Scribd
Upload
75 views1 page

Class 7

Nikto was run against google.com and cdbl.com.bd to identify any vulnerabilities. For google.com, the server responded as "gws" and then changed to "sffe", possibly indicating a load balancer or proxy. An error limit was reached. For cdbl.com.bd, several vulnerabilities were identified including missing security headers, outdated Apache version, and IP address found in location header.

Uploaded by

SifatShoaeb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
75 views1 page

Class 7

Nikto was run against google.com and cdbl.com.bd to identify any vulnerabilities. For google.com, the server responded as "gws" and then changed to "sffe", possibly indicating a load balancer or proxy. An error limit was reached. For cdbl.com.bd, several vulnerabilities were identified including missing security headers, outdated Apache version, and IP address found in location header.

Uploaded by

SifatShoaeb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

root@kali:~# nikto -Tuning 6 -h google.

com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 216.58.197.78
+ Target Hostname: google.com
+ Target Port: 80
+ Start Time: 2017-03-04 08:21:28 (GMT-5)
---------------------------------------------------------------------------
+ Server: gws
+ The X-Content-Type-Options header is not set. This could allow the user agent to
render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://www.google.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server banner has changed from 'gws' to 'sffe' which may suggest a WAF, load
balancer or proxy is in place
+ ERROR: Error limit (20) reached for host, giving up. Last error: error reading
HTTP response
+ Scan terminated: 20 error(s) and 1 item(s) reported on remote host
+ End Time: 2017-03-04 08:21:59 (GMT-5) (31 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

===================================================================================
================

root@kali:~# nikto -Tuning 6 -h cdbl.com.bd


- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 122.144.12.240
+ Target Hostname: cdbl.com.bd
+ Target Port: 80
+ Start Time: 2017-03-04 08:22:56 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.2.22 (Debian)
+ Retrieved x-powered-by header: PHP/5.4.4-14+deb7u5
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to
render the content of the site in a different fashion to the MIME type
+ Cookie PHPSESSID created without the httponly flag
+ Apache/2.2.22 appears to be outdated (current is at least Apache/2.4.12). Apache
2.0.65 (final release) and 2.2.29 are also current.
+ IP address found in the 'location' header. The IP is "127.0.1.1".
+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a
request to the /images directory. The value is "http://127.0.1.1/images/".

You might also like