[Nikto-discuss] Nikto Not Finding Webserver

maddaemon at gmail.com maddaemon at gmail.com
Wed Jan 14 21:25:46 UTC 2009 

Sorry, forgot to include the list in my reply:

On Wed, Jan 14, 2009 at 4:21 PM, maddaemon at gmail.com
<maddaemon at gmail.com> wrote:
> On Tue, Jan 13, 2009 at 5:32 PM, security curmudgeon
> <jericho at attrition.org> wrote:
>>
>> $ telnet host 80
>> GET / HTTP/1.0
>>
>> what does the header show?
>>
>> On Tue, 13 Jan 2009, maddaemon at gmail.com wrote:
>>
>> : All,
>> :
>> : I just reinstalled nikto from ports (FreeBSD 7.0-RELEASE) and
>> : attempted to scan a host and got the following:
>> :
>> : MadDaemon at darkhorse [~]$ sudo nikto -host tracker.mydomain.tld -ssl -port 443
>> : - Nikto v2.03/2.04
>> : ---------------------------------------------------------------------------
>> : + No web server found on 10.0.10.25:443
>> : ---------------------------------------------------------------------------
>> : + 1 host(s) tested
>> :
>> : Test Options: -host tracker.mydomain.tld -ssl -port 443
>> : ---------------------------------------------------------------------------
>> :
>> : Knowing there *IS* a webserver running on that box, I verified the
>> : ports were indeed open and listening:
>> :
>> : MadDaemon at darkhorse [~]$ sudo nmap -v -P0 -PN -R -p80,443 tracker
>> :
>> : Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-13 16:20 EST
>> : Initiating ARP Ping Scan at 16:20
>> : Scanning 10.0.10.25 [1 port]
>> : Completed ARP Ping Scan at 16:20, 0.21s elapsed (1 total hosts)
>> : Initiating SYN Stealth Scan at 16:20
>> : Scanning tracker.mydomain.tld (10.0.10.25) [2 ports]
>> : Discovered open port 80/tcp on 10.0.10.25
>> : Discovered open port 443/tcp on 10.0.10.25
>> : Completed SYN Stealth Scan at 16:20, 1.14s elapsed (2 total ports)
>> : Host tracker.mydomain.tld (10.0.10.25) appears to be up ... good.
>> : Interesting ports on tracker.mydomain.tld (10.0.10.25):
>> : PORT    STATE SERVICE
>> : 80/tcp  open  http
>> : 443/tcp open  https
>> :
>> : So, I tried it again without using the SSL option and got the same exact thing:
>> :
>> : root at darkhorse [~]# nikto -host tracker.mydomain.tld
>> : - Nikto v2.03/2.04
>> : ---------------------------------------------------------------------------
>> : + No web server found on 10.0.10.25:80
>> : ---------------------------------------------------------------------------
>> : + 1 host(s) tested
>> :
>> : Test Options: -host tracker.mydomain.tld
>> : ---------------------------------------------------------------------------
>> :
>> : Feeling frustrated, I then verified that Apache was actually running
>> : on that box:
>> :
>> : MadDaemon at darkhorse [~]$ ssh tracker
>> : [Tracker]
>> :
>> :                           *** NOTICE ***
>> :
>> : THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY!
>> :
>> : UNAUTHORIZED ACCESS IS PROHIBITED.
>> :
>> : THIS SYSTEM AND EQUIPMENT ARE SUBJECT TO MONITORING TO ENSURE PROPER
>> : FUNCTIONING, TO PROTECT AGAINST IMPROPER OR UNAUTHORIZED USE OR ACCESS,
>> : AND TO VERIFY THE PRESENCE OR PERFORMANCE OF APPLICABLE SECURITY
>> : FEATURES OR PROCEDURES, AND FOR OTHER LIKE PURPOSES.  SUCH MONITORING
>> : MAY RESULT IN THE ACQUISITION, RECORDING, AND ANALYSIS OF ALL DATA
>> : BEING COMMUNICATED, TRANSMITTED, PROCESSED OR STORED IN THIS SYSTEM BY
>> : A USER.  IF MONITORING REVEALS EVIDENCE OF POSSIBLE CRIMINAL ACTIVITY,
>> : SUCH EVIDENCE MAY BE PROVIDED TO LAW ENFORCEMENT PERSONNEL.
>> :
>> :      USE OF THIS SYSTEM CONSTITUTES CONSENT TO SUCH MONITORING.
>> :
>> :
>> : Last login: Fri Jan  9 16:55:22 2009 from artemis
>> :
>> : MadDaemon at tracker [~]$ sudo ps wax | grep http
>> : 20220  ??  Ss     0:07.43 /usr/local/sbin/httpd -DSSL
>> : 20279  ??  I      0:00.09 /usr/local/sbin/httpd -DSSL
>> : 20311  ??  I      0:00.00 /usr/local/sbin/httpd -DSSL
>> : 20518  ??  I      0:00.00 /usr/local/sbin/httpd -DSSL
>> : 20606  ??  I      0:00.01 /usr/local/sbin/httpd -DSSL
>> : 20742  ??  I      0:00.12 /usr/local/sbin/httpd -DSSL
>> : 20832  ??  I      0:00.00 /usr/local/sbin/httpd -DSSL
>> : 99321  p0  S+     0:00.00 grep http
>> : MadDaemon at tracker [~]$
>> :
>> : Any idea why Nikto isn't finding the webserver ports being open?  This
>> : is driving me up a wall...
>> :
>> : Thanks,
>> : ~MD
>
> Headers show the following (using both 80 & 443)
>
> HTTP/1.1 301 Moved Permanently
> Date: Wed, 14 Jan 2009 21:16:02 GMT
> Server: Apache
> Location: https://tracker.mydomain.tld
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
>
> HTTP/1.1 400 Bad Request
> Date: Wed, 14 Jan 2009 21:17:14 GMT
> Server: Apache
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
> I forgot to mention that 80 is a perm redirect to 443.  My bad..
>

More information about the Nikto-discuss mailing list