nikto.txt

1. - Nikto v2.1.6
2. ---------------------------------------------------------------------------
3. + Target IP: 172.16.162.142
4. + Target Hostname: 172.16.162.142
5. + Target Port: 80
6. + Start Time: 2017-05-29 14:51:28 (GMT0)
7. ---------------------------------------------------------------------------
8. + Server: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch mod_python/3.3.1 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1
9. + Server leaks inodes via ETags, header found with file /, inode: 289297, size: 23832, mtime: Tue Jul 24 02:39:30 2012
10. + The anti-clickjacking X-Frame-Options header is not present.
11. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
12. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
13. + OSVDB-3268: /cgi-bin/: Directory indexing found.
14. + Uncommon header 'tcn' found, with contents: list
15. + Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.css, index.html
16. + PHP/5.3.2-1ubuntu4.5 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
17. + mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
18. + Python/2.6.5 appears to be outdated (current is at least 2.7.5)
19. + Perl/v5.10.1 appears to be outdated (current is at least v5.14.2)
20. + mod_mono/2.4.3 appears to be outdated (current is at least 2.8)
21. + Apache/2.2.14 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
22. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
23. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
24. + Cookie phpbb2owaspbwa_data created without the httponly flag
25. + Cookie phpbb2owaspbwa_sid created without the httponly flag
26. + Retrieved x-powered-by header: PHP/5.3.2-1ubuntu4.5
27. + OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
28. + OSVDB-3268: /test/: Directory indexing found.
29. + OSVDB-3092: /test/: This might be interesting...
30. + OSVDB-3092: /cgi-bin/: This might be interesting... possibly a system shell found.
31. + OSVDB-3268: /icons/: Directory indexing found.
32. + OSVDB-3268: /images/: Directory indexing found.
33. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
34. + OSVDB-3233: /icons/README: Apache default file found.
35. + Cookie PHPSESSID created without the httponly flag
36. + /tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=http://cirt.net/rfiinc.txt?: Output from the phpinfo() function was found.
37. + OSVDB-40478: /tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=http://cirt.net/rfiinc.txt?: TikiWiki contains a vulnerability which allows remote attackers to execute arbitrary PHP code.
38. + /wordpress/: A Wordpress installation was found.
39. + /phpmyadmin/: phpMyAdmin directory found
40. + OSVDB-3092: /phpmyadmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
41. + 8497 requests: 1 error(s) and 32 item(s) reported on remote host
42. + End Time: 2017-05-29 14:52:03 (GMT0) (35 seconds)
43. ---------------------------------------------------------------------------
44. + 1 host(s) tested