Scan report for "testphp.vulnweb.com"

Membership level: Free member
Nikto scan (max 60 sec) (nikto -host testphp.vulnweb.com -maxtime 60)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          44.228.249.3
+ Target Hostname:    testphp.vulnweb.com
+ Target Port:        80
+ Start Time:         2024-04-27 04:48:58 (GMT-4)
---------------------------------------------------------------------------
+ Server: nginx/1.19.0
+ /: Retrieved x-powered-by header: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1.
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /clientaccesspolicy.xml contains a full wildcard entry. See: https://docs.microsoft.com/en-us/previous-versions/windows/silverlight/dotnet-windows-silverlight/cc197955(v=vs.95)?redirectedfrom=MSDN
+ /clientaccesspolicy.xml contains 12 lines which should be manually viewed for improper domains or wildcards. See: https://www.acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file/
+ /crossdomain.xml contains a full wildcard entry. See: http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html
+ Scan terminated: 20 error(s) and 5 item(s) reported on remote host
+ End Time:           2024-04-27 04:49:28 (GMT-4) (30 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Color Scheme
Target
testphp.vulnweb.com
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host testphp.vulnweb.com -maxtime 60
Scan time
30s
Scan date
27 Apr 2024 04:49
Copy scan report
Download report
Remove scan result
$
Total scans
About 10+ times
Some firewalls blocks Nikto. For get true positive results add nikto.online IP addresses (172.96.166.66-172.96.166.70 or CIDR 172.96.166.64/29) to the whitelist
[scan_method]
Visibility:
Scan method: