Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@localhost nikto]# ./nikto.pl -host 147.175.121.151
- - Nikto v2.03/2.04
- ---------------------------------------------------------------------------
- + Target IP: 147.175.121.151
- + Target Hostname: 147.175.121.151
- + Target Port: 80
- + Start Time: 2018-10-14 15:21:31
- ---------------------------------------------------------------------------
- + Server: Apache/2.2.0 (Fedora)
- - /robots.txt - contains 5 'disallow' entries which should be manually viewed. (GET)
- - Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
- + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
- + OSVDB-0: Retrieved X-Powered-By header: PHP/5.1.2
- + OSVDB-0: ETag header found on server, inode: 487720, size: 104, mtime: 0x54878840
- + Apache/2.2.0 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current.
- + OSVDB-0: GET /admin/login.php?action=insert&username=test&password=test : phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
- + OSVDB-682: GET /usage/ : Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
- + OSVDB-3092: GET /admin/ : This might be interesting...
- + OSVDB-3092: GET /pages/ : This might be interesting...
- + OSVDB-3268: GET /sql/ : Directory indexing is enabled: /sql/
- + OSVDB-3093: GET /admin/index.php : This might be interesting... has been seen in web logs from an unknown scanner.
- + OSVDB-3093: GET /mail/src/read_body.php : This might be interesting... has been seen in web logs from an unknown scanner.
- + OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
- + OSVDB-3268: GET /images/ : Directory indexing is enabled: /images
- + OSVDB-9624: GET /admin/admin.php?adminpy=1 : PY-Membres 4.2 may allow administrator access.
- + OSVDB-3233: GET /icons/README : Apache default file found.
- + 3577 items checked: 18 item(s) reported on remote host
- + End Time: 2018-10-14 15:24:46 (195 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- Test Options: -host 147.175.121.151
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement