Nikto scan Metasploitable 2

sudo nikto -url 192.168.56.103

– Nikto v2.1.6

  • Target IP: 192.168.56.103
  • Target Hostname: 192.168.56.103
  • Target Port: 80

+ Start Time: 2022-04-29 18:38:22 (GMT-4)

  • Server: Apache/2.2.8 (Ubuntu) DAV/2
  • Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
  • The anti-clickjacking X-Frame-Options header is not present.
  • The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  • The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  • Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
  • Uncommon header ‘tcn’ found, with contents: list
  • Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for ‘index’ were found: index.php
  • Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  • OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  • /phpinfo.php: Output from the phpinfo() function was found.
  • OSVDB-3268: /doc/: Directory indexing found.
  • OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
  • OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  • OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  • OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  • OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  • OSVDB-3092: /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  • Server may leak inodes via ETags, header found with file /phpMyAdmin/ChangeLog, inode: 92462, size: 40540, mtime: Tue Dec 9 12:24:00 2008
  • OSVDB-3092: /phpMyAdmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  • OSVDB-3268: /test/: Directory indexing found.
  • OSVDB-3092: /test/: This might be interesting…
  • OSVDB-3233: /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
  • OSVDB-3268: /icons/: Directory indexing found.
  • OSVDB-3233: /icons/README: Apache default file found.
  • /phpMyAdmin/: phpMyAdmin directory found
  • OSVDB-3092: /phpMyAdmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  • OSVDB-3092: /phpMyAdmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
  • 8726 requests: 0 error(s) and 27 item(s) reported on remote host

+ End Time: 2022-04-29 18:40:21 (GMT-4) (119 seconds)

  • 1 host(s) tested