# Nikto basic scan

**Fecha:** 2026-06-04 15:49:29

**Proyecto:** `/Users/oq/Developer/multi-php-docker/php-prod/sasis`

**Target autorizado:** `http://localhost:8888/sasis/mgmt`

**Target desde Docker:** `http://host.docker.internal:8888/sasis/mgmt`

**Descripción:** Revisión básica no destructiva del servidor web.

## Comando

```bash
docker run --rm ghcr.io/sullo/nikto:latest -host http://host.docker.internal:8888/sasis/mgmt -nointeractive -Tuning x 
```

## Salida

**Estado:** `0`

```text
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          192.168.65.254
+ Target Hostname:    host.docker.internal
+ Target Port:        8888
+ Start Time:         2026-06-04 21:49:31 (GMT0)
---------------------------------------------------------------------------
+ Server: Apache/2.4.66 (Debian)
+ /sasis/mgmt/: Retrieved x-powered-by header: PHP/8.2.30.
+ Root page /sasis/mgmt redirects to: login
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /images: The web server may reveal its internal or real IP in the Location header via a request to with HTTP/1.0. The value is "172.18.0.2". See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0649
+ /sasis/mgmt/: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ /sasis/mgmt/: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ /sasis/mgmt/: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ /sasis/mgmt/: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ /sasis/mgmt/: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ OPTIONS: Allowed HTTP Methods: GET, POST, OPTIONS, HEAD .
+ 569 requests: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2026-06-04 21:50:45 (GMT0) (74 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


      *********************************************************************
      Portions of the server's headers (Apache/2.4.66) are not in
      the Nikto 2.5.0 database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to sullo@cirt.net) (y/n)? 
```
