API tools faq
paste
Advertisement
JTSEC1333

Anonymous JTSEC #OpTurkey Full Recon #5

JTSEC1333
Oct 11th, 2019
1,592
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.25 KB | None | 0 0
raw download clone embed print report
  1. ######################################################################################################################################
  2. ======================================================================================================================================
  3. Hostname sadat.com.tr ISP Aerotek Bilisim Sanayi ve Ticaret AS
  4. Continent Asia Flag
  5. TR
  6. Country Turkey Country Code TR
  7. Region Istanbul Local time 12 Oct 2019 01:41 +03
  8. City Istanbul Postal Code 34349
  9. IP Address 109.232.216.55 Latitude 41.065
  10. Longitude 29.005
  11. ======================================================================================================================================
  12. ######################################################################################################################################
  13. > sadat.com.tr
  14. Server: 185.93.180.131
  15. Address: 185.93.180.131#53
  16.  
  17. Non-authoritative answer:
  18. Name: sadat.com.tr
  19. Address: 109.232.216.55
  20. >
  21. ######################################################################################################################################
  22. ** Domain Name: sadat.com.tr
  23.  
  24. ** Registrant:
  25. Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  26. Adnan Kahveci Mah. Caner Sok. No:3
  27.  
  28. İstanbul,
  29. Türkiye
  30. okocdemir@gmail.com
  31. + 90-212-5261131-
  32. +
  33.  
  34.  
  35. ** Administrative Contact:
  36. NIC Handle : sus13-metu
  37. Organization Name : Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  38. Address : Yakuplu Mah Hürriyet Bulvarı Newport Sitesi No:155
  39. 1. Blok Kat:7 Daire:54
  40. İstanbul,34524
  41. Türkiye
  42. Phone : + 90-212-8551972-
  43. Fax : + 90-212-8551975-
  44.  
  45.  
  46. ** Technical Contact:
  47. NIC Handle : sus13-metu
  48. Organization Name : Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  49. Address : Yakuplu Mah Hürriyet Bulvarı Newport Sitesi No:155
  50. 1. Blok Kat:7 Daire:54
  51. İstanbul,34524
  52. Türkiye
  53. Phone : + 90-212-8551972-
  54. Fax : + 90-212-8551975-
  55.  
  56.  
  57. ** Billing Contact:
  58. NIC Handle : sus13-metu
  59. Organization Name : Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  60. Address : Yakuplu Mah Hürriyet Bulvarı Newport Sitesi No:155
  61. 1. Blok Kat:7 Daire:54
  62. İstanbul,34524
  63. Türkiye
  64. Phone : + 90-212-8551972-
  65. Fax : + 90-212-8551975-
  66.  
  67.  
  68. ** Domain Servers:
  69. cpns1.turhost.com
  70. cpns1.turhost.com
  71.  
  72. ** Additional Info:
  73. Created on..............: 2012-Mar-08.
  74. Expires on..............: 2023-Mar-07.
  75. ######################################################################################################################################
  76. [+] Target : sadat.com.tr
  77.  
  78. [+] IP Address : 109.232.216.55
  79.  
  80. [+] Headers :
  81.  
  82. [+] Connection : close
  83. [+] X-Powered-By : PHP/5.6.40
  84. [+] Set-Cookie : 39edc5e562bae2bee28aee62011d903a=ef47155212788d73dd5b8306fa1e7d29; path=/
  85. [+] P3P : CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  86. [+] Content-Type : text/html; charset=utf-8
  87. [+] Cache-Control : no-cache
  88. [+] Pragma : no-cache
  89. [+] Transfer-Encoding : chunked
  90. [+] Content-Encoding : gzip
  91. [+] Vary : Accept-Encoding
  92. [+] Date : Fri, 11 Oct 2019 23:01:10 GMT
  93.  
  94. [+] SSL Certificate Information :
  95.  
  96. [+] organizationalUnitName : Domain Control Validated
  97. [+] commonName : *.turhost.com
  98. [+] countryName : BE
  99. [+] organizationName : GlobalSign nv-sa
  100. [+] commonName : AlphaSSL CA - SHA256 - G2
  101. [+] Version : 3
  102. [+] Serial Number : 4BAAA2AAB0451CA64E3F82AC
  103. [+] Not Before : Mar 26 11:31:37 2019 GMT
  104. [+] Not After : May 16 09:25:22 2021 GMT
  105. [+] OCSP : ('http://ocsp2.globalsign.com/gsalphasha2g2',)
  106. [+] subject Alt Name : (('DNS', '*.turhost.com'), ('DNS', 'turhost.com'))
  107. [+] CA Issuers : ('http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt',)
  108. [+] CRL Distribution Points : ('http://crl2.alphassl.com/gs/gsalphasha2g2.crl',)
  109.  
  110. [+] Whois Lookup :
  111.  
  112. [+] NIR : None
  113. [+] ASN Registry : ripencc
  114. [+] ASN : 42807
  115. [+] ASN CIDR : 109.232.216.0/21
  116. [+] ASN Country Code : TR
  117. [+] ASN Date : 2009-12-09
  118. [+] ASN Description : AEROTEK-AS, TR
  119. [+] cidr : 109.232.216.0/24
  120. [+] name : TURHOST-NET
  121. [+] handle : DEY101-RIPE
  122. [+] range : 109.232.216.0 - 109.232.216.255
  123. [+] description : Aerotek Bilisim Taahhut Sanayi ve Ticaret Limited Sirketi
  124. [+] country : TR
  125. [+] state : None
  126. [+] city : None
  127. [+] address : Carsi Yapi F Blok No.6 Sanayi Mh. Pk.41040 Izmit/Kocaeli
  128. [+] postal_code : None
  129. [+] emails : None
  130. [+] created : 2010-01-12T19:49:06Z
  131. [+] updated : 2012-12-27T17:13:04Z
  132.  
  133. [+] Crawling Target...
  134.  
  135. [+] Looking for robots.txt........[ Not Found ]
  136. [+] Looking for sitemap.xml.......[ Not Found ]
  137. [+] Extracting CSS Links..........[ 5 ]
  138. [+] Extracting Javascript Links...[ 10 ]
  139. [+] Extracting Internal Links.....[ 4 ]
  140. [+] Extracting External Links.....[ 5 ]
  141. [+] Extracting Images.............[ 16 ]
  142.  
  143. [+] Total Links Extracted : 40
  144.  
  145. [+] Dumping Links in /opt/FinalRecon/dumps/sadat.com.tr.dump
  146. [+] Completed!
  147. ######################################################################################################################################
  148. [+] Starting At 2019-10-11 19:03:16.740081
  149. [+] Collecting Information On: http://sadat.com.tr/
  150. [#] Status: 200
  151. --------------------------------------------------
  152. [#] X-Powered-By: PHP/5.6.40
  153. [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
  154. - Connection: close
  155. - X-Powered-By: PHP/5.6.40
  156. - Set-Cookie: 39edc5e562bae2bee28aee62011d903a=c4558891ce24af66b910b7ae5cabc0ca; path=/
  157. - P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  158. - Content-Type: text/html; charset=utf-8
  159. - Cache-Control: no-cache
  160. - Pragma: no-cache
  161. - Transfer-Encoding: chunked
  162. - Content-Encoding: gzip
  163. - Vary: Accept-Encoding
  164. - Date: Fri, 11 Oct 2019 23:03:17 GMT
  165. --------------------------------------------------
  166. [#] Finding Location..!
  167. [#] as: AS42807 Aerotek Bilisim Sanayi ve Ticaret AS
  168. [#] city: Kosekoy
  169. [#] country: Turkey
  170. [#] countryCode: TR
  171. [#] isp: Aerotek LTD Network 2
  172. [#] lat: 40.7488
  173. [#] lon: 29.948
  174. [#] org: Aerotek Bilisim Taahhut Sanayi ve Ticaret Limited
  175. [#] query: 109.232.216.55
  176. [#] region: 41
  177. [#] regionName: Kocaeli
  178. [#] status: success
  179. [#] timezone: Europe/Istanbul
  180. [#] zip: 41250
  181. --------------------------------------------------
  182. [x] Didn't Detect WAF Presence on: http://sadat.com.tr/
  183. --------------------------------------------------
  184. [#] Starting Reverse DNS
  185. [!] Found 26 any Domain
  186. - atechdoor.com.tr
  187. - aylinozturk.net
  188. - hulyagurdamar.com
  189. - istanbulikincielesya.org
  190. - mobil.ruzgarist.com
  191. - odulklise.com
  192. - ozdilinsaat.com.tr
  193. - penspinning-tr.com
  194. - ruzgarist.com
  195. - sadat.com.tr
  196. - sapdersleri.net
  197. - sapogren.com
  198. - saprehberi.com
  199. - ulutas-insaat.com
  200. - www.amazon.com
  201. - www.atechdoor.com.tr
  202. - www.cagritemellisesi.com
  203. - www.findikyapim.com
  204. - www.istanbulikincielesya.org
  205. - www.ozdilinsaat.com.tr
  206. - www.penspinning-tr.com
  207. - www.ruzgarist.com
  208. - www.sadat.com.tr
  209. - www.sosyalmedyadatakip.com
  210. - www.turkuazelsanatlari.com
  211. - www.tysd-fatih.org
  212. --------------------------------------------------
  213. [!] Scanning Open Port
  214. [#] 21/tcp open ftp
  215. [#] 53/tcp open domain
  216. [#] 80/tcp open http
  217. [#] 110/tcp open pop3
  218. [#] 143/tcp open imap
  219. [#] 443/tcp open https
  220. [#] 465/tcp open smtps
  221. [#] 587/tcp open submission
  222. [#] 993/tcp open imaps
  223. [#] 995/tcp open pop3s
  224. --------------------------------------------------
  225. [+] Collecting Information Disclosure!
  226. [#] Detecting sitemap.xml file
  227. [-] sitemap.xml file not Found!?
  228. [#] Detecting robots.txt file
  229. [-] robots.txt file not Found!?
  230. [#] Detecting GNU Mailman
  231. [!] GNU Mailman App Detected: http://sadat.com.tr//mailman/admin
  232. [!] version: 2.1.27
  233. --------------------------------------------------
  234. [+] Crawling Url Parameter On: http://sadat.com.tr/
  235. --------------------------------------------------
  236. [#] Searching Html Form !
  237. [+] Html Form Discovered
  238. [#] action: /
  239. [#] class: None
  240. [#] id: searchbox
  241. [#] method: post
  242. --------------------------------------------------
  243. [!] Found 1 dom parameter
  244. [#] http://sadat.com.tr//#page
  245. --------------------------------------------------
  246. [!] 6 Internal Dynamic Parameter Discovered
  247. [+] http://sadat.com.tr///?format=feed&type=rss
  248. [+] http://sadat.com.tr///?format=feed&type=atom
  249. [+] http://sadat.com.tr/component/search/?format=opensearch
  250. [+] http://sadat.com.tr///cache/template/gzip.php?widgetkit-110aee79-daa17075.css
  251. [+] http://sadat.com.tr///cache/template/gzip.php?bar-e17a44f3.css
  252. [+] http://sadat.com.tr///cache/template/gzip.php?template-87a3be7a.css
  253. --------------------------------------------------
  254. [!] 1 External Dynamic Parameter Discovered
  255. [#] http://fonts.googleapis.com/css?family=Yanone+Kaffeesatz:regular,light
  256. --------------------------------------------------
  257. [!] 56 Internal links Discovered
  258. [+] http://sadat.com.tr/
  259. [+] http://sadat.com.tr/tr/
  260. [+] http://sadat.com.tr/ar/
  261. [+] http://sadat.com.tr///templates/tk_office_free/favicon.ico
  262. [+] http://sadat.com.tr///media/mod_languages/css/template.css
  263. [+] http://sadat.com.tr///modules/mod_stalker/assets/css/stalker.css
  264. [+] http://sadat.com.tr///templates/tk_office_free/apple_touch_icon.png
  265. [+] http://sadat.com.tr///tr/
  266. [+] http://sadat.com.tr///ar/
  267. [+] http://sadat.com.tr///
  268. [+] http://sadat.com.tr
  269. [+] http://sadat.com.tr///
  270. [+] http://sadat.com.tr///our-services.html
  271. [+] http://sadat.com.tr///our-services/consultancy/consultancy-military.html
  272. [+] http://sadat.com.tr///our-services/consultancy/consultancy-security.html
  273. [+] http://sadat.com.tr///our-services/training/training-military.html
  274. [+] http://sadat.com.tr///our-services/training/training-security.html
  275. [+] http://sadat.com.tr///our-services/ordnance/ordnance-military.html
  276. [+] http://sadat.com.tr///our-services/ordnance/ordnance-security.html
  277. [+] http://sadat.com.tr///our-services/ordnance/maintenance-repair.html
  278. [+] http://sadat.com.tr///our-services/our-training-modules.html
  279. [+] http://sadat.com.tr///our-services/general-training-modules/individual-combat-trainings-the-small-unit-tactics.html
  280. [+] http://sadat.com.tr///our-services/general-training-modules/basic-course-for-special-forces.html
  281. [+] http://sadat.com.tr///our-services/general-training-modules/advanced-course-for-special-forces.html
  282. [+] http://sadat.com.tr///our-services/general-training-modules/aviation-courses.html
  283. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/land-operation-training-module.html
  284. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/sniper-training-module.html
  285. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/protection-courses-training-module.html
  286. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/demolition-training-courses.html
  287. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/unconventional-warfare-gnh-course-training-module.html
  288. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/advanced-individual-combat-training-course.html
  289. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/artillery-and-mortar-forward-observation-training-corse.html
  290. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/tank-hunting-destruction-of-armored-vehicle-non-damaged-seizure-course-training-module.html
  291. [+] http://sadat.com.tr///our-services/alternative-specialization-modules/sniper-training-programmes.html
  292. [+] http://sadat.com.tr///our-services/moduler-training-programmes-for-sea-forces/naval-operation-training-module.html
  293. [+] http://sadat.com.tr///our-services/moduler-training-programmes-for-sea-forces/frogman-basic-training-programmes.html
  294. [+] http://sadat.com.tr///our-services/moduler-training-programmes-for-air-forces/air-operation-training-module.html
  295. [+] http://sadat.com.tr///our-services/moduler-training-programmes-for-air-forces/helicopter-pilots-training-programmes.html
  296. [+] http://sadat.com.tr///our-services/moduler-training-programmes-for-police-forces/border-security-stations-training-programmes.html
  297. [+] http://sadat.com.tr///our-services/moduler-training-programmes-for-police-forces/basic-police-special-operations-training-programmes.html
  298. [+] http://sadat.com.tr///about-us/our-mission.html
  299. [+] http://sadat.com.tr///about-us/our-vision.html
  300. [+] http://sadat.com.tr///about-us/why-sadat-inc-international-defense-consulting.html
  301. [+] http://sadat.com.tr///about-us/organization-chart.html
  302. [+] http://sadat.com.tr///about-us/qualification-of-personnel.html
  303. [+] http://sadat.com.tr///about-us/our-certificates.html
  304. [+] http://sadat.com.tr///about-us/our-publications.html
  305. [+] http://sadat.com.tr///about-us/news.html
  306. [+] http://sadat.com.tr///join-us/job-application.html
  307. [+] http://sadat.com.tr///contact-us.html
  308. [+] http://www.sadat.com.tr/news/news/345-visit-sadat-as-at-idef-17.html
  309. [+] http://www.sadat.com.tr/en/about-us/our-publications/308-training-modules-booklets.html
  310. [+] http://www.sadat.com.tr/en/about-us/our-publications/309-military-maintenance-system-brochure.html
  311. [+] http://sadat.com.tr///homepage-en/84-en/85-sadat-inc-international-defense-consulting.html
  312. [+] http://sadat.com.tr///about-us/our-publications.html
  313. [+] http://sadat.com.tr///about-us/our-publications.html
  314. --------------------------------------------------
  315. [!] 5 External links Discovered
  316. [#] http://youtu.be/KQ3jVmVDPBI
  317. [#] http://www.facebook.com/SadatInternationalDefenseConsultancy
  318. [#] http://www.linkedin.com/companies/2845254
  319. [#] http://twitter.com/SADATcomTR
  320. [#] http://youtube.com/SADATcom
  321. --------------------------------------------------
  322. [#] Mapping Subdomain..
  323. [!] Found 1 Subdomain
  324. - sadat.com.tr
  325. --------------------------------------------------
  326. [!] Done At 2019-10-11 19:03:40.588653
  327. ######################################################################################################################################
  328. [i] Scanning Site: http://sadat.com.tr
  329.  
  330.  
  331.  
  332. B A S I C I N F O
  333. ====================
  334.  
  335.  
  336. [+] Site Title: Home
  337. [+] IP address: 109.232.216.55
  338. [+] Web Server: Could Not Detect
  339. [+] CMS: Joomla
  340. [+] Cloudflare: Not Detected
  341. [+] Robots File: Could NOT Find robots.txt!
  342.  
  343.  
  344.  
  345.  
  346. W H O I S L O O K U P
  347. ========================
  348.  
  349. ** Domain Name: sadat.com.tr
  350.  
  351. ** Registrant:
  352. Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  353. Adnan Kahveci Mah. Caner Sok. No:3
  354.  
  355. İstanbul,
  356. Türkiye
  357. okocdemir@gmail.com
  358. + 90-212-5261131-
  359. +
  360.  
  361.  
  362. ** Administrative Contact:
  363. NIC Handle : sus13-metu
  364. Organization Name : Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  365. Address : Yakuplu Mah Hürriyet Bulvarı Newport Sitesi No:155
  366. 1. Blok Kat:7 Daire:54
  367. İstanbul,34524
  368. Türkiye
  369. Phone : + 90-212-8551972-
  370. Fax : + 90-212-8551975-
  371.  
  372.  
  373. ** Technical Contact:
  374. NIC Handle : sus13-metu
  375. Organization Name : Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  376. Address : Yakuplu Mah Hürriyet Bulvarı Newport Sitesi No:155
  377. 1. Blok Kat:7 Daire:54
  378. İstanbul,34524
  379. Türkiye
  380. Phone : + 90-212-8551972-
  381. Fax : + 90-212-8551975-
  382.  
  383.  
  384. ** Billing Contact:
  385. NIC Handle : sus13-metu
  386. Organization Name : Sadat Uluslararası Savunma Dan. İnş. San. ve Tic. A.Ş.
  387. Address : Yakuplu Mah Hürriyet Bulvarı Newport Sitesi No:155
  388. 1. Blok Kat:7 Daire:54
  389. İstanbul,34524
  390. Türkiye
  391. Phone : + 90-212-8551972-
  392. Fax : + 90-212-8551975-
  393.  
  394.  
  395. ** Domain Servers:
  396. cpns1.turhost.com
  397. cpns1.turhost.com
  398.  
  399. ** Additional Info:
  400. Created on..............: 2012-Mar-08.
  401. Expires on..............: 2023-Mar-07.
  402.  
  403.  
  404.  
  405.  
  406. G E O I P L O O K U P
  407. =========================
  408.  
  409. [i] IP Address: 109.232.216.55
  410. [i] Country: Turkey
  411. [i] State: Istanbul
  412. [i] City: Istanbul
  413. [i] Latitude: 41.0649
  414. [i] Longitude: 29.0053
  415.  
  416.  
  417.  
  418.  
  419. H T T P H E A D E R S
  420. =======================
  421.  
  422.  
  423. [i] HTTP/1.0 200 OK
  424. [i] Connection: close
  425. [i] X-Powered-By: PHP/5.6.40
  426. [i] Set-Cookie: 39edc5e562bae2bee28aee62011d903a=0975155bc9c3bc7a908678fc17065a42; path=/
  427. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  428. [i] Content-Type: text/html; charset=utf-8
  429. [i] Cache-Control: no-cache
  430. [i] Pragma: no-cache
  431. [i] Date: Fri, 11 Oct 2019 23:05:31 GMT
  432.  
  433.  
  434.  
  435.  
  436. D N S L O O K U P
  437. ===================
  438.  
  439. no records found
  440.  
  441.  
  442.  
  443. S U B N E T C A L C U L A T I O N
  444. ====================================
  445.  
  446. Address = 109.232.216.55
  447. Network = 109.232.216.55 / 32
  448. Netmask = 255.255.255.255
  449. Broadcast = not needed on Point-to-Point links
  450. Wildcard Mask = 0.0.0.0
  451. Hosts Bits = 0
  452. Max. Hosts = 1 (2^0 - 0)
  453. Host Range = { 109.232.216.55 - 109.232.216.55 }
  454.  
  455.  
  456.  
  457. N M A P P O R T S C A N
  458. ============================
  459.  
  460. Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-11 23:05 UTC
  461. Nmap scan report for sadat.com.tr (109.232.216.55)
  462. Host is up (0.13s latency).
  463. rDNS record for 109.232.216.55: srvc54.turhost.com
  464.  
  465. PORT STATE SERVICE
  466. 21/tcp open ftp
  467. 22/tcp closed ssh
  468. 23/tcp filtered telnet
  469. 80/tcp open http
  470. 110/tcp open pop3
  471. 143/tcp open imap
  472. 443/tcp open https
  473. 3389/tcp filtered ms-wbt-server
  474.  
  475. Nmap done: 1 IP address (1 host up) scanned in 4.47 seconds
  476.  
  477. ######################################################################################################################################
  478. Enter Address Website = 109.232.216.55
  479.  
  480.  
  481.  
  482. Reversing IP With HackTarget '109.232.216.55'
  483. ------------------------------------------------
  484.  
  485. [+] ahsapciz.com
  486. [+] akkocapeyzaj.com
  487. [+] atechdoor.com.tr
  488. [+] autodiscover.dijilopedi.com
  489. [+] autodiscover.istanbulikincielesya.org
  490. [+] autodiscover.yazkizyurdu.com
  491. [+] cpanel.dijilopedi.com
  492. [+] cpanel.istanbulikincielesya.org
  493. [+] cpanel.yazkizyurdu.com
  494. [+] csdistanbul.com
  495. [+] dc-c5da7f503d38.soturkish.com
  496. [+] dijilopedi.com
  497. [+] ejcvsmed.org
  498. [+] felixyapim.com
  499. [+] gulmobilya.com
  500. [+] hulyagurdamar.com
  501. [+] istanbulikincielesya.org
  502. [+] konusmasesterapisi.com
  503. [+] novamall.com.tr
  504. [+] otoanahtari.web.tr
  505. [+] sadat.com.tr
  506. [+] sosyalicerme.org
  507. [+] srvc54.turhost.com
  508. [+] step-yapi.com
  509. [+] tecrubesigorta.com
  510. [+] webdisk.dijilopedi.com
  511. [+] webdisk.istanbulikincielesya.org
  512. [+] webdisk.yazkizyurdu.com
  513. [+] webmail.dijilopedi.com
  514. [+] webmail.istanbulikincielesya.org
  515. [+] webmail.yazkizyurdu.com
  516. [+] www.yazkizyurdu.com.yazkizyurdu.com
  517. [+] yazkizyurdu.com
  518. [+] yazkizyurdu.com.yazkizyurdu.com
  519. [+] yazogrenciyurdu.com
  520.  
  521.  
  522.  
  523. Reverse IP With YouGetSignal '109.232.216.55'
  524. ------------------------------------------------
  525.  
  526. [*] IP: 109.232.216.55
  527. [*] Domain: 109.232.216.55
  528. [*] Total Domains: 26
  529.  
  530. [+] atechdoor.com.tr
  531. [+] aylinozturk.net
  532. [+] hulyagurdamar.com
  533. [+] istanbulikincielesya.org
  534. [+] mobil.ruzgarist.com
  535. [+] odulklise.com
  536. [+] ozdilinsaat.com.tr
  537. [+] penspinning-tr.com
  538. [+] ruzgarist.com
  539. [+] sadat.com.tr
  540. [+] sapdersleri.net
  541. [+] sapogren.com
  542. [+] saprehberi.com
  543. [+] ulutas-insaat.com
  544. [+] www.amazon.com
  545. [+] www.atechdoor.com.tr
  546. [+] www.cagritemellisesi.com
  547. [+] www.findikyapim.com
  548. [+] www.istanbulikincielesya.org
  549. [+] www.ozdilinsaat.com.tr
  550. [+] www.penspinning-tr.com
  551. [+] www.ruzgarist.com
  552. [+] www.sadat.com.tr
  553. [+] www.sosyalmedyadatakip.com
  554. [+] www.turkuazelsanatlari.com
  555. [+] www.tysd-fatih.org
  556.  
  557.  
  558.  
  559. Geo IP Lookup '109.232.216.55'
  560. ---------------------------------
  561.  
  562. [+] IP Address: 109.232.216.55
  563. [+] Country: Turkey
  564. [+] State: Istanbul
  565. [+] City: Istanbul
  566. [+] Latitude: 41.0649
  567. [+] Longitude: 29.0053
  568.  
  569.  
  570.  
  571.  
  572. Show HTTP Header '109.232.216.55'
  573. ------------------------------------
  574.  
  575. [+] HTTP/1.1 200 OK
  576. [+] Connection: close
  577. [+] Content-Type: text/html
  578. [+] Last-Modified: Tue, 23 Jun 2015 09:48:32 GMT
  579. [+] Etag: "6f-55892b70-bf8b5e61f9782831;;;"
  580. [+] Accept-Ranges: bytes
  581. [+] Content-Length: 111
  582. [+] Date: Fri, 11 Oct 2019 23:40:30 GMT
  583. [+]
  584.  
  585.  
  586.  
  587. Port Scan '109.232.216.55'
  588. -----------------------------
  589.  
  590. Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-11 23:40 UTC
  591. Nmap scan report for srvc54.turhost.com (109.232.216.55)
  592. Host is up (0.13s latency).
  593.  
  594. PORT STATE SERVICE
  595. 21/tcp open ftp
  596. 22/tcp closed ssh
  597. 23/tcp filtered telnet
  598. 80/tcp open http
  599. 110/tcp open pop3
  600. 143/tcp open imap
  601. 443/tcp open https
  602. 3389/tcp filtered ms-wbt-server
  603.  
  604. Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds
  605.  
  606.  
  607.  
  608. Traceroute '109.232.216.55'
  609. ------------------------------
  610.  
  611. Start: 2019-10-11T23:44:57+0000
  612. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  613. 1.|-- 45.79.12.202 0.0% 3 0.6 0.7 0.6 0.8 0.1
  614. 2.|-- 45.79.12.2 0.0% 3 0.5 1.3 0.5 2.7 1.2
  615. 3.|-- 45.79.12.9 0.0% 3 0.8 2.2 0.8 4.7 2.2
  616. 4.|-- 199.245.16.65 0.0% 3 1.7 1.7 1.6 1.7 0.1
  617. 5.|-- ae-14.r22.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.3 3.7 1.3 8.4 4.1
  618. 6.|-- ae-1.r22.asbnva02.us.bb.gin.ntt.net 0.0% 3 39.9 40.3 39.0 42.0 1.5
  619. 7.|-- ae-6.r25.frnkge08.de.bb.gin.ntt.net 0.0% 3 134.6 133.8 128.4 138.5 5.1
  620. 8.|-- ae-5.r00.frnkge07.de.bb.gin.ntt.net 0.0% 3 128.3 128.2 128.1 128.3 0.1
  621. 9.|-- 213.198.83.198 0.0% 3 128.1 128.1 128.1 128.2 0.0
  622. 10.|-- 212.156.101.213.static.turktelekom.com.tr 0.0% 3 163.6 163.6 163.5 163.6 0.0
  623. 11.|-- 212.156.120.184.static.turktelekom.com.tr 0.0% 3 165.2 165.3 165.2 165.4 0.1
  624. 12.|-- sogutlu-ess1-t4-1-adapazari-t3-2.turktelekom.com.tr 0.0% 3 165.3 165.4 165.3 165.5 0.1
  625. 13.|-- 00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr 0.0% 3 170.3 170.3 170.1 170.4 0.2
  626. 14.|-- 212.156.132.134.static.turktelekom.com.tr 0.0% 3 170.0 170.0 169.9 170.0 0.0
  627. 15.|-- 85.111.69.66.dynamic.ttnet.com.tr 0.0% 3 170.4 170.4 170.4 170.4 0.0
  628. 16.|-- 85.111.26.196.dynamic.ttnet.com.tr 33.3% 3 173.0 171.7 170.5 173.0 1.8
  629. 17.|-- 85.111.26.205.dynamic.ttnet.com.tr 0.0% 3 171.0 171.2 171.0 171.2 0.1
  630. 18.|-- srvc54.turhost.com 0.0% 3 171.8 171.5 171.1 171.8 0.3
  631. ######################################################################################################################################
  632. Trying "sadat.com.tr"
  633. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8966
  634. ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 1
  635.  
  636. ;; QUESTION SECTION:
  637. ;sadat.com.tr. IN ANY
  638.  
  639. ;; ANSWER SECTION:
  640. sadat.com.tr. 14400 IN MX 0 sadat.com.tr.
  641. sadat.com.tr. 14400 IN A 109.232.216.55
  642. sadat.com.tr. 43200 IN SOA cpns1.turhost.com. csf.ofis.net. 2019050900 3600 7200 1209600 86400
  643. sadat.com.tr. 14400 IN TXT "v=spf1 ip4:109.232.216.54 ip4:109.232.216.55 +a +mx ~all"
  644. sadat.com.tr. 43199 IN NS cpns2.turhost.com.
  645. sadat.com.tr. 43199 IN NS cpns1.turhost.com.
  646.  
  647. ;; AUTHORITY SECTION:
  648. sadat.com.tr. 43199 IN NS cpns2.turhost.com.
  649. sadat.com.tr. 43199 IN NS cpns1.turhost.com.
  650.  
  651. ;; ADDITIONAL SECTION:
  652. sadat.com.tr. 14400 IN A 109.232.216.55
  653.  
  654. Received 274 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 166 ms
  655. ######################################################################################################################################
  656. ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace sadat.com.tr
  657. ;; global options: +cmd
  658. . 82904 IN NS l.root-servers.net.
  659. . 82904 IN NS m.root-servers.net.
  660. . 82904 IN NS d.root-servers.net.
  661. . 82904 IN NS a.root-servers.net.
  662. . 82904 IN NS j.root-servers.net.
  663. . 82904 IN NS b.root-servers.net.
  664. . 82904 IN NS c.root-servers.net.
  665. . 82904 IN NS h.root-servers.net.
  666. . 82904 IN NS g.root-servers.net.
  667. . 82904 IN NS f.root-servers.net.
  668. . 82904 IN NS k.root-servers.net.
  669. . 82904 IN NS i.root-servers.net.
  670. . 82904 IN NS e.root-servers.net.
  671. . 82904 IN RRSIG NS 8 0 518400 20191024170000 20191011160000 22545 . H3x2s+SvDITnRW6oA+xKZQtZo5I9BgTdImmO67rSOPN5KHNI+fOYfUTl /YhB489khlN0JmP/rrONAXshejO4xq8nHJTGBG3lnOWw4LQpHBsCFSDH Plwo8dRhxvEv+2R0MVtFo55P+BdugfD4q3iM3EmETRf9y1BOVapKG5EG CrwPWII7FRh55eTrQgjangPZW3PtUrsHn79+hc3ahz5QuECrVsunPab9 kZ0Q/0WNHmpHCqT50NO0ot4lVDIweGvERCfJ8ijZA9YR3J/SJl88szI8 0E/JkciIiBIIEUnm8oxhBOgV99eXk54euGKL9XU8wdqPSGrWUDVIIS0l wuWriA==
  672. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 198 ms
  673.  
  674. tr. 172800 IN NS ns41.nic.tr.
  675. tr. 172800 IN NS ns91.nic.tr.
  676. tr. 172800 IN NS ns21.nic.tr.
  677. tr. 172800 IN NS ns22.nic.tr.
  678. tr. 172800 IN NS ns31.nic.tr.
  679. tr. 172800 IN NS ns42.nic.tr.
  680. tr. 172800 IN NS ns92.nic.tr.
  681. tr. 86400 IN NSEC trade. NS RRSIG NSEC
  682. tr. 86400 IN RRSIG NSEC 8 1 86400 20191024170000 20191011160000 22545 . hfJNq5N9xhx7hkeLXcmhxz3RE1KvSECFQJjVFH4Hi8FzRPkH5II6sk9/ eS8jFTxgzysiOBMOCK0QQGqhJJWpFpYYxdksJdijJtxqa6M5901bdWoo BYYu+F2sCGkaMaYs8dhAT+pw2FQ+AbmDUVptMEVSaqs0Ka2ThzCqfxzY 5LXqGMALaFv51fFBpp7SzshKtlxRFkJ3yokRb7jUYPl39tZQkll8GO5m H8D4p5wMvtpfo7WcbB//Frk7IRHvZEYftVKEEK9ZXobe/p7IcPo8be3o 6d97vpuugimnGpPhLA618Hyv1lkpKnhTtHH0e7QJP36X2UkFXFnEVJDW vBgWog==
  683. ;; Received 744 bytes from 192.112.36.4#53(g.root-servers.net) in 205 ms
  684.  
  685. sadat.com.tr. 43200 IN NS cpns1.turhost.com.
  686. ;; Received 72 bytes from 213.14.246.2#53(ns21.nic.tr) in 353 ms
  687.  
  688. sadat.com.tr. 14400 IN A 109.232.216.55
  689. sadat.com.tr. 86400 IN NS cpns1.turhost.com.
  690. sadat.com.tr. 86400 IN NS cpns2.turhost.com.
  691. ;; Received 124 bytes from 37.230.110.110#53(cpns1.turhost.com) in 147 ms
  692. #######################################################################################################################################
  693. [*] Performing General Enumeration of Domain: sadat.com.tr
  694. [-] DNSSEC is not configured for sadat.com.tr
  695. [*] SOA cpns1.turhost.com 37.230.110.110
  696. [*] NS cpns1.turhost.com 37.230.110.110
  697. [*] Bind Version for 37.230.110.110 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
  698. [*] NS cpns2.turhost.com 37.230.111.111
  699. [*] Bind Version for 37.230.111.111 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
  700. [*] MX sadat.com.tr 109.232.216.55
  701. [*] A sadat.com.tr 109.232.216.55
  702. [*] TXT sadat.com.tr v=spf1 ip4:109.232.216.54 ip4:109.232.216.55 +a +mx ~all
  703. [*] Enumerating SRV Records
  704. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.54 2079 0
  705. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.54 2079 0
  706. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.57 2079 0
  707. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.55 2079 0
  708. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.57 2079 0
  709. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.58 2079 0
  710. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.55 2079 0
  711. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.56 2079 0
  712. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.56 2079 0
  713. [*] SRV _caldav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.58 2079 0
  714. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.55 2080 0
  715. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.54 2080 0
  716. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.56 2080 0
  717. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.57 2080 0
  718. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.58 2080 0
  719. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.57 2080 0
  720. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.54 2080 0
  721. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.56 2080 0
  722. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.55 2080 0
  723. [*] SRV _carddavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.58 2080 0
  724. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.58 2080 0
  725. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.54 2080 0
  726. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.57 2080 0
  727. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.56 2080 0
  728. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.56 2080 0
  729. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.54 2080 0
  730. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.55 2080 0
  731. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.55 2080 0
  732. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.57 2080 0
  733. [*] SRV _caldavs._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.58 2080 0
  734. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.54 2079 0
  735. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.57 2079 0
  736. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.56 2079 0
  737. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.56 2079 0
  738. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.55 2079 0
  739. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.58 2079 0
  740. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.54 2079 0
  741. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.55 2079 0
  742. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.58 2079 0
  743. [*] SRV _carddav._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.57 2079 0
  744. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.58 443 0
  745. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.58 443 0
  746. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.55 443 0
  747. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.56 443 0
  748. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.54 443 0
  749. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.57 443 0
  750. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.55 443 0
  751. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.216.57 443 0
  752. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.56 443 0
  753. [*] SRV _autodiscover._tcp.sadat.com.tr srvc54.turhost.com 109.232.217.54 443 0
  754. [+] 50 Records Found
  755. ######################################################################################################################################
  756. [*] Processing domain sadat.com.tr
  757. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  758. [+] Getting nameservers
  759. 37.230.110.110 - cpns1.turhost.com
  760. 37.230.111.111 - cpns2.turhost.com
  761. [-] Zone transfer failed
  762.  
  763. [+] TXT records found
  764. "v=spf1 ip4:109.232.216.54 ip4:109.232.216.55 +a +mx ~all"
  765.  
  766. [+] MX records found, added to target list
  767. 0 sadat.com.tr.
  768.  
  769. [*] Scanning sadat.com.tr for A records
  770. 109.232.216.55 - sadat.com.tr
  771. 109.232.216.55 - autodiscover.sadat.com.tr
  772. 109.232.216.55 - autoconfig.sadat.com.tr
  773. 109.232.216.55 - cpanel.sadat.com.tr
  774. 109.232.216.55 - ftp.sadat.com.tr
  775. 88.248.108.80 - pm.sadat.com.tr
  776. 109.232.216.55 - webdisk.sadat.com.tr
  777. 109.232.216.55 - webmail.sadat.com.tr
  778. 109.232.216.55 - whm.sadat.com.tr
  779. 109.232.216.55 - www.sadat.com.tr
  780. ######################################################################################################################################
  781.  
  782.  
  783. AVAILABLE PLUGINS
  784. -----------------
  785.  
  786. EarlyDataPlugin
  787. CertificateInfoPlugin
  788. OpenSslCipherSuitesPlugin
  789. HttpHeadersPlugin
  790. HeartbleedPlugin
  791. SessionResumptionPlugin
  792. RobotPlugin
  793. SessionRenegotiationPlugin
  794. OpenSslCcsInjectionPlugin
  795. CompressionPlugin
  796. FallbackScsvPlugin
  797.  
  798.  
  799.  
  800. CHECKING HOST(S) AVAILABILITY
  801. -----------------------------
  802.  
  803. 109.232.216.55:443 => 109.232.216.55
  804.  
  805.  
  806.  
  807.  
  808. SCAN RESULTS FOR 109.232.216.55:443 - 109.232.216.55
  809. ----------------------------------------------------
  810.  
  811. * Downgrade Attacks:
  812. TLS_FALLBACK_SCSV: OK - Supported
  813.  
  814. * SSLV2 Cipher Suites:
  815. Server rejected all cipher suites.
  816.  
  817. * Deflate Compression:
  818. OK - Compression disabled
  819.  
  820. * Session Renegotiation:
  821. Client-initiated Renegotiation: OK - Rejected
  822. Secure Renegotiation: OK - Supported
  823.  
  824. * TLS 1.2 Session Resumption Support:
  825. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  826. With TLS Tickets: OK - Supported
  827.  
  828. * TLSV1_3 Cipher Suites:
  829. Forward Secrecy OK - Supported
  830. RC4 OK - Not Supported
  831.  
  832. Preferred:
  833. TLS_AES_256_GCM_SHA384 256 bits HTTP 200 OK
  834. Accepted:
  835. TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 200 OK
  836. TLS_AES_256_GCM_SHA384 256 bits HTTP 200 OK
  837. TLS_AES_128_GCM_SHA256 128 bits HTTP 200 OK
  838.  
  839. * TLSV1_1 Cipher Suites:
  840. Forward Secrecy OK - Supported
  841. RC4 OK - Not Supported
  842.  
  843. Preferred:
  844. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  845. Accepted:
  846. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
  847. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  848. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
  849. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  850.  
  851. * OpenSSL Heartbleed:
  852. OK - Not vulnerable to Heartbleed
  853.  
  854. * TLSV1_2 Cipher Suites:
  855. Forward Secrecy OK - Supported
  856. RC4 OK - Not Supported
  857.  
  858. Preferred:
  859. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
  860. Accepted:
  861. TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
  862. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
  863. TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
  864. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  865. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
  866. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
  867. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
  868. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  869.  
  870. * Certificate Information:
  871. Content
  872. SHA1 Fingerprint: 0b6cf036e537ad1f1735b5e69975637c6399b380
  873. Common Name: *.turhost.com
  874. Issuer: AlphaSSL CA - SHA256 - G2
  875. Serial Number: 23417661297953674351878308524
  876. Not Before: 2019-03-26 11:31:37
  877. Not After: 2021-05-16 09:25:22
  878. Signature Algorithm: sha256
  879. Public Key Algorithm: RSA
  880. Key Size: 2048
  881. Exponent: 65537 (0x10001)
  882. DNS Subject Alternative Names: ['*.turhost.com', 'turhost.com']
  883.  
  884. Trust
  885. Hostname Validation: FAILED - Certificate does NOT match 109.232.216.55
  886. Android CA Store (9.0.0_r9): OK - Certificate is trusted
  887. Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
  888. Java CA Store (jdk-12.0.1): OK - Certificate is trusted
  889. Mozilla CA Store (2019-03-14): OK - Certificate is trusted
  890. Windows CA Store (2019-05-27): OK - Certificate is trusted
  891. Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
  892. Received Chain: *.turhost.com --> AlphaSSL CA - SHA256 - G2
  893. Verified Chain: *.turhost.com --> AlphaSSL CA - SHA256 - G2 --> GlobalSign Root CA
  894. Received Chain Contains Anchor: OK - Anchor certificate not sent
  895. Received Chain Order: OK - Order is valid
  896. Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
  897.  
  898. Extensions
  899. OCSP Must-Staple: NOT SUPPORTED - Extension not found
  900. Certificate Transparency: OK - 3 SCTs included
  901.  
  902. OCSP Stapling
  903. OCSP Response Status: successful
  904. Validation w/ Mozilla Store: OK - Response is trusted
  905. Responder Id: EE5EFFFE85DB26C626FBD3698410AD1D0DD3EF58
  906. Cert Status: good
  907. Cert Serial Number: 4BAAA2AAB0451CA64E3F82AC
  908. This Update: Oct 11 20:38:21 2019 GMT
  909. Next Update: Oct 15 20:38:21 2019 GMT
  910.  
  911. * TLSV1 Cipher Suites:
  912. Forward Secrecy OK - Supported
  913. RC4 OK - Not Supported
  914.  
  915. Preferred:
  916. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  917. Accepted:
  918. TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
  919. TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  920. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
  921. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
  922.  
  923. * OpenSSL CCS Injection:
  924. OK - Not vulnerable to OpenSSL CCS injection
  925.  
  926. * SSLV3 Cipher Suites:
  927. Server rejected all cipher suites.
  928.  
  929. * ROBOT Attack:
  930. OK - Not vulnerable
  931.  
  932.  
  933. SCAN COMPLETED IN 22.74 S
  934. -------------------------
  935. #####################################################################################################################################
  936.  
  937. Domains still to check: 1
  938. Checking if the hostname sadat.com.tr. given is in fact a domain...
  939.  
  940. Analyzing domain: sadat.com.tr.
  941. Checking NameServers using system default resolver...
  942. IP: 37.230.110.110 (Turkey)
  943. HostName: cpns1.turhost.com Type: NS
  944. HostName: cpns1.turhost.com Type: PTR
  945. IP: 37.230.111.111 (Turkey)
  946. HostName: cpns2.turhost.com Type: NS
  947. HostName: cpns2.turhost.com Type: PTR
  948.  
  949. Checking MailServers using system default resolver...
  950. IP: 109.232.216.55 (Turkey)
  951. HostName: sadat.com.tr Type: MX
  952. HostName: srvc54.turhost.com Type: PTR
  953.  
  954. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
  955. No zone transfer found on nameserver 37.230.110.110
  956. No zone transfer found on nameserver 37.230.111.111
  957.  
  958. Checking SPF record...
  959. New IP found: 109.232.216.54
  960.  
  961. Checking 192 most common hostnames using system default resolver...
  962. IP: 109.232.216.55 (Turkey)
  963. HostName: sadat.com.tr Type: MX
  964. HostName: srvc54.turhost.com Type: PTR
  965. Type: SPF
  966. HostName: www.sadat.com.tr. Type: A
  967. IP: 109.232.216.55 (Turkey)
  968. HostName: sadat.com.tr Type: MX
  969. HostName: srvc54.turhost.com Type: PTR
  970. Type: SPF
  971. HostName: www.sadat.com.tr. Type: A
  972. HostName: ftp.sadat.com.tr. Type: A
  973. IP: 109.232.216.55 (Turkey)
  974. HostName: sadat.com.tr Type: MX
  975. HostName: srvc54.turhost.com Type: PTR
  976. Type: SPF
  977. HostName: www.sadat.com.tr. Type: A
  978. HostName: ftp.sadat.com.tr. Type: A
  979. HostName: mail.sadat.com.tr. Type: A
  980. IP: 109.232.216.55 (Turkey)
  981. HostName: sadat.com.tr Type: MX
  982. HostName: srvc54.turhost.com Type: PTR
  983. Type: SPF
  984. HostName: www.sadat.com.tr. Type: A
  985. HostName: ftp.sadat.com.tr. Type: A
  986. HostName: mail.sadat.com.tr. Type: A
  987. HostName: webmail.sadat.com.tr. Type: A
  988.  
  989. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
  990. Checking netblock 109.232.216.0
  991. Checking netblock 37.230.110.0
  992. Checking netblock 37.230.111.0
  993.  
  994. Searching for sadat.com.tr. emails in Google
  995. atanr...@sadat.com.trh
  996.  
  997. Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
  998. Host 109.232.216.54 is up (reset ttl 64)
  999. Host 109.232.216.55 is up (reset ttl 64)
  1000. Host 37.230.110.110 is up (reset ttl 64)
  1001. Host 37.230.111.111 is up (reset ttl 64)
  1002.  
  1003. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
  1004. Scanning ip 109.232.216.54 ():
  1005. Scanning ip 109.232.216.55 (webmail.sadat.com.tr.):
  1006. Scanning ip 37.230.110.110 (cpns1.turhost.com (PTR)):
  1007. 53/tcp open domain syn-ack ttl 51 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  1008. | dns-nsid:
  1009. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
  1010. 465/tcp open ssl/smtp syn-ack ttl 51 Exim smtpd 4.92
  1011. | smtp-commands: cpns1.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
  1012. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1013. | ssl-cert: Subject: commonName=*.turhost.com
  1014. | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1015. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1016. | Public Key type: rsa
  1017. | Public Key bits: 2048
  1018. | Signature Algorithm: sha256WithRSAEncryption
  1019. | Not valid before: 2019-03-26T11:31:37
  1020. | Not valid after: 2021-05-16T09:25:22
  1021. | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1022. |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1023. |_ssl-date: 2019-10-11T23:22:24+00:00; 0s from scanner time.
  1024. 587/tcp open smtp syn-ack ttl 51 Exim smtpd 4.92
  1025. | smtp-commands: cpns1.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
  1026. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1027. | ssl-cert: Subject: commonName=*.turhost.com
  1028. | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1029. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1030. | Public Key type: rsa
  1031. | Public Key bits: 2048
  1032. | Signature Algorithm: sha256WithRSAEncryption
  1033. | Not valid before: 2019-03-26T11:31:37
  1034. | Not valid after: 2021-05-16T09:25:22
  1035. | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1036. |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1037. |_ssl-date: 2019-10-11T23:22:25+00:00; 0s from scanner time.
  1038. OS Info: Service Info: Host: cpns1.turhost.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1039. Scanning ip 37.230.111.111 (cpns2.turhost.com (PTR)):
  1040. 53/tcp open domain syn-ack ttl 51 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  1041. | dns-nsid:
  1042. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
  1043. 465/tcp open ssl/smtp syn-ack ttl 51 Exim smtpd 4.92
  1044. | smtp-commands: cpns2.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
  1045. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1046. | ssl-cert: Subject: commonName=*.turhost.com
  1047. | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1048. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1049. | Public Key type: rsa
  1050. | Public Key bits: 2048
  1051. | Signature Algorithm: sha256WithRSAEncryption
  1052. | Not valid before: 2019-03-26T11:31:37
  1053. | Not valid after: 2021-05-16T09:25:22
  1054. | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1055. |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1056. |_ssl-date: 2019-10-11T23:23:02+00:00; +2s from scanner time.
  1057. 587/tcp open smtp syn-ack ttl 51 Exim smtpd 4.92
  1058. | smtp-commands: cpns2.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
  1059. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1060. | ssl-cert: Subject: commonName=*.turhost.com
  1061. | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1062. | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1063. | Public Key type: rsa
  1064. | Public Key bits: 2048
  1065. | Signature Algorithm: sha256WithRSAEncryption
  1066. | Not valid before: 2019-03-26T11:31:37
  1067. | Not valid after: 2021-05-16T09:25:22
  1068. | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1069. |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1070. |_ssl-date: 2019-10-11T23:23:03+00:00; +3s from scanner time.
  1071. 3306/tcp open mysql syn-ack ttl 51 MySQL (unauthorized)
  1072. OS Info: Service Info: Host: cpns2.turhost.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1073. |_clock-skew: mean: 2s, deviation: 0s, median: 1s
  1074. WebCrawling domain's web servers... up to 50 max links.
  1075. --Finished--
  1076. Summary information for domain sadat.com.tr.
  1077. -----------------------------------------
  1078. Domain Specific Information:
  1079. Email: atanr...@sadat.com.trh
  1080.  
  1081. Domain Ips Information:
  1082. IP: 109.232.216.54
  1083. Type: SPF
  1084. Is Active: True (reset ttl 64)
  1085. IP: 109.232.216.55
  1086. HostName: sadat.com.tr Type: MX
  1087. HostName: srvc54.turhost.com Type: PTR
  1088. Type: SPF
  1089. HostName: www.sadat.com.tr. Type: A
  1090. HostName: ftp.sadat.com.tr. Type: A
  1091. HostName: mail.sadat.com.tr. Type: A
  1092. HostName: webmail.sadat.com.tr. Type: A
  1093. Country: Turkey
  1094. Is Active: True (reset ttl 64)
  1095. IP: 37.230.110.110
  1096. HostName: cpns1.turhost.com Type: NS
  1097. HostName: cpns1.turhost.com Type: PTR
  1098. Country: Turkey
  1099. Is Active: True (reset ttl 64)
  1100. Port: 53/tcp open domain syn-ack ttl 51 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  1101. Script Info: | dns-nsid:
  1102. Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
  1103. Port: 465/tcp open ssl/smtp syn-ack ttl 51 Exim smtpd 4.92
  1104. Script Info: | smtp-commands: cpns1.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
  1105. Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1106. Script Info: | ssl-cert: Subject: commonName=*.turhost.com
  1107. Script Info: | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1108. Script Info: | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1109. Script Info: | Public Key type: rsa
  1110. Script Info: | Public Key bits: 2048
  1111. Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1112. Script Info: | Not valid before: 2019-03-26T11:31:37
  1113. Script Info: | Not valid after: 2021-05-16T09:25:22
  1114. Script Info: | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1115. Script Info: |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1116. Script Info: |_ssl-date: 2019-10-11T23:22:24+00:00; 0s from scanner time.
  1117. Port: 587/tcp open smtp syn-ack ttl 51 Exim smtpd 4.92
  1118. Script Info: | smtp-commands: cpns1.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
  1119. Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1120. Script Info: | ssl-cert: Subject: commonName=*.turhost.com
  1121. Script Info: | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1122. Script Info: | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1123. Script Info: | Public Key type: rsa
  1124. Script Info: | Public Key bits: 2048
  1125. Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1126. Script Info: | Not valid before: 2019-03-26T11:31:37
  1127. Script Info: | Not valid after: 2021-05-16T09:25:22
  1128. Script Info: | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1129. Script Info: |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1130. Script Info: |_ssl-date: 2019-10-11T23:22:25+00:00; 0s from scanner time.
  1131. Os Info: Host: cpns1.turhost.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1132. IP: 37.230.111.111
  1133. HostName: cpns2.turhost.com Type: NS
  1134. HostName: cpns2.turhost.com Type: PTR
  1135. Country: Turkey
  1136. Is Active: True (reset ttl 64)
  1137. Port: 53/tcp open domain syn-ack ttl 51 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  1138. Script Info: | dns-nsid:
  1139. Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
  1140. Port: 465/tcp open ssl/smtp syn-ack ttl 51 Exim smtpd 4.92
  1141. Script Info: | smtp-commands: cpns2.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
  1142. Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1143. Script Info: | ssl-cert: Subject: commonName=*.turhost.com
  1144. Script Info: | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1145. Script Info: | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1146. Script Info: | Public Key type: rsa
  1147. Script Info: | Public Key bits: 2048
  1148. Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1149. Script Info: | Not valid before: 2019-03-26T11:31:37
  1150. Script Info: | Not valid after: 2021-05-16T09:25:22
  1151. Script Info: | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1152. Script Info: |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1153. Script Info: |_ssl-date: 2019-10-11T23:23:02+00:00; +2s from scanner time.
  1154. Port: 587/tcp open smtp syn-ack ttl 51 Exim smtpd 4.92
  1155. Script Info: | smtp-commands: cpns2.turhost.com Hello nmap.scanme.org [45.131.4.21], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
  1156. Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1157. Script Info: | ssl-cert: Subject: commonName=*.turhost.com
  1158. Script Info: | Subject Alternative Name: DNS:*.turhost.com, DNS:turhost.com
  1159. Script Info: | Issuer: commonName=AlphaSSL CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1160. Script Info: | Public Key type: rsa
  1161. Script Info: | Public Key bits: 2048
  1162. Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1163. Script Info: | Not valid before: 2019-03-26T11:31:37
  1164. Script Info: | Not valid after: 2021-05-16T09:25:22
  1165. Script Info: | MD5: 1524 5d3e 121f 2164 e948 ee69 771d ad7f
  1166. Script Info: |_SHA-1: 0b6c f036 e537 ad1f 1735 b5e6 9975 637c 6399 b380
  1167. Script Info: |_ssl-date: 2019-10-11T23:23:03+00:00; +3s from scanner time.
  1168. Port: 3306/tcp open mysql syn-ack ttl 51 MySQL (unauthorized)
  1169. Os Info: Host: cpns2.turhost.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  1170. Script Info: |_clock-skew: mean: 2s, deviation: 0s, median: 1s
  1171.  
  1172. --------------End Summary --------------
  1173. -----------------------------------------
  1174. ######################################################################################################################################
  1175. [INFO] ------TARGET info------
  1176. [*] TARGET: http://sadat.com.tr/
  1177. Usage: grep [OPTION]... PATTERNS [FILE]...
  1178. Exécutez « grep --help » pour obtenir des renseignements complémentaires.
  1179. [ALERT] Problem with IP-API detected... trying to reconnect with 15 seconds timeout. Number of tries: 1/6
  1180. [*] TARGET IP: 109.232.216.55
  1181. [INFO] NO load balancer detected for sadat.com.tr...
  1182. [*] DNS servers: cpns1.turhost.com.
  1183. [*] TARGET server:
  1184. [*] CC: TR
  1185. [*] Country: Turkey
  1186. [*] RegionCode: 41
  1187. [*] RegionName: Kocaeli
  1188. [*] City: Kosekoy
  1189. [*] ASN: AS42807
  1190. [*] BGP_PREFIX: 109.232.216.0/21
  1191. [*] ISP: AEROTEK-AS Aerotek Bilisim Sanayi ve Ticaret AS, TR
  1192. [INFO] DNS enumeration:
  1193. [*] ftp.sadat.com.tr 109.232.216.55
  1194. [*] mail.sadat.com.tr sadat.com.tr. 109.232.216.55
  1195. [*] webmail.sadat.com.tr 109.232.216.55
  1196. [INFO] Possible abuse mails are:
  1197. [*] abuse@sadat.com.tr
  1198. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
  1199. [INFO] Starting FUZZing in http://sadat.com.tr/FUzZzZzZzZz...
  1200. [INFO] Status code Folders
  1201. [*] 200 http://sadat.com.tr/images
  1202. [*] 200 http://sadat.com.tr/download
  1203. [ALERT] Look in the source code. It may contain passwords
  1204. [ALERT] Content in http://sadat.com.tr/ AND http://www.sadat.com.tr/ is different
  1205. [INFO] MD5 for http://sadat.com.tr/ is: c718c155a2090ae501c599d9855caa15
  1206. [INFO] MD5 for http://www.sadat.com.tr/ is: 703241fecc2108a82864c708a59d2d7e
  1207. [INFO] http://sadat.com.tr/ redirects to http://sadat.com.tr/
  1208. [INFO] http://www.sadat.com.tr/ redirects to http://www.sadat.com.tr/
  1209. [INFO] Links found from http://sadat.com.tr/ http://109.232.216.55/:
  1210. [*] http://109.232.216.55/cgi-sys/defaultwebpage.cgi
  1211. [*] http://sadat.com.tr/
  1212. [*] http://sadat.com.tr/about-us/news.html
  1213. [*] http://sadat.com.tr/about-us/organization-chart.html
  1214. [*] http://sadat.com.tr/about-us/our-certificates.html
  1215. [*] http://sadat.com.tr/about-us/our-mission.html
  1216. [*] http://sadat.com.tr/about-us/our-publications.html
  1217. [*] http://sadat.com.tr/about-us/our-vision.html
  1218. [*] http://sadat.com.tr/about-us/qualification-of-personnel.html
  1219. [*] http://sadat.com.tr/about-us/why-sadat-inc-international-defense-consulting.html
  1220. [*] http://sadat.com.tr/ar/
  1221. [*] http://sadat.com.tr/component/search/?format=opensearch
  1222. [*] http://sadat.com.tr/contact-us.html
  1223. [*] http://sadat.com.tr/?format=feed&type=atom
  1224. [*] http://sadat.com.tr/?format=feed&type=rss
  1225. [*] http://sadat.com.tr/homepage-en/84-en/85-sadat-inc-international-defense-consulting.html
  1226. [*] http://sadat.com.tr/join-us/job-application.html
  1227. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/advanced-individual-combat-training-course.html
  1228. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/artillery-and-mortar-forward-observation-training-corse.html
  1229. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/demolition-training-courses.html
  1230. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/land-operation-training-module.html
  1231. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/protection-courses-training-module.html
  1232. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/sniper-training-module.html
  1233. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/sniper-training-programmes.html
  1234. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/tank-hunting-destruction-of-armored-vehicle-non-damaged-seizure-course-training-module.html
  1235. [*] http://sadat.com.tr/our-services/alternative-specialization-modules/unconventional-warfare-gnh-course-training-module.html
  1236. [*] http://sadat.com.tr/our-services/consultancy/consultancy-military.html
  1237. [*] http://sadat.com.tr/our-services/consultancy/consultancy-security.html
  1238. [*] http://sadat.com.tr/our-services/general-training-modules/advanced-course-for-special-forces.html
  1239. [*] http://sadat.com.tr/our-services/general-training-modules/aviation-courses.html
  1240. [*] http://sadat.com.tr/our-services/general-training-modules/basic-course-for-special-forces.html
  1241. [*] http://sadat.com.tr/our-services/general-training-modules/individual-combat-trainings-the-small-unit-tactics.html
  1242. [*] http://sadat.com.tr/our-services.html
  1243. [*] http://sadat.com.tr/our-services/moduler-training-programmes-for-air-forces/air-operation-training-module.html
  1244. [*] http://sadat.com.tr/our-services/moduler-training-programmes-for-air-forces/helicopter-pilots-training-programmes.html
  1245. [*] http://sadat.com.tr/our-services/moduler-training-programmes-for-police-forces/basic-police-special-operations-training-programmes.html
  1246. [*] http://sadat.com.tr/our-services/moduler-training-programmes-for-police-forces/border-security-stations-training-programmes.html
  1247. [*] http://sadat.com.tr/our-services/moduler-training-programmes-for-sea-forces/frogman-basic-training-programmes.html
  1248. [*] http://sadat.com.tr/our-services/moduler-training-programmes-for-sea-forces/naval-operation-training-module.html
  1249. [*] http://sadat.com.tr/our-services/ordnance/maintenance-repair.html
  1250. [*] http://sadat.com.tr/our-services/ordnance/ordnance-military.html
  1251. [*] http://sadat.com.tr/our-services/ordnance/ordnance-security.html
  1252. [*] http://sadat.com.tr/our-services/our-training-modules.html
  1253. [*] http://sadat.com.tr/our-services/training/training-military.html
  1254. [*] http://sadat.com.tr/our-services/training/training-security.html
  1255. [*] http://sadat.com.tr/#page
  1256. [*] http://sadat.com.tr/tr/
  1257. [*] http://twitter.com/SADATcomTR
  1258. [*] http://www.facebook.com/SadatInternationalDefenseConsultancy
  1259. [*] http://www.linkedin.com/companies/2845254
  1260. [*] http://www.sadat.com.tr/en/about-us/our-publications/308-training-modules-booklets.html
  1261. [*] http://www.sadat.com.tr/en/about-us/our-publications/309-military-maintenance-system-brochure.html
  1262. [*] http://www.sadat.com.tr/news/news/345-visit-sadat-as-at-idef-17.html
  1263. [*] http://youtube.com/SADATcom
  1264. [*] http://youtu.be/KQ3jVmVDPBI
  1265. [INFO] GOOGLE has 791,000 results (0.21 seconds) about http://sadat.com.tr/
  1266. [INFO] Shodan detected the following opened ports on 109.232.216.55:
  1267. [*] 0
  1268. [*] 1
  1269. [*] 110
  1270. [*] 19
  1271. [*] 2077
  1272. [*] 2082
  1273. [*] 2083
  1274. [*] 2086
  1275. [*] 2087
  1276. [*] 2096
  1277. [*] 21
  1278. [*] 4
  1279. [*] 443
  1280. [*] 465
  1281. [*] 53
  1282. [*] 587
  1283. [*] 6
  1284. [*] 80
  1285. [*] 9
  1286. [*] 993
  1287. [*] 995
  1288. [INFO] ------VirusTotal SECTION------
  1289. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
  1290. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
  1291. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
  1292. [INFO] ------Alexa Rank SECTION------
  1293. [INFO] Percent of Visitors Rank in Country:
  1294. [INFO] Percent of Search Traffic:
  1295. [INFO] Percent of Unique Visits:
  1296. [INFO] Total Sites Linking In:
  1297. [*] Total Sites
  1298. [INFO] Useful links related to sadat.com.tr - 109.232.216.55:
  1299. [*] https://www.virustotal.com/pt/ip-address/109.232.216.55/information/
  1300. [*] https://www.hybrid-analysis.com/search?host=109.232.216.55
  1301. [*] https://www.shodan.io/host/109.232.216.55
  1302. [*] https://www.senderbase.org/lookup/?search_string=109.232.216.55
  1303. [*] https://www.alienvault.com/open-threat-exchange/ip/109.232.216.55
  1304. [*] http://pastebin.com/search?q=109.232.216.55
  1305. [*] http://urlquery.net/search.php?q=109.232.216.55
  1306. [*] http://www.alexa.com/siteinfo/sadat.com.tr
  1307. [*] http://www.google.com/safebrowsing/diagnostic?site=sadat.com.tr
  1308. [*] https://censys.io/ipv4/109.232.216.55
  1309. [*] https://www.abuseipdb.com/check/109.232.216.55
  1310. [*] https://urlscan.io/search/#109.232.216.55
  1311. [*] https://github.com/search?q=109.232.216.55&type=Code
  1312. [INFO] Useful links related to AS42807 - 109.232.216.0/21:
  1313. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:42807
  1314. [*] https://www.senderbase.org/lookup/?search_string=109.232.216.0/21
  1315. [*] http://bgp.he.net/AS42807
  1316. [*] https://stat.ripe.net/AS42807
  1317. [INFO] Date: 11/10/19 | Time: 18:49:48
  1318. [INFO] Total time: 1 minute(s) and 22 second(s)
  1319. #####################################################################################################################################
  1320. [*] Load target domain: sadat.com.tr
  1321. - starting scanning @ 2019-10-11 18:59:31
  1322.  
  1323. [+] Running & Checking source to be used
  1324. ---------------------------------------------
  1325.  
  1326. ⍥ Shodan [ ✕ ]
  1327. ⍥ Webarchive [ ✔ ]
  1328. ⍥ Certspotter [ ✔ ]
  1329. ⍥ Dnsdumpster [ ✔ ]
  1330. ⍥ Bufferover [ ✔ ]
  1331. ⍥ Securitytrails [ ✕ ]
  1332. ⍥ Threatminer [ ✔ ]
  1333. ⍥ Certsh [ ✔ ]
  1334. ⍥ Censys [ ✕ ]
  1335. ⍥ Threatcrowd [ ✔ ]
  1336. ⍥ Hackertarget [ ✔ ]
  1337. ⍥ Entrust [ ✔ ]
  1338. ⍥ Virustotal [ ✕ ]
  1339. ⍥ Binaryedge [ ✕ ]
  1340. ⍥ Riddler [ ✔ ]
  1341. ⍥ Findsubdomain [ ✔ ]
  1342.  
  1343. [+] Get & Count subdomain total From source
  1344. ---------------------------------------------
  1345.  
  1346. ⍥ Hackertarget: Total Subdomain (1)
  1347. ⍥ Findsubdomain: Total Subdomain (0)
  1348. ⍥ Certspotter: Total Subdomain (0)
  1349. ⍥ Threatminer: Total Subdomain (1)
  1350. ⍥ Certsh: Total Subdomain (0)
  1351. ⍥ BufferOver: Total Subdomain (1)
  1352. ⍥ Entrust: Total Subdomain (0)
  1353. ⍥ Threatcrowd: Total Subdomain (0)
  1354. ⍥ Dnsdumpster: Total Subdomain (4)
  1355. ⍥ Riddler: Total Subdomain (1)
  1356. ⍥ Webarchive: Total Subdomain (1)
  1357.  
  1358. [+] Parsing & Sorting list Domain
  1359. ---------------------------------------------
  1360.  
  1361. ⍥ Total [3]
  1362.  
  1363. - 0 sadat.com.tr.
  1364. - sadat.com.tr
  1365. - www.sadat.com.tr
  1366.  
  1367. ⍥ Total [3]
  1368.  
  1369. [+] Probe subdomain for working on http/https
  1370. ---------------------------------------------
  1371.  
  1372. - https://sadat.com.tr
  1373. - https://www.sadat.com.tr
  1374. - http://www.sadat.com.tr
  1375. - http://sadat.com.tr
  1376.  
  1377. ⍥ Total [4]
  1378.  
  1379.  
  1380. [+] Check Live Host: Ping Sweep - ICMP PING
  1381. ---------------------------------------------
  1382.  
  1383. ⍥ [LIVE] 0
  1384. ⍥ [LIVE] sadat.com.tr.
  1385. ⍥ [LIVE] sadat.com.tr
  1386. ⍥ [LIVE] www.sadat.com.tr
  1387.  
  1388. [+] Check Resolving: Subdomains & Domains
  1389. ---------------------------------------------
  1390.  
  1391. ⍥ Resolving domains to: RESOLVE ERROR
  1392. ⍥ Resolving domains to: 109.232.216.55
  1393. ⍥ Resolving domains to: 109.232.216.55
  1394. ⍥ Resolving domains to: 109.232.216.55
  1395.  
  1396. [+] Subdomain TakeOver - Check Possible Vulns
  1397. ---------------------------------------------
  1398.  
  1399. ⍥ [FAILS] En: Unknown https://www.sadat.com.tr
  1400. ⍥ [FAILS] En: Unknown https://sadat.com.tr
  1401. ⍥ [FAILS] En: Unknown http://sadat.com.tr
  1402. ⍥ [FAILS] En: Unknown http://www.sadat.com.tr
  1403.  
  1404. [+] Checks status code on port 80 and 443
  1405. ---------------------------------------------
  1406.  
  1407. ⍥ [000] https://www.sadat.com.tr
  1408. ⍥ [000] https://sadat.com.tr
  1409. ⍥ [200] http://sadat.com.tr
  1410. ⍥ [200] http://www.sadat.com.tr
  1411.  
  1412. [+] Web Screenshots: from domain list
  1413. ---------------------------------------------
  1414.  
  1415. [+] 4 URLs to be screenshot
  1416.  
  1417. [+] 4 actual URLs screenshot
  1418. [+] 0 error(s)
  1419.  
  1420. [+] Generate Reports: Make report into HTML
  1421. ---------------------------------------------
  1422.  
  1423. ⍥ Make template for reports
  1424. - output/10-11-2019/sadat.com.tr/reports
  1425.  
  1426. ⍥ Successful Created ..
  1427.  
  1428. [+] Sud⍥my has been sucessfully completed
  1429. ---------------------------------------------
  1430.  
  1431. ⍥ Location output:
  1432. - output/10-11-2019/sadat.com.tr
  1433. - output/10-11-2019/sadat.com.tr/report
  1434. - output/10-11-2019/sadat.com.tr/screenshots
  1435.  
  1436. ######################################################################################################################################
  1437. [I] Threads: 5
  1438. [-] Target: http://sadat.com.tr (109.232.216.55)
  1439. [M] Website Not in HTTPS: http://sadat.com.tr
  1440. [I] X-Powered-By: PHP/5.6.40
  1441. [L] X-Frame-Options: Not Enforced
  1442. [I] Strict-Transport-Security: Not Enforced
  1443. [I] X-Content-Security-Policy: Not Enforced
  1444. [I] X-Content-Type-Options: Not Enforced
  1445. [L] No Robots.txt Found
  1446. [I] CMS Detection: Joomla
  1447. [I] Joomla Version: 2.5.28
  1448. [M] EDB-ID: 46710 "Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion"
  1449. [M] EDB-ID: 46200 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings"
  1450. [M] EDB-ID: 42033 "Joomla! 3.7.0 - 'com_fields' SQL Injection"
  1451. [M] EDB-ID: 40637 "Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation"
  1452. [M] EDB-ID: 41157 "Joomla! < 3.6.4 - Admin Takeover"
  1453. [M] EDB-ID: 47465 "Joomla 3.4.6 - 'configuration.php' Remote Code Execution"
  1454. [M] EDB-ID: 38977 "Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution"
  1455. [M] EDB-ID: 39033 "Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution"
  1456. [M] EDB-ID: 38534 "Joomla! 3.2.x < 3.4.4 - SQL Injection"
  1457. [M] EDB-ID: 31459 "Joomla! 3.2.1 - SQL Injection"
  1458. [M] EDB-ID: 25087 "Joomla! 3.0.3 - 'remember.php' PHP Object Injection"
  1459. [M] EDB-ID: 24551 "Joomla! 3.0.2 - 'highlight.php' PHP Object Injection"
  1460. [M] EDB-ID: 44227 "Joomla! 3.7 - SQL Injection"
  1461. [I] Joomla Website Template: tk_office_free
  1462. [I] Joomla Administrator Template: bluestork
  1463. [-] Enumerating Joomla Usernames via "Feed" ...
  1464. [I] Super User: akmtanriverdi@gmail.com
  1465. [I] Autocomplete Off Not Found: http://sadat.com.tr/administrator/index.php
  1466. [-] Joomla Default Files:
  1467. [-] Joomla is likely to have a large number of default files
  1468. [-] Would you like to list them all?
  1469. [y/N]: y
  1470. [I] http://sadat.com.tr/LICENSE.txt
  1471. [I] http://sadat.com.tr/README.txt
  1472. [I] http://sadat.com.tr/administrator/cache/index.html
  1473. [I] http://sadat.com.tr/administrator/language/overrides/index.html
  1474. [I] http://sadat.com.tr/administrator/manifests/packages/index.html
  1475. [I] http://sadat.com.tr/cache/index.html
  1476. [I] http://sadat.com.tr/cli/index.html
  1477. [I] http://sadat.com.tr/components/index.html
  1478. [I] http://sadat.com.tr/htaccess.txt
  1479. [I] http://sadat.com.tr/images/index.html
  1480. [I] http://sadat.com.tr/includes/index.html
  1481. [I] http://sadat.com.tr/language/index.html
  1482. [I] http://sadat.com.tr/language/overrides/index.html
  1483. [I] http://sadat.com.tr/libraries/index.html
  1484. [I] http://sadat.com.tr/media/editors/tinymce/templates/layout1.html
  1485. [I] http://sadat.com.tr/media/editors/tinymce/templates/snippet1.html
  1486. [I] http://sadat.com.tr/media/index.html
  1487. [I] http://sadat.com.tr/modules/index.html
  1488. [I] http://sadat.com.tr/plugins/index.html
  1489. [I] http://sadat.com.tr/templates/index.html
  1490. [I] http://sadat.com.tr/tmp/index.html
  1491. [I] http://sadat.com.tr/web.config.txt
  1492. [-] Searching Joomla Components ...
  1493. [I] mod_s5_newsticker
  1494. [I] mod_stalker
  1495. [I] Checking for Directory Listing Enabled ...
  1496. [-] Date & Time: 11/10/2019 19:00:05
  1497. [-] Completed in: 0:11:42
  1498. #######################################################################################################################################
  1499. Anonymous JTSEC #OpTurkey Full Recon #5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!