root@vbcent68x32: /opt/nikto/program # perl nikto.pl -h 192.168.1.100 -p 8080
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.1.100
+ Target Hostname: 192.168.1.100
+ Target Port: 8080
---------------------------------------------------------------------------
+ SSL Info: Subject:
Ciphers:
Issuer:
+ Start Time: 2018-03-28 16:08:56 (GMT8)
---------------------------------------------------------------------------
+ Server: nginx/1.12.2 + Phusion Passenger 5.2.0
+ Cookie _redmine_session created without the secure flag
+ Retrieved x-powered-by header: Phusion Passenger 5.2.0
+ Uncommon header 'x-runtime' found, with contents: 0.032617
+ Uncommon header 'x-request-id' found, with contents: 5d492c2c-93fa-4aa1-8073-1cc8f360014a
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Entry '/issues/gantt/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/issues/calendar/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/activity/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/search/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ "robots.txt" contains 4 entries which should be manually viewed.
+ Server banner has changed from 'nginx/1.12.2 + Phusion Passenger 5.2.0' to 'nginx/1.12.2' which may suggest a WAF, load balancer or proxy is in place
+ Hostname '192.168.56.99' does not match certificate's names:
+ OSVDB-112004: /login.cgi: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278).
+ OSVDB-112004: /login.php: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278).
+ OSVDB-112004: /login.pl: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278).
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /news: This might be interesting...
+ OSVDB-3093: /login.php3?reason=chpass2%20: This might be interesting... has been seen in web logs from an unknown scanner.
+ /login.asp: Admin login page/section found.
+ /login.html: Admin login page/section found.
+ /login.php: Admin login page/section found.
+ 7831 requests: 0 error(s) and 20 item(s) reported on remote host
+ End Time: 2018-03-28 16:10:27 (GMT8) (91 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested