Plugin list

In addition to the plugins, several macro "names" exist for ease of use.

• @@DEFAULT = "@@ALL;-@@EXTRAS;tests(report:500)"

  • Expanded = "httpoptions;report_csv;report_json;paths;report_xml;msgs;ms10_070;tests(report:500);apacheusers;drupal;report_text;dishwasher;cookies;shellshock;favicon;domino;cgi;sitefiles;outdated;put_del_test;report_sqlg;content_search;negotiate;strutshock;robots;clientaccesspolicy;auth;report_nbe;multiple_index;dir_traversal;ssl;report_html;apache_expect_xss;fileops;headers;parked"

• @@EXTRAS

  • Expanded = "dictionary;siebel;embedded"

• @@ALL

  • Expanded = "report_csv;outdated;ssl;content_search;drupal;cgi;favicon;headers;report_json;shellshock;sitefiles;negotiate;put_del_test;report_sqlg;report_nbe;cookies;ms10_070;fileops;report_html;auth;dishwasher;dir_traversal;domino;httpoptions;report_xml;dictionary;robots;msgs;paths;parked;strutshock;apache_expect_xss;report_text;siebel;apacheusers;embedded;clientaccesspolicy;tests;multiple_index"

• @@NONE

  • Expanded = ""

---

• Plugin: report_csv

  • CSV reports - Produces a CSV report.

• Plugin: outdated

  • Outdated - Checks to see whether the web server is the latest version.

• Plugin: ssl

  • SSL and cert checks - Perform checks on SSL/Certificates

• Plugin: content_search

  • Content Search - Search resultant content for interesting strings

• Plugin: drupal

  • Drupal Specific Tests - Performs a selection of drupal specific tests
  • Options:
    • 0: Flag to tell plugin to enumerate modules
    • path: Basic path for modules (can usually be found in page source).

• Plugin: cgi

  • CGI - Enumerates possible CGI directories.

• Plugin: favicon

  • Favicon - Checks the web server's favicon against known favicons.

• Plugin: headers

  • HTTP Headers - Performs various checks against the headers returned from an HTTP request.

• Plugin: report_json

  • JSON reports - Produces a JSON report.

• Plugin: shellshock

  • shellshock - Look for the bash 'shellshock' vulnerability.
  • Options:
  • uri: uri to assess

• Plugin: sitefiles

  • Site Files - Look for interesting files based on the site's IP/name

• Plugin: negotiate

  • Negotiate - Checks the mod_negotiation MultiViews.

• Plugin: put_del_test

  • Put/Delete test - Attempts to upload and delete files through the PUT and DELETE HTTP methods.

• Plugin: report_sqlg

  • Generic SQL reports - Produces SQL inserts into a generic database.

• Plugin: report_nbe

  • NBE reports - Produces a NBE report.

• Plugin: cookies

  • HTTP Cookie Internal IP - Looks for internal IP addresses in cookies returned from an HTTP request.

• Plugin: ms10_070

  • Determine if a site is vulnerable to MS10-070

• Plugin: fileops

  • File Operations - Saves results to a text file.

• Plugin: report_html

  • Report as HTML - Produces an HTML report.

• Plugin: auth

  • Guess authentication - Attempt to guess authentication realms

• Plugin: dishwasher

  • dishwasher - Look for the dishwasher directory traversal vulnerability.

• Plugin: dir_traversal

  • Directory Traversal - Check applications / servers for directory traversal vulnerabilities.

• Plugin: domino

  • IBM/Lotus Domino Specific Tests - Performs a selection of IBM/Louts Domino specific tests to identify Domino specific files accessible without authentication and the version of the server

• Plugin: httpoptions

  • HTTP Options - Performs a variety of checks against the HTTP options returned from the server.

• Plugin: report_xml

  • Report as XML - Produces an XML report.

• Plugin: dictionary

  • Dictionary attack - Attempts to dictionary attack commonly known directories/files
  • Options:
    • method: Method to use to enumerate.
    • dictionary: Dictionary of paths to look for.

• Plugin: robots

  • Robots - Checks whether there's anything within the robots.txt file and analyses it for other paths to pass to other scripts.
  • Options:
    • nocheck: Flag to disable checking entries in robots file.

• Plugin: msgs

  • Server Messages - Checks the server version against known issues.

• Plugin: paths

  • Path Search - Look at link paths to help populate variables

• Plugin: parked

  • Parked Detection - Checks to see whether the host is parked at a registrar or ad location.

• Plugin: strutshock

  • strutshock - Look for the 'strutshock' vulnerability.

• Plugin: apache_expect_xss

  • Apache Expect XSS - Checks whether the web servers has a cross-site scripting vulnerability through the Expect: HTTP header

• Plugin: report_text

  • Text reports - Produces a text report.

• Plugin: siebel

  • Siebel Checks - Performs a set of checks against an installed Siebel application
  • Options:
    • enumerate: Flag to indicate whether we shall attempt to enumerate known apps
    • applications: List of applications
    • application: Application to attack
    • languages: List of Languages

• Plugin: apacheusers

  • Apache Users - Checks whether we can enumerate usernames directly from the web server
  • Options:
    • enumerate: Flag to indicate whether to attempt to enumerate users
    • cgiwrap: User cgi-bin/cgiwrap to enumerate
    • dictionary: Filename for a dictionary file of users
    • size: Maximum size of username if bruteforcing
    • home: Look for ~user to enumerate

• Plugin: embedded

  • Embedded Detection - Checks to see whether the host is an embedded server.

• Plugin: clientaccesspolicy

  • clientaccesspolicy.xml - Checks whether a client access file exists, and if it contains a wildcard entry.

• Plugin: tests

  • Nikto Tests - Test host with the standard Nikto tests
  • Options:
    • tids: A range of testids that will only be run
    • report: Report a status after the passed number of tests
    • passfiles: Flag to indicate whether to check for common password files
    • all: Flag to indicate whether to check all files with all directories

• Plugin: multiple_index

  • Multiple Index - Checks for multiple index files