root@kali:~# nikto -host www.baidu.com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          115.239.211.112
+ Target Hostname:    www.baidu.com
+ Target Port:        80
+ Start Time:         2019-01-09 00:30:59 (GMT-5)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Server leaks inodes via ETags, header found with file /, fields: 0x5c32bb49 0x3917
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie BAIDUID created without the httponly flag
+ Cookie BIDUPSID created without the httponly flag
+ Cookie PSTM created without the httponly flag
+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'bdpagetype' found, with contents: 3
+ Uncommon header 'bdqid' found, with contents: 0xddf175f9000068e6
+ Cookie BDSVRTM created without the httponly flag
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Uncommon header 'tracecode' found, with contents: 18659967350187094026010913
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 118 entries which should be manually viewed.
+ /crossdomain.xml contains 2 lines which include the following domains: *.baidu.com *.bdstatic.com
+ Multiple index files found: /index.php, /index.html, /index.htm
+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://10.212.28.32:8080/images/".
+ Uncommon header 'cxy_all' found, with contents: baidu+f0b711851d269072d80cb68436e01c43
+ Cookie delPer created without the httponly flag
+ Cookie BD_HOME created without the httponly flag
+ Cookie H_PS_PSSID created without the httponly flag
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
+ 7651 requests: 1 error(s) and 64 item(s) reported on remote host
+ End Time:           2019-01-09 00:34:03 (GMT-5) (184 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:~#

###############################################################################################################################

Whatweb   test  to Search the web Site
##########################################################################################################################################

root@kali:~# whatweb www.baidu.com
http://www.baidu.com [200 OK] Cookies[BAIDUID,BDSVRTM,BD_HOME,BIDUPSID,H_PS_PSSID,PSTM,delPer], Country[CHINA][CN], HTML5, HTTPServer[BWS/1.1], IP[115.239.210.27], JQuery, Meta-Refresh-Redirect[/baidu.html?from=noscript], OpenSearch[/content-search.xml], Script[text/javascript], Title[百度一下,你就知道], UncommonHeaders[bdpagetype,bdqid,cxy_all], X-UA-Compatible[IE=Edge,IE=Edge,chrome=1]
http://www.baidu.com/baidu.html?from=noscript [200 OK] Apache, Cookies[BAIDUID], Country[CHINA][CN], HTML5, HTTPServer[Apache], IP[115.239.211.112], Script, Title[百度一下,你就知道], X-UA-Compatible[IE=Edge]
root@kali:~#

Nikto and whatweb的更多相关文章

  1. Whatweb网站指纹信息收集工具

    常规扫描:whatweb www.baidu.com 批量扫描: whatweb -i /root/12.txt 详细回显扫描:whatweb -v www.baidu.com 加强扫描强度:what ...

  2. 网站指纹识别工具——WhatWeb v0.4.7发布

      WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务 ...

  3. whatweb

    WhatWeb是一款网站指纹识别工具,主要针对的问题是:“这个网站使用的什么技术?”WhatWeb可以告诉你网站搭建使用的程序,包括何种CMS系统.什么博客系统.Javascript库.web服务器. ...

  4. 用Nikto探测一个网站所用到的技术

    Nikto是一款开源的(GPL)网页服务器扫描器,它可以对网页服务器进行全面的多种扫描,包含超过3300种有潜在危险的文件/CGIs:超过 625种服务器版本:超过230种特定服务器问题,包括多种有潜 ...

  5. Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说。。。

    Nikto是一款Web安全扫描工具,可以扫描指定主机的web类型,主机名,特定目录,cookie,特定CGI漏洞,XSS漏洞,SQL注入漏洞等,非常强大滴说... root@xi4ojin:~# cd ...

  6. backtrack下whatweb的使用

    whatweb是backtrack下的一款Web识别工具,位于 Applications-->BackTrack-->Information Gathing-->Web Applic ...

  7. 小白日记28:kali渗透测试之Web渗透-扫描工具-Nikto

    扫描工具-Nikto #WEB渗透 靶机:metasploitable 靶场:DVWA[默认账号/密码:admin/password] #新手先将DVWA的安全性,调到最低,可容易发现漏洞 侦察[减少 ...

  8. New ipad安装Perl支持安装nikto

    Title:New ipad安装Perl支持安装nikto --2012-11-15 09:47 New Ipad 越了后. ssh new ipad 进入目录 cd /tmp 下载Key文件 wge ...

  9. Nikto主动扫描神器!!!

    Perl语言开发的开源web安全扫描器 Nikto只支持主动扫描:可扫描web服务器类型是不是最新版本(分析先版本与新版相比有哪些漏洞) 针对:1.软件版本.2.搜索存在安全隐患的文件.3.服务器配置 ...

随机推荐

  1. json文件格式详解

    JSON(JavaScript Object Notation) 是一种轻量级的数据交换格式. 易于人阅读和编写.同时也易于机器解析和生成. 它基于JavaScript Programming Lan ...

  2. IIS部署ASP.Net Core 502.5错误和解决

    在Win7的机器上部署ASP.Net Core程序,老是提示502.5错误. 已经安装了 Microsoft Visual C++ 2015 Redistributable .NET Core Win ...

  3. python中self和cls的区别

    1.self表示一个具体的实例本身.如果用了staticmethod,那么就可以无视这个self,将这个方法当成一个普通的函数使用. 2.cls表示这个类本身. >>> class ...

  4. AssetBundle打包

    为热更新打基础(xlua\tolua) 素材.源码链接:http://www.sikiedu.com/course/74/task/1812/show 一.AssetBundle的定义和作用 1,As ...

  5. 02Lua入门

    前言: 语言学起来其实相似点很多,简单整理的知识点 目录: 1.使用控制台 2.Lua基础 3.变量 4.运算符 5.控制结构 1.使用控制台 Lua脚本是包含一系列Lua命令的简单脚本(扩展名为.l ...

  6. 洛谷P4178 Tree (算竞进阶习题)

    点分治 还是一道点分治,和前面那道题不同的是求所有距离小于等于k的点对. 如果只是等于k,我们可以把重心的每个子树分开处理,统计之后再合并,这样可以避免答案重复(也就是再同一个子树中出现路径之和为k的 ...

  7. 【LOJ2586】【APIO2018】选圆圈 CDQ分治 扫描线 平衡树

    题目描述 在平面上,有 \(n\) 个圆,记为 \(c_1,c_2,\ldots,c_n\) .我们尝试对这些圆运行这个算法: 找到这些圆中半径最大的.如果有多个半径最大的圆,选择编号最小的.记为 \ ...

  8. Java 找出四位数的所有吸血鬼数字 基础代码实例

    /**  * 找出四位数的所有吸血鬼数字  * 吸血鬼数字是指位数为偶数的数字,可以由一对数字相乘而得到,而这对数字各包含乘积的一半位数的数字,其中从最初的数字中选取的数字可以任意排序.  * 以两个 ...

  9. Java EE 开发环境搭建

    1 Windows 1.1 JDK 下载: 下载地址:https://developer.oracle.com/java 安装文件:jdk-8u201-windows-x64.exe JDK 并不是越 ...

  10. 映像文件工具srec

    目录 映像文件工具srec 介绍与帮助 常用例子 常用选项 一个实际的例子 hex转bin 数据填充 文件合并 文件分割 加入CRC 查看信息 使用命令集合的文本 详细文件格式的描述 附录:MDK的例 ...