- Nikto v2.5.0 --------------------------------------------------------------------------- + Multiple IPs found: 3.132.188.58, 18.217.41.48 + Target IP: 3.132.188.58 + Target Hostname: arstechnica.com + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /CN=*.arstechnica.com Altnames: *.arstechnica.com, arstechnica.com Ciphers: ECDHE-RSA-AES128-GCM-SHA256 Issuer: /C=US/O=Amazon/CN=Amazon RSA 2048 M01 + Start Time: 2024-04-13 01:11:06 (GMT-4) --------------------------------------------------------------------------- + Server: nginx/1.25.4 + /: Retrieved x-powered-by header: PHP/8.1.19. + /:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + /: Link header found with value: ; rel="https://api.w.org/". See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link + /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + /dWc49eZl.gif: Cookie ars_user created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /dWc49eZl.: Uncommon header 'x-redirect-by' found, with contents: WordPress. + : Server banner changed from 'nginx/1.25.4' to 'awselb/2.0'. + /robots.txt: Entry '/wp-content/plugins/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /civis/admin.php: Cookie xf_csrf created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies + /robots.txt: Entry '/civis/admin.php' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: Entry '/search/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: Entry '/civis/search/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: Entry '/wp-content/themes/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: Entry '/civis/login/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: Entry '/civis/members/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: Entry '/civis/help/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file + /robots.txt: contains 40 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt + /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/ + Server is using a wildcard certificate: *.arstechnica.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate + /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php. + /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013 + /server/: Possibly Macromedia JRun or CRX WebDAV upload. + /search/htx/sqlqhit.asp: Uncommon header 'x-elasticpress-query' found, with contents: true. + 10413 requests: 0 error(s) and 23 item(s) reported on remote host + End Time: 2024-04-13 01:29:10 (GMT-4) (1084 seconds) --------------------------------------------------------------------------- + 1 host(s) tested