Scan report for "duckduckgo.com"

  1. Nikto Online
  2. Scan report for "duckduckgo.com"
Membership level: Free member
Summary

Found

-

Duration

1min 1sec

Date

2024-08-17

IP

-

Report
Nikto scan (max 60 sec) (nikto -host duckduckgo.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Target IP:          52.149.246.39
+ Target Hostname:    duckduckgo.com
+ Target Port:        80
+ Start Time:         2024-08-17 03:11:57 (GMT-4)
---------------------------------------------------------------------------
+ Server: nginx
+ Root page / redirects to: https://duckduckgo.com/
+ /em3NRXoF.php_bak:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /em3NRXoF.php_bak: Uncommon header 'server-timing' found, with contents: total;dur=37;desc="Backend Total [d]".
+ /em3NRXoF.php_bak: Uncommon header 'x-duckduckgo-results' found, with contents: 1.
+ /em3NRXoF.php_bak: Uncommon header 'x-duckduckgo-locale' found, with contents: en_US.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt: contains 10 entries which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ Multiple index files found: /index.do, /default.htm, /index.shtml, /index.xml, /index.jsp, /index.jhtml, /index.html, /index.htm.
+ /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614
+ /bigconf.cgi: BigIP Configuration CGI.
+ /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
+ /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
+ /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
+ /readme.eml: Remote server may be infected with the Nimda virus.
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /vider.php3: MySimpleNews may allow deleting of news items without authentication. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2320
+ /wa.exe: An ASP page that allows attackers to upload files to server.
+ /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ /vchat/msg.txt: VChat allows user information to be retrieved. See: https://www.securityfocus.com/bid/7186/info
+ /webcart-lite/config/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /webcart-lite/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /webcart/config/clients.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /webcart/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /ws_ftp.ini: Can contain saved passwords for FTP sites.
+ /WS_FTP.ini: Can contain saved passwords for FTP sites.
+ /quikstore.cfg: Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0607
+ /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
+ /LOGIN.PWD: MIPCD password file with unencrypted passwords. MIPDCD should not have the web interface enabled.
+ /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1247
+ /clusterframe.jsp?cluster=<script>alert(document.cookie)</script>: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack. See: OSVDB-2876
+ /666%0a%0a<script>alert('Vulnerable');</script>666.jsp: Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS).
+ /setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P: CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938
+ /launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504
+ /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next BadBlue test (B) for possible exploit. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0595
+ /dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /chat/!nicks.txt: WF-Chat 1.0 Beta allows retrieval of user information. See: OSVDB-59646
+ /chat/!pwds.txt: WF-Chat 1.0 Beta allows retrieval of user information. See: OSVDB-59645
+ /cplogfile.log: XMB Magic Lantern forum 1.6b final log file is readable remotely. Upgrade to the latest version. See: https://securitytracker.com/id/1004318,http://www.xmbforum.com
+ /sqldump.sql: Database SQL?.
+ /structure.sql: Database SQL?.
+ /ip.txt: This may be User Online version 2.0, which has a remotely accessible log file.
+ /logicworks.ini: web-erp 0.1.4 and earlier allow .ini files to be read remotely. See: OSVDB-59536
+ /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0484
+ /SetSecurity.shm: Cisco System's My Access for Wireless. This resource should be password protected.
+ /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080. See: OSVDB-3126
+ /sitemap.xml: This gives a nice listing of the site content.
+ /blahb.ida: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/MS01-033. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500
+ /blahb.idq: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/MS01-033. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500
+ /users.lst: LocalWEB2000 users.lst passwords found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1353
+ /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information. See: OSVDB-13405
+ /counter/1/n/n/0/3/5/0/a/123.gif: The Roxen Counter may eat up excessive CPU time with image requests. See: OSVDB-155
+ /wwwboard/passwd.txt: The wwwboard password file is browsable. Change wwwboard to store this file elsewhere, or upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0930
+ /buddies.blt: Buddy List?.
+ /buddy.blt: Buddy List?.
+ /buddylist.blt: Buddy List?.
+ /sqlnet.log: Oracle log file found.
+ /access.log: This might be interesting.
+ /admin.shtml: This might be interesting.
+ /awebvisit.stat: This might be interesting.
+ /dan_o.dat: This might be interesting.
+ /hits.txt: This might be interesting.
+ /log.txt: This might be interesting.
+ /logfile.txt: This might be interesting.
+ Scan terminated: 0 error(s) and 64 item(s) reported on remote host
+ End Time:           2024-08-17 03:12:58 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
duckduckgo.com
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host duckduckgo.com -maxtime 60
Duration
Quick report
Scan date
17 Aug 2024 03:13
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID