Hydra & Nikto

HYDRA

-l : Pass single username/login

-L : Pass multiple usernames/logins

-p : Pass single known password

-P : Pass a password list or wordlist (ex.: rockyou.txt)

-s : Use custom port

-f: Exit as soon as at least one a login and a password combination is found

-R: Restore previous session (if crashed/aborted)

hydra -l user -P /usr/share/wordlists/rockyou.txt $IP -t 4 ssh

hydra -L /usr/share/wordlists/rockyou.txt -P /usr/share/wordlists/rockyou.txt $IP -t 4 ssh

hydra -l user -P /usr/share/wordlists/rockyou.txt $IP http-post-form "::"

hydra -l user -P /usr/share/wordlists/rockyou.txt $IP http-post-form "/login.php:username=^USER^&password=^PASS^:Login Failed"

---

NIKTO

nikto -h IP nikto -h domains.txt (.txt file contains multiple domain )

nikto -h https://nmap.org -ssl (scanning domaine wtih ssl enabled)

nikto -h -port (Port Number1),(Port Number2) nikto -h IP -Display 1

Display options

1 = Display redirects

2= Display cookies

3 = Display 200 ok response

4= Display Web URLs requiring authentication D Display debug output E Show HTTP errors P Print to STDOUT V Verbose output display

Nikto -h (Hostname) -tuning (Option)

Tuning options

0 Upload files

7 Remote File Retrieval - Server Wide

1 View specific file in log

8 Command Execution / Remote Shell

2 Default file misconfiguration

9 SQL Injection

3 Display information disclosure a Authentication Bypass

4 Injection (XSS/Script/HTML) b Software Identification

5 Remote File Retrieval - Inside Web Root c Remote Source Inclusion

6 Denial of Service x Reverse Tuning Options