#!/bin/bash
#webservercheck.sh
for i in `cat $1` ## for all lines in the file provided to the script
do
echo “Nikto’ing $i”
##NOTE: Nikto needs to have been untarred here.
/home/jcran/toolkit/nix/attack-net-webserver/nikto/nikto.pl -host $i -config /home/jcran/toolkit/nix/attack-net-webserver/nikto/config.txt | tee report.nikto.$i.txt## Wget
echo “wgett’ing HTTP://$i/”
wget -r -l 2 http://$i/## dirbuster
java -jar /home/jcran/toolkit/nix/brute-web/DirBuster-0.12/DirBuster-0.12.jar -H -l /home/jcran/toolkit/wordlist/directory-list-2.3-tiny.txt -e asp,aspx,jsp -v -P -R -r $i.dirbuster.html -u http://$i
done
Call it as: ./webservercheck.sh <file with ips>
Ignore the awful pathing problems if you can. Anyhow, it does a nikto / wget / dirbuster for every host. handy if you’ve run a portscan on :80 (using something like nmap or propecia).
jcran
Jonathan Cran 