2 :8080 tomcat
Apache Tomcat 7 Version 7.0.88, May 7 2018
===============================================================
2021/05/08 14:46:11 Starting gobuster in directory enumeration mode
===============================================================
/examples (Status: 302) [Size: 0] [--> /examples/]
/examples/jsp/index.html (Status: 200) [Size: 17695]
/examples/servlets/index.html (Status: 200) [Size: 7139]
/host-manager (Status: 302) [Size: 0] [--> /host-manager/]
/examples/../manager/html (Status: 401) [Size: 2536]
/examples/%2e%2e/manager/html (Status: 401) [Size: 2536]
/manager (Status: 302) [Size: 0] [--> /manager/]
/manager/html/* (Status: 401) [Size: 2536]
/manager/jmxproxy (Status: 401) [Size: 2536]
/manager/jmxproxy/* (Status: 401) [Size: 2536]
/manager/html (Status: 401) [Size: 2536]
/host-manager/html/* (Status: 401) [Size: 2098]
/examples/jsp/source.jsp (Status: 500) [Size: 2387]
/examples/jsp/snp/snoop.jsp (Status: 200) [Size: 620]
/manager/status/* (Status: 401) [Size: 2536]
/manager/status.xsd (Status: 200) [Size: 4458]
$ nikto -h http://10.10.10.95:8080
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 10.10.10.95
+ Target Hostname: 10.10.10.95
+ Target Port: 8080
+ Start Time: 2021-05-08 15:25:55 (GMT-7)
---------------------------------------------------------------------------
+ Server: Apache-Coyote/1.1
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ OSVDB-39272: /favicon.ico file identifies this app/server as: Apache Tomcat (possibly 5.5.26 through 8.0.15), Alfresco Community
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ /examples/servlets/index.html: Apache Tomcat default JSP pages present.
+ OSVDB-3720: /examples/jsp/snp/snoop.jsp: Displays information about page retrievals, including other users.
+ Default account found for 'Tomcat Manager Application' at /manager/html (ID 'tomcat', PW 's3cret'). Apache Tomcat.
+ /host-manager/html: Default Tomcat Manager / Host Manager interface found
+ /manager/html: Tomcat Manager / Host Manager interface found (pass protected)
+ /manager/status: Tomcat Server Status interface found (pass protected)
+ 7967 requests: 0 error(s) and 14 item(s) reported on remote host
+ End Time: 2021-05-08 15:37:08 (GMT-7) (673 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Successful login using
Default account found for 'Tomcat Manager Application' at /manager/html (ID 'tomcat', PW 's3cret'). Apache Tomcat.
Last updated