root@kali:~# nikto -host www.baidu.com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          115.239.211.112
+ Target Hostname:    www.baidu.com
+ Target Port:        80
+ Start Time:         2019-01-09 00:30:59 (GMT-5)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Server leaks inodes via ETags, header found with file /, fields: 0x5c32bb49 0x3917
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie BAIDUID created without the httponly flag
+ Cookie BIDUPSID created without the httponly flag
+ Cookie PSTM created without the httponly flag
+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'bdpagetype' found, with contents: 3
+ Uncommon header 'bdqid' found, with contents: 0xddf175f9000068e6
+ Cookie BDSVRTM created without the httponly flag
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Uncommon header 'tracecode' found, with contents: 18659967350187094026010913
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 118 entries which should be manually viewed.
+ /crossdomain.xml contains 2 lines which include the following domains: *.baidu.com *.bdstatic.com
+ Multiple index files found: /index.php, /index.html, /index.htm
+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://10.212.28.32:8080/images/".
+ Uncommon header 'cxy_all' found, with contents: baidu+f0b711851d269072d80cb68436e01c43
+ Cookie delPer created without the httponly flag
+ Cookie BD_HOME created without the httponly flag
+ Cookie H_PS_PSSID created without the httponly flag
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
+ 7651 requests: 1 error(s) and 64 item(s) reported on remote host
+ End Time:           2019-01-09 00:34:03 (GMT-5) (184 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:~#

###############################################################################################################################

Whatweb   test  to Search the web Site
##########################################################################################################################################

root@kali:~# whatweb www.baidu.com
http://www.baidu.com [200 OK] Cookies[BAIDUID,BDSVRTM,BD_HOME,BIDUPSID,H_PS_PSSID,PSTM,delPer], Country[CHINA][CN], HTML5, HTTPServer[BWS/1.1], IP[115.239.210.27], JQuery, Meta-Refresh-Redirect[/baidu.html?from=noscript], OpenSearch[/content-search.xml], Script[text/javascript], Title[百度一下,你就知道], UncommonHeaders[bdpagetype,bdqid,cxy_all], X-UA-Compatible[IE=Edge,IE=Edge,chrome=1]
http://www.baidu.com/baidu.html?from=noscript [200 OK] Apache, Cookies[BAIDUID], Country[CHINA][CN], HTML5, HTTPServer[Apache], IP[115.239.211.112], Script, Title[百度一下,你就知道], X-UA-Compatible[IE=Edge]
root@kali:~#

Nikto and whatweb的更多相关文章

  1. Whatweb网站指纹信息收集工具

    常规扫描:whatweb www.baidu.com 批量扫描: whatweb -i /root/12.txt 详细回显扫描:whatweb -v www.baidu.com 加强扫描强度:what ...

  2. 网站指纹识别工具——WhatWeb v0.4.7发布

      WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务 ...

  3. whatweb

    WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务器. ...

  4. 用Nikto探测一个网站所用到的技术

    Nikto是一款开源的(GPL)网页服务器扫描器,它可以对网页服务器进行全面的多种扫描,包含超过3300种有潜在危险的文件/CGIs:超过 625种服务器版本:超过230种特定服务器问题,包括多种有潜 ...

  5. Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说。。。

    Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说... root@xi4ojin:~# cd ...

  6. backtrack下whatweb的使用

    whatweb是backtrack下的一款Web识别工具,位于 Applications-->BackTrack-->Information Gathing-->Web Applic ...

  7. 小白日记28:kali渗透测试之Web渗透-扫描工具-Nikto

    扫描工具-Nikto #WEB渗透 靶机:metasploitable 靶场:DVWA[默认账号/密码:admin/password] #新手先将DVWA的安全性,调到最低,可容易发现漏洞 侦察[减少 ...

  8. New ipad安装Perl支持安装nikto

    Title:New ipad安装Perl支持安装nikto --2012-11-15 09:47 New Ipad 越了后. ssh new ipad 进入目录 cd /tmp 下载Key文件 wge ...

  9. Nikto主动扫描神器!!!

    Perl语言开发的开源web安全扫描器 Nikto只支持主动扫描:可扫描web服务器类型是不是最新版本(分析先版本与新版相比有哪些漏洞) 针对:1.软件版本.2.搜索存在安全隐患的文件.3.服务器配置 ...

随机推荐

  1. apply和call与this

    函数本身的apply方法,改变this指向哪个对象: function getAge() { var y = new Date().getFullYear(); return y - this.bir ...

  2. php函数 array_change_key_cash

    array_change_key_case ( array $array [, int $case = CASE_LOWER ] ) : array array_change_key_case() 将 ...

  3. Java并发编程:volatile关键字解析(转载)

    转自https://www.cnblogs.com/dolphin0520/p/3920373.html Java并发编程:volatile关键字解析   Java并发编程:volatile关键字解析 ...

  4. java对象池commons-pool-1.6详解(一)

    自己的项目中用到了 对象池 commons-pool: package com.sankuai.qcs.regulation.protocol.client; import com.dianping. ...

  5. python json数据的转换

    1  Python数据转json字符串 import json json_str = json.dumps(py_data) 参数解析: json_str = json.dumps(py_data,s ...

  6. 2.8 hashlib模块

  7. vmware(1):vmware中的bridge、nat、host-only的区别

    VMWare提供了三种工作模式,它们是bridged(桥接模式).NAT(网络地址转换模式)和host-only(主机模式) bridged(桥接模式) 在这种模式下,VMWare虚拟出来的操作系统就 ...

  8. MySQL_关于索引空间的的一些记录

    一.清理普通索引占用的空间 问:对表中存在的k列(非主键)的普通索引执行以下重建操作,有什么影响? alter table T drop index k; alter table T add inde ...

  9. 点评cat系列-应用集成

    ========================消息的基本属性========================消息的几个属性:type: 定义消息的 category, 比如 SQL 或 RPC 或 ...

  10. 你从未听说过的 JavaScript 早期特性

    最近这些年在对 JavaScript 进行考古时,发现网景时代的 JavaScipt 实现,存在一些鲜为人知的特性,我从中挑选几个有趣的说一下. Object.prototype.eval() 方法 ...