Utilisation du scanner HTTP via Nikto

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.56.108
+ Target Hostname:    192.168.56.108
+ Target Port:        80
+ Start Time:         2023-01-05 14:23:37 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.4.7 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ OSVDB-3268: /: Directory indexing found.
+ Apache/2.4.7 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS 
+ OSVDB-3268: /./: Directory indexing found.
+ /./: Appending '/./' to a directory allows indexing
+ OSVDB-3268: //: Directory indexing found.
+ //: Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page.
+ OSVDB-3268: /%2e/: Directory indexing found.
+ OSVDB-576: /%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. <http://www.securityfocus.com/bid/2513>.
+ OSVDB-3268: ///: Directory indexing found.
+ OSVDB-119: /?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269>.
+ OSVDB-119: /?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269>.
+ Retrieved x-powered-by header: PHP/5.4.5
+ OSVDB-3092: /phpmyadmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3268: ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Directory indexing found.
+ OSVDB-3288: ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Abyss 1.03 reveals directory listing when 	 /'s are requested.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpmyadmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpmyadmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ 8919 requests: 0 error(s) and 22 item(s) reported on remote host
+ End Time:           2023-01-05 14:23:57 (GMT1) (20 seconds)
---------------------------------------------------------------------------
	+ 1 host(s) tested

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.56.108
+ Target Hostname:    192.168.56.108
+ Target Port:        80
+ Start Time:         2023-01-05 14:24:34 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.4.7 (Ubuntu)
+ Retrieved x-powered-by header: PHP/5.4.5
+ The anti-clickjacking X-Frame-Options header is not present.
+ Uncommon header 'x-generator' found, with contents: Drupal 7 (<http://drupal.org>)
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ OSVDB-3268: /drupal/scripts/: Directory indexing found.
line: /UPGRADE.txt
+ Entry '/UPGRADE.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=admin/
line: /?q=filter/tips/
+ Entry '/?q=filter/tips/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=comment/reply/
line: /INSTALL.txt
line: /search/
line: /user/password/
line: /?q=user/logout/
line: /misc/
+ OSVDB-3268: /drupal/misc/: Directory indexing found.
+ Entry '/misc/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /modules/
+ OSVDB-3268: /drupal/modules/: Directory indexing found.
+ Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /user/logout/
line: /install.php
+ Entry '/install.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /comment/reply/
line: /admin/
line: /user/login/
line: /INSTALL.mysql.txt
+ Entry '/INSTALL.mysql.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /node/add/
line: /profiles/
+ OSVDB-3268: /drupal/profiles/: Directory indexing found.
+ Entry '/profiles/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=node/add/
line: /LICENSE.txt
+ Entry '/LICENSE.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /update.php
line: /CHANGELOG.txt
line: /xmlrpc.php
+ Entry '/xmlrpc.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=user/password/
+ Entry '/?q=user/password/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=user/register/
+ Entry '/?q=user/register/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /INSTALL.pgsql.txt
+ Entry '/INSTALL.pgsql.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /themes/
+ OSVDB-3268: /drupal/themes/: Directory indexing found.
+ Entry '/themes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /MAINTAINERS.txt
+ Entry '/MAINTAINERS.txt' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /scripts/
+ Entry '/scripts/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=user/login/
+ Entry '/?q=user/login/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /?q=search/
line: /cron.php
line: /filter/tips/
line: /includes/
+ OSVDB-3268: /drupal/includes/: Directory indexing found.
+ Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
line: /user/register/
+ "robots.txt" contains 35 entries which should be manually viewed.
+ Apache/2.4.7 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS 
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ DEBUG HTTP verb may show server debugging information. See <https://docs.microsoft.com/en-us/visualstudio/debugger/how-to-enable-debugging-for-aspnet-applications?view=vs-2017> for details.
+ OSVDB-3092: /drupal/web.config: ASP config file is accessible.
+ OSVDB-12184: /drupal/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /drupal/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /drupal/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /drupal/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /drupal/includes/: This might be interesting.
+ OSVDB-3092: /drupal/misc/: This might be interesting.
+ OSVDB-3092: /drupal/UPGRADE.txt: Default file found.
+ OSVDB-3092: /drupal/install.php: Drupal install.php file found.
+ OSVDB-3092: /drupal/install.php: install.php file found.
+ OSVDB-3092: /drupal/LICENSE.txt: License file found may identify site software.
+ OSVDB-3092: /drupal/xmlrpc.php: xmlrpc.php was found.
+ OSVDB-3233: /drupal/INSTALL.mysql.txt: Drupal installation file found.
+ OSVDB-3233: /drupal/INSTALL.pgsql.txt: Drupal installation file found.
+ OSVDB-3268: /drupal/sites/: Directory indexing found.
+ OSVDB-81817: /drupal/?q[]=x: Drupal 7 contains a path information disclosure
+ /drupal/.gitignore: .gitignore file found. It is possible to grasp the directory structure.
+ 8953 requests: 0 error(s) and 49 item(s) reported on remote host
+ End Time:           2023-01-05 14:25:26 (GMT1) (52 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Vulnerability