Scan is dependent on "Server" string which can be faked, use -g to override
|
Server: Apache
|
| /robots.txt |
--> contains 1 'disallow' entry which should be manually viewed (added to mutation file lists) (GET).
|
Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE
|
HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-877.
|
| /icons/ |
--> Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed. (GET)
|
| /.bashrc |
--> User home dir was found with a shell rc file. This may reveal file and path information. (GET)
|
| / |
| --> TRACE option |
--> appearsto allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
|
| /info.php |
--> Contains PHP configuration information (GET)
|
| /manual/ |
--> Web server manual? tsk tsk. (GET)
|
| /webmail/ |
--> Web based mail package installed. (GET)
|
| /files/ |
--> This might be interesting... (GET)
|
| /ftp/ |
--> This might be interesting... (GET)
|
| /info/ |
--> This might be interesting... (GET)
|
| /js |
| --> Redirects to http://www.abc-inc.ca/js/ |
--> This might be interesting...
|
| /pics/ |
--> This might be interesting... (GET)
|
| /pks/lookup |
| --> Redirects to http://www.abc-inc.ca/pks/lookup/ |
--> This might be interesting... has been seen in web logs from an unknown scanner.
|
| 14362 items checked |
--> 11 item(s) found on remote host(s)
|
End Time: Thu Mar 23 14:57:20 2006 (4769 seconds)
|
