[root@localhost nikto]# ./nikto.pl -host 147.175.121.151- Nikto v2.03/2.04--

1. [root@localhost nikto]# ./nikto.pl -host 147.175.121.151
2. - Nikto v2.03/2.04
3. ---------------------------------------------------------------------------
4. + Target IP: 147.175.121.151
5. + Target Hostname: 147.175.121.151
6. + Target Port: 80
7. + Start Time: 2018-10-14 15:21:31
8. ---------------------------------------------------------------------------
9. + Server: Apache/2.2.0 (Fedora)
10. - /robots.txt - contains 5 'disallow' entries which should be manually viewed. (GET)
11. - Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
12. + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
13. + OSVDB-0: Retrieved X-Powered-By header: PHP/5.1.2
14. + OSVDB-0: ETag header found on server, inode: 487720, size: 104, mtime: 0x54878840
15. + Apache/2.2.0 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current.
16. + OSVDB-0: GET /admin/login.php?action=insert&username=test&password=test : phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
17. + OSVDB-682: GET /usage/ : Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
18. + OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
19. + OSVDB-3092: GET /admin/ : This might be interesting...
20. + OSVDB-3092: GET /pages/ : This might be interesting...
21. + OSVDB-3268: GET /sql/ : Directory indexing is enabled: /sql/
22. + OSVDB-3093: GET /admin/index.php : This might be interesting... has been seen in web logs from an unknown scanner.
23. + OSVDB-3093: GET /mail/src/read_body.php : This might be interesting... has been seen in web logs from an unknown scanner.
24. + OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
25. + OSVDB-3268: GET /images/ : Directory indexing is enabled: /images
26. + OSVDB-9624: GET /admin/admin.php?adminpy=1 : PY-Membres 4.2 may allow administrator access.
27. + OSVDB-3233: GET /icons/README : Apache default file found.
28. + 3577 items checked: 18 item(s) reported on remote host
29. + End Time: 2018-10-14 15:24:46 (195 seconds)
30. ---------------------------------------------------------------------------
31. + 1 host(s) tested
32.  
33. Test Options: -host 147.175.121.151