0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Automate basic web server checks

leave a comment »

#!/bin/bash
#webservercheck.sh
for i in `cat $1`  ## for all lines in the file provided to the script
do
    echo “Nikto’ing $i”
    ##NOTE: Nikto needs to have been untarred here.
    /home/jcran/toolkit/nix/attack-net-webserver/nikto/nikto.pl -host $i -config /home/jcran/toolkit/nix/attack-net-webserver/nikto/config.txt | tee report.nikto.$i.txt

    ## Wget
    echo “wgett’ing HTTP://$i/”
    wget -r -l 2 http://$i/

    ## dirbuster
    java -jar /home/jcran/toolkit/nix/brute-web/DirBuster-0.12/DirBuster-0.12.jar -H -l /home/jcran/toolkit/wordlist/directory-list-2.3-tiny.txt -e asp,aspx,jsp -v -P -R -r $i.dirbuster.html -u http://$i
done

Call it as: ./webservercheck.sh <file with ips>

Ignore the awful pathing problems if you can. Anyhow, it does a nikto / wget / dirbuster for every host. handy if you’ve run a portscan on :80 (using something like nmap or propecia).

jcran

Advertisements

Written by jcran

September 16, 2009 at 5:49 PM

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: