Nikto and whatweb

时间:2023-02-27 23:24:34

root@kali:~# nikto -host www.baidu.com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          115.239.211.112
+ Target Hostname:    www.baidu.com
+ Target Port:        80
+ Start Time:         2019-01-09 00:30:59 (GMT-5)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Server leaks inodes via ETags, header found with file /, fields: 0x5c32bb49 0x3917
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie BAIDUID created without the httponly flag
+ Cookie BIDUPSID created without the httponly flag
+ Cookie PSTM created without the httponly flag
+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'bdpagetype' found, with contents: 3
+ Uncommon header 'bdqid' found, with contents: 0xddf175f9000068e6
+ Cookie BDSVRTM created without the httponly flag
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Uncommon header 'tracecode' found, with contents: 18659967350187094026010913
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 118 entries which should be manually viewed.
+ /crossdomain.xml contains 2 lines which include the following domains: *.baidu.com *.bdstatic.com
+ Multiple index files found: /index.php, /index.html, /index.htm
+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://10.212.28.32:8080/images/".
+ Uncommon header 'cxy_all' found, with contents: baidu+f0b711851d269072d80cb68436e01c43
+ Cookie delPer created without the httponly flag
+ Cookie BD_HOME created without the httponly flag
+ Cookie H_PS_PSSID created without the httponly flag
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /tw/: This might be interesting... potential country code (*)
+ 7651 requests: 1 error(s) and 64 item(s) reported on remote host
+ End Time:           2019-01-09 00:34:03 (GMT-5) (184 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:~#

###############################################################################################################################

Whatweb   test  to Search the web Site
##########################################################################################################################################

root@kali:~# whatweb www.baidu.com
http://www.baidu.com [200 OK] Cookies[BAIDUID,BDSVRTM,BD_HOME,BIDUPSID,H_PS_PSSID,PSTM,delPer], Country[CHINA][CN], HTML5, HTTPServer[BWS/1.1], IP[115.239.210.27], JQuery, Meta-Refresh-Redirect[/baidu.html?from=noscript], OpenSearch[/content-search.xml], Script[text/javascript], Title[百度一下,你就知道], UncommonHeaders[bdpagetype,bdqid,cxy_all], X-UA-Compatible[IE=Edge,IE=Edge,chrome=1]
http://www.baidu.com/baidu.html?from=noscript [200 OK] Apache, Cookies[BAIDUID], Country[CHINA][CN], HTML5, HTTPServer[Apache], IP[115.239.211.112], Script, Title[百度一下,你就知道], X-UA-Compatible[IE=Edge]
root@kali:~#

Nikto and whatweb的更多相关文章

  1. Whatweb网站指纹信息收集工具

    常规扫描:whatweb www.baidu.com 批量扫描: whatweb -i /root/12.txt 详细回显扫描:whatweb -v www.baidu.com 加强扫描强度:what ...

  2. 网站指纹识别工具——WhatWeb v0.4.7发布

      WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务 ...

  3. whatweb

    WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务器. ...

  4. 用Nikto探测一个网站所用到的技术

    Nikto是一款开源的(GPL)网页服务器扫描器,它可以对网页服务器进行全面的多种扫描,包含超过3300种有潜在危险的文件/CGIs:超过 625种服务器版本:超过230种特定服务器问题,包括多种有潜 ...

  5. Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说。。。

    Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说... root@xi4ojin:~# cd ...

  6. backtrack下whatweb的使用

    whatweb是backtrack下的一款Web识别工具,位于 Applications-->BackTrack-->Information Gathing-->Web Applic ...

  7. 小白日记28:kali渗透测试之Web渗透-扫描工具-Nikto

    扫描工具-Nikto #WEB渗透 靶机:metasploitable 靶场:DVWA[默认账号/密码:admin/password] #新手先将DVWA的安全性,调到最低,可容易发现漏洞 侦察[减少 ...

  8. New ipad安装Perl支持安装nikto

    Title:New ipad安装Perl支持安装nikto --2012-11-15 09:47 New Ipad 越了后. ssh new ipad 进入目录 cd /tmp 下载Key文件 wge ...

  9. Nikto主动扫描神器!!!

    Perl语言开发的开源web安全扫描器 Nikto只支持主动扫描:可扫描web服务器类型是不是最新版本(分析先版本与新版相比有哪些漏洞) 针对:1.软件版本.2.搜索存在安全隐患的文件.3.服务器配置 ...

随机推荐

  1. Android 设置ListView当前显示的item

    项目中可能会有这种需求:动态设置ListView显示的item 这种需求可能会出现在不同的情况下,有的是打开页面就要显示在特定的位置,也有的是浏览列表时实时更新数据并且改变了集合中数据,或者是某种条件 ...

  2. Java基础之类的初始化顺序

    对于静态变量.静态初始化块.变量.初始化块.构造器,它们的初始化顺序依次是 (静态变量.静态初始化块)>(变量.初始化块)>构造器 对于继承的情况: 1. 父类--静态变量    2. 父 ...

  3. Eclipse中android工程C++文件中出现的莫名其妙的错误

    大多数是std库相关的问题,例如 vector<int> v; v.push_back(23);//这句语法是没有错误的,但是每次执行Run As的时候就会报错 尝试1:在工程名右键-Cl ...

  4. asp&period;net 页面过程

  5. 浅析 public static void main&lpar;String&lbrack;&rsqb; args&rpar;

    最初接触Java程序的时候,老师就教导我们要从下面这句开始学起,据说是约定俗成的,所以直到今天,还是只知道java程序应该这么写,具体为什么这么写,鄙人惭愧. public class ClassNa ...

  6. 深入理解Oracle的imp&sol;exp 和各版本之间的规则

    Oracle数据中IMP/EXP工具可用于对数据进行迁移.IMP命令用于把Dmp文件从本地导入到远程数据库服务器,而EXP命令则是把数据从远程数据库服务器导出到本地的Dmp文件.其功能相当于Oracl ...

  7. PHP计算一个目录文件大小方法

    <?php $dirfile='../hnb'; /** *计算一个目录文件大小方法 *$dirfile:传入文件目录名 **/ function dirSize($dirfile) { $di ...

  8. Ipad弹出UIAlertControllerStyleActionSheet时发生崩溃

    pad弹出UIAlertControllerStyleActionSheet时,在iphone上运行正常,但在ipad上崩溃,解决代码如下: UIAlertController *alertVc = ...

  9. JSONArray - JSONObject - 遍历 &bsol; 判断object空否

    public static void main(String[] args) { String str = "[{name:'a',value:'aa'},{name:'b',value:' ...

  10. qt 使用msvc编译器出现乱码如何解决?字符串中存在空格?

    开发环境: 1.win7 64位 2.qt版本 windows-x86-msvc2015-5.9.0 如何解决? 1.设置qt文件编码 设置 默认UTF-8 如果编码是 UTF-8 则添加. 2.使用 ...