Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/byt3n33dl3/valdenikto
Advance web scanner. It is designed to identify various security vulnerabilities in web applications by scanning for misconfigurations, information disclosures, SQL injections, and more. Valdenikto provides a comprehensive options for customization and detailed documentation on usage
https://github.com/byt3n33dl3/valdenikto
networks nikto vurnerable web web-scanner
Last synced: 15 days ago
JSON representation
Advance web scanner. It is designed to identify various security vulnerabilities in web applications by scanning for misconfigurations, information disclosures, SQL injections, and more. Valdenikto provides a comprehensive options for customization and detailed documentation on usage
- Host: GitHub
- URL: https://github.com/byt3n33dl3/valdenikto
- Owner: byt3n33dl3
- License: isc
- Created: 2024-03-29T16:46:49.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2024-07-17T08:01:06.000Z (4 months ago)
- Last Synced: 2024-10-17T02:07:51.795Z (about 1 month ago)
- Topics: networks, nikto, vurnerable, web, web-scanner
- Language: C
- Homepage:
- Size: 40.5 MB
- Stars: 15
- Watchers: 0
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# valdenikto
```shell
⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡀⠤⠤⠤⠄⠀⠒⠢⣄⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⡠⠐⢈⠄⠀⠀⠀⠀⠀⠀⠀⠀⢸⠓⠄⠀⠀⠀
⠀⠀⠀⠀⠐⠈⠠⠊⠀⠀⠀⠀⠀⠀⠀⠀⠀⡠⠊⠀⠈⢂⠀⠀
⠀⠀⢀⠊⠀⡐⠁⠀⠀⠀⠀⠀⠀⠀⠀⢠⢊⠔⠈⠀⠀⠀⠆⠀
⠀⣠⡃⠀⢰⠀⠀⠀⠀⢀⡠⠄⠐⠒⠀⢸⢜⠄⠀⠀⠀⠀⠀⠀
⡐⣁⡑⠀⠘⠀⠀⢀⠔⢁⣀⣤⣤⣤⣒⣤⠀⠈⠀⠀⠀⠀⡄⠀
⢫⣿⢧⠀⢸⠀⠀⣡⣶⣯⠭⢄⣀⣼⡏⠁⢀⡤⠀⠀⠀⢐⠁⠀
⢠⢿⣾⣧⠈⠀⢠⣿⣿⣗⢢⣤⣿⡿⢋⠀⡏⠀⠀⠀⠀⡌⠀⠀
⠘⠳⠙⠻⠀⠀⠰⠿⠟⠛⠻⢍⠫⠒⠁⡰⠀⠀⠀⢀⠜⠀⠀⠀
⠘⢄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠠⢊⠀⡇⢠⠒⠁⠀⠀⠀⠀
⠀⠀⠈⢦⠂⠀⠀⠀⠀⢠⠊⠁⠀⢀⠄⠀⡇⢸⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠘⢄⡄⢤⢄⠀⠘⡄⠀⠀⡀⠄⢊⡅⡆⢆⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⢊⠀⠀⠀⠈⢁⠴⠅⣀⣀⠘⢣⠠⠈⠢⢀⠀⠀⠀
⠀⠀⠀⠀⠀⠈⠢⢄⣀⡠⠊⠀⠀⠈⢣⠀⠈⠃⠡⠀⠀⠉⠐⠄
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠰⠇⠀⠀⠐⡑⠤⢀⠀⠀
V A L D E N I K T O - by pxcs && sullo
```
**Buffed** alien - Web scanner
Run **normally:**
```
git clone https://github.com/pxcs/valdenikto
cd valdenikto/program
# Run using the shebang interpreter
./valdenikto.pl -h http://www.example.com
# Run using perl (if you forget to chmod)
perl valdenikto.pl -h http://www.example.com
```
**Usage** :
valdenikto -h / -hh
Basic usage:
```perl
Options:
-ask+ Whether to ask about submitting updates
yes Ask about each (default)
no Don't ask, don't send
auto Don't ask, just send
-Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
-config+ Use this config file
-Display+ Turn on/off display outputs:
1 Show redirects
2 Show cookies received
3 Show all 200/OK responses
4 Show URLs which require authentication
D Debug output
E Display all HTTP errors
P Print progress to STDOUT
S Scrub output of IPs and hostnames
V Verbose output
-dbcheck Check database and other key files for syntax errors
-followredirects Follow 3xx redirects to new location
-evasion+ Encoding technique:
1 Random URI encoding (non-UTF8)
2 Directory self-reference (/./)
3 Premature URL ending
4 Prepend long random string
5 Fake parameter
6 TAB as request spacer
7 Change the case of the URL
8 Use Windows directory separator (\)
A Use a carriage return (0x0d) as a request spacer
B Use binary value 0x0b as a request spacer
-Format+ Save file (-o) format:
csv Comma-separated-value
htm HTML Format
msf+ Log to Metasploit
nbe Nessus NBE format
txt Plain text
xml XML Format
(if not specified the format will be taken from the file extension passed to -output)
-Help Extended help information
-host+ Target host
-IgnoreCode Ignore Codes--treat as negative responses
-id+ Host authentication to use, format is id:pass or id:pass:realm
-key+ Client certificate key file
-list-plugins List all available plugins, perform no testing
-maxtime+ Maximum testing time per host
-mutate+ Guess additional file names:
1 Test all files with all root directories
2 Guess for password file names
3 Enumerate user names via Apache (/~user type requests)
4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
5 Attempt to brute force sub-domain names, assume that the host name is the parent domain
6 Attempt to guess directory names from the supplied dictionary file
-mutate-options Provide information for mutates
-nointeractive Disables interactive features
-nolookup Disables DNS lookups
-noslash Strip trailing slash from URL (e.g., '/admin/' to '/admin')
-nossl Disables the use of SSL
-no404 Disables valdenikto attempting to guess a 404 page
-output+ Write output to this file ('.' for auto-name)
-Pause+ Pause between tests (seconds, integer or float)
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-RSAcert+ Client certificate file
-root+ Prepend root value to all requests, format is /directory
-Save Save positive responses to this directory ('.' for auto-name)
-ssl Force ssl mode on port
-Tuning+ Scan tuning:
1 Interesting File / Seen in logs
2 Misconfiguration / Default File
3 Information Disclosure
4 Injection (XSS/Script/HTML)
5 Remote File Retrieval - Inside Web Root
6 Denial of Service
7 Remote File Retrieval - Server Wide
8 Command Execution / Remote Shell
9 SQL Injection
0 File Upload
a Authentication Bypass
b Software Identification
c Remote Source Inclusion
x Reverse Tuning Options (i.e., include all except specified)
-timeout+ Timeout for requests (default 10 seconds)
-Userdbs Load only user databases, not the standard databases
all Disable standard dbs and load only user dbs
tests Disable only db_tests and load udb_tests
-until Run until the specified time or duration
-update Update databases and plugins from CIRT.net
-useproxy Use the proxy defined in valdenikto.conf
-usecookies Use cookies from responses in future requests
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
```
# Thanks to:
- >Chris sullo ( for making nikto )
- GangstaCrew ( organization )