Nikto and whatweb-白红宇

强烈建议你试试无所不能的chatGPT，快点击我

Nikto and whatweb

阅读量：6290 次

发布时间：2019-06-22

本文共 7022 字，大约阅读时间需要 23 分钟。

root@kali:~# nikto -host www.baidu.com

- Nikto v2.1.6

---------------------------------------------------------------------------

+ Target IP: 115.239.211.112

+ Target Hostname: www.baidu.com

+ Target Port: 80

+ Start Time: 2019-01-09 00:30:59 (GMT-5)

---------------------------------------------------------------------------

+ Server: BWS/1.1

+ Server leaks inodes via ETags, header found with file /, fields: 0x5c32bb49 0x3917

+ The anti-clickjacking X-Frame-Options header is not present.

+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS

+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type

+ Cookie BAIDUID created without the httponly flag

+ Cookie BIDUPSID created without the httponly flag

+ Cookie PSTM created without the httponly flag

+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place

+ No CGI Directories found (use '-C all' to force check all possible dirs)

+ Uncommon header 'bdpagetype' found, with contents: 3

+ Uncommon header 'bdqid' found, with contents: 0xddf175f9000068e6

+ Cookie BDSVRTM created without the httponly flag

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Uncommon header 'tracecode' found, with contents: 18659967350187094026010913

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)

+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)

+ "robots.txt" contains 118 entries which should be manually viewed.

+ /crossdomain.xml contains 2 lines which include the following domains: *.baidu.com *.bdstatic.com

+ Multiple index files found: /index.php, /index.html, /index.htm

+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://10.212.28.32:8080/images/".

+ Uncommon header 'cxy_all' found, with contents: baidu+f0b711851d269072d80cb68436e01c43

+ Cookie delPer created without the httponly flag

+ Cookie BD_HOME created without the httponly flag

+ Cookie H_PS_PSSID created without the httponly flag

+ OSVDB-3092: /home/: This might be interesting...

+ OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)

+ 7651 requests: 1 error(s) and 64 item(s) reported on remote host

+ End Time: 2019-01-09 00:34:03 (GMT-5) (184 seconds)

---------------------------------------------------------------------------

+ 1 host(s) tested

root@kali:~#

###############################################################################################################################

Whatweb test to Search the web Site

##########################################################################################################################################

root@kali:~# whatweb www.baidu.com

http://www.baidu.com [200 OK] Cookies[BAIDUID,BDSVRTM,BD_HOME,BIDUPSID,H_PS_PSSID,PSTM,delPer], Country[CHINA][CN], HTML5, HTTPServer[BWS/1.1], IP[115.239.210.27], JQuery, Meta-Refresh-Redirect[/baidu.html?from=noscript], OpenSearch[/content-search.xml], Script[text/javascript], Title[百度一下，你就知道], UncommonHeaders[bdpagetype,bdqid,cxy_all], X-UA-Compatible[IE=Edge,IE=Edge,chrome=1]

http://www.baidu.com/baidu.html?from=noscript [200 OK] Apache, Cookies[BAIDUID], Country[CHINA][CN], HTML5, HTTPServer[Apache], IP[115.239.211.112], Script, Title[百度一下，你就知道], X-UA-Compatible[IE=Edge]

root@kali:~#

转载于:https://www.cnblogs.com/xinxianquan/p/10243943.html

你可能感兴趣的文章

项目经理笔记一

Hibernate一对一外键双向关联

mac pro 入手，php环境配置总结

MyBatis-Plus | 最简单的查询操作教程（Lambda）

rpmfusion 的国内大学 NEU 源配置

spring jpa 配置详解

IOE，为什么去IOE？

Storm中的Worker

dangdang.ddframe.job中页面修改表达式后进行检查

Web基础架构：负载均衡和LVS

Linux下c/c++相对路径动态库的生成与使用

SHELL实现跳板机，只允许用户执行少量允许的命令

SpringBoot 整合Redis

2014上半年大片早知道

Android 6.0指纹识别App开发案例

正文提取算法

Linux中的网络监控命令

windows下安装redis

喝酒易醉，品茶养心，人生如梦，品茶悟道，何以解忧？唯有杜康！-- 愿君每日到此一游！

当前时间: 2025-01-09 22:59:55 当前IP: 18.191.171.136 联系邮箱:javaeecc@qq.com Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2

强烈建议你试试无所不能的CHAT-GPT，快点击我

强烈建议你试试无所不能的CHAT-GPT，快点击我