[Nikto-discuss] Nikto 2.1.5 Idle

Sullo csullo at gmail.com
Tue Dec 11 22:06:50 CST 2012


It is likely not idle, but just moving fairly slowly for whatever
reason. If you press the space bar while running it will print out a
current status after 10 requests. There are some other interactive
features as well.

http://cirt.net/nikto2-docs/usage.html#id2741122

On Tue, Dec 11, 2012 at 10:53 PM, Zaki Akhmad <zakiakhmad at gmail.com> wrote:
> Hello,
>
> I am using nikto 2.1.5 to do web application scanning. Nikto detected
> a WAF, then it's becoming idle. Nothing happened. Where I can find
> more detailed information about this?
>
> Here's the nikto result:
>
> + Server: Microsoft-IIS/7.5
> + Retrieved x-powered-by header: ASP.NET
> + Server leaks inodes via ETags, header found with file /, fields:
> 0xf649529557d4cd1:0
> + The anti-clickjacking X-Frame-Options header is not present.
> + Cookie lkLQMSULhV created without the httponly flag
> + No CGI Directories found (use '-C all' to force check all possible dirs)
> + Retrieved x-aspnet-version header: 2.0.50727
> + Uncommon header 'x-snapsis-pageblaster' found, with contents:
> v:3.4.5;c:-;x:+;r:+
> + OSVDB-630: IIS may reveal its internal or real IP in the Location
> header via a request to the /images directory. The value is
> "http://172.16.1.100/images/".
> + Server banner has changed from 'Microsoft-IIS/7.5' to
> 'Microsoft-HTTPAPI/2.0' which may suggest a WAF, load balancer or
> proxy is in place
> + Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
> + Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
> + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be
> vulnerable to DoS by repeatedly requesting this file.
>
> --
> Zaki Akhmad
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss



-- 

http://www.cirt.net     |      http://richsec.com/


More information about the Nikto-discuss mailing list