search
Portfolio

πŸ› οΈNikto, SQLMap, XSSer & Hydra Overview

hashtag
Nikto

Nikto is a powerful web server vulnerability scanner used to identify security issues on websites. Here are several ways to use Nikto effectively:

  1. Basic Web Server Scan:

    Perform a basic scan on a website:

    nikto -h https://www.example.com

  2. Scan Specific Port:

    Scan a specific port on the target:

    nikto -h https://www.example.com -p 8080

  3. Scan Multiple Hosts:

    Scan multiple hosts:

    nikto -h https://www.example1.com https://www.example2.com

  4. Save Output to File:

    Save scan results to a file (output.txt):

    nikto -h https://www.example.com -o output.txt

  5. Full Scan with Manual Tuning:

    Perform a comprehensive scan with manual tuning options:

    nikto -h https://www.example.com -maxtime 3600 -Plugins -Tuning 8

  6. SSL Certificate Check:

    Check SSL certificate details:

    nikto -h https://www.example.com -ssl

  7. Scan with Authentication:

    Perform a scan with authentication credentials (admin:password):

    nikto -h https://www.example.com -id admin:password

  8. Suppress Output:

    Suppress all output (useful for scripting):

    nikto -h https://www.example.com -o /dev/null

  9. Scan Specific Paths:

    Scan specific paths (/app, /secure) on the target:

    nikto -h https://www.example.com -C all -Tuning 2 -p 443 -root /app,/secure

  10. Disable Certain Checks:

    Disable specific checks (e.g., XSS):

    nikto -h https://www.example.com -C all,-XSS

hashtag
SQLMap

SQLMap is a powerful command-line tool used for detecting and exploiting SQL injection vulnerabilities in web applications. Here are several examples of how to use SQLMap effectively:

  1. Basic Scan for SQL Injection:

    Perform a basic scan to detect SQL injection vulnerabilities:

  2. Detecting SQL Injection and Getting Database Information:

    Detect SQL injection and retrieve database information:

  3. Enumerating Tables in a Database:

    Enumerate tables in a specific database (dbname):

  4. Dumping Data from a Specific Table:

    Dump data from a specific table (users):

  5. Exploiting Time-Based Blind SQL Injection:

    Exploit time-based blind SQL injection technique with a specified time delay (5 seconds):

  6. Using Custom Injection Payload:

    Use a custom injection payload (1' OR '1'='1) with data parameter (param=value):

  7. Dumping All Databases:

    Dump all databases on the target server:

  8. Brute Forcing Table Columns:

    Brute force table columns in a specific database and table (dbname.users):

  9. Exploiting Union-Based SQL Injection:

    Exploit union-based SQL injection technique:

  10. Using a Configuration File:

    Use SQLMap with a configuration file (sqlmapconfig.conf):

hashtag
XSSer

XSSer is a command-line tool designed for detecting and exploiting Cross-Site Scripting (XSS) vulnerabilities in web applications. Here are several examples of how to use XSSer effectively:

  1. Basic Scan for Stored XSS:

    Perform a basic scan for stored XSS vulnerabilities on a specific URL parameter (comment):

  2. DOM-based XSS Scan:

    Conduct a scan specifically for DOM-based XSS vulnerabilities:

  3. Scanning Multiple URLs:

    Scan multiple URLs listed in a file (urls.txt):

  4. Cookie-based XSS Exploitation:

    Exploit XSS using a specific cookie (auth=12345):

  5. Reflected XSS Detection:

    Detect reflected XSS vulnerabilities with a custom payload in a query parameter:

  6. Blind XSS Scan with Custom Payload:

    Perform a blind XSS scan with a custom payload (<script>alert(1)</script>) injected into a parameter (name):

  7. Exfiltrating Cookies via XSS:

    Exfiltrate cookies (auth=12345) via XSS exploitation:

  8. Brute Forcing Payloads:

    Brute force payloads to discover XSS vulnerabilities:

  9. Custom User-Agent Header:

    Send requests with a custom User-Agent header (MyCustomUserAgent):

  10. XSS Filter Bypass Attempt:

    Attempt to bypass XSS filters on the target:

hashtag
Hydar Tool

Hydra is a versatile command-line tool for performing brute force attacks against various protocols and services. Here are several examples of how to use Hydra effectively:

hashtag
HTTP/HTTPS Authentication

  1. Brute Force Attack on Login Form:

    Perform a brute force attack on a login form with a specific username (admin) and passwords from a file (passwords.txt):

  2. Dictionary Attack with Custom Usernames:

    Conduct a dictionary attack using custom usernames (users.txt) and passwords (passwords.txt):

  3. Using Custom User-Agent Header:

    Send requests with a custom User-Agent header (MyCustomUserAgent):

  4. Specifying a Non-Standard Port:

    Specify a non-standard port (8080) for the target service:

  5. Using a Proxy for Requests:

    Route requests through a SOCKS5 proxy (localhost:9050):

  6. Brute Forcing Different HTTP Methods:

    Perform brute force attacks using different HTTP methods (e.g., GET, POST):

  7. Parallel Login Attempts:

    Increase the number of parallel login attempts (16):

  8. Limiting Number of Attempts per User:

    Limit the number of login attempts per user (-F):

hashtag
Other Protocol Examples

Here are examples for brute forcing passwords across various protocols:

  • SSH:

  • FTP:

  • SMTP:

  • MySQL:

  • RDP:

  • VNC:

  • Telnet:

Hacker's Mantra:Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.

PreviousBurpSuite and ZAP-Proxy OverviewNextExtra Resources

Last updated