└─$ proxychains -f proxychains4.conf nikto -host 172.16.4.120 2>/dev/null- Nikto v2.5.0---------------------------------------------------------------------------+ Target IP: 172.16.4.120+ Target Hostname: 172.16.4.120+ Target Port: 80+ Start Time: 2023-05-14 01:08:48 (GMT2)---------------------------------------------------------------------------+ Server: Apache/2.4.18 (Ubuntu)+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/+ No CGI Directories found (use '-C all' to force check all possible dirs)+ Apache/2.4.18 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.+ /images: IP address found in the 'location' header. The IP is "127.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed+ /images: The web server may reveal its internal or real IP in the Location header via a request to with HTTP/1.0. The value is "127.0.1.1". See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0649+ /: Server may leak inodes via ETags, header found with file /, inode: a8e5, size: 59dee0804bdaa, mtime: gzip. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418+ OPTIONS: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS .+ /web/: Directory indexing found.+ /client/: Cookie PHPSESSID created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies+ /client/: This might be interesting.+ /css/: Directory indexing found.+ /css/: This might be interesting.+ /web/: This might be interesting.+ /images/: Directory indexing found.+ /icons/README: Apache default file found. See: https://www.vntweb.co.uk/apache-restricting-access-to-iconsreadme/+ 8103 requests: 0 error(s) and 15 item(s) reported on remote host+ End Time: 2023-05-14 01:13:10 (GMT2) (262 seconds)
