- Nikto v2.1.6/2.1.5 + Target Host: 10.10.10.129 + Target Port: 80 + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + GET Retrieved x-powered-by header: PHP/5.5.29 + GET Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x29 0x52467010ef8ad + GET Uncommon header 'tcn' found, with contents: list + GET Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.html, index.php + OSVDB-3092: GET /admin/: This might be interesting... + GET Uncommon header 'link' found, with contents: <http://10.10.10.129/?p=23>; rel=shortlink GET /wp-login/: Admin login page/section found. + GET /wordpress/: A Wordpress installation was found. + GET /wp-admin/wp-login.php: Wordpress login found + GET /blog/wp-login.php: Wordpress login found + GET /wp-login.php: Wordpress login found