Archive for the ‘ Bash ’ Category

Nikto2 – comprehensive web server scanner

Nikto2 | CIRT.net.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Nikto is not designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).
Not every check is a security problem, though most are. There are some items that are “info only” type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

Nikto is written by Chris Sullo and David Lodge.

Bash shortcuts on the command line

Even when you’re using the command line for quite a few years, you might have missed or forgotten some very handy shortcuts which are very useful in daily use.
The command to show the complete list:

bind -P | less

You can also create your own:

  • to go backward one word at time with ‘control-b’
$ bind '"\C-b"':backward-word
  • or launch an application
$ bind -x '"\C-e"':xeyes

I googled a bit around and came up with this nice table which summarizes some of the most useful shortcuts.

Bash Shortcuts Quick Reference
Ctrl-a Move to the start of the line.
Ctrl-e Move to the end of the line.
Ctrl-b Move back one character.
Alt-b Move back one word.
Ctrl-f Move forward one character.
Alt-f Move forward one word.
Ctrl-] x Where x is any character, moves the cursor forward to the next occurance of x.
Alt-Ctrl-] x Where x is any character, moves the cursor backwards to the previous occurance of x.
Ctrl-u Delete from the cursor to the beginning of the line.
Ctrl-k Delete from the cursor to the end of the line.
Ctrl-w Delete from the cursor to the start of the word.
Esc-Del Delete previous word (may not work, instead try Esc followed by Backspace)
Ctrl-y Pastes text from the clipboard.
Ctrl-l Clear the screen leaving the current line at the top of the screen.
Ctrl-x Ctrl-u Undo the last changes. Ctrl-_ does the same
Alt-r Undo all changes to the line.
Alt-Ctrl-e Expand command line.
Ctrl-r Incremental reverse search of history.
Alt-p Non-incremental reverse search of history.
!! Execute last command in history
!abc Execute last command in history beginning with abc
!abc:p Print last command in history beginning with abc
!n Execute nth command in history
!$ Last argument of last command
!^ First argument of last command
^abc^xyz Replace first occurance of abc with xyz in last command and execute it

Thanks to: http://www.ice2o.com/bash.php

There was also a very beautiful? But nevertheless very useful sheet out there which can help you out with even more bash shell shortcuts:

http://www.jamesconner.us/images/bash_sheet.png

Thanks to:http://www.jamesconner.us/images/bash_sheet.png

Manpage of SSH_CONFIG

NOM

ssh_config – fichiers de configuration du client SSH d’OpenSSH

SYNOPSIS

$HOME/.ssh/config

/etc/ssh/ssh_config

DESCRIPTION

ssh obtient ses données de configuration depuis les sources suivantes, et dans l’ordre suivant : la ligne de commande, le fichier de configuration de l’utilisateur ($HOME/.ssh/config ) et enfin le fichier de configuration de la machine (/etc/ssh/ssh_config )

Pour chaque paramètre, on utilise la première valeur obtenue. Les fichiers de configuration peuvent contenir des sections de spécifications par machine (« Host »). Les paramètres contenus dans ces sections ne s’appliquent que pour les machines qui correspondent à un des motifs de la spécification. Le nom de machine est celui qui est passé sur la ligne de commande.

Comme c’est la première valeur de chaque qui est utilisée, on peut préciser des paramètres spécifiques aux machines vers le début du fichier, et les valeurs par défaut vers la fin.

Le fichier de configuration a le format suivant :

Les commentaires sont les lignes vides, et celles qui commencent par le caractère « # ».

Dans les autres cas, une ligne a le format « mot-clef arguments ». On peut séparer les options de configuration avec des espaces ou des espaces optionnels, et un seul caractère « = ». Ce dernier format est utile pour pouvoir se passer de l’espace lorsqu’on utilise l’option -o de ssh scp et sftp.

Les mots-clef possibles et leur signification sont détaillés ci-après. Note : Les mots-clef ne sont pas sensibles à la casse, mais les valeurs le sont.

via Manpage of SSH_CONFIG.