Scribd Logo
Upload

Welcome to Scribd!

  • Nikto

    Uploaded by

    TAHER BEN SALEH
    25 views5 pages
    rapport scan machine virtuelle metsploitable avec nikto

    Original Title

    nikto

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    rapport scan machine virtuelle metsploitable avec nikto

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    25 views5 pages

    Nikto

    Uploaded by

    TAHER BEN SALEH
    rapport scan machine virtuelle metsploitable avec nikto

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    192.168.244.128 / 192.168.244.

    128 port 80
    Target IP 192.168.244.128
    Target hostname 192.168.244.128
    Target Port 80
    HTTP Server Apache/2.2.8 (Ubuntu) DAV/2
    Site Link (Name) http://192.168.244.128:80/
    Site Link (IP) http://192.168.244.128:80/
    URI /
    HTTP Method GET
    Description Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB Entries OSVDB-0
    URI /
    HTTP Method GET
    The anti-clickjacking X-Frame-Options header is not
    Description
    present.
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB Entries OSVDB-0
    URI /
    HTTP Method GET
    The X-XSS-Protection header is not defined. This header can hint to the user agent to
    Description
    protect against some forms of XSS
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB
    OSVDB-0
    Entries
    URI /
    HTTP
    GET
    Method
    The X-Content-Type-Options header is not set. This could allow the user agent to render
    Description
    the content of the site in a different fashion to the MIME type
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB
    OSVDB-0
    Entries
    URI /
    HTTP Method HEAD
    Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34
    Description
    is the EOL for the 2.x branch.
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB
    OSVDB-0
    Entries
    URI /index
    HTTP Method GET
    Description Uncommon header 'tcn' found, with contents: list
    Test Links http://192.168.244.128:80/index
    http://192.168.244.128:80/index
    OSVDB Entries OSVDB-0
    URI /index
    HTTP
    GET
    Method
    Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily
    Description brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The
    following alternatives for 'index' were found: index.php
    http://192.168.244.128:80/index
    Test Links
    http://192.168.244.128:80/index
    OSVDB
    OSVDB-0
    Entries
    URI /
    HTTP Method PMSWXBWE
    Web Server returns a valid response with junk HTTP methods, this may cause false
    Description
    positives.
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB Entries OSVDB-0
    URI /
    HTTP Method TRACE
    Description HTTP TRACE method is active, suggesting the host is vulnerable to XST
    http://192.168.244.128:80/
    Test Links
    http://192.168.244.128:80/
    OSVDB Entries OSVDB-877
    URI /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
    HTTP Method GET
    Description /phpinfo.php: Output from the phpinfo() function was found.
    http://192.168.244.128:80/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</
    script>
    Test Links
    http://192.168.244.128:80/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</
    script>
    OSVDB Entries OSVDB-0
    URI /doc/
    HTTP Method GET
    Description /doc/: Directory indexing found.
    http://192.168.244.128:80/doc/
    Test Links
    http://192.168.244.128:80/doc/
    OSVDB Entries OSVDB-3268
    URI /doc/
    HTTP Method GET
    /doc/: The /doc/ directory is browsable. This may be
    Description
    /usr/doc.
    http://192.168.244.128:80/doc/
    Test Links
    http://192.168.244.128:80/doc/
    OSVDB Entries OSVDB-48
    URI /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
    HTTP
    GET
    Method
    /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive
    Description
    information via certain HTTP requests that contain specific QUERY strings.
    http://192.168.244.128:80/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
    Test Links
    http://192.168.244.128:80/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
    OSVDB
    OSVDB-12184
    Entries
    URI /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
    HTTP
    GET
    Method
    /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive
    Description
    information via certain HTTP requests that contain specific QUERY strings.
    http://192.168.244.128:80/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
    Test Links
    http://192.168.244.128:80/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
    OSVDB
    OSVDB-12184
    Entries
    URI /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
    HTTP
    GET
    Method
    /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive
    Description
    information via certain HTTP requests that contain specific QUERY strings.
    http://192.168.244.128:80/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
    Test Links
    http://192.168.244.128:80/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
    OSVDB
    OSVDB-12184
    Entries
    URI /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
    HTTP
    GET
    Method
    /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive
    Description
    information via certain HTTP requests that contain specific QUERY strings.
    http://192.168.244.128:80/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
    Test Links
    http://192.168.244.128:80/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
    OSVDB
    OSVDB-12184
    Entries
    URI /phpMyAdmin/changelog.php
    HTTP
    GET
    Method
    /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databases, and
    Description
    should be protected or limited to authorized hosts.
    http://192.168.244.128:80/phpMyAdmin/changelog.php
    Test Links
    http://192.168.244.128:80/phpMyAdmin/changelog.php
    OSVDB
    OSVDB-3092
    Entries
    URI /phpMyAdmin/ChangeLog
    HTTP
    GET
    Method
    Server may leak inodes via ETags, header found with file /phpMyAdmin/ChangeLog,
    Description
    inode: 92462, size: 40540, mtime: Tue Dec 9 18:24:00 2008
    http://192.168.244.128:80/phpMyAdmin/ChangeLog
    Test Links
    http://192.168.244.128:80/phpMyAdmin/ChangeLog
    OSVDB
    OSVDB-0
    Entries
    URI /phpMyAdmin/ChangeLog
    HTTP Method GET
    /phpMyAdmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and
    Description
    should be protected or limited to authorized hosts.
    http://192.168.244.128:80/phpMyAdmin/ChangeLog
    Test Links
    http://192.168.244.128:80/phpMyAdmin/ChangeLog
    OSVDB
    OSVDB-3092
    Entries
    URI /test/
    HTTP Method GET
    Description /test/: Directory indexing found.
    http://192.168.244.128:80/test/
    Test Links
    http://192.168.244.128:80/test/
    OSVDB Entries OSVDB-3268
    URI /test/
    HTTP Method GET
    /test/: This might be
    Description
    interesting...
    http://192.168.244.128:80/test/
    Test Links
    http://192.168.244.128:80/test/
    OSVDB Entries OSVDB-3092
    URI /phpinfo.php
    HTTP Method GET
    /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This
    Description
    gives a lot of system information.
    http://192.168.244.128:80/phpinfo.php
    Test Links
    http://192.168.244.128:80/phpinfo.php
    OSVDB
    OSVDB-3233
    Entries
    URI /icons/
    HTTP Method GET
    Description /icons/: Directory indexing found.
    http://192.168.244.128:80/icons/
    Test Links
    http://192.168.244.128:80/icons/
    OSVDB Entries OSVDB-3268
    URI /icons/README
    HTTP Method GET
    Description /icons/README: Apache default file found.
    http://192.168.244.128:80/icons/README
    Test Links
    http://192.168.244.128:80/icons/README
    OSVDB Entries OSVDB-3233
    URI /phpMyAdmin/
    HTTP Method GET
    Description /phpMyAdmin/: phpMyAdmin directory found
    http://192.168.244.128:80/phpMyAdmin/
    Test Links
    http://192.168.244.128:80/phpMyAdmin/
    OSVDB Entries OSVDB-0
    URI /phpMyAdmin/Documentation.html
    HTTP GET
    Method
    /phpMyAdmin/Documentation.html: phpMyAdmin is for managing MySQL databases,
    Description
    and should be protected or limited to authorized hosts.
    http://192.168.244.128:80/phpMyAdmin/Documentation.html
    Test Links
    http://192.168.244.128:80/phpMyAdmin/Documentation.html
    OSVDB
    OSVDB-3092
    Entries
    URI /phpMyAdmin/README
    HTTP Method GET
    /phpMyAdmin/README: phpMyAdmin is for managing MySQL databases, and should
    Description
    be protected or limited to authorized hosts.
    http://192.168.244.128:80/phpMyAdmin/README
    Test Links
    http://192.168.244.128:80/phpMyAdmin/README
    OSVDB
    OSVDB-3092
    Entries
    Host Summary
    Start Time 2023-01-15 16:18:35
    End Time 2023-01-15 16:18:50
    Elapsed Time 15 seconds
    Statistics 8726 requests, 0 errors, 27 findings
    Scan Summary
    Software Details Nikto 2.1.6
    CLI Options -h 192.168.244.128 -output nikto -Format html
    Hosts Tested 1
    Start Time Sun Jan 15 16:18:35 2023
    End Time Sun Jan 15 16:18:50 2023
    Elapsed Time 15 seconds
    © 2008 Chris Sullo

    You might also like