 7 Change the case of the URL + 8 Use Windows directory separator (\) + A Use a carriage return (0x0d) as a request spacer + B Use binary value 0x0b as a request spacer + -Format+ Save file (-o) format: + csv Comma-separated-value + htm HTML Format + msf+ Log to Metasploit + nbe Nessus NBE format + txt Plain text + xml XML Format + (if not specified the format will be taken from the file extension passed to -output) + -Help Extended help information + -host+ Target host + -IgnoreCode Ignore Codes--treat as negative responses + -id+ Host authentication to use, format is id:pass or id:pass:realm + -key+ Client certificate key file + -list-plugins List all available plugins, perform no testing + -maxtime+ Maximum testing time per host + -mutate+ Guess additional file names: + 1 Test all files with all root directories + 2 Guess for password file names + 3 Enumerate user names via Apache (/~user type requests) + 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) + 5 Attempt to brute force sub-domain names, assume that the host name is the parent domain + 6 Attempt to guess directory names from the supplied dictionary file + -mutate-options Provide information for mutates + -nointeractive Disables interactive features + -nolookup Disables DNS lookups + -noslash Strip trailing slash from URL (e.g., '/admin/' to '/admin') + -nossl Disables the use of SSL + -no404 Disables nikto attempting to guess a 404 page + -output+ Write output to this file ('.' for auto-name) + -Pause+ Pause between tests (seconds, integer or float) + -Plugins+ List of plugins to run (default: ALL) + -port+ Port to use (default 80) + -RSAcert+ Client certificate file + -root+ Prepend root value to all requests, format is /directory + -Save Save positive responses to this directory ('.' for auto-name) + -ssl Force ssl mode on port + -Tuning+ Scan tuning: + 1 Interesting File / Seen in logs + 2 Misconfiguration / Default File + 3 Information Disclosure + 4 Injection (XSS/Script/HTML) + 5 Remote File Retrieval - Inside Web Root + 6 Denial of Service + 7 Remote File Retrieval - Server Wide + 8 Command Execution / Remote Shell + 9 SQL Injection + 0 File Upload + a Authentication Bypass + b Software Identification + c Remote Source Inclusion + x Reverse Tuning Options (i.e., include all except specified) + -timeout+ Timeout for requests (default 10 seconds) + -Userdbs Load only user databases, not the standard databases + all Disable standard dbs and load only user dbs + tests Disable only db_tests and load udb_tests + -until Run until the specified time or duration + -update Update databases and plugins from CIRT.net + -useproxy Use the proxy defined in nikto.conf + -usecookies Use cookies from responses in future requests + -Version Print plugin and database versions + -vhost+ Virtual host (for Host header) + + requires a value