Automate basic web server checks

for i in `cat $1`  ## for all lines in the file provided to the script
    echo “Nikto’ing $i”
    ##NOTE: Nikto needs to have been untarred here.
    /home/jcran/toolkit/nix/attack-net-webserver/nikto/ -host $i -config /home/jcran/toolkit/nix/attack-net-webserver/nikto/config.txt | tee report.nikto.$i.txt

    ## Wget
    echo “wgett’ing HTTP://$i/”
    wget -r -l 2 http://$i/

    ## dirbuster
    java -jar /home/jcran/toolkit/nix/brute-web/DirBuster-0.12/DirBuster-0.12.jar -H -l /home/jcran/toolkit/wordlist/directory-list-2.3-tiny.txt -e asp,aspx,jsp -v -P -R -r $i.dirbuster.html -u http://$i

Call it as: ./ <file with ips>

Ignore the awful pathing problems if you can. Anyhow, it does a nikto / wget / dirbuster for every host. handy if you’ve run a portscan on :80 (using something like nmap or propecia).


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s