nikto 進行web安全掃描
阿新 • • 發佈:2019-01-02
[email protected]: /opt/nikto/program # perl nikto.pl -h 192.168.1.100 -p 8080 - ***** SSL support not available (see docs for SSL install) ***** - Nikto v2.1.6 --------------------------------------------------------------------------- + Target IP: 192.168.1.100 + Target Hostname: 192.168.1.100 + Target Port: 8080 --------------------------------------------------------------------------- + SSL Info: Subject: Ciphers: Issuer: + Start Time: 2018-03-28 16:08:56 (GMT8) --------------------------------------------------------------------------- + Server: nginx/1.12.2 + Phusion Passenger 5.2.0 + Cookie _redmine_session created without the secure flag + Retrieved x-powered-by header: Phusion Passenger 5.2.0 + Uncommon header 'x-runtime' found, with contents: 0.032617 + Uncommon header 'x-request-id' found, with contents: 5d492c2c-93fa-4aa1-8073-1cc8f360014a + The site uses SSL and the Strict-Transport-Security HTTP header is not defined. + No CGI Directories found (use '-C all' to force check all possible dirs) + Entry '/issues/gantt/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + Entry '/issues/calendar/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + Entry '/activity/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + Entry '/search/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 4 entries which should be manually viewed. + Server banner has changed from 'nginx/1.12.2 + Phusion Passenger 5.2.0' to 'nginx/1.12.2' which may suggest a WAF, load balancer or proxy is in place + Hostname '192.168.56.99' does not match certificate's names: + OSVDB-112004: /login.cgi: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278). + OSVDB-112004: /login.php: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278). + OSVDB-112004: /login.pl: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278). + OSVDB-3092: /login/: This might be interesting... + OSVDB-3092: /news: This might be interesting... + OSVDB-3093: /login.php3?reason=chpass2%20: This might be interesting... has been seen in web logs from an unknown scanner. + /login.asp: Admin login page/section found. + /login.html: Admin login page/section found. + /login.php: Admin login page/section found. + 7831 requests: 0 error(s) and 20 item(s) reported on remote host + End Time: 2018-03-28 16:10:27 (GMT8) (91 seconds) --------------------------------------------------------------------------- + 1 host(s) tested