[Solar-tecnica] Nikto [Era: consulta iptables]

Paolo Stancato paolodoors en gmail.com
Jue Mar 23 20:38:42 CET 2006


Parece interesante la herramienta......

:-D


paolo en darkstar:~/pruebas$ nikto -h www.blablabla.com.ar
---------------------------------------------------------------------------
- Nikto 1.34/1.31     -     www.cirt.net
+ Target IP:       xxx.xxx.xxx.xxx
+ Target Hostname: www.blablabla.com.ar
+ Target Port:     80
+ Start Time:      Thu Mar 23 16:36:37 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-16
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, CONNECT,
OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK,
TRACE
+ HTTP method 'PUT' method may allow clients to save files on the web server.
+ HTTP method 'CONNECT' may allow server to proxy client requests.
+ HTTP method 'DELETE' may allow clients to remove files on the web server.
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This
may be used to get directory listings if indexing is allowed but a
default page exists.
+ HTTP method 'PROPPATCH' may indicate DAV/WebDAV is installed.
+ HTTP method 'TRACE' is typically only used for debugging. It should
be disabled.
+ Apache/1.3.33 appears to be outdated (current is at least
Apache/2.0.52). Apache 1.3.31 is still maintained and considered
secure.
+ PHP/4.3.10-16 appears to be outdated (current is at least 5.0.1)
+ PHP/4.3.1 - PHP below 4.3.3 may allow local attackers to safe mode
and gain access to unauthorized files. BID-8203.



Y continúa enumerando.....



Más información sobre la lista de distribución Solar-tecnica