192.168.52.147 / 192.168.52.147 port 80
Target IP 192.168.52.147
Target hostname 192.168.52.147
Target Port 80
HTTP Server Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Site Link (Name) http://192.168.52.147:80/
Site Link (IP) http://192.168.52.147:80/

URI /
HTTP Method GET
Description Server leaks inodes via ETags, header found with file /, inode: 838422, size: 588, mtime: Sun Nov 2 13:20:24 2014
Test Links http://192.168.52.147:80/
http://192.168.52.147:80/
OSVDB Entries OSVDB-0
URI /
HTTP Method GET
Description The anti-clickjacking X-Frame-Options header is not present.
Test Links http://192.168.52.147:80/
http://192.168.52.147:80/
OSVDB Entries OSVDB-0
URI /
HTTP Method GET
Description The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
Test Links http://192.168.52.147:80/
http://192.168.52.147:80/
OSVDB Entries OSVDB-0
URI /
HTTP Method GET
Description The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Test Links http://192.168.52.147:80/
http://192.168.52.147:80/
OSVDB Entries OSVDB-0
URI /index
HTTP Method GET
Description Uncommon header 'tcn' found, with contents: list
Test Links http://192.168.52.147:80/index
http://192.168.52.147:80/index
OSVDB Entries OSVDB-0
URI /index
HTTP Method GET
Description Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.bak, index.html
Test Links http://192.168.52.147:80/index
http://192.168.52.147:80/index
OSVDB Entries OSVDB-0
URI #TEMPL_URI#
HTTP Method #TEMPL_HTTP_METHOD#
Description #TEMPL_MSG#
Test Links #TEMPL_ITEM_NAME_LINK#
#TEMPL_ITEM_IP_LINK#
OSVDB Entries OSVDB-#TEMPL_OSVDB#
URI #TEMPL_URI#
HTTP Method #TEMPL_HTTP_METHOD#
Description #TEMPL_MSG#
Test Links #TEMPL_ITEM_NAME_LINK#
#TEMPL_ITEM_IP_LINK#
OSVDB Entries OSVDB-#TEMPL_OSVDB#
URI #TEMPL_URI#
HTTP Method #TEMPL_HTTP_METHOD#
Description #TEMPL_MSG#
Test Links #TEMPL_ITEM_NAME_LINK#
#TEMPL_ITEM_IP_LINK#
OSVDB Entries OSVDB-#TEMPL_OSVDB#
URI #TEMPL_URI#
HTTP Method #TEMPL_HTTP_METHOD#
Description #TEMPL_MSG#
Test Links #TEMPL_ITEM_NAME_LINK#
#TEMPL_ITEM_IP_LINK#
OSVDB Entries OSVDB-#TEMPL_OSVDB#
URI #TEMPL_URI#
HTTP Method #TEMPL_HTTP_METHOD#
Description #TEMPL_MSG#
Test Links #TEMPL_ITEM_NAME_LINK#
#TEMPL_ITEM_IP_LINK#
OSVDB Entries OSVDB-#TEMPL_OSVDB#
URI /
HTTP Method OPTIONS
Description Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
Test Links http://192.168.52.147:80/
http://192.168.52.147:80/
OSVDB Entries OSVDB-0
URI /
HTTP Method TRACE
Description HTTP TRACE method is active, suggesting the host is vulnerable to XST
Test Links http://192.168.52.147:80/
http://192.168.52.147:80/
OSVDB Entries OSVDB-877
URI /server-status
HTTP Method GET
Description /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.
Test Links http://192.168.52.147:80/server-status
http://192.168.52.147:80/server-status
OSVDB Entries OSVDB-561
URI /phpmyadmin/changelog.php
HTTP Method GET
Description Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5
Test Links http://192.168.52.147:80/phpmyadmin/changelog.php
http://192.168.52.147:80/phpmyadmin/changelog.php
OSVDB Entries OSVDB-0
URI /phpmyadmin/changelog.php
HTTP Method GET
Description /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
Test Links http://192.168.52.147:80/phpmyadmin/changelog.php
http://192.168.52.147:80/phpmyadmin/changelog.php
OSVDB Entries OSVDB-3092
URI /icons/
HTTP Method GET
Description /icons/: Directory indexing found.
Test Links http://192.168.52.147:80/icons/
http://192.168.52.147:80/icons/
OSVDB Entries OSVDB-3268
URI /README
HTTP Method GET
Description /README: README file found.
Test Links http://192.168.52.147:80/README
http://192.168.52.147:80/README
OSVDB Entries OSVDB-3092
URI /INSTALL.txt
HTTP Method GET
Description /INSTALL.txt: Default file found.
Test Links http://192.168.52.147:80/INSTALL.txt
http://192.168.52.147:80/INSTALL.txt
OSVDB Entries OSVDB-3092
URI /icons/README
HTTP Method GET
Description /icons/README: Apache default file found.
Test Links http://192.168.52.147:80/icons/README
http://192.168.52.147:80/icons/README
OSVDB Entries OSVDB-3233
URI /phpmyadmin/
HTTP Method GET
Description /phpmyadmin/: phpMyAdmin directory found
Test Links http://192.168.52.147:80/phpmyadmin/
http://192.168.52.147:80/phpmyadmin/
OSVDB Entries OSVDB-0
URI /phpmyadmin/Documentation.html
HTTP Method GET
Description /phpmyadmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
Test Links http://192.168.52.147:80/phpmyadmin/Documentation.html
http://192.168.52.147:80/phpmyadmin/Documentation.html
OSVDB Entries OSVDB-3092
URI /server-status
HTTP Method GET
Description /server-status: Apache server-status interface found (pass protected)
Test Links http://192.168.52.147:80/server-status
http://192.168.52.147:80/server-status
OSVDB Entries OSVDB-0

Host Summary
Start Time 2018-03-14 21:01:10
End Time 2018-03-14 21:01:41
Elapsed Time 31 seconds
Statistics 7534 requests, 0 errors, 23 findings

Scan Summary
Software Details Nikto 2.1.6
CLI Options -h 192.168.52.147 -o bWapp-nikto.html -Format html
Hosts Tested 1
Start Time Wed Mar 14 21:01:10 2018
End Time Wed Mar 14 21:01:41 2018
Elapsed Time 31 seconds