网站漏洞

如何扫描网站的漏洞

小新
242
2021-01-16 08:25:06
栏目: 云计算

如何扫描网站的漏洞

扫描网站漏洞的方法:

可以使用Nikto开源Web服务器扫描程序来扫描网站的漏洞,比如扫描使用SSL的网站以pbs.org为例:

使用命令:“nikto -h pbs.org -ssl”来扫描,得到结果如下:

- Nikto v2.1.6

------------------------------------------------------------------------------

- STATUS: Starting up!

+ Target IP: 54.225.198.196

+ Target Hostname: pbs.org

+ Traget Port: 443

------------------------------------------------------------------------------

+ SSl Info: Subject: /CN=www.pbs.org

Altnames: account.pbs.org, admin.pgs.org, dipsy-tc.pbs.org, docs.pbs.org, ga.video.cdn.pbs.org, git.pbs.org, heart.ops.pbs.org, hub-dev.pbs.org, image.pbs.org,

jaws..pbs.org, kids.pbs.org, koth-qa.svp.pbs.org, login.pbs.org, ops.pbs.org, pbs.org, player.pbs.org, projects.pbs.org, sentry.pbs.org, teacherline.pbs.org,

urs.pbs.org, video.pbs.org, weta-qa.svp.pbs.org, whut-qa.svp.pbs.org, wnet.video-qa.pbs.org, wnet.video-staging.pbs.org, www-cache.pbs.org, www.pbs.org

Ciphers: ECDHE-RSA-AES128-GCM-SHA256

Issuer: /C-US/0=Let's Encrypt/CN=Let's Encrypt Authority X3

+ Start Time: 2018-12-05 23:34:06 (GMT-8)

------------------------------------------------------------------------------

+ Server: nginx

+ The anti-clickjacking X-Frame-Options header is not present.

+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS

+ Uncommon header 'x-pbs-fwsrvname' found, with contents: fwcacheproxy1

+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.

+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type

+ Root page / redirects to: https://www.pbs.org/

+ No CGI Directories found (use '-C all' to force check all possible dirs)

+ RC-1918 IP address found in the 'x-pbs-appsvrip' header: The IP is "10.137.181.52".

+ Uncommon header 'x-cache-fs-status' found, with contents: EXPIRED

+ Uncommon header 'x-pbs-appsvrname' found, with contents: fwcacheproxy1

+ Uncommon header 'x-pbs-appsvrip' found, with contents: 10.137.181.52

+ Server leaks inodes via ETags, header found with file /pbs.org.zip, fields: 0x5b96537e 0x1678

+ 7446 requests: 0 error(s) and 10 item(s) reported on remote host

+ End Time: 2018-12-06 00:30:29 (GMT-8) (3383 seconds)

------------------------------------------------------------------------------

+ 1 host(s) tested

0
看了该问题的人还看了