Nikto and whatweb - 秒客网

root@kali:~# nikto -host www.baidu.com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          115.239.211.112
+ Target Hostname:    www.baidu.com
+ Target Port:        80
+ Start Time:         2019-01-09 00:30:59 (GMT-5)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Server leaks inodes via ETags, header found with file /, fields: 0x5c32bb49 0x3917
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie BAIDUID created without the httponly flag
+ Cookie BIDUPSID created without the httponly flag
+ Cookie PSTM created without the httponly flag
+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'bdpagetype' found, with contents: 3
+ Uncommon header 'bdqid' found, with contents: 0xddf175f9000068e6
+ Cookie BDSVRTM created without the httponly flag
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Uncommon header 'tracecode' found, with contents: 18659967350187094026010913
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 118 entries which should be manually viewed.
+ /crossdomain.xml contains 2 lines which include the following domains: *.baidu.com *.bdstatic.com
+ Multiple index files found: /index.php, /index.html, /index.htm
+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://10.212.28.32:8080/images/".
+ Uncommon header 'cxy_all' found, with contents: baidu+f0b711851d269072d80cb68436e01c43
+ Cookie delPer created without the httponly flag
+ Cookie BD_HOME created without the httponly flag
+ Cookie H_PS_PSSID created without the httponly flag
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /tw/: This might be interesting... potential country code (*)
+ 7651 requests: 1 error(s) and 64 item(s) reported on remote host
+ End Time:           2019-01-09 00:34:03 (GMT-5) (184 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:~#

###############################################################################################################################

Whatweb test to Search the web Site
##########################################################################################################################################

root@kali:~# whatweb www.baidu.com
http://www.baidu.com [200 OK] Cookies[BAIDUID,BDSVRTM,BD_HOME,BIDUPSID,H_PS_PSSID,PSTM,delPer], Country[CHINA][CN], HTML5, HTTPServer[BWS/1.1], IP[115.239.210.27], JQuery, Meta-Refresh-Redirect[/baidu.html?from=noscript], OpenSearch[/content-search.xml], Script[text/javascript], Title[百度一下，你就知道], UncommonHeaders[bdpagetype,bdqid,cxy_all], X-UA-Compatible[IE=Edge,IE=Edge,chrome=1]
http://www.baidu.com/baidu.html?from=noscript [200 OK] Apache, Cookies[BAIDUID], Country[CHINA][CN], HTML5, HTTPServer[Apache], IP[115.239.211.112], Script, Title[百度一下，你就知道], X-UA-Compatible[IE=Edge]
root@kali:~#

Nikto and whatweb的更多相关文章

Whatweb网站指纹信息收集工具
常规扫描:whatweb www.baidu.com 批量扫描: whatweb -i /root/12.txt 详细回显扫描:whatweb -v www.baidu.com 加强扫描强度:what ...
网站指纹识别工具——WhatWeb v0&period;4&period;7发布
WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务 ...
whatweb
WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务器. ...
用Nikto探测一个网站所用到的技术
Nikto是一款开源的(GPL)网页服务器扫描器,它可以对网页服务器进行全面的多种扫描,包含超过3300种有潜在危险的文件/CGIs:超过 625种服务器版本:超过230种特定服务器问题,包括多种有潜 ...
Nikto是一款Web安全扫描工具，可以扫描指定主机的web类型，主机名，特定目录，cookie，特定CGI漏洞，XSS漏洞，SQL注入漏洞等，非常强大滴说。。。
Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说... root@xi4ojin:~# cd ...
backtrack下whatweb的使用
whatweb是backtrack下的一款Web识别工具,位于 Applications-->BackTrack-->Information Gathing-->Web Applic ...
小白日记28：kali渗透测试之Web渗透-扫描工具-Nikto
扫描工具-Nikto #WEB渗透靶机:metasploitable 靶场:DVWA[默认账号/密码:admin/password] #新手先将DVWA的安全性,调到最低,可容易发现漏洞侦察[减少 ...
New ipad安装Perl支持安装nikto
Title:New ipad安装Perl支持安装nikto --2012-11-15 09:47 New Ipad 越了后. ssh new ipad 进入目录 cd /tmp 下载Key文件 wge ...
Nikto主动扫描神器！！！
Perl语言开发的开源web安全扫描器 Nikto只支持主动扫描:可扫描web服务器类型是不是最新版本(分析先版本与新版相比有哪些漏洞) 针对:1.软件版本.2.搜索存在安全隐患的文件.3.服务器配置 ...

随机推荐

Android 设置ListView当前显示的item
项目中可能会有这种需求:动态设置ListView显示的item 这种需求可能会出现在不同的情况下,有的是打开页面就要显示在特定的位置,也有的是浏览列表时实时更新数据并且改变了集合中数据,或者是某种条件 ...
Java基础之类的初始化顺序
对于静态变量.静态初始化块.变量.初始化块.构造器,它们的初始化顺序依次是 (静态变量.静态初始化块)>(变量.初始化块)>构造器对于继承的情况: 1. 父类--静态变量 2. 父 ...
Eclipse中android工程C++文件中出现的莫名其妙的错误
大多数是std库相关的问题,例如 vector<int> v; v.push_back(23);//这句语法是没有错误的,但是每次执行Run As的时候就会报错尝试1:在工程名右键-Cl ...
asp&period;net 页面过程
浅析 public static void main(String[] args)
最初接触Java程序的时候,老师就教导我们要从下面这句开始学起,据说是约定俗成的,所以直到今天,还是只知道java程序应该这么写,具体为什么这么写,鄙人惭愧. public class ClassNa ...
深入理解Oracle的imp/exp 和各版本之间的规则
Oracle数据中IMP/EXP工具可用于对数据进行迁移.IMP命令用于把Dmp文件从本地导入到远程数据库服务器,而EXP命令则是把数据从远程数据库服务器导出到本地的Dmp文件.其功能相当于Oracl ...
PHP计算一个目录文件大小方法
<?php $dirfile='../hnb'; /** *计算一个目录文件大小方法 *$dirfile:传入文件目录名 **/ function dirSize($dirfile) { $di ...
Ipad弹出UIAlertControllerStyleActionSheet时发生崩溃
pad弹出UIAlertControllerStyleActionSheet时,在iphone上运行正常,但在ipad上崩溃,解决代码如下: UIAlertController *alertVc = ...
JSONArray - JSONObject - 遍历 \ 判断object空否
public static void main(String[] args) { String str = "[{name:'a',value:'aa'},{name:'b',value:' ...
qt 使用msvc编译器出现乱码如何解决？字符串中存在空格？
开发环境: 1.win7 64位 2.qt版本 windows-x86-msvc2015-5.9.0 如何解决? 1.设置qt文件编码设置默认UTF-8 如果编码是 UTF-8 则添加. 2.使用 ...