wget https:
tar -zxvf nikto-2.1.5.tar.gz
cd nikto-2.1.5
perl ./nikto.pl -h www.baidu.com
[root@nowamagic nikto-2.1.5]# perl ./nikto.pl -h www.baidu.com
- ***** SSL support not available (see docs
for
SSL install) *****
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 115.239.210.27
+ Target Hostname: www.baidu.com
+ Target Port: 80
+ Start Time: 2015-02-20 18:25:34 (GMT8)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Cookie BAIDUID created without the httponly flag
+ Cookie BAIDUPSID created without the httponly flag
+ Cookie BDSVRTM created without the httponly flag
+ The anti-clickjacking X-Frame-Options header is not present.
+ Uncommon header
'bduserid'
found, with contents: 0
+ Uncommon header
'bdqid'
found, with contents: 0xfc103f47000ce711
+ Uncommon header
'bdpagetype'
found, with contents: 1
+ Server banner has changed from
'BWS/1.1'
to
'Apache'
which may suggest a WAF,load balancer or proxy is in place
+ No CGI Directories found (use
'-C all'
to force check all possible dirs)
+ Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x91e 0x50b02db060c00
+ File/dir
'/shifen/'
in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ File/dir
'/'
in robots.txt returned a non-forbidden or redirect HTTP code (200)
+
"robots.txt"
contains 103 entries which should be manually viewed.
+ Multiple index files found: index.php, index.htm, index.html
+ OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location header. The value is
"http://www.baidu.com/search/error.html"
.
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
+ 6544 items checked: 28 error(s) and 15 item(s) reported on remote host
+ End Time: 2015-02-20 18:26:12 (GMT8) (38 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested