Kali Linux: nikto cara penggunaan sederhana

From OnnoWiki
Jump to navigation Jump to search

Attack 

nikto --host <target>
nikto --host http://192.168.0.97/guestbook/

Hasilnya kira-kira 

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.0.97
+ Target Hostname:    192.168.0.97
+ Target Port:        80
+ Start Time:         2018-06-05 17:11:22 (GMT7)
---------------------------------------------------------------------------
+ Server: Apache/2.4.18 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ OSVDB-3268: /guestbook/: Directory indexing found.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: POST, OPTIONS, GET, HEAD 
+ OSVDB-3268: /guestbook/./: Directory indexing found.
+ OSVDB-3268: /guestbook/?mod=node&nid=some_thing&op=view: Directory indexing found.
+ OSVDB-3268: /guestbook/?mod=some_thing&op=browse: Directory indexing found.
+ /guestbook/./: Appending '/./' to a directory allows indexing
+ OSVDB-3268: /guestbook//: Directory indexing found.
+ /guestbook//: Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page.
+ OSVDB-3268: /guestbook/?Open: Directory indexing found.
+ OSVDB-3268: /guestbook/?OpenServer: Directory indexing found.
+ OSVDB-3268: /guestbook/%2e/: Directory indexing found.
+ OSVDB-576: /guestbook/%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. http://www.securityfocus.com/bid/2513.
+ OSVDB-3268: /guestbook/?mod=<script>alert(document.cookie)</script>&op=browse: Directory indexing found.
+ OSVDB-3268: /guestbook/?sql_debug=1: Directory indexing found.
+ OSVDB-3268: /guestbook///: Directory indexing found.
+ OSVDB-3268: /guestbook/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: Directory indexing found.
+ OSVDB-3268: /guestbook/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: Directory indexing found.
+ OSVDB-3268: /guestbook/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: Directory indexing found.
+ OSVDB-3268: /guestbook/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: Directory indexing found.
+ OSVDB-3268: /guestbook/?PageServices: Directory indexing found.
+ OSVDB-119: /guestbook/?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. http://cve.mitre.org/cgi-bin /cvename.cgi?name=CVE-1999-0269.
+ OSVDB-3268: /guestbook/?wp-cs-dump: Directory indexing found.
+ OSVDB-119: /guestbook/?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. http://cve.mitre.org/cgi-bin /cvename.cgi?name=CVE-1999-0269.
+ OSVDB-3268: /guestbook///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Directory indexing found.
+ OSVDB-3288: /guestbook///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Abyss 1.03 reveals directory listing when 	 /'s are requested.
+ OSVDB-3268: /guestbook/?pattern=/etc/*&sort=name: Directory indexing found.
+ OSVDB-3268: /guestbook/?D=A: Directory indexing found.
+ OSVDB-3268: /guestbook/?N=D: Directory indexing found.
+ OSVDB-3268: /guestbook/?S=A: Directory indexing found.
+ OSVDB-3268: /guestbook/?M=A: Directory indexing found.
+ OSVDB-3268: /guestbook/?\"><script>alert('Vulnerable');</script>: Directory indexing found.
+ OSVDB-3268: /guestbook/?_CONFIG[files][functions_page]=http://cirt.net/rfiinc.txt?: Directory indexing found.
+ OSVDB-3268: /guestbook/?npage=-1&content_dir=http://cirt.net/rfiinc.txt?%00&cmd=ls: Directory indexing found.
+ OSVDB-3268: /guestbook/?npage=1&content_dir=http://cirt.net/rfiinc.txt?%00&cmd=ls: Directory indexing found.
+ OSVDB-3268: /guestbook/?show=http://cirt.net/rfiinc.txt??: Directory indexing found.
+ OSVDB-3268: /guestbook/?-s: Directory indexing found.
+ OSVDB-3268: /guestbook/?q[]=x: Directory indexing found.
+ OSVDB-3268: /guestbook/?sc_mode=edit: Directory indexing found.
+ OSVDB-3268: /guestbook/?xmlcontrol=body%20onload=alert(123): Directory indexing found.
+ OSVDB-3268: /guestbook/?admin: Directory indexing found.
+ 7535 requests: 0 error(s) and 43 item(s) reported on remote host
+ End Time:           2018-06-05 17:12:08 (GMT7) (46 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



     *********************************************************************
     Portions of the server's headers (Apache/2.4.18) are not in
     the Nikto database or are newer than the known string. Would you like
     to submit this information (*no server specific data*) to CIRT.net
     for a Nikto update (or you may email to sullo@cirt.net) (y/n)? n
Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Kali_Linux:_nikto_cara_penggunaan_sederhana&oldid=51284"