httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Help with newbie configuration on Win32/nikto problems
Date Sun, 10 Oct 2004 18:25:07 GMT
Trying to use Nikto to verify my win32 WinXP SP2 SSL hand-compiled 
Apache server. (I know, I should use a REAL O/S, but I am not in the 
position right now to make the leap, as of yet).  

Apache 2.0.52
running nikto 1.34

Here is my output:

> perl -h localhost
- Nikto 1.34/1.29 -
+ Target IP:
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Fri Oct 8 21:14:55 2004
- Scan is dependent on "Server" string which can be faked, use -g to 
+ Server: Apache
- Server did not understand HTTP 1.1, switching to HTTP 1.0
+ Server does not respond with '404' for error messages (uses '400').
+ This may increase false-positives.
+ HTTP method 'TRACE' is typically only used for debugging. It should be 
+ / - Appears to be a default Apache install. (GET)
+ /icons/ - Directory indexing is enabled, it should only be enabled for 
specific directories (if required). If indexing is not used all, the 
/icons directory should be removed. (GET)
+ 2449 items checked - 2 item(s) found on remote host(s)
+ End Time: Fri Oct 8 21:16:46 2004 (111 seconds)
+ 1 host(s) tested

> perl -h localhost -p 443
- Nikto 1.34/1.29 -
+ No HTTP(s) ports found on localhost / 443
+ 1 host(s) tested


Ok, why doesn't it see port 443 as SSL? 
netstat -an reports:
  TCP              LISTENING

I can get to it using https://localhost/ all day long and I have 
installed the NET::SSLealy plugin, otherwise I would get a message that 
SSL wasn't available at all.  

Why does it say that HTTP 1.1 isn't supported?

Is the 400 vs. 404 issue a problem?

As to the TRACE option, I am loading the rewrite module and have:
RewriteEngine On
RewriteRule .* - [F]
at the end of my httpd.conf file, but still no soap.

Is this "+ / - Appears to be a default Apache install. (GET)" a problem? 
If so, what can I do about it?

Please advise about any other part of my httpd.conf file or other file I 
need to post.

Any help would be greatly appreciated.


View raw message