nikto收集漏洞信息

在Linux安装软件： yum install nikto -y

使用软件： [root@GaoPengJu ~]# nikto -h blog.dajiqq.com

• RFIURL is not defined in nikto.conf--no RFI tests will run
• SSL support not available (see docs for SSL install)
• Nikto v2.1.6

• Target IP: 42.51.201.93
• Target Hostname: blog.dajiqq.com
• Target Port: 80
• Start Time: 2019-05-13 05:52:23 (GMT0)

• Server: Apache
• Retrieved x-powered-by header: PHP/7.0.33
• The anti-clickjacking X-Frame-Options header is not present.
• The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
• The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
• No CGI Directories found (use '-C all' to force check all possible dirs)
• Server leaks inodes via ETags, header found with file /, fields: 0x52e 0x54e0d47a39ec0
• Web Server returns a valid response with junk HTTP methods, this may cause false positives.
• DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
• OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
• OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
• OSVDB-3092: /LICENSE.txt: License file found may identify site software.
• /admin/login.php: Admin login page/section found.
• 5052 requests: 0 error(s) and 11 item(s) reported on remote host
• End Time: 2019-05-13 05:53:04 (GMT0) (41 seconds)

• 1 host(s) tested

可以将网站的漏洞进行扫描出来