作成:2021年03月10日
ホストOS:Debian GNU/Linux 10.7
ゲストOS:FreeBSD 12.2-RELEASE r366954 GENERIC amd64
Web脆弱性スキャナ(Nikto2)で確認する。
gitでインストールする。
# git clone https://github.com/sullo/nikto
Cloning into 'nikto'...
remote: Enumerating objects: 44, done.
remote: Counting objects: 100% (44/44), done.
remote: Compressing objects: 100% (33/33), done.
remote: Total 6136 (delta 22), reused 27 (delta 11), pack-reused 6092
Receiving objects: 100% (6136/6136), 4.09 MiB | 2.13 MiB/s, done.
Resolving deltas: 100% (4442/4442), done.
脆弱性チェック実行
# cd /usr/local/nikto/program
# ./nikto.pl -h https://www.server-bff.net
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.XXX.XXX
+ Target Hostname: www.server-bff.net
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /CN=www.server-bff.net
Altnames: www.server-bff.net
Ciphers: TLS_AES_256_GCM_SHA384
Issuer: /C=US/O=Let's Encrypt/CN=R3
+ Start Time: 2021-03-10 10:52:30 (GMT9)
---------------------------------------------------------------------------
+ Server: Apache
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/bin/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
---省略ーーー
+ End Time: 2021-03-10 10:57:43 (GMT9) (313 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
明示されたリストを潰していく。