Scan report for "www.iitmjanakpuri.com"

  1. Nikto Online
  2. Scan report for "www.iitmjanakpuri.com"
Membership level: Free member
Summary

Found

133

Duration

1min 1sec

Date

2025-01-17

IP

104.21.32.1

Report
Nikto scan (max 60 sec) (nikto -host www.iitmjanakpuri.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.21.32.1, 104.21.16.1, 104.21.48.1, 104.21.112.1, 104.21.80.1, 104.21.64.1, 104.21.96.1, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:3001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:1001, 2606:4700:3030::6815:7001
+ Target IP:          104.21.32.1
+ Target Hostname:    www.iitmjanakpuri.com
+ Target Port:        80
+ Start Time:         2025-01-17 00:14:31 (GMT-8)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=1039&min_rtt=780&rtt_var=669&sent=8&recv=7&lost=0&retrans=0&sent_bytes=7409&recv_bytes=600&delivery_rate=8044444&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ All CGI directories 'found', use '-C none' to test none
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin.
+ /cgi.cgi/finger.pl: finger other users, may be other commands?.
+ /webcgi/finger.pl: finger other users, may be other commands?.
+ /cgi-915/finger.pl: finger other users, may be other commands?.
+ /bin/finger.pl: finger other users, may be other commands?.
+ /cgi/finger.pl: finger other users, may be other commands?.
+ /cgi-sys/finger.pl: finger other users, may be other commands?.
+ /cgi-local/finger.pl: finger other users, may be other commands?.
+ /htbin/finger.pl: finger other users, may be other commands?.
+ /cgi-win/finger.pl: finger other users, may be other commands?.
+ /fcgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-exe/finger.pl: finger other users, may be other commands?.
+ /cgi-perl/finger.pl: finger other users, may be other commands?.
+ /scgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-915/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /ows-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-sys/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgibin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgis/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-win/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /fcgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-perl/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
+ /webcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-914/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-915/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-sys/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /htbin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgis/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /scripts/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-exe/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-home/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-perl/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-mod/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /webcgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgibin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgis/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /fcgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-exe/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-home/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin-sdb/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /tsweb/: Microsoft TSAC found. See: https://web.archive.org/web/20040910030506/http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.
+ /prd.i/pgen/: Has MS Merchant Server 1.0.
+ /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
+ /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
+ /cgi.cgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-sys/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-local/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgis/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-win/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-exe/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-home/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /scgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi.cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /webcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-914/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /mpcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /ows-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /htbin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-win/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-home/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-bin-sdb/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /typo3conf/: This may contain sensitive TYPO3 files.
+ /typo/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo3/typo3conf/: This may contain sensitive TYPO3 files.
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo/typo3conf/database.sql: TYPO3 SQL file found.
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /_cti_pvt/: FrontPage directory found.
+ /cgi.cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /webcgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-915/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /scgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin-sdb/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /webcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
+ /cgi-915/nph-error.pl: Gives more information in error messages.
+ /bin/nph-error.pl: Gives more information in error messages.
+ /cgi/nph-error.pl: Gives more information in error messages.
+ /mpcgi/nph-error.pl: Gives more information in error messages.
+ /cgi-sys/nph-error.pl: Gives more information in error messages.
+ /cgi-local/nph-error.pl: Gives more information in error messages.
+ /scripts/nph-error.pl: Gives more information in error messages.
+ /cgi-perl/nph-error.pl: Gives more information in error messages.
+ /cgi-bin-sdb/nph-error.pl: Gives more information in error messages.
+ /cgi-mod/nph-error.pl: Gives more information in error messages.
+ /cgi.cgi/test-cgi.tcl: May echo environment variables or give directory listings.
+ /webcgi/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-914/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-915/test-cgi.tcl: May echo environment variables or give directory listings.
+ /bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /mpcgi/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-sys/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-local/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgibin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgis/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-exe/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-perl/test-cgi.tcl: May echo environment variables or give directory listings.
+ /scgi-bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ Scan terminated: 0 error(s) and 133 item(s) reported on remote host
+ End Time:           2025-01-17 00:15:32 (GMT-8) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
www.iitmjanakpuri.com
Target IP
104.21.32.1
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host www.iitmjanakpuri.com -maxtime 60
Duration
Quick report
Scan date
17 Jan 2025 03:15
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID