Plugin list

In addition to the plugins, several macro "names" exist for ease of use.

• @@DEFAULT = "@@ALL;-@@EXTRAS;tests(report:500)"

  • Expanded = "httpoptions;report_csv;report_json;paths;report_xml;msgs;ms10_070;tests(report:500);apacheusers;drupal;report_text;dishwasher;cookies;shellshock;favicon;domino;cgi;sitefiles;outdated;put_del_test;report_sqlg;content_search;negotiate;strutshock;robots;clientaccesspolicy;auth;report_nbe;mutiple_index;dir_traversal;ssl;report_html;apache_expect_xss;fileops;headers;parked"

• @@EXTRAS

  • Expanded = "dictionary;siebel;embedded"

• @@ALL

  • Expanded = "report_csv;outdated;ssl;content_search;drupal;cgi;favicon;headers;report_json;shellshock;sitefiles;negotiate;put_del_test;report_sqlg;report_nbe;cookies;ms10_070;fileops;report_html;auth;dishwasher;dir_traversal;domino;httpoptions;report_xml;dictionary;robots;msgs;paths;parked;strutshock;apache_expect_xss;report_text;siebel;apacheusers;embedded;clientaccesspolicy;tests;mutiple_index"

• @@NONE

  • Expanded = ""

---

• Plugin: report_csv

  *CSV reports - Produces a CSV report.

• Plugin: outdated

  *Outdated - Checks to see whether the web server is the latest version.

• Plugin: ssl

  *SSL and cert checks - Perform checks on SSL/Certificates

• Plugin: content_search

  *Content Search - Search resultant content for interesting strings

• Plugin: drupal

  *Drupal Specific Tests - Performs a selection of drupal specific tests *Options:

  • 0: Flag to tell plugin to enumerate modules
  • path: Basic path for modules (can usually be found in page source).

• Plugin: cgi

  *CGI - Enumerates possible CGI directories.

• Plugin: favicon

  *Favicon - Checks the web server's favicon against known favicons.

• Plugin: headers

  *HTTP Headers - Performs various checks against the headers returned from an HTTP request.

• Plugin: report_json

  *JSON reports - Produces a JSON report.

• Plugin: shellshock

  *shellshock - Look for the bash 'shellshock' vulnerability. *Options:

  • uri: uri to assess

• Plugin: sitefiles

  *Site Files - Look for interesting files based on the site's IP/name

• Plugin: negotiate

  *Negotiate - Checks the mod_negotiation MultiViews.

• Plugin: put_del_test

  *Put/Delete test - Attempts to upload and delete files through the PUT and DELETE HTTP methods.

• Plugin: report_sqlg

  *Generic SQL reports - Produces SQL inserts into a generic database.

• Plugin: report_nbe

  *NBE reports - Produces a NBE report.

• Plugin: cookies

  *HTTP Cookie Internal IP - Looks for internal IP addresses in cookies returned from an HTTP request.

• Plugin: ms10_070

  *Determine if a site is vulnerable to https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070

• Plugin: fileops

  *File Operations - Saves results to a text file.

• Plugin: report_html

  *Report as HTML - Produces an HTML report.

• Plugin: auth

  *Guess authentication - Attempt to guess authentication realms

• Plugin: dishwasher

  *dishwasher - Look for the dishwasher directory traversal vulnerability.

• Plugin: dir_traversal

  *Directory Traversal - Check applications / servers for directory traversal vulnerabilities.

• Plugin: domino

  *IBM/Lotus Domino Specific Tests - Performs a selection of IBM/Louts Domino specific tests to identify Domino specific files accessible without authentication and the version of the server

• Plugin: httpoptions

  *HTTP Options - Performs a variety of checks against the HTTP options returned from the server.

• Plugin: report_xml

  *Report as XML - Produces an XML report.

• Plugin: dictionary

  *Dictionary attack - Attempts to dictionary attack commonly known directories/files *Options:

  • method: Method to use to enumerate.
  • dictionary: Dictionary of paths to look for.

• Plugin: robots

  *Robots - Checks whether there's anything within the robots.txt file and analyses it for other paths to pass to other scripts. *Options:

  • nocheck: Flag to disable checking entries in robots file.

• Plugin: msgs

  *Server Messages - Checks the server version against known issues.

• Plugin: paths

  *Path Search - Look at link paths to help populate variables

• Plugin: parked

  *Parked Detection - Checks to see whether the host is parked at a registrar or ad location.

• Plugin: strutshock

  *strutshock - Look for the 'strutshock' vulnerability.

• Plugin: apache_expect_xss

  *Apache Expect XSS - Checks whether the web servers has a cross-site scripting vulnerability through the Expect: HTTP header

• Plugin: report_text

  *Text reports - Produces a text report.

• Plugin: siebel

  *Siebel Checks - Performs a set of checks against an installed Siebel application *Options:

  • enumerate: Flag to indicate whether we shall attempt to enumerate known apps
  • applications: List of applications
  • application: Application to attack
  • languages: List of Languages

• Plugin: apacheusers

  *Apache Users - Checks whether we can enumerate usernames directly from the web server *Options:

  • enumerate: Flag to indicate whether to attempt to enumerate users
  • cgiwrap: User cgi-bin/cgiwrap to enumerate
  • dictionary: Filename for a dictionary file of users
  • size: Maximum size of username if bruteforcing
  • home: Look for ~user to enumerate

• Plugin: embedded

  *Embedded Detection - Checks to see whether the host is an embedded server.

• Plugin: clientaccesspolicy

  *clientaccesspolicy.xml - Checks whether a client access file exists, and if it contains a wildcard entry.

• Plugin: tests

  *Nikto Tests - Test host with the standard Nikto tests *Options:

  • tids: A range of testids that will only be run
  • report: Report a status after the passed number of tests
  • passfiles: Flag to indicate whether to check for common password files
  • all: Flag to indicate whether to check all files with all directories

• Plugin: mutiple_index

  *Multiple Index - Checks for multiple index files