一点关于Namp及Nikto的记录
sudo nmap -O hack-test.comWarning: File ./nmap-os-db exists, but Nmap is using /usr/local/bin/../share/nmap/nmap-os-db for security and consistency reasons.set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too).
Starting Nmap 6.40 ( http://nmap.org ) at 2013-11-03 00:57 CST
Nmap scan report for hack-test.com (173.236.164.23)
Host is up (0.37s latency).
rDNS record for 173.236.164.23: apache2-bongo.carter-braxton.dreamhost.com
Not shown: 993 filtered ports
PORT STATE SERVICE
21/tcp openftp
22/tcp openssh
25/tcp opensmtp
80/tcp openhttp
587/tcpopensubmission
5222/tcp openxmpp-client
5269/tcp openxmpp-server
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: broadband router|firewall|general purpose
Running (JUST GUESSING): Linux 2.4.X|2.6.X (88%), Juniper IVE OS 7.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:2.4 cpe:/h:juniper:mag2600 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: OpenWrt Kamikaze 8.09.1 (Linux 2.4.35.4) (88%), Juniper MAG2600 SSL VPN gateway (IVE OS 7.3) (86%), Linux 2.6.32 (86%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 76.11 seconds
perl nikto.pl -h http://hack-test.com
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 173.236.164.23
+ Target Hostname: hack-test.com
+ Target Port: 80
+ Start Time: 2013-11-03 00:58:26 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache
+ The anti-clickjacking X-Frame-Options header is not present.
+ Root page / redirects to: http://www.hack-test.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server leaks inodes via ETags, header found with file /, fields: 0x153 0x48d2e9eea2640
+ OSVDB-3931: /myphpnuke/links.php?op=search&query=alert('Vulnerable);?query=: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3931: /myphpnuke/links.php?op=MostPopular&ratenum=alert(document.cookie);&ratetype=percent: myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ 6544 items checked: 2964 error(s) and 5 item(s) reported on remote host
+ End Time: 2013-11-03 01:37:08 (GMT8) (2322 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
版权声明:本文为博主原创文章,未经博主允许不得转载。
页:
[1]