This nikto scan only gives back a small response and I was expecting much more detail and vulnerabilities as the website has no CSRF token or CSP.
– Nikto v2.1.6/2.1.5
+ Target Host: localhost
+ Target Port: 8080
+ GET Uncommon header ‘content-disposition’ found, with contents: inline;filename=f.txt
+ OPTIONS Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
+ OSVDB-397: GET HTTP method (‘Allow’ Header): ‘PUT’ method could allow clients to save files on the web server.
+ OSVDB-5646: GET HTTP method (‘Allow’ Header): ‘DELETE’ may allow clients to remove files on the web server.
+ OSVDB-3092: GET /login/: This might be interesting.