DescriptionNikto is a free and open-source web server scanner. It incorrectly reports FortiManager and FortiAnalyzer leaking inodes via the ETags HTTP header.
nikto -h example.com -nossl
- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****
- Nikto v2.1.5---------------------------------------------------------------------------
+ Target IP: 1.2.3.4
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2015-06-25 11:13:55 (GMT2)
---------------------------------------------------------------------------
+ Server: Apache
+ Server leaks inodes via ETags, header found with file /, fields: 0x46 0x513c9ad3773c0
SolutionThe Nikto report is a false positive.
Two fields mentioned are respectively the modification time and the size of the requested page.