Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname www.glesp.org.br ISP Unified Layer
- Continent North America Flag
- US
- Country United States Country Code US
- Region Utah Local time 08 Sep 2019 13:24 MDT
- City Provo Postal Code 84606
- IP Address 162.144.126.169 Latitude 40.234
- Longitude -111.644
- =======================================================================================================================================
- #######################################################################################################################################
- > www.glesp.org.br
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- www.glesp.org.br canonical name = glesp.org.br.
- Name: glesp.org.br
- Address: 162.144.126.169
- >
- #######################################################################################################################################
- domain: glesp.org.br
- owner: GRANDE LOJA MAÇÔNICA DO ESTADO DE SP
- ownerid: 62.638.440/0001-26
- responsible: DPTO INFORMÁTICA DA GLESP
- country: BR
- owner-c: GLS191
- admin-c: GLS191
- tech-c: GLS191
- billing-c: GLS191
- nserver: ns1.glesp.org.br 162.144.126.169
- nsstat: 20190907 AA
- nslastaa: 20190907
- nserver: ns2.glesp.org.br 142.4.3.158
- nsstat: 20190907 AA
- nslastaa: 20190907
- created: 20061109 #3154499
- changed: 20170930
- expires: 20191109
- status: published
- nic-hdl-br: GLS191
- person: Grande Loja Maçônica do Estado de SP
- e-mail: info@glesp.org.br
- country: BR
- created: 20040402
- changed: 20180306
- #######################################################################################################################################
- [+] Target : www.glesp.org.br
- [+] IP Address : 162.144.126.169
- [+] Headers :
- [+] Date : Sun, 08 Sep 2019 19:50:37 GMT
- [+] Server : Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [+] X-Powered-By : W3 Total Cache/0.9.7.5
- [+] Link : <https://www.glesp.org.br/index.php?rest_route=/>; rel="https://api.w.org/"
- [+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
- [+] Cache-Control : no-store, no-cache, must-revalidate
- [+] Pragma : no-cache
- [+] Set-Cookie : qtrans_front_language=pb; expires=Mon, 07-Sep-2020 19:50:39 GMT; Max-Age=31536000; path=/, PHPSESSID=bef54aabbe1e3521b237db525a6fcb10; path=/
- [+] x-frame-options : SAMEORIGIN
- [+] Keep-Alive : timeout=5, max=100
- [+] Connection : Keep-Alive
- [+] Transfer-Encoding : chunked
- [+] Content-Type : text/html; charset=UTF-8
- [+] SSL Certificate Information :
- [+] commonName : glesp.org.br
- [+] countryName : US
- [+] stateOrProvinceName : TX
- [+] localityName : Houston
- [+] organizationName : cPanel, Inc.
- [+] commonName : cPanel, Inc. Certification Authority
- [+] Version : 3
- [+] Serial Number : EC6195E1F6685DD7FC1FB491EFE847DF
- [+] Not Before : Sep 1 00:00:00 2019 GMT
- [+] Not After : Nov 30 23:59:59 2019 GMT
- [+] OCSP : ('http://ocsp.comodoca.com',)
- [+] subject Alt Name : (('DNS', 'glesp.org.br'), ('DNS', 'autodiscover.glesp.org.br'), ('DNS', 'cpanel.glesp.org.br'), ('DNS', 'mail.glesp.org.br'), ('DNS', 'webdisk.glesp.org.br'), ('DNS', 'webmail.glesp.org.br'), ('DNS', 'www.glesp.org.br'))
- [+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
- [+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
- [+] Whois Lookup :
- [+] NIR : None
- [+] ASN Registry : arin
- [+] ASN : 46606
- [+] ASN CIDR : 162.144.0.0/16
- [+] ASN Country Code : US
- [+] ASN Date : 2013-03-01
- [+] ASN Description : UNIFIEDLAYER-AS-1 - Unified Layer, US
- [+] cidr : 162.144.0.0/16
- [+] name : UNIFIEDLAYER-NETWORK-14
- [+] handle : NET-162-144-0-0-1
- [+] range : 162.144.0.0 - 162.144.255.255
- [+] description : Unified Layer
- [+] country : US
- [+] state : UT
- [+] city : Provo
- [+] address : 1958 South 950 East
- [+] postal_code : 84606
- [+] emails : ['abuse@unifiedlayer.com', 'netops@unifiedlayer.com']
- [+] created : 2013-03-01
- [+] updated : 2013-03-01
- [+] Crawling Target...
- [+] Looking for robots.txt........[ Not Found ]
- [+] Looking for sitemap.xml.......[ Not Found ]
- [+] Extracting CSS Links..........[ 9 ]
- [+] Extracting Javascript Links...[ 9 ]
- [+] Extracting Internal Links.....[ 32 ]
- [+] Extracting External Links.....[ 6 ]
- [+] Extracting Images.............[ 10 ]
- [+] Total Links Extracted : 66
- [+] Dumping Links in /opt/FinalRecon/dumps/www.glesp.org.br.dump
- [+] Completed!
- ######################################################################################################################################
- [+] Starting At 2019-09-08 15:50:50.497756
- [+] Collecting Information On: https://www.glesp.org.br/
- [#] Status: 200
- --------------------------------------------------
- [#] Web Server Detected: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [#] X-Powered-By: W3 Total Cache/0.9.7.5
- - Date: Sun, 08 Sep 2019 19:50:50 GMT
- - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- - X-Powered-By: W3 Total Cache/0.9.7.5
- - Link: <https://www.glesp.org.br/index.php?rest_route=/>; rel="https://api.w.org/"
- - Expires: Thu, 19 Nov 1981 08:52:00 GMT
- - Cache-Control: no-store, no-cache, must-revalidate
- - Pragma: no-cache
- - Set-Cookie: qtrans_front_language=pb; expires=Mon, 07-Sep-2020 19:50:52 GMT; Max-Age=31536000; path=/, PHPSESSID=7a12a97d8866f3d99f8570abd3cdc577; path=/
- - x-frame-options: SAMEORIGIN
- - Keep-Alive: timeout=5, max=100
- - Connection: Keep-Alive
- - Transfer-Encoding: chunked
- - Content-Type: text/html; charset=UTF-8
- --------------------------------------------------
- [#] Finding Location..!
- [#] as: AS46606 Unified Layer
- [#] city: Provo
- [#] country: United States
- [#] countryCode: US
- [#] isp: Unified Layer
- [#] lat: 40.2067
- [#] lon: -111.643
- [#] org: Unified Layer
- [#] query: 162.144.126.169
- [#] region: UT
- [#] regionName: Utah
- [#] status: success
- [#] timezone: America/Denver
- [#] zip: 84606
- --------------------------------------------------
- [x] Didn't Detect WAF Presence on: https://www.glesp.org.br/
- --------------------------------------------------
- [#] Starting Reverse DNS
- [-] Failed ! Fail
- --------------------------------------------------
- [!] Scanning Open Port
- [#] 21/tcp open ftp
- [#] 26/tcp open rsftp
- [#] 53/tcp open domain
- [#] 80/tcp open http
- [#] 110/tcp open pop3
- [#] 143/tcp open imap
- [#] 443/tcp open https
- [#] 465/tcp open smtps
- [#] 587/tcp open submission
- [#] 993/tcp open imaps
- [#] 995/tcp open pop3s
- --------------------------------------------------
- [+] Collecting Information Disclosure!
- [#] Detecting sitemap.xml file
- [-] sitemap.xml file not Found!?
- [#] Detecting robots.txt file
- [-] robots.txt file not Found!?
- [#] Detecting GNU Mailman
- [!] GNU Mailman App Detected: https://www.glesp.org.br//mailman/admin
- [!] version: 2.1.27
- --------------------------------------------------
- [+] Crawling Url Parameter On: https://www.glesp.org.br/
- --------------------------------------------------
- [#] Searching Html Form !
- [-] No Html Form Found!?
- --------------------------------------------------
- [!] Found 3 dom parameter
- [#] https://www.glesp.org.br//#
- [#] https://www.glesp.org.br//#
- [#] https://www.glesp.org.br//#
- --------------------------------------------------
- [!] 57 Internal Dynamic Parameter Discovered
- [+] https://www.glesp.org.br/?feed=rss2
- [+] https://www.glesp.org.br/?feed=rss
- [+] https://www.glesp.org.br/?feed=atom
- [+] https://www.glesp.org.br/?lang=pb
- [+] https://www.glesp.org.br/?page_id=128
- [+] https://www.glesp.org.br/?page_id=31
- [+] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
- [+] https://www.glesp.org.br/?page_id=18176
- [+] https://www.glesp.org.br/?hospitalaria=indicador-de-saude
- [+] https://www.glesp.org.br/?hospitalaria=instituicoes-de-ensino
- [+] https://www.glesp.org.br/?hospitalaria=recolocacao-profissional
- [+] https://www.glesp.org.br/?page_id=519
- [+] https://www.glesp.org.br/?paramaconicas=amem-associacao-dos-medicos-macons
- [+] https://www.glesp.org.br/?paramaconicas=ordem-internacional-arco-iris-para-meninas
- [+] https://www.glesp.org.br/?paramaconicas=bodes-do-asfalto
- [+] https://www.glesp.org.br/?paramaconicas=ordem-demolay
- [+] https://www.glesp.org.br/?paramaconicas=estrela-do-oriente
- [+] https://www.glesp.org.br/?paramaconicas=escoteiros-do-brasil
- [+] https://www.glesp.org.br/?paramaconicas=escudeiros-da-tavola-redonda
- [+] https://www.glesp.org.br/?paramaconicas=filhas-de-jo
- [+] https://www.glesp.org.br/?paramaconicas=pelicanos-do-asfalto
- [+] https://www.glesp.org.br/?paramaconicas=lowtons
- [+] https://www.glesp.org.br/?paramaconicas=pledges
- [+] https://www.glesp.org.br/?post_type=noticias
- [+] https://www.glesp.org.br/?page_id=115
- [+] https://www.glesp.org.br/?sec-geral=boletins-informativos
- [+] https://www.glesp.org.br/?page_id=186
- [+] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
- [+] https://www.glesp.org.br/?noticias=edital-3
- [+] https://www.glesp.org.br/?noticias=parceria-glesp-bifarma
- [+] https://www.glesp.org.br/?noticias=dia-do-macom-2
- [+] https://www.glesp.org.br/?noticias=glesp-news
- [+] https://www.glesp.org.br/?noticias=novo-pabx
- [+] https://www.glesp.org.br/?noticias=reuniao
- [+] https://www.glesp.org.br/?post_type=noticias
- [+] https://www.glesp.org.br/?page_id=20869
- [+] https://www.glesp.org.br/?page_id=115
- [+] https://www.glesp.org.br/?page_id=31
- [+] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
- [+] https://www.glesp.org.br/?page_id=18176
- [+] https://www.glesp.org.br/?hospitalaria=indicador-de-saude
- [+] https://www.glesp.org.br/?hospitalaria=instituicoes-de-ensino
- [+] https://www.glesp.org.br/?hospitalaria=recolocacao-profissional
- [+] https://www.glesp.org.br/?page_id=519
- [+] https://www.glesp.org.br/?paramaconicas=amem-associacao-dos-medicos-macons
- [+] https://www.glesp.org.br/?paramaconicas=ordem-internacional-arco-iris-para-meninas
- [+] https://www.glesp.org.br/?paramaconicas=bodes-do-asfalto
- [+] https://www.glesp.org.br/?paramaconicas=ordem-demolay
- [+] https://www.glesp.org.br/?paramaconicas=estrela-do-oriente
- [+] https://www.glesp.org.br/?paramaconicas=escoteiros-do-brasil
- [+] https://www.glesp.org.br/?paramaconicas=escudeiros-da-tavola-redonda
- [+] https://www.glesp.org.br/?paramaconicas=filhas-de-jo
- [+] https://www.glesp.org.br/?paramaconicas=pelicanos-do-asfalto
- [+] https://www.glesp.org.br/?paramaconicas=lowtons
- [+] https://www.glesp.org.br/?paramaconicas=pledges
- [+] https://www.glesp.org.br/?post_type=noticias
- [+] https://www.glesp.org.br/?page_id=115
- --------------------------------------------------
- [-] No external Dynamic Paramter Found!?
- --------------------------------------------------
- [!] 11 Internal links Discovered
- [+] https://www.glesp.org.br/
- [+] https://www.glesp.org.br
- [+] https://www.glesp.org.br/restrita
- [+] https://www.glesp.org.br/
- [+] http://oportunidades.glesp.org.br/usuarios/login_visualizar
- [+] https://www.glesp.org.br/sec-geral/boletim-informativo/
- [+] https://www.glesp.org.br/secretaria-geral/
- [+] https://www.glesp.org.br/hospitalaria/fundo-de-solidariedade/
- [+] https://info.glesp.org.br/lojas/busca_lojas
- [+] https://www.glesp.org.br/
- [+] http://oportunidades.glesp.org.br/usuarios/login_visualizar
- --------------------------------------------------
- [!] 8 External links Discovered
- [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/favicon.ico
- [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/favicon.ico
- [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/wp-content/themes/glesp/medium.css
- [#] https://siteglesp-ww6lipmgvue8y.netdna-ssl.com/wp-content/themes/glesp/minimum.css
- [#] https://www.facebook.com/GlespOficial/
- [#] https://twitter.com/gmglespoficial
- [#] https://www.linkedin.com/company-beta/11222127/
- [#] https://www.youtube.com/user/glesp10
- --------------------------------------------------
- [#] Mapping Subdomain..
- [-] No Any Subdomain Found
- [!] Found 0 Subdomain
- --------------------------------------------------
- [!] Done At 2019-09-08 15:51:15.796824
- #######################################################################################################################################
- [i] Scanning Site: https://www.glesp.org.br
- B A S I C I N F O
- ====================
- [+] Site Title: Glesp – Grande Loja Maçônica do Estado de São Paulo -
- [+] IP address: 162.144.126.169
- [+] Web Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- W H O I S L O O K U P
- ========================
- % Copyright (c) Nic.br
- % The use of the data below is only permitted as described in
- % full by the terms of use at https://registro.br/termo/en.html ,
- % being prohibited its distribution, commercialization or
- % reproduction, in particular, to use it for advertising or
- % any similar purpose.
- % 2019-09-08T16:51:00-03:00
- domain: glesp.org.br
- owner: GRANDE LOJA MAÇÔNICA DO ESTADO DE SP
- ownerid: 62.638.440/0001-26
- responsible: DPTO INFORMÁTICA DA GLESP
- country: BR
- owner-c: GLS191
- admin-c: GLS191
- tech-c: GLS191
- billing-c: GLS191
- nserver: ns1.glesp.org.br 162.144.126.169
- nsstat: 20190907 AA
- nslastaa: 20190907
- nserver: ns2.glesp.org.br 142.4.3.158
- nsstat: 20190907 AA
- nslastaa: 20190907
- created: 20061109 #3154499
- changed: 20170930
- expires: 20191109
- status: published
- nic-hdl-br: GLS191
- person: Grande Loja Maçônica do Estado de SP
- e-mail: info@glesp.org.br
- country: BR
- created: 20040402
- changed: 20180306
- % Security and mail abuse issues should also be addressed to
- % cert.br, http://www.cert.br/ , respectivelly to cert@cert.br
- % and mail-abuse@cert.br
- %
- % whois.registro.br accepts only direct match queries. Types
- % of queries are: domain (.br), registrant (tax ID), ticket,
- % provider, contact handle (ID), CIDR block, IP and ASN.
- G E O I P L O O K U P
- =========================
- [i] IP Address: 162.144.126.169
- [i] Country: United States
- [i] State: Utah
- [i] City: Provo
- [i] Latitude: 40.2342
- [i] Longitude: -111.6442
- H T T P H E A D E R S
- =======================
- [i] HTTP/1.1 200 OK
- [i] Date: Sun, 08 Sep 2019 19:51:01 GMT
- [i] Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [i] X-Powered-By: W3 Total Cache/0.9.7.5
- [i] Link: <https://www.glesp.org.br/index.php?rest_route=/>; rel="https://api.w.org/"
- [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate
- [i] Pragma: no-cache
- [i] Set-Cookie: qtrans_front_language=pb; expires=Mon, 07-Sep-2020 19:51:03 GMT; Max-Age=31536000; path=/
- [i] Set-Cookie: PHPSESSID=912b0100c03677811b9f551ed6d3ff55; path=/
- [i] x-frame-options: SAMEORIGIN
- [i] Connection: close
- [i] Content-Type: text/html; charset=UTF-8
- D N S L O O K U P
- ===================
- glesp.org.br. 14399 IN TXT "v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all"
- glesp.org.br. 14399 IN MX 0 mail.glesp.org.br.
- glesp.org.br. 21599 IN SOA ns1.glesp.org.br. info.glesp.org.br. 2019081700 3600 7200 1209600 86400
- glesp.org.br. 21599 IN NS ns1.glesp.org.br.
- glesp.org.br. 21599 IN NS ns2.glesp.org.br.
- glesp.org.br. 14399 IN A 162.144.126.169
- S U B N E T C A L C U L A T I O N
- ====================================
- Address = 162.144.126.169
- Network = 162.144.126.169 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 162.144.126.169 - 162.144.126.169 }
- N M A P P O R T S C A N
- ============================
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-08 19:51 UTC
- Nmap scan report for glesp.org.br (162.144.126.169)
- Host is up (0.082s latency).
- rDNS record for 162.144.126.169: srv.glesp.org.br
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp closed ssh
- 23/tcp closed telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp closed ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds
- S U B - D O M A I N F I N D E R
- ==================================
- [i] Total Subdomains Found : 7
- [+] Subdomain: ns2.glesp.org.br
- [-] IP: 142.4.3.158
- [+] Subdomain: webdisk.glesp.org.br
- [-] IP: 162.144.126.169
- [+] Subdomain: mail.glesp.org.br
- [-] IP: 162.144.126.169
- [+] Subdomain: info.glesp.org.br
- [-] IP: 191.252.94.255
- [+] Subdomain: autodiscover.glesp.org.br
- [-] IP: 162.144.126.169
- [+] Subdomain: oportunidades.glesp.org.br
- [-] IP: 191.252.94.255
- [+] Subdomain: srv.glesp.org.br
- [-] IP: 162.144.126.169
- #######################################################################################################################################
- [*] Load target domain: glesp.org.br
- - starting scanning @ 2019-09-08 15:55:07
- [+] Running & Checking source to be used
- ---------------------------------------------
- ⍥ Shodan [ ✕ ]
- ⍥ Dnsdumpster [ ✔ ]
- ⍥ Webarchive [ ✔ ]
- ⍥ Certsh [ ✔ ]
- ⍥ Certspotter [ ✔ ]
- ⍥ Binaryedge [ ✕ ]
- ⍥ Securitytrails [ ✕ ]
- ⍥ Threatcrowd [ ✔ ]
- ⍥ Riddler [ ✔ ]
- ⍥ Bufferover [ ✔ ]
- ⍥ Virustotal [ ✕ ]
- ⍥ Censys [ ✕ ]
- ⍥ Entrust [ ✔ ]
- ⍥ Hackertarget [ ✔ ]
- ⍥ Threatminer [ ✔ ]
- ⍥ Findsubdomain [ ✔ ]
- [+] Get & Count subdomain total From source
- ---------------------------------------------
- ⍥ Hackertarget: Total Subdomain (8)
- ⍥ Findsubdomain: Total Subdomain (11)
- ⍥ Certspotter: Total Subdomain (10)
- ⍥ Threatminer: Total Subdomain (0)
- ⍥ Certsh: Total Subdomain (9)
- ⍥ BufferOver: Total Subdomain (11)
- ⍥ Entrust: Total Subdomain (0)
- ⍥ Threatcrowd: Total Subdomain (0)
- ⍥ Dnsdumpster: Total Subdomain (0)
- ⍥ Riddler: Total Subdomain (3)
- ⍥ Webarchive: Total Subdomain (6)
- [+] Parsing & Sorting list Domain
- ---------------------------------------------
- ⍥ Total [16]
- - autodiscover.glesp.org.br
- - cpanel.glesp.org.br
- - empregos.glesp.org.br
- - glesp.org.br
- - info.glesp.org.br
- - lojas.glesp.org.br
- - mail.glesp.org.br
- - ns1.glesp.org.br
- - ns2.glesp.org.br
- - oportunidades.glesp.org.br
- - r19.glesp.org.br
- - srv.glesp.org.br
- - webdisk.glesp.org.br
- - webmail.glesp.org.br
- - www.glesp.org.br
- - www.srv.glesp.org.br
- ⍥ Total [16]
- [+] Probe subdomain for working on http/https
- ---------------------------------------------
- - http://ns1.glesp.org.br
- - http://ns2.glesp.org.br
- - http://cpanel.glesp.org.br
- - http://srv.glesp.org.br
- - http://info.glesp.org.br
- - https://ns2.glesp.org.br
- - https://autodiscover.glesp.org.br
- - http://webmail.glesp.org.br
- - https://srv.glesp.org.br
- - http://oportunidades.glesp.org.br
- - https://cpanel.glesp.org.br
- - https://info.glesp.org.br
- - https://oportunidades.glesp.org.br
- - https://webmail.glesp.org.br
- - http://autodiscover.glesp.org.br
- - http://webdisk.glesp.org.br
- - https://webdisk.glesp.org.br
- ⍥ Total [17]
- [+] Check Live Host: Ping Sweep - ICMP PING
- ---------------------------------------------
- ⍥ [LIVE] autodiscover.glesp.org.br
- ⍥ [LIVE] cpanel.glesp.org.br
- ⍥ [DEAD] empregos.glesp.org.br
- ⍥ [LIVE] glesp.org.br
- ⍥ [LIVE] info.glesp.org.br
- ⍥ [DEAD] lojas.glesp.org.br
- ⍥ [LIVE] mail.glesp.org.br
- ⍥ [LIVE] ns1.glesp.org.br
- ⍥ [LIVE] ns2.glesp.org.br
- ⍥ [LIVE] oportunidades.glesp.org.br
- ⍥ [DEAD] r19.glesp.org.br
- ⍥ [LIVE] srv.glesp.org.br
- ⍥ [LIVE] webdisk.glesp.org.br
- ⍥ [LIVE] webmail.glesp.org.br
- ⍥ [LIVE] www.glesp.org.br
- ⍥ [DEAD] www.srv.glesp.org.br
- [+] Check Resolving: Subdomains & Domains
- ---------------------------------------------
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 191.252.94.255
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 142.4.3.158
- ⍥ Resolving domains to: 191.252.94.255
- ⍥ Resolving domains to: RESOLVE ERROR
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: 162.144.126.169
- ⍥ Resolving domains to: RESOLVE ERROR
- [+] Subdomain TakeOver - Check Possible Vulns
- ---------------------------------------------
- ⍥ [FAILS] En: Unknown http://cpanel.glesp.org.br
- ⍥ [FAILS] En: Unknown http://ns1.glesp.org.br
- ⍥ [FAILS] En: Unknown http://ns2.glesp.org.br
- ⍥ [FAILS] En: Unknown http://info.glesp.org.br
- ⍥ [FAILS] En: Unknown http://srv.glesp.org.br
- ⍥ [FAILS] En: Unknown http://webmail.glesp.org.br
- ⍥ [FAILS] En: Unknown https://autodiscover.glesp.org.br
- ⍥ [FAILS] En: Unknown https://ns2.glesp.org.br
- ⍥ [FAILS] En: Unknown https://srv.glesp.org.br
- ⍥ [FAILS] En: Unknown http://oportunidades.glesp.org.br
- ⍥ [FAILS] En: Unknown https://cpanel.glesp.org.br
- ⍥ [FAILS] En: Unknown https://info.glesp.org.br
- ⍥ [FAILS] En: Unknown https://oportunidades.glesp.org.br
- ⍥ [FAILS] En: Unknown https://webmail.glesp.org.br
- ⍥ [FAILS] En: Unknown http://autodiscover.glesp.org.br
- ⍥ [FAILS] En: Unknown http://webdisk.glesp.org.br
- ⍥ [FAILS] En: Unknown https://webdisk.glesp.org.br
- [+] Checks status code on port 80 and 443
- ---------------------------------------------
- ⍥ [301] http://cpanel.glesp.org.br
- ⍥ [200] http://ns1.glesp.org.br
- ⍥ [200] http://ns2.glesp.org.br
- ⍥ [301] http://info.glesp.org.br
- ⍥ [200] http://srv.glesp.org.br
- ⍥ [301] http://webmail.glesp.org.br
- ⍥ [400] https://autodiscover.glesp.org.br
- ⍥ [000] https://ns2.glesp.org.br
- ⍥ [200] https://srv.glesp.org.br
- ⍥ [200] http://oportunidades.glesp.org.br
- ⍥ [401] https://cpanel.glesp.org.br
- ⍥ [302] https://info.glesp.org.br
- ⍥ [000] https://oportunidades.glesp.org.br
- ⍥ [401] https://webmail.glesp.org.br
- ⍥ [302] http://autodiscover.glesp.org.br
- ⍥ [302] http://webdisk.glesp.org.br
- ⍥ [401] https://webdisk.glesp.org.br
- #######################################################################################################################################
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7938
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
- ;; QUESTION SECTION:
- ;glesp.org.br. IN ANY
- ;; ANSWER SECTION:
- glesp.org.br. 14400 IN A 162.144.126.169
- glesp.org.br. 43200 IN SOA ns1.glesp.org.br. info.glesp.org.br. 2019081700 3600 7200 1209600 86400
- glesp.org.br. 14400 IN MX 0 mail.glesp.org.br.
- glesp.org.br. 14400 IN TXT "v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all"
- glesp.org.br. 3600 IN NS ns2.glesp.org.br.
- glesp.org.br. 3600 IN NS ns1.glesp.org.br.
- ;; AUTHORITY SECTION:
- glesp.org.br. 3600 IN NS ns2.glesp.org.br.
- glesp.org.br. 3600 IN NS ns1.glesp.org.br.
- ;; ADDITIONAL SECTION:
- ns2.glesp.org.br. 3600 IN A 142.4.3.158
- ns1.glesp.org.br. 3600 IN A 162.144.126.169
- Received 273 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 339 ms
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace glesp.org.br
- ;; global options: +cmd
- . 79597 IN NS b.root-servers.net.
- . 79597 IN NS a.root-servers.net.
- . 79597 IN NS e.root-servers.net.
- . 79597 IN NS f.root-servers.net.
- . 79597 IN NS i.root-servers.net.
- . 79597 IN NS d.root-servers.net.
- . 79597 IN NS j.root-servers.net.
- . 79597 IN NS c.root-servers.net.
- . 79597 IN NS g.root-servers.net.
- . 79597 IN NS h.root-servers.net.
- . 79597 IN NS m.root-servers.net.
- . 79597 IN NS l.root-servers.net.
- . 79597 IN NS k.root-servers.net.
- . 79597 IN RRSIG NS 8 0 518400 20190921050000 20190908040000 59944 . UuqegF9lYYGty+pCLaJzL7AXkRgoLhs5F/6ILQlpIf8Q2YzSlbQvZAyC /AKti2Jvvt3PRkMZNKG+MHyV1e4x6H83FNC4cPh4lPtndC2QK6iwixPL 9OUDh62CGmaRO8zrW5cbMrQgC4KdaLscg6ryrSKEI6weL4I79d7Xho1T tPFZ7bHVcrZZxlXVmpYSWkQWn2Qld5srTwIOY+Haeb19m+ZagRpxY5pq 8RQ6RmLqr4r8rIn1ojpI7EnTaoQKkRcCxSessBYf2kRZR9ESS/1iidyW gORZ2dzflAtZDGbnWW0tN27aRbmX8ibWPRlkXxC8AgkO6PcJ/t1ZjeYA G8mMxw==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 30 ms
- br. 172800 IN NS b.dns.br.
- br. 172800 IN NS c.dns.br.
- br. 172800 IN NS d.dns.br.
- br. 172800 IN NS a.dns.br.
- br. 172800 IN NS e.dns.br.
- br. 172800 IN NS f.dns.br.
- br. 86400 IN DS 2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A 07D1A2E4
- br. 86400 IN RRSIG DS 8 1 86400 20190921050000 20190908040000 59944 . cXS63FNrcuW7lIHWkR5wrSppkQEnFEV9vkvH81rIdpgxfiWwcs0YWE19 iX50G7T4cMEeyXu9/XxNLSPZcribsVPLWDpqRQ5wuyO0thb5vPqUSZ8Q 3nuS1a+kA+BWuJTm0e/pTZI8Gs2bAwma83oIeVsIA+F0noeVphgzuu16 Tv6eI23U8SlPrTxGFrv6Trr4fqUzd/ZZI0hoJUWhRp5MOSMJMzEHh+M9 mcYAdSdKjIBHDgL03Bgqpt9RZVhlWz9qq84sUmQgtiwo5GxlAClxAOrN r8itXwGauNI2zvF19+li3li6LktbvcWv60yazzCawUK9k1TzyQsGQftN NRh0sA==
- ;; Received 740 bytes from 202.12.27.33#53(m.root-servers.net) in 208 ms
- glesp.org.br. 3600 IN NS ns1.glesp.org.br.
- glesp.org.br. 3600 IN NS ns2.glesp.org.br.
- 8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN NSEC3 1 1 10 1ED197E8FB8CAF6322BC 8ICM44EE54CNOQDKEDVKHHOQFOIQG8RR NS SOA RRSIG DNSKEY NSEC3PARAM
- 8ibcveen5720n44l12on35ti99p48dfq.org.br. 900 IN RRSIG NSEC3 13 3 900 20190922195507 20190908185507 50774 org.br. sS1Jm4T6HfA4DRCIh9CZgD01erHrzn6GoReLUrPefaWedVwbvyANcTKa 3qs4tlqXtu8S0ePXFMCwroUNsT2G/w==
- f6jeb8tubugn3pac75077pue472rf06m.org.br. 900 IN NSEC3 1 1 10 1ED197E8FB8CAF6322BC F6JN7D5B9OBCR8K4Q3B12VLLSKF0BVTO NS DS RRSIG
- f6jeb8tubugn3pac75077pue472rf06m.org.br. 900 IN RRSIG NSEC3 13 3 900 20190918190509 20190904180509 50774 org.br. 7Wvh5fLSu/MyA0xvvFnRe+qmsRz099ayDkEoKzV+iXLwAOJNoN8N699O Cx7Z3szScT4QHKt++MoPYAwddMCz3A==
- ;; Received 492 bytes from 200.192.233.10#53(c.dns.br) in 175 ms
- glesp.org.br. 14400 IN A 162.144.126.169
- glesp.org.br. 86400 IN NS ns1.glesp.org.br.
- glesp.org.br. 86400 IN NS ns2.glesp.org.br.
- ;; Received 125 bytes from 162.144.126.169#53(ns1.glesp.org.br) in 84 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: glesp.org.br
- [-] DNSSEC is not configured for glesp.org.br
- [*] SOA ns1.glesp.org.br 162.144.126.169
- [*] NS ns1.glesp.org.br 162.144.126.169
- [*] NS ns2.glesp.org.br 142.4.3.158
- [*] MX mail.glesp.org.br 162.144.126.169
- [*] A glesp.org.br 162.144.126.169
- [*] TXT glesp.org.br v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all
- [*] Enumerating SRV Records
- [*] SRV _caldavs._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2080 0
- [*] SRV _caldav._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2079 0
- [*] SRV _carddavs._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2080 0
- [*] SRV _carddav._tcp.glesp.org.br srv.glesp.org.br 162.144.126.169 2079 0
- [*] SRV _autodiscover._tcp.glesp.org.br cpanelemaildiscovery.cpanel.net 208.74.120.173 443 0
- [*] SRV _autodiscover._tcp.glesp.org.br cpanelemaildiscovery.cpanel.net 208.74.120.196 443 0
- [*] SRV _autodiscover._tcp.glesp.org.br cpanelemaildiscovery.cpanel.net 208.74.123.37 443 0
- [+] 7 Records Found
- #######################################################################################################################################
- [*] Processing domain glesp.org.br
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 162.144.126.169 - ns1.glesp.org.br
- 142.4.3.158 - ns2.glesp.org.br
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all"
- [+] MX records found, added to target list
- 0 mail.glesp.org.br.
- [*] Scanning glesp.org.br for A records
- 162.144.126.169 - glesp.org.br
- 162.144.126.169 - autodiscover.glesp.org.br
- 162.144.126.169 - autoconfig.glesp.org.br
- 162.144.126.169 - cpanel.glesp.org.br
- 162.144.126.169 - ftp.glesp.org.br
- 191.252.94.255 - info.glesp.org.br
- 127.0.0.1 - localhost.glesp.org.br
- 162.144.126.169 - mail.glesp.org.br
- 162.144.126.169 - ns1.glesp.org.br
- 142.4.3.158 - ns2.glesp.org.br
- 162.144.126.169 - webdisk.glesp.org.br
- 162.144.126.169 - webmail.glesp.org.br
- 162.144.126.169 - whm.glesp.org.br
- 162.144.126.169 - www.glesp.org.br
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- SessionResumptionPlugin
- EarlyDataPlugin
- CompressionPlugin
- CertificateInfoPlugin
- RobotPlugin
- OpenSslCipherSuitesPlugin
- HeartbleedPlugin
- FallbackScsvPlugin
- SessionRenegotiationPlugin
- OpenSslCcsInjectionPlugin
- HttpHeadersPlugin
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 162.144.126.169:443 => 162.144.126.169
- SCAN RESULTS FOR 162.144.126.169:443 - 162.144.126.169
- ------------------------------------------------------
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * Certificate Information:
- Content
- SHA1 Fingerprint: a538419a17cd6a7122a92a8bf6cdf44ec9d6d120
- Common Name: glesp.org.br
- Issuer: cPanel, Inc. Certification Authority
- Serial Number: 314204499782145017959226180083674269663
- Not Before: 2019-09-01 00:00:00
- Not After: 2019-11-30 23:59:59
- Signature Algorithm: sha256
- Public Key Algorithm: RSA
- Key Size: 2048
- Exponent: 65537 (0x10001)
- DNS Subject Alternative Names: ['glesp.org.br', 'autodiscover.glesp.org.br', 'cpanel.glesp.org.br', 'mail.glesp.org.br', 'webdisk.glesp.org.br', 'webmail.glesp.org.br', 'www.glesp.org.br']
- Trust
- Hostname Validation: FAILED - Certificate does NOT match 162.144.126.169
- Android CA Store (9.0.0_r9): OK - Certificate is trusted
- Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
- Java CA Store (jdk-12.0.1): OK - Certificate is trusted
- Mozilla CA Store (2019-03-14): OK - Certificate is trusted
- Windows CA Store (2019-05-27): OK - Certificate is trusted
- Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
- Received Chain: glesp.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
- Verified Chain: glesp.org.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
- Received Chain Contains Anchor: OK - Anchor certificate not sent
- Received Chain Order: OK - Order is valid
- Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
- Extensions
- OCSP Must-Staple: NOT SUPPORTED - Extension not found
- Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
- OCSP Stapling
- OCSP Response Status: successful
- Validation w/ Mozilla Store: OK - Response is trusted
- Responder Id: 7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
- Cert Status: good
- Cert Serial Number: EC6195E1F6685DD7FC1FB491EFE847DF
- This Update: Sep 5 18:43:10 2019 GMT
- Next Update: Sep 12 18:43:10 2019 GMT
- * TLSV1_3 Cipher Suites:
- Server rejected all cipher suites.
- * Deflate Compression:
- OK - Compression disabled
- * ROBOT Attack:
- OK - Not vulnerable
- * OpenSSL Heartbleed:
- OK - Not vulnerable to Heartbleed
- * TLSV1_1 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 INSECURE - Supported
- Preferred:
- None - Server followed client cipher suite preference.
- Accepted:
- TLS_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_RC4_128_MD5 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_IDEA_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- Undefined - An unexpected error happened:
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA timeout - timed out
- * Downgrade Attacks:
- TLS_FALLBACK_SCSV: OK - Supported
- * TLS 1.2 Session Resumption Support:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Tickets: OK - Supported
- * TLSV1_2 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 INSECURE - Supported
- Preferred:
- None - Server followed client cipher suite preference.
- Accepted:
- TLS_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_RC4_128_MD5 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_IDEA_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- * SSLV3 Cipher Suites:
- Server rejected all cipher suites.
- * OpenSSL CCS Injection:
- OK - Not vulnerable to OpenSSL CCS injection
- * Session Renegotiation:
- Client-initiated Renegotiation: OK - Rejected
- Secure Renegotiation: OK - Supported
- * TLSV1 Cipher Suites:
- Forward Secrecy OK - Supported
- RC4 INSECURE - Supported
- Preferred:
- None - Server followed client cipher suite preference.
- Accepted:
- TLS_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_RC4_128_MD5 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_IDEA_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits Timeout on HTTP GET
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits Timeout on HTTP GET
- SCAN COMPLETED IN 51.83 S
- -------------------------
- #######################################################################################################################################
- Domains still to check: 1
- Checking if the hostname glesp.org.br. given is in fact a domain...
- Analyzing domain: glesp.org.br.
- Checking NameServers using system default resolver...
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- IP: 142.4.3.158 (United States)
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- Checking MailServers using system default resolver...
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: mail.glesp.org.br Type: MX
- Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
- No zone transfer found on nameserver 162.144.126.169
- No zone transfer found on nameserver 142.4.3.158
- Checking SPF record...
- Checking 192 most common hostnames using system default resolver...
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: mail.glesp.org.br Type: MX
- Type: SPF
- HostName: www.glesp.org.br. Type: A
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: mail.glesp.org.br Type: MX
- Type: SPF
- HostName: www.glesp.org.br. Type: A
- HostName: ftp.glesp.org.br. Type: A
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: mail.glesp.org.br Type: MX
- Type: SPF
- HostName: www.glesp.org.br. Type: A
- HostName: ftp.glesp.org.br. Type: A
- HostName: mail.glesp.org.br. Type: A
- IP: 162.144.126.169 (United States)
- Sub Domain: ns1.glesp.org.br. <- New Subdomain!
- HostName: ns1.glesp.org.br. Type: A
- HostName: srv.glesp.org.br Type: PTR
- IP: 142.4.3.158 (United States)
- Sub Domain: ns2.glesp.org.br. <- New Subdomain!
- HostName: ns2.glesp.org.br. Type: A
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- IP: 162.144.126.169 (United States)
- Sub Domain: ns1.glesp.org.br. <- New Subdomain!
- HostName: ns1.glesp.org.br. Type: A
- HostName: srv.glesp.org.br Type: PTR
- HostName: webmail.glesp.org.br. Type: A
- Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
- Checking netblock 162.144.126.0
- Checking netblock 142.4.3.0
- Searching for glesp.org.br. emails in Google
- assessor1@glesp.org.br.
- info@glesp.org.br
- inscricoes@glesp.org.br.
- pagesInfo@glesp.org.br
- secretariageral@glesp.org.brw
- Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
- Host 162.144.126.169 is up (reset ttl 64)
- Host 142.4.3.158 is up (reset ttl 64)
- Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
- Scanning ip 162.144.126.169 (webmail.glesp.org.br.):
- 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: Site doesn't have a title (text/html).
- 443/tcp open ssl/ssl syn-ack ttl 47 Apache httpd (SSL-only mode)
- | http-methods:
- |_ Supported Methods: HEAD POST
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: 400 Bad Request
- | ssl-cert: Subject: commonName=glesp.org.br
- | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-09-01T00:00:00
- | Not valid after: 2019-11-30T23:59:59
- | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
- |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- |_ http/1.1
- Scanning ip 142.4.3.158 (142-4-3-158.unifiedlayer.com (PTR)):
- 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: Site doesn't have a title (text/html).
- 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=srv.glesp.org.br
- | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-08-17T00:00:00
- | Not valid after: 2020-08-16T23:59:59
- | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
- |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- |_ http/1.1
- Device type: general purpose|storage-misc|broadband router|router|media device|WAP
- Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%)
- WebCrawling domain's web servers... up to 50 max links.
- + URL to crawl: http://ns1.glesp.org.br.
- + Date: 2019-09-08
- + Crawling URL: http://ns1.glesp.org.br.:
- + Links:
- + Crawling http://ns1.glesp.org.br. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://webmail.glesp.org.br.
- + Date: 2019-09-08
- + Crawling URL: http://webmail.glesp.org.br.:
- + Links:
- + Crawling http://webmail.glesp.org.br.
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ns1.glesp.org.br.:443
- + Date: 2019-09-08
- + Crawling URL: http://ns1.glesp.org.br.:443:
- + Links:
- + Crawling http://ns1.glesp.org.br.:443 (400 Bad Request)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://webmail.glesp.org.br.:443
- + Date: 2019-09-08
- + Crawling URL: http://webmail.glesp.org.br.:443:
- + Links:
- + Crawling http://webmail.glesp.org.br.:443 (400 Bad Request)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ns2.glesp.org.br.
- + Date: 2019-09-08
- + Crawling URL: http://ns2.glesp.org.br.:
- + Links:
- + Crawling http://ns2.glesp.org.br. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: https://ns2.glesp.org.br.
- + Date: 2019-09-08
- + Crawling URL: https://ns2.glesp.org.br.:
- + Links:
- + Crawling https://ns2.glesp.org.br.
- + Searching for directories...
- + Searching open folders...
- --Finished--
- Summary information for domain glesp.org.br.
- -----------------------------------------
- Domain Specific Information:
- Email: assessor1@glesp.org.br.
- Email: info@glesp.org.br
- Email: inscricoes@glesp.org.br.
- Email: pagesInfo@glesp.org.br
- Email: secretariageral@glesp.org.brw
- Domain Ips Information:
- IP: 162.144.126.169
- Sub Domain: ns1.glesp.org.br.
- HostName: ns1.glesp.org.br. Type: A
- HostName: srv.glesp.org.br Type: PTR
- HostName: webmail.glesp.org.br. Type: A
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Port: 443/tcp open ssl/ssl syn-ack ttl 47 Apache httpd (SSL-only mode)
- Script Info: | http-methods:
- Script Info: |_ Supported Methods: HEAD POST
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: 400 Bad Request
- Script Info: | ssl-cert: Subject: commonName=glesp.org.br
- Script Info: | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-09-01T00:00:00
- Script Info: | Not valid after: 2019-11-30T23:59:59
- Script Info: | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
- Script Info: |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
- Script Info: |_ssl-date: TLS randomness does not represent time
- Script Info: | tls-alpn:
- Script Info: |_ http/1.1
- IP: 142.4.3.158
- Sub Domain: ns2.glesp.org.br.
- HostName: ns2.glesp.org.br. Type: A
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Script Info: | ssl-cert: Subject: commonName=srv.glesp.org.br
- Script Info: | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
- Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-08-17T00:00:00
- Script Info: | Not valid after: 2020-08-16T23:59:59
- Script Info: | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
- Script Info: |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
- Script Info: |_ssl-date: TLS randomness does not represent time
- Script Info: | tls-alpn:
- Script Info: |_ http/1.1
- Script Info: Device type: general purpose|storage-misc|broadband router|router|media device|WAP
- Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%)
- --------------End Summary --------------
- -----------------------------------------
- Checking if the hostname ns1.glesp.org.br. given is in fact a domain...
- Analyzing domain: ns1.glesp.org.br.
- Checking NameServers using system default resolver...
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- IP: 142.4.3.158 (United States)
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- Checking MailServers using system default resolver...
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: ns1.glesp.org.br Type: MX
- Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
- No zone transfer found on nameserver 162.144.126.169
- No zone transfer found on nameserver 142.4.3.158
- Checking SPF record...
- No SPF record
- Checking 192 most common hostnames using system default resolver...
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: ns1.glesp.org.br Type: MX
- HostName: www.ns1.glesp.org.br. Type: A
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: ns1.glesp.org.br Type: MX
- HostName: www.ns1.glesp.org.br. Type: A
- HostName: ftp.ns1.glesp.org.br. Type: A
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: ns1.glesp.org.br Type: MX
- HostName: www.ns1.glesp.org.br. Type: A
- HostName: ftp.ns1.glesp.org.br. Type: A
- HostName: mail.ns1.glesp.org.br. Type: A
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: ns1.glesp.org.br Type: MX
- HostName: www.ns1.glesp.org.br. Type: A
- HostName: ftp.ns1.glesp.org.br. Type: A
- HostName: mail.ns1.glesp.org.br. Type: A
- HostName: webmail.ns1.glesp.org.br. Type: A
- Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
- Checking netblock 162.144.126.0
- Checking netblock 142.4.3.0
- Searching for ns1.glesp.org.br. emails in Google
- Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
- Host 162.144.126.169 is up (reset ttl 64)
- Host 142.4.3.158 is up (reset ttl 64)
- Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
- Scanning ip 162.144.126.169 (webmail.ns1.glesp.org.br.):
- 80/tcp open http? syn-ack ttl 50
- 443/tcp open ssl/https syn-ack ttl 50 Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | ssl-cert: Subject: commonName=glesp.org.br
- | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-09-01T00:00:00
- | Not valid after: 2019-11-30T23:59:59
- | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
- |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
- | tls-alpn:
- |_ http/1.1
- Scanning ip 142.4.3.158 (142-4-3-158.unifiedlayer.com (PTR)):
- 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-title: Site doesn't have a title (text/html).
- 443/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- |_http-title: 400 Bad Request
- | ssl-cert: Subject: commonName=srv.glesp.org.br
- | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-08-17T00:00:00
- | Not valid after: 2020-08-16T23:59:59
- | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
- |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
- Device type: general purpose|storage-misc|router|media device|WAP|broadband router
- Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Netgear RAIDiator 4.X (87%)
- WebCrawling domain's web servers... up to 50 max links.
- + URL to crawl: http://mail.ns1.glesp.org.br.:443
- + Date: 2019-09-08
- + Crawling URL: http://mail.ns1.glesp.org.br.:443:
- + Links:
- + Crawling http://mail.ns1.glesp.org.br.:443
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://webmail.ns1.glesp.org.br.:443
- + Date: 2019-09-08
- + Crawling URL: http://webmail.ns1.glesp.org.br.:443:
- + Links:
- + Crawling http://webmail.ns1.glesp.org.br.:443
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://www.ns1.glesp.org.br.:443
- + Date: 2019-09-08
- + Crawling URL: http://www.ns1.glesp.org.br.:443:
- + Links:
- + Crawling http://www.ns1.glesp.org.br.:443 (400 Bad Request)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ftp.ns1.glesp.org.br.:443
- + Date: 2019-09-08
- + Crawling URL: http://ftp.ns1.glesp.org.br.:443:
- + Links:
- + Crawling http://ftp.ns1.glesp.org.br.:443
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ns1.glesp.org.br:443
- + Date: 2019-09-08
- + Crawling URL: http://ns1.glesp.org.br:443:
- + Links:
- + Crawling http://ns1.glesp.org.br:443
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ns2.glesp.org.br
- + Date: 2019-09-08
- + Crawling URL: http://ns2.glesp.org.br:
- + Links:
- + Crawling http://ns2.glesp.org.br
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ns2.glesp.org.br:443
- + Date: 2019-09-08
- + Crawling URL: http://ns2.glesp.org.br:443:
- + Links:
- + Crawling http://ns2.glesp.org.br:443
- + Searching for directories...
- + Searching open folders...
- --Finished--
- Summary information for domain ns1.glesp.org.br.
- -----------------------------------------
- Domain Ips Information:
- IP: 162.144.126.169
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- HostName: ns1.glesp.org.br Type: MX
- HostName: www.ns1.glesp.org.br. Type: A
- HostName: ftp.ns1.glesp.org.br. Type: A
- HostName: mail.ns1.glesp.org.br. Type: A
- HostName: webmail.ns1.glesp.org.br. Type: A
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http? syn-ack ttl 50
- Port: 443/tcp open ssl/https syn-ack ttl 50 Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: | ssl-cert: Subject: commonName=glesp.org.br
- Script Info: | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-09-01T00:00:00
- Script Info: | Not valid after: 2019-11-30T23:59:59
- Script Info: | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
- Script Info: |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
- Script Info: | tls-alpn:
- Script Info: |_ http/1.1
- IP: 142.4.3.158
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Port: 443/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: |_http-title: 400 Bad Request
- Script Info: | ssl-cert: Subject: commonName=srv.glesp.org.br
- Script Info: | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
- Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-08-17T00:00:00
- Script Info: | Not valid after: 2020-08-16T23:59:59
- Script Info: | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
- Script Info: |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
- Script Info: Device type: general purpose|storage-misc|router|media device|WAP|broadband router
- Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Netgear RAIDiator 4.X (87%)
- --------------End Summary --------------
- -----------------------------------------
- Checking if the hostname ns2.glesp.org.br. given is in fact a domain...
- Analyzing domain: ns2.glesp.org.br.
- Checking NameServers using system default resolver...
- IP: 142.4.3.158 (United States)
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- IP: 162.144.126.169 (United States)
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- Checking MailServers using system default resolver...
- IP: 142.4.3.158 (United States)
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- HostName: ns2.glesp.org.br Type: MX
- Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
- No zone transfer found on nameserver 162.144.126.169
- No zone transfer found on nameserver 142.4.3.158
- Checking SPF record...
- No SPF record
- Checking 192 most common hostnames using system default resolver...
- IP: 142.4.3.158 (United States)
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- HostName: ns2.glesp.org.br Type: MX
- HostName: ftp.ns2.glesp.org.br. Type: A
- Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
- Checking netblock 162.144.126.0
- Checking netblock 142.4.3.0
- Searching for ns2.glesp.org.br. emails in Google
- Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
- Host 162.144.126.169 is up (reset ttl 64)
- Host 142.4.3.158 is up (reset ttl 64)
- Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
- Scanning ip 162.144.126.169 (srv.glesp.org.br (PTR)):
- 80/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: Site doesn't have a title (text/html).
- 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- |_http-favicon: Unknown favicon MD5: 9C2C777C5D1FA385BA456798B38C2A1D
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: 400 Bad Request
- | ssl-cert: Subject: commonName=glesp.org.br
- | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-09-01T00:00:00
- | Not valid after: 2019-11-30T23:59:59
- | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
- |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- |_ http/1.1
- Device type: general purpose|storage-misc|broadband router|router|WAP|media device
- Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
- Scanning ip 142.4.3.158 (ftp.ns2.glesp.org.br.):
- 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: Site doesn't have a title (text/html).
- 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=srv.glesp.org.br
- | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-08-17T00:00:00
- | Not valid after: 2020-08-16T23:59:59
- | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
- |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- |_ http/1.1
- Device type: general purpose|storage-misc|broadband router|router|WAP|media device
- Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
- WebCrawling domain's web servers... up to 50 max links.
- + URL to crawl: http://ns1.glesp.org.br
- + Date: 2019-09-08
- + Crawling URL: http://ns1.glesp.org.br:
- + Links:
- + Crawling http://ns1.glesp.org.br (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: https://ns1.glesp.org.br
- + Date: 2019-09-08
- + Crawling URL: https://ns1.glesp.org.br:
- + Links:
- + Crawling https://ns1.glesp.org.br
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ns2.glesp.org.br
- + Date: 2019-09-08
- + Crawling URL: http://ns2.glesp.org.br:
- + Links:
- + Crawling http://ns2.glesp.org.br (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: http://ftp.ns2.glesp.org.br.
- + Date: 2019-09-08
- + Crawling URL: http://ftp.ns2.glesp.org.br.:
- + Links:
- + Crawling http://ftp.ns2.glesp.org.br. (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: https://ns2.glesp.org.br
- + Date: 2019-09-08
- + Crawling URL: https://ns2.glesp.org.br:
- + Links:
- + Crawling https://ns2.glesp.org.br
- + Searching for directories...
- + Searching open folders...
- + URL to crawl: https://ftp.ns2.glesp.org.br.
- + Date: 2019-09-08
- + Crawling URL: https://ftp.ns2.glesp.org.br.:
- + Links:
- + Crawling https://ftp.ns2.glesp.org.br.
- + Searching for directories...
- + Searching open folders...
- --Finished--
- Summary information for domain ns2.glesp.org.br.
- -----------------------------------------
- Domain Ips Information:
- IP: 162.144.126.169
- HostName: ns1.glesp.org.br Type: NS
- HostName: srv.glesp.org.br Type: PTR
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http syn-ack ttl 47 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: |_http-favicon: Unknown favicon MD5: 9C2C777C5D1FA385BA456798B38C2A1D
- Script Info: | http-methods:
- Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: 400 Bad Request
- Script Info: | ssl-cert: Subject: commonName=glesp.org.br
- Script Info: | Subject Alternative Name: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-09-01T00:00:00
- Script Info: | Not valid after: 2019-11-30T23:59:59
- Script Info: | MD5: 48a5 8038 58ba fbb0 f1de af95 6bd1 19ab
- Script Info: |_SHA-1: a538 419a 17cd 6a71 22a9 2a8b f6cd f44e c9d6 d120
- Script Info: |_ssl-date: TLS randomness does not represent time
- Script Info: | tls-alpn:
- Script Info: |_ http/1.1
- Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP|media device
- Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
- IP: 142.4.3.158
- HostName: ns2.glesp.org.br Type: NS
- HostName: 142-4-3-158.unifiedlayer.com Type: PTR
- HostName: ns2.glesp.org.br Type: MX
- HostName: ftp.ns2.glesp.org.br. Type: A
- Country: United States
- Is Active: True (reset ttl 64)
- Port: 80/tcp open http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- Script Info: | http-methods:
- Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
- Script Info: |_ Potentially risky methods: TRACE
- Script Info: |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Script Info: |_http-title: Site doesn't have a title (text/html).
- Script Info: | ssl-cert: Subject: commonName=srv.glesp.org.br
- Script Info: | Subject Alternative Name: DNS:srv.glesp.org.br, DNS:www.srv.glesp.org.br
- Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- Script Info: | Public Key type: rsa
- Script Info: | Public Key bits: 2048
- Script Info: | Signature Algorithm: sha256WithRSAEncryption
- Script Info: | Not valid before: 2019-08-17T00:00:00
- Script Info: | Not valid after: 2020-08-16T23:59:59
- Script Info: | MD5: ce5d 3e2d 0a8a 2b5d d48d 3173 7884 aa6a
- Script Info: |_SHA-1: aef5 32ba 0573 29b5 5ee9 8ea6 30e9 668d 77f4 ff56
- Script Info: |_ssl-date: TLS randomness does not represent time
- Script Info: | tls-alpn:
- Script Info: |_ http/1.1
- Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP|media device
- Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.glesp.org.br -----
- Host's addresses:
- __________________
- glesp.org.br. 11933 IN A 162.144.126.169
- Name Servers:
- ______________
- ns1.glesp.org.br. 12743 IN A 162.144.126.169
- ns2.glesp.org.br. 12742 IN A 142.4.3.158
- Mail (MX) Servers:
- ___________________
- mail.glesp.org.br. 12742 IN A 162.144.126.169
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for www.glesp.org.br on ns1.glesp.org.br ...
- Trying Zone Transfer for www.glesp.org.br on ns2.glesp.org.br ...
- brute force file not specified, bay.
- ######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 +a +mx +ip4:162.144.126.169 +ip4:142.4.3.158 ~all
- [*] SPF record contains an All item: ~all
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.glesp.org.br!
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:18 EDT
- Nmap scan report for www.glesp.org.br (162.144.126.169)
- Host is up (0.090s latency).
- rDNS record for 162.144.126.169: srv.glesp.org.br
- Not shown: 478 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- Nmap done: 1 IP address (1 host up) scanned in 11.04 seconds
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:18 EDT
- Nmap scan report for www.glesp.org.br (162.144.126.169)
- Host is up (0.078s latency).
- rDNS record for 162.144.126.169: srv.glesp.org.br
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 2.62 seconds
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:18 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 16:18
- Completed NSE at 16:18, 0.00s elapsed
- Initiating NSE at 16:18
- Completed NSE at 16:18, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 16:18
- Completed Parallel DNS resolution of 1 host. at 16:18, 0.02s elapsed
- Initiating SYN Stealth Scan at 16:18
- Scanning www.glesp.org.br (162.144.126.169) [1 port]
- Discovered open port 80/tcp on 162.144.126.169
- Completed SYN Stealth Scan at 16:18, 0.14s elapsed (1 total ports)
- Initiating Service scan at 16:18
- Scanning 1 service on www.glesp.org.br (162.144.126.169)
- Completed Service scan at 16:18, 15.96s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against www.glesp.org.br (162.144.126.169)
- Retrying OS detection (try #2) against www.glesp.org.br (162.144.126.169)
- Initiating Traceroute at 16:18
- Completed Traceroute at 16:18, 3.04s elapsed
- Initiating Parallel DNS resolution of 14 hosts. at 16:18
- Completed Parallel DNS resolution of 14 hosts. at 16:18, 0.88s elapsed
- NSE: Script scanning 162.144.126.169.
- Initiating NSE at 16:18
- NSE Timing: About 38.11% done; ETC: 16:20 (0:00:50 remaining)
- NSE: [http-wordpress-enum 162.144.126.169:80] got no answers from pipelined queries
- Completed NSE at 16:28, 600.66s elapsed
- Initiating NSE at 16:28
- Completed NSE at 16:29, 8.25s elapsed
- Nmap scan report for www.glesp.org.br (162.144.126.169)
- Host is up (0.097s latency).
- rDNS record for 162.144.126.169: srv.glesp.org.br
- PORT STATE SERVICE VERSION
- 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 24300.11ms; min: 22380.92ms; max: 27421.03ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Sun, 08 Sep 2019 20:18:52 GMT; -46s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-errors: Couldn't find any error pages.
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Date: Sun, 08 Sep 2019 20:18:52 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
- | ETag: "a3-580a35a1678c0"
- | Accept-Ranges: bytes
- | Content-Length: 163
- | Connection: close
- | Content-Type: text/html
- |
- |_ (Request type: GET)
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-mobileversion-checker: No mobile version detected.
- |_http-security-headers:
- | http-sitemap-generator:
- | Directory structure:
- | /
- | Other: 1
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_ Other: 1
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: Site doesn't have a title (text/html).
- |_http-traceroute: ERROR: Script execution failed (use -d to debug)
- | http-vhosts:
- | www2.glesp.org.br : 200
- |_126 names had status ERROR
- |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|WAP|storage-misc|specialized
- Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
- Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%), Linux 2.6.32 - 3.9 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 31.104 days (since Thu Aug 8 13:58:33 2019)
- Network Distance: 15 hops
- TCP Sequence Prediction: Difficulty=262 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 49.45 ms 10.246.204.1
- 2 49.51 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 69.81 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 49.51 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 49.53 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
- 6 69.84 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
- 7 69.83 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
- 8 69.86 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
- 9 69.88 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
- 10 30.00 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
- 11 ...
- 12 115.03 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
- 13 114.96 ms eth3-33-3.prvspn002.net.unifiedlayer.com (162.144.240.159)
- 14 115.01 ms po99.prv-leaf6b.net.unifiedlayer.com (162.144.240.23)
- 15 94.37 ms srv.glesp.org.br (162.144.126.169)
- NSE: Script Post-scanning.
- Initiating NSE at 16:29
- Completed NSE at 16:29, 0.00s elapsed
- Initiating NSE at 16:29
- Completed NSE at 16:29, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:53 EDT
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.13s latency).
- Not shown: 473 closed ports
- PORT STATE SERVICE
- 21/tcp open ftp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
- ######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:53 EDT
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.075s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:53 EDT
- NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
- NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
- NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.089s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 3627 guesses in 185 seconds, average tps: 19.8
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 2.6.32 - 3.1 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.8 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 15 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 281.68 ms 10.246.204.1
- 2 281.70 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 281.67 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 281.67 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 255.74 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
- 6 281.73 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
- 7 281.75 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
- 8 281.76 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
- 9 281.77 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
- 10 281.83 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
- 11 ...
- 12 122.33 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
- 13 122.38 ms eth4-33-3.prvspn001.net.unifiedlayer.com (162.144.240.145)
- 14 122.32 ms po99.prv-leaf6a.net.unifiedlayer.com (162.144.240.15)
- 15 122.33 ms srv.glesp.org.br (162.144.126.169)
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:57 EDT
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.099s latency).
- PORT STATE SERVICE VERSION
- 53/tcp open domain ISC BIND
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (94%), Linux 3.8 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 2.6.32 - 3.1 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 15 hops
- Host script results:
- | dns-brute:
- | DNS Brute-force hostnames:
- | info.glesp.org.br - 191.252.94.255
- | ns1.glesp.org.br - 162.144.126.169
- | ns2.glesp.org.br - 142.4.3.158
- | www.glesp.org.br - 162.144.126.169
- | ftp.glesp.org.br - 162.144.126.169
- |_ mail.glesp.org.br - 162.144.126.169
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 92.39 ms 10.246.204.1
- 2 92.48 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 92.50 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 92.48 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 92.47 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
- 6 92.57 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
- 7 92.62 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
- 8 92.61 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
- 9 92.58 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
- 10 29.25 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
- 11 ...
- 12 101.25 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
- 13 101.26 ms eth3-33-4.prvspn002.net.unifiedlayer.com (162.144.240.167)
- 14 101.24 ms po97.prv-leaf6a.net.unifiedlayer.com (162.144.240.11)
- 15 80.92 ms srv.glesp.org.br (162.144.126.169)
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:58 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 15:58
- Completed NSE at 15:58, 0.00s elapsed
- Initiating NSE at 15:58
- Completed NSE at 15:58, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 15:58
- Completed Parallel DNS resolution of 1 host. at 15:58, 0.02s elapsed
- Initiating SYN Stealth Scan at 15:58
- Scanning srv.glesp.org.br (162.144.126.169) [1 port]
- Discovered open port 80/tcp on 162.144.126.169
- Completed SYN Stealth Scan at 15:58, 0.11s elapsed (1 total ports)
- Initiating Service scan at 15:58
- Scanning 1 service on srv.glesp.org.br (162.144.126.169)
- Completed Service scan at 15:58, 6.19s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
- Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
- Initiating Traceroute at 15:58
- Completed Traceroute at 15:58, 3.05s elapsed
- Initiating Parallel DNS resolution of 14 hosts. at 15:58
- Completed Parallel DNS resolution of 14 hosts. at 15:58, 0.30s elapsed
- NSE: Script scanning 162.144.126.169.
- Initiating NSE at 15:58
- Completed NSE at 15:58, 42.12s elapsed
- Initiating NSE at 15:58
- Completed NSE at 15:58, 0.61s elapsed
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.097s latency).
- PORT STATE SERVICE VERSION
- 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 381.73ms; min: 229.19ms; max: 638.98ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Sun, 08 Sep 2019 19:58:17 GMT; -2s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
- |_http-errors: Couldn't find any error pages.
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Date: Sun, 08 Sep 2019 19:58:26 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
- | ETag: "a3-580a35a1678c0"
- | Accept-Ranges: bytes
- | Content-Length: 163
- | Connection: close
- | Content-Type: text/html
- |
- |_ (Request type: HEAD)
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-mobileversion-checker: No mobile version detected.
- | http-php-version: Logo query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
- |_Credits query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
- |_http-security-headers:
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | http-sitemap-generator:
- | Directory structure:
- | /
- | Other: 1
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_ Other: 1
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: Site doesn't have a title (text/html).
- | http-trace: TRACE is enabled
- | Headers:
- | Date: Sun, 08 Sep 2019 19:58:20 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Connection: close
- | Transfer-Encoding: chunked
- |_Content-Type: message/http
- |_http-userdir-enum: Potential Users: root
- | http-vhosts:
- | 125 names had status 200
- | mail.glesp.org.br : 301 -> https://www.glesp.org.br/
- |_www.glesp.org.br : 301 -> https://www.glesp.org.br/
- |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (94%), Linux 3.8 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 2.6.32 - 3.1 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 31.084 days (since Thu Aug 8 13:58:33 2019)
- Network Distance: 15 hops
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 93.07 ms 10.246.204.1
- 2 93.14 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 93.20 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 93.13 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 93.15 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
- 6 93.19 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
- 7 93.22 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
- 8 93.22 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
- 9 93.20 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
- 10 29.70 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
- 11 ...
- 12 102.26 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
- 13 102.19 ms eth4-33-4.prvspn002.net.unifiedlayer.com (162.144.240.169)
- 14 102.27 ms po97.prv-leaf6a.net.unifiedlayer.com (162.144.240.11)
- 15 102.20 ms srv.glesp.org.br (162.144.126.169)
- NSE: Script Post-scanning.
- Initiating NSE at 15:58
- Completed NSE at 15:58, 0.00s elapsed
- Initiating NSE at 15:58
- Completed NSE at 15:58, 0.00s elapsed
- #######################################################################################################################################
- http://162.144.126.169 [200 OK] Apache[2.4.41][mod_bwlimited/1.4], Country[UNITED STATES][US], HTTPServer[Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4], IP[162.144.126.169], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], OpenSSL[1.0.2s]
- http://162.144.126.169/cgi-sys/defaultwebpage.cgi [200 OK] Apache[2.4.41][mod_bwlimited/1.4], Country[UNITED STATES][US], Email[webmaster@162.144.126.169], HTML5, HTTPServer[Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4], IP[162.144.126.169], OpenSSL[1.0.2s], Title[Default Web Site Page]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://162.144.126.169...
- _________________ SITE INFO __________________
- IP Title
- 162.144.126.169
- __________________ VERSION ___________________
- Name Versions Type
- Apache 2.4.41 Platform
- mod_bwlimited 1.4 Platform
- openssl 1.0.2s Platform
- ______________________________________________
- Time: 18.3 sec Urls: 601 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Sun, 08 Sep 2019 19:59:28 GMT
- Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
- ETag: "a3-580a35a1678c0"
- Accept-Ranges: bytes
- Content-Length: 163
- Content-Type: text/html
- HTTP/1.1 200 OK
- Date: Sun, 08 Sep 2019 19:59:28 GMT
- Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
- ETag: "a3-580a35a1678c0"
- Accept-Ranges: bytes
- Content-Length: 163
- Content-Type: text/html
- Allow: GET,POST,OPTIONS,HEAD,TRACE
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 15:59 EDT
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- | Statistics: Performed 57 guesses in 54 seconds, average tps: 1.0
- |_ ERROR: Failed to connect.
- |_pop3-capabilities: RESP-CODES STLS PIPELINING UIDL CAPA TOP AUTH-RESP-CODE SASL(PLAIN LOGIN) USER
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 3.8 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 3.11 (93%), Linux 3.5 (93%), Linux 3.2 (93%), Linux 3.1 (92%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 15 hops
- TRACEROUTE (using port 110/tcp)
- HOP RTT ADDRESS
- 1 92.41 ms 10.246.204.1
- 2 92.49 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 92.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 92.50 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 92.54 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
- 6 92.62 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
- 7 92.65 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
- 8 92.68 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
- 9 92.64 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
- 10 28.05 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
- 11 ...
- 12 79.53 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
- 13 100.64 ms eth3-33-4.prvspn002.net.unifiedlayer.com (162.144.240.167)
- 14 100.66 ms po99.prv-leaf6b.net.unifiedlayer.com (162.144.240.23)
- 15 100.81 ms srv.glesp.org.br (162.144.126.169)
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:00 EDT
- NSE: Loaded 164 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 16:00
- Completed NSE at 16:00, 0.00s elapsed
- Initiating NSE at 16:00
- Completed NSE at 16:00, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 16:00
- Completed Parallel DNS resolution of 1 host. at 16:00, 0.03s elapsed
- Initiating SYN Stealth Scan at 16:00
- Scanning srv.glesp.org.br (162.144.126.169) [1 port]
- Discovered open port 443/tcp on 162.144.126.169
- Completed SYN Stealth Scan at 16:00, 0.16s elapsed (1 total ports)
- Initiating Service scan at 16:00
- Scanning 1 service on srv.glesp.org.br (162.144.126.169)
- Completed Service scan at 16:01, 41.46s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
- Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
- Initiating Traceroute at 16:01
- Completed Traceroute at 16:01, 3.04s elapsed
- Initiating Parallel DNS resolution of 14 hosts. at 16:01
- Completed Parallel DNS resolution of 14 hosts. at 16:01, 0.18s elapsed
- NSE: Script scanning 162.144.126.169.
- Initiating NSE at 16:01
- Completed NSE at 16:02, 69.51s elapsed
- Initiating NSE at 16:02
- Completed NSE at 16:02, 9.95s elapsed
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.10s latency).
- PORT STATE SERVICE VERSION
- 443/tcp open ssl/ssl Apache httpd (SSL-only mode)
- | http-brute:
- |_ Path "/" does not require authentication
- |_http-chrono: Request times for /; avg: 629.26ms; min: 560.35ms; max: 700.48ms
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-date: Sun, 08 Sep 2019 20:01:26 GMT; -2s from local time.
- |_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
- |_http-errors: Couldn't find any error pages.
- |_http-feed: Couldn't find any feeds.
- |_http-fetch: Please enter the complete path of the directory to save data in.
- | http-headers:
- | Date: Sun, 08 Sep 2019 20:02:10 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
- | ETag: "a3-580a35a1678c0"
- | Accept-Ranges: bytes
- | Content-Length: 163
- | Connection: close
- | Content-Type: text/html
- |
- |_ (Request type: HEAD)
- |_http-jsonp-detection: Couldn't find any JSONP endpoints.
- |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
- | http-methods:
- | Supported Methods: GET POST OPTIONS HEAD TRACE
- |_ Potentially risky methods: TRACE
- |_http-mobileversion-checker: No mobile version detected.
- | http-security-headers:
- | Strict_Transport_Security:
- |_ HSTS not configured in HTTPS Server
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | http-sitemap-generator:
- | Directory structure:
- | /
- | Other: 1
- | Longest directory structure:
- | Depth: 0
- | Dir: /
- | Total files found (by extension):
- |_ Other: 1
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_http-title: Site doesn't have a title (text/html).
- | http-trace: TRACE is enabled
- | Headers:
- | Date: Sun, 08 Sep 2019 20:02:02 GMT
- | Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | Connection: close
- | Transfer-Encoding: chunked
- |_Content-Type: message/http
- |_http-userdir-enum: Potential Users: root
- | http-vhosts:
- |_127 names had status 400
- |_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
- |_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
- |_http-xssed: No previously reported XSS vuln.
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|WAP|storage-misc|specialized
- Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
- Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 31.086 days (since Thu Aug 8 13:58:33 2019)
- Network Distance: 15 hops
- TCP Sequence Prediction: Difficulty=258 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 49.30 ms 10.246.204.1
- 2 49.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 49.40 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 49.38 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 49.37 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
- 6 69.49 ms if-ae-12-2.tcore1.mtt-montreal.as6453.net (64.86.31.26)
- 7 69.48 ms if-ae-0-2.tcore2.mtt-montreal.as6453.net (216.6.115.90)
- 8 69.50 ms if-ae-5-2.tcore2.n0v-new-york.as6453.net (64.86.226.58)
- 9 69.46 ms if-ae-2-2.tcore1.n0v-new-york.as6453.net (216.6.90.21)
- 10 28.91 ms 63-235-41-97.dia.static.qwest.net (63.235.41.97)
- 11 ...
- 12 125.28 ms 63-232-104-62.dia.static.qwest.net (63.232.104.62)
- 13 193.07 ms eth4-33-4.prvspn001.net.unifiedlayer.com (162.144.240.153)
- 14 193.07 ms po99.prv-leaf6b.net.unifiedlayer.com (162.144.240.23)
- 15 96.02 ms srv.glesp.org.br (162.144.126.169)
- NSE: Script Post-scanning.
- Initiating NSE at 16:02
- Completed NSE at 16:02, 0.00s elapsed
- Initiating NSE at 16:02
- Completed NSE at 16:02, 0.00s elapsed
- ######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 162.144.126.169
- Testing SSL server 162.144.126.169 on port 443 using SNI name 162.144.126.169
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits SEED-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Accepted TLSv1.1 128 bits IDEA-CBC-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits RC4-SHA
- Accepted TLSv1.1 128 bits RC4-MD5
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: glesp.org.br
- Altnames: DNS:glesp.org.br, DNS:autodiscover.glesp.org.br, DNS:cpanel.glesp.org.br, DNS:mail.glesp.org.br, DNS:webdisk.glesp.org.br, DNS:webmail.glesp.org.br, DNS:www.glesp.org.br
- Issuer: cPanel, Inc. Certification Authority
- Not valid before: Sep 1 00:00:00 2019 GMT
- Not valid after: Nov 30 23:59:59 2019 GMT
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:09 EDT
- NSE: Loaded 47 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 16:09
- Completed NSE at 16:09, 0.00s elapsed
- Initiating NSE at 16:09
- Completed NSE at 16:09, 0.00s elapsed
- Initiating Ping Scan at 16:09
- Scanning 162.144.126.169 [4 ports]
- Completed Ping Scan at 16:09, 0.14s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 16:09
- Completed Parallel DNS resolution of 1 host. at 16:09, 0.02s elapsed
- Initiating SYN Stealth Scan at 16:09
- Scanning srv.glesp.org.br (162.144.126.169) [65535 ports]
- Discovered open port 443/tcp on 162.144.126.169
- Discovered open port 80/tcp on 162.144.126.169
- SYN Stealth Scan Timing: About 1.67% done; ETC: 16:39 (0:30:21 remaining)
- SYN Stealth Scan Timing: About 4.17% done; ETC: 16:33 (0:23:20 remaining)
- SYN Stealth Scan Timing: About 6.91% done; ETC: 16:31 (0:20:39 remaining)
- SYN Stealth Scan Timing: About 7.65% done; ETC: 16:35 (0:24:33 remaining)
- SYN Stealth Scan Timing: About 15.18% done; ETC: 16:25 (0:14:09 remaining)
- SYN Stealth Scan Timing: About 19.65% done; ETC: 16:24 (0:12:24 remaining)
- SYN Stealth Scan Timing: About 28.20% done; ETC: 16:21 (0:09:00 remaining)
- SYN Stealth Scan Timing: About 36.12% done; ETC: 16:20 (0:07:08 remaining)
- SYN Stealth Scan Timing: About 63.60% done; ETC: 16:16 (0:02:36 remaining)
- Completed SYN Stealth Scan at 16:14, 340.32s elapsed (65535 total ports)
- Initiating Service scan at 16:14
- Scanning 2 services on srv.glesp.org.br (162.144.126.169)
- Completed Service scan at 16:15, 28.33s elapsed (2 services on 1 host)
- Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
- Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
- Initiating Traceroute at 16:15
- Completed Traceroute at 16:15, 0.29s elapsed
- Initiating Parallel DNS resolution of 2 hosts. at 16:15
- Completed Parallel DNS resolution of 2 hosts. at 16:15, 0.00s elapsed
- NSE: Script scanning 162.144.126.169.
- Initiating NSE at 16:15
- Completed NSE at 16:15, 26.81s elapsed
- Initiating NSE at 16:15
- Completed NSE at 16:15, 7.97s elapsed
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.22s latency).
- Not shown: 65530 filtered ports
- PORT STATE SERVICE VERSION
- 25/tcp closed smtp
- 80/tcp open http Apache httpd 2.4.41 ((cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4)
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_vulscan: ERROR: Script execution failed (use -d to debug)
- 139/tcp closed netbios-ssn
- 443/tcp open ssl/https Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- |_http-server-header: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- 445/tcp closed microsoft-ds
- Device type: general purpose|storage-misc|broadband router|router|media device|WAP
- Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
- Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.1 (92%), Linux 2.6.32 - 2.6.39 (91%), Linux 2.6.39 (91%), Linux 3.10 (91%), Linux 3.2 (91%), HP P2000 G3 NAS device (90%), Linux 3.8 (90%), Linux 2.6.32 - 3.10 (89%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 31.095 days (since Thu Aug 8 13:58:33 2019)
- Network Distance: 2 hops
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 445/tcp)
- HOP RTT ADDRESS
- 1 290.84 ms 10.246.204.1
- 2 290.83 ms srv.glesp.org.br (162.144.126.169)
- NSE: Script Post-scanning.
- Initiating NSE at 16:15
- Completed NSE at 16:15, 0.00s elapsed
- Initiating NSE at 16:15
- Completed NSE at 16:15, 0.00s elapsed
- #######################################################################################################################################
- Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-08 16:15 EDT
- NSE: Loaded 47 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 16:15
- Completed NSE at 16:15, 0.00s elapsed
- Initiating NSE at 16:15
- Completed NSE at 16:15, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 16:15
- Completed Parallel DNS resolution of 1 host. at 16:15, 0.02s elapsed
- Initiating UDP Scan at 16:15
- Scanning srv.glesp.org.br (162.144.126.169) [15 ports]
- Completed UDP Scan at 16:15, 1.61s elapsed (15 total ports)
- Initiating Service scan at 16:15
- Scanning 13 services on srv.glesp.org.br (162.144.126.169)
- Service scan Timing: About 7.69% done; ETC: 16:37 (0:19:36 remaining)
- Completed Service scan at 16:17, 102.58s elapsed (13 services on 1 host)
- Initiating OS detection (try #1) against srv.glesp.org.br (162.144.126.169)
- Retrying OS detection (try #2) against srv.glesp.org.br (162.144.126.169)
- Initiating Traceroute at 16:17
- Completed Traceroute at 16:17, 7.28s elapsed
- Initiating Parallel DNS resolution of 1 host. at 16:17
- Completed Parallel DNS resolution of 1 host. at 16:17, 0.00s elapsed
- NSE: Script scanning 162.144.126.169.
- Initiating NSE at 16:17
- Completed NSE at 16:17, 7.14s elapsed
- Initiating NSE at 16:17
- Completed NSE at 16:17, 1.01s elapsed
- Nmap scan report for srv.glesp.org.br (162.144.126.169)
- Host is up (0.028s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 500/udp open|filtered isakmp
- |_ike-version: ERROR: Script execution failed (use -d to debug)
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 138/udp)
- HOP RTT ADDRESS
- 1 ... 4
- 5 199.59 ms 10.246.204.1
- 6 199.59 ms 10.246.204.1
- 7 199.60 ms 10.246.204.1
- 8 199.61 ms 10.246.204.1
- 9 199.60 ms 10.246.204.1
- 10 179.68 ms 10.246.204.1
- 11 21.47 ms 10.246.204.1
- 12 28.41 ms 10.246.204.1
- 13 ... 22
- 23 20.18 ms 10.246.204.1
- 24 49.76 ms 10.246.204.1
- 25 ...
- 26 21.64 ms 10.246.204.1
- 27 ...
- 28 21.31 ms 10.246.204.1
- 29 ...
- 30 21.32 ms 10.246.204.1
- NSE: Script Post-scanning.
- Initiating NSE at 16:17
- Completed NSE at 16:17, 0.00s elapsed
- Initiating NSE at 16:17
- Completed NSE at 16:17, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 122.83 seconds
- Raw packets sent: 151 (10.460KB) | Rcvd: 78 (7.948KB)
- #######################################################################################################################################
- Hosts
- =====
- address mac name os_name os_flavor os_sp purpose info comments
- ------- --- ---- ------- --------- ----- ------- ---- --------
- 162.144.126.169 srv.glesp.org.br Linux 2.6.X server
- Services
- ========
- host port proto name state info
- ---- ---- ----- ---- ----- ----
- 162.144.126.169 25 tcp smtp closed
- 162.144.126.169 53 udp domain open
- 162.144.126.169 67 udp dhcps unknown
- 162.144.126.169 68 udp dhcpc unknown
- 162.144.126.169 69 udp tftp unknown
- 162.144.126.169 80 tcp http open Apache httpd 2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- 162.144.126.169 88 udp kerberos-sec unknown
- 162.144.126.169 123 udp ntp unknown
- 162.144.126.169 137 udp netbios-ns filtered
- 162.144.126.169 138 udp netbios-dgm filtered
- 162.144.126.169 139 tcp netbios-ssn closed
- 162.144.126.169 139 udp netbios-ssn unknown
- 162.144.126.169 161 udp snmp unknown
- 162.144.126.169 162 udp snmptrap unknown
- 162.144.126.169 389 udp ldap unknown
- 162.144.126.169 443 tcp ssl/https open Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- 162.144.126.169 445 tcp microsoft-ds closed
- 162.144.126.169 500 udp isakmp unknown
- 162.144.126.169 520 udp route unknown
- 162.144.126.169 2049 udp nfs unknown
- #######################################################################################################################################
- [+] URL: https://www.glesp.org.br/
- [+] Started: Sun Sep 8 15:29:03 2019
- Interesting Finding(s):
- [+] https://www.glesp.org.br/
- | Interesting Entries:
- | - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | - X-Powered-By: W3 Total Cache/0.9.7.5
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://www.glesp.org.br/xmlrpc.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] https://www.glesp.org.br/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] This site has 'Must Use Plugins': https://www.glesp.org.br/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://www.glesp.org.br/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
- | Detected By: Query Parameter In Install Page (Aggressive Detection)
- | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-includes/css/dashicons.min.css?ver=5.2.2
- | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
- | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
- [i] The main theme could not be detected.
- [+] Enumerating All Plugins (via Passive Methods)
- [+] Checking Plugin Versions (via Passive and Aggressive Methods)
- [i] Plugin(s) Identified:
- [+] nextcellent-gallery-nextgen-legacy
- | Location: https://www.glesp.org.br/wp-content/plugins/nextcellent-gallery-nextgen-legacy/
- | Latest Version: 1.9.35 (up to date)
- | Last Updated: 2017-10-16T09:19:00.000Z
- |
- | Detected By: Comment (Passive Detection)
- |
- | Version: 3.2.10 (60% confidence)
- | Detected By: Comment (Passive Detection)
- | - https://www.glesp.org.br/, Match: '<meta name="NextGEN" version="3.2.10"'
- [+] nextgen-gallery
- | Location: https://www.glesp.org.br/wp-content/plugins/nextgen-gallery/
- | Last Updated: 2019-08-28T00:11:00.000Z
- | [!] The version is out of date, the latest version is 3.2.11
- |
- | Detected By: Comment (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: Nextgen Gallery < 3.2.11 - SQL Injection
- | Fixed in: 3.2.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9816
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14314
- | - https://fortiguard.com/zeroday/FG-VD-19-099
- | - https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
- |
- | Version: 3.2.10 (100% confidence)
- | Detected By: Comment (Passive Detection)
- | - https://www.glesp.org.br/, Match: '<meta name="NextGEN" version="3.2.10"'
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://www.glesp.org.br/wp-content/plugins/nextgen-gallery/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.glesp.org.br/wp-content/plugins/nextgen-gallery/readme.txt
- [+] w3-total-cache
- | Location: https://www.glesp.org.br/wp-content/plugins/w3-total-cache/
- | Latest Version: 0.9.7.5 (up to date)
- | Last Updated: 2019-06-05T14:00:00.000Z
- |
- | Detected By: Header Pattern (Passive Detection)
- |
- | Version: 0.9.7.5 (100% confidence)
- | Detected By: Header Pattern (Passive Detection)
- | - https://www.glesp.org.br/, Match: 'W3 Total Cache/0.9.7.5'
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://www.glesp.org.br/wp-content/plugins/w3-total-cache/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.glesp.org.br/wp-content/plugins/w3-total-cache/readme.txt
- [+] Enumerating Config Backups (via Passive and Aggressive Methods)
- Checking Config Backups - Time: 00:00:22 <=============> (21 / 21) 100.00% Time: 00:00:22
- [i] No Config Backups Found.
- [+] Finished: Sun Sep 8 15:31:06 2019
- [+] Requests Done: 64
- [+] Cached Requests: 6
- [+] Data Sent: 19.034 KB
- [+] Data Received: 420.336 KB
- [+] Memory used: 189.719 MB
- [+] Elapsed time: 00:02:02
- #######################################################################################################################################
- [+] URL: https://www.glesp.org.br/
- [+] Started: Sun Sep 8 15:29:10 2019
- Interesting Finding(s):
- [+] https://www.glesp.org.br/
- | Interesting Entries:
- | - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | - X-Powered-By: W3 Total Cache/0.9.7.5
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://www.glesp.org.br/xmlrpc.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] https://www.glesp.org.br/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] This site has 'Must Use Plugins': https://www.glesp.org.br/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://www.glesp.org.br/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
- | Detected By: Query Parameter In Install Page (Aggressive Detection)
- | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-includes/css/dashicons.min.css?ver=5.2.2
- | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
- | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
- [i] The main theme could not be detected.
- [+] Enumerating Users (via Passive and Aggressive Methods)
- Brute Forcing Author IDs - Time: 00:00:14 <==> (10 / 10) 100.00% Time: 00:00:14
- [i] No Users Found.
- [+] Finished: Sun Sep 8 15:30:41 2019
- [+] Requests Done: 39
- [+] Cached Requests: 19
- [+] Data Sent: 11.532 KB
- [+] Data Received: 281.982 KB
- [+] Memory used: 81.18 MB
- [+] Elapsed time: 00:01:31
- #######################################################################################################################################
- [+] URL: https://www.glesp.org.br/
- [+] Started: Sun Sep 8 15:36:17 2019
- Interesting Finding(s):
- [+] https://www.glesp.org.br/
- | Interesting Entries:
- | - Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- | - X-Powered-By: W3 Total Cache/0.9.7.5
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://www.glesp.org.br/xmlrpc.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] https://www.glesp.org.br/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] This site has 'Must Use Plugins': https://www.glesp.org.br/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://www.glesp.org.br/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 5.2.2 identified (Latest, released on 2019-06-18).
- | Detected By: Query Parameter In Install Page (Aggressive Detection)
- | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-includes/css/dashicons.min.css?ver=5.2.2
- | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
- | - https://www.glesp.org.br/wp-includes/css/buttons.min.css?ver=5.2.2
- | - https://www.glesp.org.br/wp-admin/css/install.min.css?ver=5.2.2
- [i] The main theme could not be detected.
- [+] Enumerating Users (via Passive and Aggressive Methods)
- Brute Forcing Author IDs - Time: 00:00:24 <============> (10 / 10) 100.00% Time: 00:00:24
- [i] No Users Found.
- [+] Finished: Sun Sep 8 15:36:59 2019
- [+] Requests Done: 13
- [+] Cached Requests: 45
- [+] Data Sent: 3.783 KB
- [+] Data Received: 46.95 KB
- [+] Memory used: 81.082 MB
- [+] Elapsed time: 00:00:41
- #######################################################################################################################################
- [INFO] ------TARGET info------
- [*] TARGET: https://www.glesp.org.br/
- [*] TARGET IP: 162.144.126.169
- [INFO] NO load balancer detected for www.glesp.org.br...
- [*] DNS servers: glesp.org.br.
- [*] TARGET server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [*] CC: US
- [*] Country: United States
- [*] RegionCode: UT
- [*] RegionName: Utah
- [*] City: Provo
- [*] ASN: AS46606
- [*] BGP_PREFIX: 162.144.0.0/16
- [*] ISP: UNIFIEDLAYER-AS-1 - Unified Layer, US
- [INFO] SSL/HTTPS certificate detected
- [*] Issuer: issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
- [*] Subject: subject=CN = glesp.org.br
- [INFO] DNS enumeration:
- [*] ftp.glesp.org.br 162.144.126.169
- [*] mail.glesp.org.br 162.144.126.169
- [*] ns1.glesp.org.br 162.144.126.169
- [*] ns2.glesp.org.br 142.4.3.158
- [*] webmail.glesp.org.br glesp.org.br. 162.144.126.169
- [INFO] Possible abuse mails are:
- [*] abuse@glesp.org.br
- [*] abuse@www.glesp.org.br
- [*] malware@bluehost.com
- [INFO] NO PAC (Proxy Auto Configuration) file FOUND
- [INFO] Starting FUZZing in http://www.glesp.org.br/FUzZzZzZzZz...
- [INFO] Status code Folders
- [ALERT] Look in the source code. It may contain passwords
- [INFO] Links found from https://www.glesp.org.br/ http://162.144.126.169/:
- [*] http://162.144.126.169/cgi-sys/defaultwebpage.cgi
- [*] http://oportunidades.glesp.org.br/usuarios/login_visualizar
- [*] https://info.glesp.org.br/lojas/busca_lojas
- [*] https://twitter.com/gmglespoficial
- [*] https://www.facebook.com/GlespOficial/
- [*] https://www.glesp.org.br/
- [*] https://www.glesp.org.br/?feed=atom
- [*] https://www.glesp.org.br/?feed=rss
- [*] https://www.glesp.org.br/?feed=rss2
- [*] https://www.glesp.org.br/?hospitalaria=fundo-de-solidariedade
- [*] https://www.glesp.org.br/?hospitalaria=indicador-de-saude
- [*] https://www.glesp.org.br/?hospitalaria=instituicoes-de-ensino
- [*] https://www.glesp.org.br/?hospitalaria=recolocacao-profissional
- [*] https://www.glesp.org.br/?lang=pb
- [*] https://www.glesp.org.br/?noticias=dia-do-macom-2
- [*] https://www.glesp.org.br/?noticias=edital-3
- [*] https://www.glesp.org.br/?noticias=glesp-news
- [*] https://www.glesp.org.br/?noticias=novo-pabx
- [*] https://www.glesp.org.br/?noticias=parceria-glesp-bifarma
- [*] https://www.glesp.org.br/?noticias=reuniao
- [*] https://www.glesp.org.br/?page_id=115
- [*] https://www.glesp.org.br/?page_id=128
- [*] https://www.glesp.org.br/?page_id=18176
- [*] https://www.glesp.org.br/?page_id=186
- [*] https://www.glesp.org.br/?page_id=20869
- [*] https://www.glesp.org.br/?page_id=31
- [*] https://www.glesp.org.br/?page_id=519
- [*] https://www.glesp.org.br/?paramaconicas=amem-associacao-dos-medicos-macons
- [*] https://www.glesp.org.br/?paramaconicas=bodes-do-asfalto
- [*] https://www.glesp.org.br/?paramaconicas=escoteiros-do-brasil
- [*] https://www.glesp.org.br/?paramaconicas=escudeiros-da-tavola-redonda
- [*] https://www.glesp.org.br/?paramaconicas=estrela-do-oriente
- [*] https://www.glesp.org.br/?paramaconicas=filhas-de-jo
- [*] https://www.glesp.org.br/?paramaconicas=lowtons
- [*] https://www.glesp.org.br/?paramaconicas=ordem-demolay
- [*] https://www.glesp.org.br/?paramaconicas=ordem-internacional-arco-iris-para-meninas
- [*] https://www.glesp.org.br/?paramaconicas=pelicanos-do-asfalto
- [*] https://www.glesp.org.br/?paramaconicas=pledges
- [*] https://www.glesp.org.br/?post_type=noticias
- [*] https://www.glesp.org.br/?sec-geral=boletins-informativos
- [*] https://www.linkedin.com/company-beta/11222127/
- [*] https://www.youtube.com/user/glesp10
- [INFO] GOOGLE has 135,000 results (0.21 seconds) about http://www.glesp.org.br/
- [INFO] Shodan detected the following opened ports on 162.144.126.169:
- [*] 1
- [*] 110
- [*] 143
- [*] 2082
- [*] 2083
- [*] 2086
- [*] 2087
- [*] 2096
- [*] 26
- [*] 3
- [*] 4
- [*] 443
- [*] 53
- [*] 587
- [*] 80
- [*] 993
- [*] 995
- [INFO] ------VirusTotal SECTION------
- [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
- [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
- [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
- [INFO] ------Alexa Rank SECTION------
- [INFO] Percent of Visitors Rank in Country:
- [INFO] Percent of Search Traffic:
- [INFO] Percent of Unique Visits:
- [INFO] Total Sites Linking In:
- [*] Total Sites
- [INFO] Useful links related to www.glesp.org.br - 162.144.126.169:
- [*] https://www.virustotal.com/pt/ip-address/162.144.126.169/information/
- [*] https://www.hybrid-analysis.com/search?host=162.144.126.169
- [*] https://www.shodan.io/host/162.144.126.169
- [*] https://www.senderbase.org/lookup/?search_string=162.144.126.169
- [*] https://www.alienvault.com/open-threat-exchange/ip/162.144.126.169
- [*] http://pastebin.com/search?q=162.144.126.169
- [*] http://urlquery.net/search.php?q=162.144.126.169
- [*] http://www.alexa.com/siteinfo/www.glesp.org.br
- [*] http://www.google.com/safebrowsing/diagnostic?site=www.glesp.org.br
- [*] https://censys.io/ipv4/162.144.126.169
- [*] https://www.abuseipdb.com/check/162.144.126.169
- [*] https://urlscan.io/search/#162.144.126.169
- [*] https://github.com/search?q=162.144.126.169&type=Code
- [INFO] Useful links related to AS46606 - 162.144.0.0/16:
- [*] http://www.google.com/safebrowsing/diagnostic?site=AS:46606
- [*] https://www.senderbase.org/lookup/?search_string=162.144.0.0/16
- [*] http://bgp.he.net/AS46606
- [*] https://stat.ripe.net/AS46606
- [INFO] Date: 08/09/19 | Time: 15:40:24
- [INFO] Total time: 3 minute(s) and 34 second(s)
- #######################################################################################################################################
- [I] Threads: 5
- [-] Target: https://www.glesp.org.br (162.144.126.169)
- [I] Server: Apache/2.4.41 (cPanel) OpenSSL/1.0.2s mod_bwlimited/1.4
- [I] X-Powered-By: W3 Total Cache/0.9.7.5
- [L] X-Frame-Options: Not Enforced
- [I] Strict-Transport-Security: Not Enforced
- [I] X-Content-Security-Policy: Not Enforced
- [I] X-Content-Type-Options: Not Enforced
- [L] No Robots.txt Found
- [I] CMS Detection: WordPress
- [I] Wordpress Theme: glesp
- [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
- [M] XML-RPC services are enabled
- [I] Autocomplete Off Not Found: https://www.glesp.org.br/wp-login.php
- [-] Default WordPress Files:
- [I] https://www.glesp.org.br/license.txt
- [I] https://www.glesp.org.br/readme.html
- [I] https://www.glesp.org.br/wp-content/themes/twentynineteen/readme.txt
- [I] https://www.glesp.org.br/wp-includes/ID3/license.commercial.txt
- [I] https://www.glesp.org.br/wp-includes/ID3/license.txt
- [I] https://www.glesp.org.br/wp-includes/ID3/readme.txt
- [I] https://www.glesp.org.br/wp-includes/images/crystal/license.txt
- [I] https://www.glesp.org.br/wp-includes/js/plupload/license.txt
- [I] https://www.glesp.org.br/wp-includes/js/swfupload/license.txt
- [I] https://www.glesp.org.br/wp-includes/js/tinymce/license.txt
- [-] Searching Wordpress Plugins ...
- [I] contact-form-7 v5.1.3
- [I] dlm-page-addon v4.1.1
- [I] download-monitor v4.4.2
- [I] nextgen-gallery v3.2.10
- [M] EDB-ID: 12098 "WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting"
- [M] EDB-ID: 38178 "WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting"
- [M] EDB-ID: 39100 "WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal"
- [I] qtranslate-x v3.4.6.8
- [I] the-preloader v1.0.9
- [I] Checking for Directory Listing Enabled ...
- [-] Date & Time: 08/09/2019 15:44:22
- [-] Completed in: 0:14:42
- #######################################################################################################################################
- Anonymous JTSEC #OpAmazonia Full Recon #19
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement