- Target Hostname: blueskyplzv4fsti.onion
- Target Port: 80
+ Start Time: 2013-12-24 04:11:26 (GMT0)
- Server: No banner retrieved
- The anti-clickjacking X-Frame-Options header is not present.
- Cookie cc created without the httponly flag
- Cookie sess created without the httponly flag
- Root page / redirects to: http://blueskyplzv4fsti.onion/auth/login
- No CGI Directories found (use '-C all' to force check all possible dirs)
- OSVDB-28260: /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. CVE-2000-0413, CVE-2000-0709, CVE-2000-0710, http://www.securityfocus.com/bid/1608, http://www.securityfocus.com/bid/1174.
- OSVDB-28260: /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings.
- OSVDB-3092: /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals: We seem to have authoring access to the FrontPage web.
- OSVDB-3092: /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals: We seem to have authoring access to the FrontPage web.
- OSVDB-3093: /acartpath/signin.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /homebet/homebet.dll?form=menu&option=menu-signin: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /idealbb/error.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /myguestBk/add1.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /myguestBk/admin/index.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /netget?sid=Safety&msg=2002&file=Safety: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /productcart/pc/Custva.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /sw000.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
- OSVDB-3093: /.htaccess: Contains authorization information
- OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version.
- 6544 items checked: 2877 error(s) and 23 item(s) reported on remote host
+ End Time: 2013-12-24 06:28:44 (GMT0) (8238 seconds)
1 host(s) tested
Target Hostname: fmkt3wixc772jxyj.onion
Target Port: 80
+ Start Time: 2013-12-24 04:12:07 (GMT0)
- Server: Apache/2.2.22 (Ubuntu) mod_ssl/2.2.22 OpenSSL/1.0.1 mod_wsgi/3.3 Python/2.7.3
- The anti-clickjacking X-Frame-Options header is not present.
- Cookie csrf_protection created without the httponly flag
- Cookie bwsession created without the httponly flag
- Root page / redirects to: http://fmkt3wixc772jxyj.onion/login
- No CGI Directories found (use '-C all' to force check all possible dirs)
- Server leaks inodes via ETags, header found with file /robots.txt, inode: 2882426, size: 26, mtime: 0x4ed20993c7801
- File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- "robots.txt" contains 1 entry which should be manually viewed.
- mod_ssl/2.2.22 appears to be outdated (current is at least 2.8.31) (may depend on server version)
- mod_wsgi/3.3 appears to be outdated (current is at least 4.0)
- OpenSSL/1.0.1 appears to be outdated (current is at least 1.0.1c). OpenSSL 0.9.8r is also current.
- mod_ssl/2.2.22 OpenSSL/1.0.1 mod_wsgi/3.3 Python/2.7.3 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
- OSVDB-3092: /login/: This might be interesting...
- OSVDB-3092: /register/: This might be interesting...
- OSVDB-3233: /icons/README: Apache default file found.
- 6544 items checked: 14 error(s) and 13 item(s) reported on remote host
+ End Time: 2013-12-24 06:06:41 (GMT0) (6874 seconds)
- 1 host(s) tested user@host:~/Downloads/nikto-2.1.5$
For those of us who do not read computer so well, can you break this down?