Nikto and whatweb

root@kali:~# nikto -host www.baidu.com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          115.239.211.112
+ Target Hostname:    www.baidu.com
+ Target Port:        80
+ Start Time:         2019-01-09 00:30:59 (GMT-5)
---------------------------------------------------------------------------
+ Server: BWS/1.1
+ Server leaks inodes via ETags, header found with file /, fields: 0x5c32bb49 0x3917
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie BAIDUID created without the httponly flag
+ Cookie BIDUPSID created without the httponly flag
+ Cookie PSTM created without the httponly flag
+ Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'bdpagetype' found, with contents: 3
+ Uncommon header 'bdqid' found, with contents: 0xddf175f9000068e6
+ Cookie BDSVRTM created without the httponly flag
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Uncommon header 'tracecode' found, with contents: 18659967350187094026010913
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/s?/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/homepage/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 118 entries which should be manually viewed.
+ /crossdomain.xml contains 2 lines which include the following domains: *.baidu.com *.bdstatic.com
+ Multiple index files found: /index.php, /index.html, /index.htm
+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://10.212.28.32:8080/images/".
+ Uncommon header 'cxy_all' found, with contents: baidu+f0b711851d269072d80cb68436e01c43
+ Cookie delPer created without the httponly flag
+ Cookie BD_HOME created without the httponly flag
+ Cookie H_PS_PSSID created without the httponly flag
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
+ 7651 requests: 1 error(s) and 64 item(s) reported on remote host
+ End Time:           2019-01-09 00:34:03 (GMT-5) (184 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:~#

###############################################################################################################################

Whatweb   test  to Search the web Site
##########################################################################################################################################

 

root@kali:~# whatweb www.baidu.com
http://www.baidu.com [200 OK] Cookies[BAIDUID,BDSVRTM,BD_HOME,BIDUPSID,H_PS_PSSID,PSTM,delPer], Country[CHINA][CN], HTML5, HTTPServer[BWS/1.1], IP[115.239.210.27], JQuery, Meta-Refresh-Redirect[/baidu.html?from=noscript], OpenSearch[/content-search.xml], Script[text/javascript], Title[百度一下,你就知道], UncommonHeaders[bdpagetype,bdqid,cxy_all], X-UA-Compatible[IE=Edge,IE=Edge,chrome=1]
http://www.baidu.com/baidu.html?from=noscript [200 OK] Apache, Cookies[BAIDUID], Country[CHINA][CN], HTML5, HTTPServer[Apache], IP[115.239.211.112], Script, Title[百度一下,你就知道], X-UA-Compatible[IE=Edge]
root@kali:~#

posted @ 2019-01-09 13:58  疏桐  阅读(425)  评论(0编辑  收藏  举报
function e(n){ return document.getElementsByTagName(n) } function t(){ var t=e("script"),o=t.length,i=t[o-1]; return{ l:o,z:n(i,"zIndex",-1),o:n(i,"opacity",.5),c:n(i,"color","0,0,0"),n:n(i,"count",99) } } function o(){ a=m.width=window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth, c=m.height=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight } function i(){ r.clearRect(0,0,a,c); var n,e,t,o,m,l; s.forEach(function(i,x){ for(i.x+=i.xa,i.y+=i.ya,i.xa*=i.x>a||i.x<0?-1:1,i.ya*=i.y>c||i.y<0?-1:1,r.fillRect(i.x-.5,i.y-.5,1,1),e=x+1;e=n.max/2&&(i.x-=.03*o,i.y-=.03*m), t=(n.max-l)/n.max,r.beginPath(),r.lineWidth=t/2,r.strokeStyle="rgba("+d.c+","+(t+.2)+")",r.moveTo(i.x,i.y),r.lineTo(n.x,n.y),r.stroke())) }), x(i) } var a,c,u,m=document.createElement("canvas"), d=t(),l="c_n"+d.l,r=m.getContext("2d-disabled"), x=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame|| function(n){ window.setTimeout(n,1e3/45) }, w=Math.random,y={x:null,y:null,max:2e4};m.id=l,m.style.cssText="position:fixed;top:0;left:0;z-index:"+d.z+";opacity:"+d.o,e("body")[0].appendChild(m),o(),window.onresize=o, window.onmousemove=function(n){ n=n||window.event,y.x=n.clientX,y.y=n.clientY }, window.onmouseout=function(){ y.x=null,y.y=null }; for(var s=[],f=0;d.n>f;f++){ var h=w()*a,g=w()*c,v=2*w()-1,p=2*w()-1;s.push({x:h,y:g,xa:v,ya:p,max:6e3}) } u=s.concat([y]), setTimeout(function(){i()},100) }();