使用软件:
[root@GaoPengJu ~]# nikto -h blog.dajiqq.com
RFIURL is not defined in nikto.conf--no RFI tests will run
SSL support not available (see docs for SSL install)
Nikto v2.1.6
Target IP: 42.51.201.93
Target Hostname: blog.dajiqq.com
Target Port: 80
Start Time: 2019-05-13 05:52:23 (GMT0)
Server: Apache
Retrieved x-powered-by header: PHP/7.0.33
The anti-clickjacking X-Frame-Options header is not present.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
No CGI Directories found (use '-C all' to force check all possible dirs)
Server leaks inodes via ETags, header found with file /, fields: 0x52e 0x54e0d47a39ec0
Web Server returns a valid response with junk HTTP methods, this may cause false positives.
OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
OSVDB-3092: /LICENSE.txt: License file found may identify site software.
/admin/login.php: Admin login page/section found.
5052 requests: 0 error(s) and 11 item(s) reported on remote host