Anonymous Operation IsraelUSA JTSEC full recon #4

1. #######################################################################################################################################
2. Nom de l'hôte www.investinisrael.gov.il FAI Tehila Project - Prime Minister Office's (AS8867)
3. Continent Asie Drapeau
4. IL
5. Pays Israël Code du pays IL (ISR)
6. Région Inconnu Heure locale 10 Dec 2017 17:26 IST
7. Ville Inconnu Latitude 31.5
8. Adresse IP 147.237.1.133 Longitude 34.75
9. ######################################################################################################################################
10. [i] Scanning Site: http://investinisrael.gov.il
11.  
12.  
13.  
14. B A S I C I N F O
15. ====================
16.  
17.  
18. [+] Site Title:
19.  
20.  
21.  
22. Invest In Israel
23.  
24.  
25.  
26. [+] IP address: 147.237.1.133
27. [+] Web Server: Microsoft-IIS/8.5
28. [+] CMS: Could Not Detect
29. [+] Cloudflare: Not Detected
30. [+] Robots File: Could NOT Find robots.txt!
31.  
32.  
33.  
34.  
35. W H O I S L O O K U P
36. ========================
37.  
38.  
39. % The data in the WHOIS database of the .il registry is provided
40. % by ISOC-IL for information purposes, and to assist persons in
41. % obtaining information about or related to a domain name
42. % registration record. ISOC-IL does not guarantee its accuracy.
43. % By submitting a WHOIS query, you agree that you will use this
44. % Data only for lawful purposes and that, under no circumstances
45. % will you use this Data to: (1) allow, enable, or otherwise
46. % support the transmission of mass unsolicited, commercial
47. % advertising or solicitations via e-mail (spam);
48. % or (2) enable high volume, automated, electronic processes that
49. % apply to ISOC-IL (or its systems).
50. % ISOC-IL reserves the right to modify these terms at any time.
51. % By submitting this query, you agree to abide by this policy.
52.  
53. % No data was found to match the request criteria.
54.  
55.  
56. % Rights to the data above are restricted by copyright.
57.  
58.  
59.  
60.  
61. G E O I P L O O K U P
62. =========================
63.  
64. [i] IP Address: 147.237.1.133
65. [i] Country: IL
66. [i] State: N/A
67. [i] City: N/A
68. [i] Latitude: 31.500000
69. [i] Longitude: 34.750000
70.  
71.  
72.  
73.  
74. H T T P H E A D E R S
75. =======================
76.  
77.  
78. [i] HTTP/1.1 302 Redirect
79. [i] Content-Type: text/html; charset=UTF-8
80. [i] Location: http://investinisrael.gov.il/Pages/default.aspx
81. [i] Server: Microsoft-IIS/8.5
82. [i] X-SharePointHealthScore: 0
83. [i] SPRequestGuid: b633359e-db7b-d0d0-e5a4-eae653270415
84. [i] request-id: b633359e-db7b-d0d0-e5a4-eae653270415
85. [i] X-FRAME-OPTIONS: SAMEORIGIN
86. [i] SPRequestDuration: 7
87. [i] SPIisLatency: 0
88. [i] X-MS-InvokeApp: 1; RequireReadOnly
89. [i] X-Frame-Options: SAMEORIGIN
90. [i] X-XSS-Protection: 1; mode=block
91. [i] X-Content-Type-Options: nosniff
92. [i] Date: Sun, 10 Dec 2017 15:32:41 GMT
93. [i] Connection: close
94. [i] Content-Length: 170
95. [i] HTTP/1.1 200 OK
96. [i] Cache-Control: private
97. [i] Content-Type: text/html; charset=utf-8
98. [i] Expires: Sun, 10 Dec 2017 15:47:50 GMT
99. [i] Vary: *
100. [i] Server: Microsoft-IIS/8.5
101. [i] X-SharePointHealthScore: 0
102. [i] Set-Cookie: ASP.NET_SessionId=gdbqpdjl254ex5zdntvlhocb; path=/; HttpOnly
103. [i] SPRequestGuid: b833359e-db97-d0d0-e5a4-ef4ffc702a6a
104. [i] request-id: b833359e-db97-d0d0-e5a4-ef4ffc702a6a
105. [i] X-FRAME-OPTIONS: SAMEORIGIN
106. [i] SPRequestDuration: 250
107. [i] SPIisLatency: 0
108. [i] X-MS-InvokeApp: 1; RequireReadOnly
109. [i] X-Frame-Options: SAMEORIGIN
110. [i] X-XSS-Protection: 1; mode=block
111. [i] X-Content-Type-Options: nosniff
112. [i] Date: Sun, 10 Dec 2017 15:32:50 GMT
113. [i] Connection: close
114. [i] Content-Length: 64408
115.  
116.  
117.  
118.  
119. D N S L O O K U P
120. ===================
121.  
122. investinisrael.gov.il. 599 IN A 147.237.1.133
123.  
124.  
125.  
126.  
127. S U B N E T C A L C U L A T I O N
128. ====================================
129.  
130. Address = 147.237.1.133
131. Network = 147.237.1.133 / 32
132. Netmask = 255.255.255.255
133. Broadcast = not needed on Point-to-Point links
134. Wildcard Mask = 0.0.0.0
135. Hosts Bits = 0
136. Max. Hosts = 1 (2^0 - 0)
137. Host Range = { 147.237.1.133 - 147.237.1.133 }
138.  
139.  
140.  
141. N M A P P O R T S C A N
142. ============================
143.  
144.  
145. Starting Nmap 7.01 ( https://nmap.org ) at 2017-12-10 15:33 UTC
146. Nmap scan report for investinisrael.gov.il (147.237.1.133)
147. Host is up (0.14s latency).
148. PORT STATE SERVICE VERSION
149. 21/tcp filtered ftp
150. 22/tcp filtered ssh
151. 23/tcp filtered telnet
152. 25/tcp filtered smtp
153. 80/tcp open http?
154. 110/tcp filtered pop3
155. 143/tcp filtered imap
156. 443/tcp filtered https
157. 445/tcp filtered microsoft-ds
158. 3389/tcp filtered ms-wbt-server
159. 1
160.  
161.  
162.  
163. S U B - D O M A I N F I N D E R
164. ==================================
165.  
166.  
167. [i] Total Subdomains Found : 1
168.  
169. [+] Subdomain: www.investinisrael.gov.il
170. [-] IP: 147.237.1.133
171.  
172. [!] IP Address : 147.237.1.133
173. [!] Server: Microsoft-IIS/8.5
174. [!] www.investinisrael.gov.il doesn't seem to use a CMS
175. [+] Honeypot Probabilty: 0%
176. ----------------------------------------
177. PORT STATE SERVICE VERSION
178. 21/tcp filtered ftp
179. 22/tcp filtered ssh
180. 23/tcp filtered telnet
181. 25/tcp filtered smtp
182. 80/tcp open http?
183. 110/tcp filtered pop3
184. 143/tcp filtered imap
185. 443/tcp filtered https
186. 445/tcp filtered microsoft-ds
187. 3389/tcp filtered ms-wbt-server
188.  
189.  
190. [+] DNS Records
191.  
192. [+] Host Records (A)
193. www.investinisrael.gov.il (147.237.1.133) AS8867 Tehila Project - Prime Minister Office's Israel
194.  
195. [+] TXT Records
196.  
197. [+] DNS Map: https://dnsdumpster.com/static/map/www.investinisrael.gov.il.png
198.  
199. [>] Initiating 3 intel modules
200. [>] Loading Alpha module (1/3)
201. [>] Beta module deployed (2/3)
202. [>] Gamma module initiated (3/3)
203. No emails found
204. No hosts found
205. [+] Virtual hosts:
206. -----------------
207. [>] Crawling the target for fuzzable URLs
208. [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
209. Server: 2001:568:ff09:10c::53
210. Address: 2001:568:ff09:10c::53#53
211.  
212. Non-authoritative answer:
213. Name: investinisrael.gov.il
214. Address: 147.237.1.133
215.  
216. investinisrael.gov.il has address 147.237.1.133
217.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
218.  
219. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
220.  
221. [+] Target is investinisrael.gov.il
222. [+] Loading modules.
223. [+] Following modules are loaded:
224. [x] [1] ping:icmp_ping - ICMP echo discovery module
225. [x] [2] ping:tcp_ping - TCP-based ping discovery module
226. [x] [3] ping:udp_ping - UDP-based ping discovery module
227. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
228. [x] [5] infogather:portscan - TCP and UDP PortScanner
229. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
230. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
231. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
232. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
233. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
234. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
235. [x] [12] fingerprint:smb - SMB fingerprinting module
236. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
237. [+] 13 modules registered
238. [+] Initializing scan engine
239. [+] Running scan engine
240. [-] ping:tcp_ping module: no closed/open TCP ports known on 147.237.1.133. Module test failed
241. [-] ping:udp_ping module: no closed/open UDP ports known on 147.237.1.133. Module test failed
242. [-] No distance calculation. 147.237.1.133 appears to be dead or no ports known
243. [+] Host: 147.237.1.133 is down (Guess probability: 0%)
244. [+] Cleaning up scan engine
245. [+] Modules deinitialized
246. [+] Execution completed.
247.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
248.  
249. % The data in the WHOIS database of the .il registry is provided
250. % by ISOC-IL for information purposes, and to assist persons in
251. % obtaining information about or related to a domain name
252. % registration record. ISOC-IL does not guarantee its accuracy.
253. % By submitting a WHOIS query, you agree that you will use this
254. % Data only for lawful purposes and that, under no circumstances
255. % will you use this Data to: (1) allow, enable, or otherwise
256. % support the transmission of mass unsolicited, commercial
257. % advertising or solicitations via e-mail (spam);
258. % or (2) enable high volume, automated, electronic processes that
259. % apply to ISOC-IL (or its systems).
260. % ISOC-IL reserves the right to modify these terms at any time.
261. % By submitting this query, you agree to abide by this policy.
262.  
263. % No data was found to match the request criteria.
264.  
265.  
266. % Rights to the data above are restricted by copyright.
267.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
268.  
269. *******************************************************************
270. * *
271. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
272. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
273. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
274. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
275. * *
276. * TheHarvester Ver. 2.7 *
277. * Coded by Christian Martorella *
278. * Edge-Security Research *
279. * cmartorella@edge-security.com *
280. *******************************************************************
281.  
282.  
283. [-] Searching in Bing:
284. Searching 50 results...
285. Searching 100 results...
286.  
287.  
288. [+] Emails found:
289. ------------------
290. No emails found
291.  
292. [+] Hosts found in search engines:
293. ------------------------------------
294. [-] Resolving hostnames IPs...
295. 147.237.1.133:www.investinisrael.gov.il
296.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
297.  
298. ; <<>> DiG 9.10.6-Debian <<>> -x investinisrael.gov.il
299. ;; global options: +cmd
300. ;; Got answer:
301. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58776
302. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
303.  
304. ;; OPT PSEUDOSECTION:
305. ; EDNS: version: 0, flags:; udp: 4096
306. ;; QUESTION SECTION:
307. ;il.gov.investinisrael.in-addr.arpa. IN PTR
308.  
309. ;; AUTHORITY SECTION:
310. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102477 1800 900 604800 3600
311.  
312. ;; Query time: 480 msec
313. ;; SERVER: 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53)
314. ;; WHEN: Sun Dec 10 10:29:42 EST 2017
315. ;; MSG SIZE rcvd: 131
316.  
317. dnsenum VERSION:1.2.4
318. 
319. ----- investinisrael.gov.il -----
320. 
321.  
322. Host's addresses:
323. __________________
324.  
325. investinisrael.gov.il. 517 IN A 147.237.1.133
326. 
327.  
328. Name Servers:
329. ______________
330.  
331.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
332. 
333. ____ _ _ _ _ _____
334. / ___| _ _| |__ | (_)___| |_|___ / _ __
335. \___ \| | | | '_ \| | / __| __| |_ \| '__|
336. ___) | |_| | |_) | | \__ \ |_ ___) | |
337. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
338.  
339. # Coded By Ahmed Aboul-Ela - @aboul3la
340.  
341. [-] Enumerating subdomains now for investinisrael.gov.il
342. [-] verbosity is enabled, will show the subdomains results in realtime
343. [-] Searching now in Baidu..
344. [-] Searching now in Yahoo..
345. [-] Searching now in Google..
346. [-] Searching now in Bing..
347. [-] Searching now in Ask..
348. [-] Searching now in Netcraft..
349. [-] Searching now in DNSdumpster..
350. [-] Searching now in Virustotal..
351. [-] Searching now in ThreatCrowd..
352. [-] Searching now in SSL Certificates..
353. [-] Searching now in PassiveDNS..
354. Yahoo: www.investinisrael.gov.il
355. Virustotal: www.investinisrael.gov.il
356. DNSdumpster: e.investinisrael.gov.il
357. DNSdumpster: www.investinisrael.gov.il
358. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-investinisrael.gov.il.txt
359. [-] Total Unique Subdomains Found: 2
360. www.investinisrael.gov.il
361. e.investinisrael.gov.il
362.  
363.  ╔═╗╦═╗╔╦╗╔═╗╦ ╦
364.  ║ ╠╦╝ ║ ╚═╗╠═╣
365.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
366.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
367. 
368.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-investinisrael.gov.il-full.txt
369. 
370.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
371.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
372.  
373.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
374. PING investinisrael.gov.il (147.237.1.133) 56(84) bytes of data.
375.  
376. --- investinisrael.gov.il ping statistics ---
377. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
378.  
379.  
380.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
381.  
382. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-10 10:31 EST
383. Nmap scan report for investinisrael.gov.il (147.237.1.133)
384. Host is up (0.19s latency).
385. Not shown: 472 filtered ports
386. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
387. PORT STATE SERVICE
388. 80/tcp open http
389.  
390. Nmap done: 1 IP address (1 host up) scanned in 156.48 seconds
391.  
392.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
393.  + -- --=[Port 21 closed... skipping.
394.  + -- --=[Port 22 closed... skipping.
395.  + -- --=[Port 23 closed... skipping.
396.  + -- --=[Port 25 closed... skipping.
397.  + -- --=[Port 53 closed... skipping.
398.  + -- --=[Port 79 closed... skipping.
399.  + -- --=[Port 80 opened... running tests...
400.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
401.  
402. ^ ^
403. _ __ _ ____ _ __ _ _ ____
404. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
405. | V V // o // _/ | V V // 0 // 0 // _/
406. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
407. <
408. ...'
409.  
410. WAFW00F - Web Application Firewall Detection Tool
411.  
412. By Sandro Gauci && Wendel G. Henrique
413.  
414. Checking http://investinisrael.gov.il
415. The site http://investinisrael.gov.il is behind a IBM Web Application Security
416. Number of requests: 3
417.  
418.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
419. http://investinisrael.gov.il [ Unassigned]
420.  
421.  __ ______ _____ 
422.  \ \/ / ___|_ _|
423.  \ /\___ \ | | 
424.  / \ ___) || | 
425.  /_/\_|____/ |_| 
426.  
427. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
428. + -- --=[Target: investinisrael.gov.il:80
429. + -- --=[Port is closed!
430.  
431.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
432. + -- --=[Checking if X-Content options are enabled on investinisrael.gov.il... 
433.  
434. + -- --=[Checking if X-Frame options are enabled on investinisrael.gov.il... 
435.  
436. + -- --=[Checking if X-XSS-Protection header is enabled on investinisrael.gov.il... 
437.  
438. + -- --=[Checking HTTP methods on investinisrael.gov.il... 
439.  
440. + -- --=[Checking if TRACE method is enabled on investinisrael.gov.il... 
441.  
442. + -- --=[Checking for META tags on investinisrael.gov.il... 
443.  
444. + -- --=[Checking for open proxy on investinisrael.gov.il... 
445.  
446. + -- --=[Enumerating software on investinisrael.gov.il... 
447.  
448. + -- --=[Checking if Strict-Transport-Security is enabled on investinisrael.gov.il... 
449.  
450. + -- --=[Checking for Flash cross-domain policy on investinisrael.gov.il... 
451.  
452. + -- --=[Checking for Silverlight cross-domain policy on investinisrael.gov.il... 
453.  
454. + -- --=[Checking for HTML5 cross-origin resource sharing on investinisrael.gov.il... 
455.  
456. + -- --=[Retrieving robots.txt on investinisrael.gov.il... 
457.  
458. + -- --=[Retrieving sitemap.xml on investinisrael.gov.il... 
459.  
460. + -- --=[Checking cookie attributes on investinisrael.gov.il... 
461.  
462. + -- --=[Checking for ASP.NET Detailed Errors on investinisrael.gov.il... 
463.  
464. 
465.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
466. - Nikto v2.1.6
467. ---------------------------------------------------------------------------
468. + No web server found on investinisrael.gov.il:80
469. ---------------------------------------------------------------------------
470. + 0 host(s) tested
471.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
472. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/investinisrael.gov.il-port80.jpg
473.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
474.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
475.  
476.  _____  .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
477.  (_____) 01 01N. C 01 C 01 .01. 01  01 Yb 01 .01.
478.  (() ()) 01 C YCb C 01 C 01 ,C9 01  01 dP 01 ,C9
479.  \ /  01 C .CN. C 01 C 0101dC9 01  01'''bg. 0101dC9
480.  \ /  01 C .01.C 01 C 01 YC. 01 ,  01 .Y 01 YC.
481.  /=\  01 C Y01 YC. ,C 01 .Cb. 01 ,C  01 ,9 01 .Cb.
482.  [___]  .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
483.  
484. __[ ! ] Neither war between hackers, nor peace for the system.
485. __[ ! ] http://blog.inurl.com.br
486. __[ ! ] http://fb.com/InurlBrasil
487. __[ ! ] http://twitter.com/@googleinurl
488. __[ ! ] http://github.com/googleinurl
489. __[ ! ] Current PHP version::[ 7.0.26-1 ]
490. __[ ! ] Current script owner::[ root ]
491. __[ ! ] Current uname::[ Linux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 ]
492. __[ ! ] Current pwd::[ /usr/share/sniper ]
493. __[ ! ] Help: php inurlbr.php --help
494. ------------------------------------------------------------------------------------------------------------------------
495.  
496. [ ! ] Starting SCANNER INURLBR 2.1 at [10-12-2017 11:16:47]
497. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
498. It is the end user's responsibility to obey all applicable local, state and federal laws.
499. Developers assume no liability and are not responsible for any misuse or damage caused by this program
500.  
501. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-investinisrael.gov.il.txt ]
502. [ INFO ][ DORK ]::[ site:investinisrael.gov.il ]
503. [ INFO ][ SEARCHING ]:: {
504. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.ms ]
505.  
506. [ INFO ][ SEARCHING ]:: 
507. -[:::]
508. [ INFO ][ ENGINE ]::[ GOOGLE API ]
509.  
510. [ INFO ][ SEARCHING ]:: 
511. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
512. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.rs ID: 012984904789461885316:oy3-mu17hxk ]
513.  
514. [ INFO ][ SEARCHING ]:: 
515. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
516.  
517. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
518. [ INFO ] Not a satisfactory result was found!
519.  
520.  
521. [ INFO ] [ Shutting down ]
522. [ INFO ] [ End of process INURLBR at [10-12-2017 11:18:37]
523. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
524. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-investinisrael.gov.il.txt ]
525. |_________________________________________________________________________________________
526.  
527. \_________________________________________________________________________________________/
528.  
529.  + -- --=[Port 110 closed... skipping.
530.  + -- --=[Port 111 closed... skipping.
531.  + -- --=[Port 135 closed... skipping.
532.  + -- --=[Port 139 closed... skipping.
533.  + -- --=[Port 161 closed... skipping.
534.  + -- --=[Port 162 closed... skipping.
535.  + -- --=[Port 389 closed... skipping.
536.  + -- --=[Port 443 closed... skipping.
537.  + -- --=[Port 445 closed... skipping.
538.  + -- --=[Port 512 closed... skipping.
539.  + -- --=[Port 513 closed... skipping.
540.  + -- --=[Port 514 closed... skipping.
541.  + -- --=[Port 623 closed... skipping.
542.  + -- --=[Port 624 closed... skipping.
543.  + -- --=[Port 1099 closed... skipping.
544.  + -- --=[Port 1433 closed... skipping.
545.  + -- --=[Port 2049 closed... skipping.
546.  + -- --=[Port 2121 closed... skipping.
547.  + -- --=[Port 3306 closed... skipping.
548.  + -- --=[Port 3310 closed... skipping.
549.  + -- --=[Port 3128 closed... skipping.
550.  + -- --=[Port 3389 closed... skipping.
551.  + -- --=[Port 3632 closed... skipping.
552.  + -- --=[Port 4443 closed... skipping.
553.  + -- --=[Port 5432 closed... skipping.
554.  + -- --=[Port 5800 closed... skipping.
555.  + -- --=[Port 5900 closed... skipping.
556.  + -- --=[Port 5984 closed... skipping.
557.  + -- --=[Port 6000 closed... skipping.
558.  + -- --=[Port 6667 closed... skipping.
559.  + -- --=[Port 8000 closed... skipping.
560.  + -- --=[Port 8100 closed... skipping.
561.  + -- --=[Port 8080 closed... skipping.
562.  + -- --=[Port 8180 closed... skipping.
563.  + -- --=[Port 8443 closed... skipping.
564.  + -- --=[Port 8888 closed... skipping.
565.  + -- --=[Port 10000 closed... skipping.
566.  + -- --=[Port 16992 closed... skipping.
567.  + -- --=[Port 27017 closed... skipping.
568.  + -- --=[Port 27018 closed... skipping.
569.  + -- --=[Port 27019 closed... skipping.
570.  + -- --=[Port 28017 closed... skipping.
571.  + -- --=[Port 49152 closed... skipping.
572.  + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
573.  + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +
574.  + -- ----------------------------=[Running Brute Force]=--------------------- -- +
575.  __________ __ ____ ___
576.  \______ \_______ __ ___/ |_ ____ \ \/ /
577.  | | _/\_ __ \ | \ __\/ __ \ \ / 
578.  | | \ | | \/ | /| | \ ___/ / \ 
579.  |______ / |__| |____/ |__| \___ >___/\ \ 
580.  \/ \/ \_/
581.  
582.  + -- --=[BruteX v1.7 by 1N3
583.  + -- --=[http://crowdshield.com
584.  
585.  
586. ################################### Running Port Scan ##############################
587.  
588. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-10 11:18 EST
589. Nmap done: 1 IP address (1 host up) scanned in 12.54 seconds
590.  
591. ################################### Running Brute Force ############################
592.  
593.  + -- --=[Port 21 closed... skipping.
594.  + -- --=[Port 22 closed... skipping.
595.  + -- --=[Port 23 closed... skipping.
596.  + -- --=[Port 25 closed... skipping.
597.  + -- --=[Port 80 closed... skipping.
598.  + -- --=[Port 110 closed... skipping.
599.  + -- --=[Port 139 closed... skipping.
600.  + -- --=[Port 162 closed... skipping.
601.  + -- --=[Port 389 closed... skipping.
602.  + -- --=[Port 443 closed... skipping.
603.  + -- --=[Port 445 closed... skipping.
604.  + -- --=[Port 512 closed... skipping.
605.  + -- --=[Port 513 closed... skipping.
606.  + -- --=[Port 514 closed... skipping.
607.  + -- --=[Port 993 closed... skipping.
608.  + -- --=[Port 1433 closed... skipping.
609.  + -- --=[Port 1521 closed... skipping.
610.  + -- --=[Port 3306 closed... skipping.
611.  + -- --=[Port 3389 closed... skipping.
612.  + -- --=[Port 5432 closed... skipping.
613.  + -- --=[Port 5900 closed... skipping.
614.  + -- --=[Port 5901 closed... skipping.
615.  + -- --=[Port 8000 closed... skipping.
616.  + -- --=[Port 8080 closed... skipping.
617.  + -- --=[Port 8100 closed... skipping.
618.  + -- --=[Port 6667 closed... skipping.
619.  
620. ################################### Done! ###########################################
621.  
622.  + -- ----------------------------=[Done]=------------------------------------ -- +
623.  ____ 
624.  _________ / _/___ ___ _____
625.  / ___/ __ \ / // __ \/ _ \/ ___/
626.  (__ ) / / // // /_/ / __/ / 
627.  /____/_/ /_/___/ .___/\___/_/ 
628.  /_/ 
629.  
630.  + -- --=[Current reports...
631.  + -- --=[Current workspaces...
632. total 12K
633. drwxr-xr-x 10 root root 4,0K nov 9 20:10 default
634. drwxr-xr-x 10 root root 4,0K nov 11 23:00 desktop
635. drwxr-xr-x 3 root root 4,0K nov 9 15:49 usr
636.  + -- --=[Enter a name for the workspace:
637.  + -- --=[Generating reports...
638.  + -- --=[Removing blank web screenshots...
639.  + -- --=[Starting Metasploit service...
640.  + -- --=[Importing NMap XML files into Metasploit...
641.  ____________
642. [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
643. [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
644. [%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%| `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%]
645. [% .--------..-----.| |_ .---.-.| .,a$%|.-----.| |.-----.|__|| |_ %%]
646. [% | || -__|| _|| _ || ,,aS$""` || _ || || _ || || _|%%]
647. [% |__|__|__||_____||____||___._||%$P"` || __||__||_____||__||____|%%]
648. [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a, ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%]
649. [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
650. [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% `"$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
651. [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
652. 
653.  
654. =[ metasploit v4.16.21-dev ]
655. + -- --=[ 1705 exploits - 970 auxiliary - 299 post ]
656. + -- --=[ 503 payloads - 40 encoders - 10 nops ]
657. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
658.  
659. [*] Added workspace: default
660. [*] Workspace: default
661. [*] Importing 'Nmap XML' data
662. [*] Import: Parsing with 'Nokogiri v1.8.1'
663. [*] Importing host 147.237.1.133
664. [*] Successfully imported /usr/share/sniper/loot/nmap/nmap-investinisrael.gov.il.xml
665. 
666. Hosts
667. =====
668.  
669. address mac name os_name os_flavor os_sp purpose info comments
670. ------- --- ---- ------- --------- ----- ------- ---- --------
671. 5.45.65.180 Unknown device
672. 5.45.67.72 Unknown device
673. 5.79.65.33 Unknown device
674. 5.255.87.27 Unknown device
675. 23.38.141.104 a23-38-141-104.deploy.static.akamaitechnologies.com Unknown device
676. 46.229.163.113 Unknown device
677. 46.229.174.6 Unknown device
678. 51.254.238.68 ares-eam.hukot.net Linux 7.0 server
679. 54.85.132.205 ec2-54-85-132-205.compute-1.amazonaws.com Unknown device
680. 72.166.186.169 rt.dos.iad.qwest.net Unknown device
681. 74.208.90.110 u16385664.onlinehome-server.com Unknown device
682. 78.140.176.124 Unknown device
683. 82.94.188.230 Unknown device
684. 82.94.222.132 Unknown device
685. 88.80.17.71 host-88-80-17-71.cust.prq.se Unknown device
686. 94.102.48.102 server2.anonymous-hosting-service.com Linux 7.0 server
687. 94.102.49.234 no-reverse-dns-configured.com Linux 8.0 server
688. 94.125.167.244 nx3144.nexylan.net Unknown device
689. 95.211.5.91 91.kaasserver.com Unknown device
690. 95.211.239.7 Unknown device
691. 95.213.224.126 Linux 14.04 server
692. 96.127.141.228 sh88-477.ich-9.com Unknown device
693. 104.18.48.36 104.18.48.36 Unknown device
694. 104.18.49.36 104.18.49.36 Unknown device
695. 104.20.44.57 Unknown device
696. 104.24.98.180 104.24.98.180 Unknown device
697. 104.24.99.180 104.24.99.180 Unknown device
698. 104.25.189.118 104.25.189.118 Unknown device
699. 104.25.190.118 104.25.190.118 Unknown device
700. 104.27.146.239 104.27.146.239 Unknown device
701. 104.27.147.239 104.27.147.239 Unknown device
702. 104.27.148.138 104.27.148.138 Unknown device
703. 104.27.149.138 104.27.149.138 Unknown device
704. 104.27.154.73 104.27.154.73 Unknown device
705. 104.27.155.73 104.27.155.73 Unknown device
706. 104.27.159.2 Unknown device
707. 104.28.16.8 104.28.16.8 Unknown device
708. 104.28.16.38 104.28.16.38 Unknown device
709. 104.28.17.8 104.28.17.8 Unknown device
710. 104.28.17.38 104.28.17.38 Unknown device
711. 104.31.74.118 Unknown device
712. 104.31.78.132 104.31.78.132 Unknown device
713. 104.31.79.132 104.31.79.132 Unknown device
714. 104.31.92.110 104.31.92.110 Unknown device
715. 104.31.93.110 104.31.93.110 Unknown device
716. 104.196.229.229 229.229.196.104.bc.googleusercontent.com Unknown device
717. 137.200.4.16 Unknown device
718. 147.237.1.133 Unknown device
719. 147.237.77.108 Unknown device
720. 178.32.123.64 Linux server
721. 185.17.120.155 amandatap.example.com Unknown device
722. 185.82.202.39 Linux 14.04 server
723. 185.112.82.253 server-185-112-82-253.creanova.org Linux 8.0 server
724. 185.174.172.177 vds9691.hyperhost.name Unknown device
725. 192.169.188.31 ip-192-169-188-31.ip.secureserver.net Unknown device
726. 192.243.48.235 FreeBSD device
727. 193.189.143.34 www.netvibes.com Unknown device
728. 206.188.192.153 vux.netsolhost.com Unknown device
729. 2400:cb00:2048:1::6812:3024 2400:cb00:2048:1::6812:3024 Unknown device
730. 2400:cb00:2048:1::6812:3124 2400:cb00:2048:1::6812:3124 Unknown device
731. 2400:cb00:2048:1::6818:62b4 2400:cb00:2048:1::6818:62b4 Unknown device
732. 2400:cb00:2048:1::6818:63b4 2400:cb00:2048:1::6818:63b4 Unknown device
733. 2400:cb00:2048:1::6819:bd76 2400:cb00:2048:1::6819:bd76 Unknown device
734. 2400:cb00:2048:1::6819:be76 2400:cb00:2048:1::6819:be76 Unknown device
735. 2400:cb00:2048:1::681b:92ef 2400:cb00:2048:1::681b:92ef Unknown device
736. 2400:cb00:2048:1::681b:93ef 2400:cb00:2048:1::681b:93ef Unknown device
737. 2400:cb00:2048:1::681b:948a 2400:cb00:2048:1::681b:948a Unknown device
738. 2400:cb00:2048:1::681b:958a 2400:cb00:2048:1::681b:958a Unknown device
739. 2400:cb00:2048:1::681b:9a49 2400:cb00:2048:1::681b:9a49 Unknown device
740. 2400:cb00:2048:1::681b:9b49 2400:cb00:2048:1::681b:9b49 Unknown device
741. 2400:cb00:2048:1::681c:1008 2400:cb00:2048:1::681c:1008 Unknown device
742. 2400:cb00:2048:1::681c:1026 2400:cb00:2048:1::681c:1026 Unknown device
743. 2400:cb00:2048:1::681c:1108 2400:cb00:2048:1::681c:1108 Unknown device
744. 2400:cb00:2048:1::681c:1126 2400:cb00:2048:1::681c:1126 Unknown device
745. 2400:cb00:2048:1::681f:4e84 2400:cb00:2048:1::681f:4e84 Unknown device
746. 2400:cb00:2048:1::681f:4f84 2400:cb00:2048:1::681f:4f84 Unknown device
747. 2400:cb00:2048:1::681f:5c6e 2400:cb00:2048:1::681f:5c6e Unknown device
748. 2400:cb00:2048:1::681f:5d6e 2400:cb00:2048:1::681f:5d6e Unknown device
749.  
750. 
751. Services
752. ========
753.  
754. host port proto name state info
755. ---- ---- ----- ---- ----- ----
756. 5.45.65.180 21 tcp ftp open
757. 5.45.65.180 22 tcp ssh open SSH-2.0-OpenSSH_6.6
758. 5.45.65.180 80 tcp http open
759. 5.45.65.180 1723 tcp pptp open
760. 5.45.65.180 3306 tcp mysql open
761. 5.45.65.180 8000 tcp http-alt open
762. 5.45.65.180 10000 tcp snet-sensor-mgmt open
763. 5.45.67.72 22 tcp ssh open
764. 5.79.65.33 53 tcp domain open
765. 5.79.65.33 80 tcp http open
766. 5.79.65.33 111 tcp rpcbind open
767. 5.79.65.33 443 tcp https open
768. 5.79.65.33 3306 tcp mysql open
769. 5.255.87.27 22 tcp ssh open SSH-2.0-OpenSSH_5.3
770. 23.38.141.104 80 tcp http open
771. 23.38.141.104 443 tcp https open
772. 46.229.163.113 21 tcp ftp open
773. 46.229.163.113 22 tcp ssh open SSH-2.0-OpenSSH_5.5
774. 46.229.163.113 53 tcp domain open
775. 46.229.163.113 80 tcp http open
776. 46.229.163.113 110 tcp pop3 open
777. 46.229.163.113 111 tcp rpcbind open
778. 46.229.163.113 143 tcp imap open
779. 46.229.163.113 222 tcp rsh-spx open
780. 46.229.163.113 993 tcp imaps open
781. 46.229.163.113 995 tcp pop3s open
782. 46.229.163.113 8080 tcp http-proxy open
783. 46.229.174.6 222 tcp rsh-spx open
784. 51.254.238.68 21 tcp ftp open
785. 51.254.238.68 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
786. 51.254.238.68 53 tcp domain open
787. 51.254.238.68 80 tcp http open
788. 51.254.238.68 443 tcp https open
789. 51.254.238.68 5666 tcp nrpe open
790. 54.85.132.205 80 tcp http open
791. 54.85.132.205 443 tcp https open
792. 72.166.186.169 80 tcp http open
793. 72.166.186.169 443 tcp https open
794. 72.166.186.169 8008 tcp http open
795. 74.208.90.110 21 tcp ftp open
796. 74.208.90.110 22 tcp ssh open SSH-2.0-OpenSSH_5.3
797. 74.208.90.110 53 tcp domain open
798. 74.208.90.110 80 tcp http open
799. 74.208.90.110 110 tcp pop3 open
800. 74.208.90.110 143 tcp imap open
801. 74.208.90.110 443 tcp https open
802. 74.208.90.110 993 tcp imaps open
803. 74.208.90.110 995 tcp pop3s open
804. 74.208.90.110 8443 tcp https-alt open
805. 74.208.90.110 8880 tcp cddbp-alt open
806. 78.140.176.124 21 tcp ftp open
807. 78.140.176.124 80 tcp http open
808. 78.140.176.124 110 tcp pop3 open
809. 78.140.176.124 873 tcp rsync open
810. 78.140.176.124 5666 tcp nrpe open
811. 82.94.188.230 80 tcp http open
812. 82.94.188.230 443 tcp https open
813. 82.94.222.132 80 tcp http open
814. 82.94.222.132 443 tcp https open
815. 82.94.222.132 993 tcp imaps open
816. 82.94.222.132 995 tcp pop3s open
817. 88.80.17.71 80 tcp http open
818. 88.80.17.71 443 tcp https open
819. 88.80.17.71 993 tcp imaps open
820. 88.80.17.71 995 tcp pop3s open
821. 88.80.17.71 8080 tcp http-proxy open
822. 88.80.17.71 32022 tcp unknown open
823. 94.102.48.102 21 tcp ftp open
824. 94.102.48.102 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
825. 94.102.48.102 53 tcp domain open
826. 94.102.48.102 80 tcp http open
827. 94.102.48.102 111 tcp rpcbind open
828. 94.102.49.234 21 tcp ftp open
829. 94.102.49.234 22 tcp ssh open SSH-2.0-OpenSSH_5.1p1 Debian-5
830. 94.102.49.234 80 tcp http open
831. 94.102.49.234 111 tcp rpcbind open
832. 94.102.49.234 222 tcp rsh-spx open
833. 94.102.49.234 3306 tcp mysql open
834. 94.102.49.234 10050 tcp zabbix-agent open
835. 94.125.167.244 21 tcp ftp open
836. 94.125.167.244 53 tcp domain open
837. 94.125.167.244 80 tcp http open
838. 94.125.167.244 110 tcp pop3 open
839. 94.125.167.244 143 tcp imap open
840. 94.125.167.244 443 tcp https open
841. 94.125.167.244 2121 tcp ccproxy-ftp open
842. 95.211.5.91 80 tcp http open
843. 95.211.239.7 22 tcp ssh open SSH-2.0-OpenSSH_5.3
844. 95.213.224.126 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
845. 95.213.224.126 80 tcp http open
846. 96.127.141.228 21 tcp ftp open
847. 96.127.141.228 53 tcp domain open
848. 96.127.141.228 80 tcp http open
849. 96.127.141.228 110 tcp pop3 open
850. 96.127.141.228 111 tcp rpcbind open
851. 96.127.141.228 143 tcp imap open
852. 96.127.141.228 443 tcp https open
853. 96.127.141.228 993 tcp imaps open
854. 96.127.141.228 995 tcp pop3s open
855. 96.127.141.228 1035 tcp multidropper open
856. 96.127.141.228 3306 tcp mysql open
857. 104.18.48.36 80 tcp http open
858. 104.18.48.36 443 tcp https open
859. 104.18.48.36 8080 tcp http-proxy open cloudflare-nginx ( 403-Forbidden )
860. 104.18.48.36 8443 tcp https-alt open
861. 104.18.48.36 8880 tcp cddbp-alt open
862. 104.18.49.36 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
863. 104.20.44.57 80 tcp http open
864. 104.20.44.57 443 tcp https open
865. 104.20.44.57 8080 tcp http-proxy open
866. 104.20.44.57 8443 tcp https-alt open
867. 104.20.44.57 8880 tcp cddbp-alt open
868. 104.24.98.180 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
869. 104.24.99.180 80 tcp http open
870. 104.24.99.180 443 tcp https open
871. 104.24.99.180 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
872. 104.24.99.180 8443 tcp https-alt open
873. 104.24.99.180 8880 tcp cddbp-alt open
874. 104.25.189.118 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
875. 104.25.190.118 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
876. 104.27.146.239 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
877. 104.27.147.239 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
878. 104.27.148.138 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
879. 104.27.149.138 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
880. 104.27.149.138 8443 tcp https-alt open
881. 104.27.149.138 8880 tcp cddbp-alt open
882. 104.27.154.73 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
883. 104.27.155.73 80 tcp http open
884. 104.27.155.73 443 tcp https open
885. 104.27.155.73 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
886. 104.27.155.73 8443 tcp https-alt open
887. 104.27.155.73 8880 tcp cddbp-alt open
888. 104.27.159.2 80 tcp http open
889. 104.27.159.2 443 tcp https open
890. 104.27.159.2 8080 tcp http-proxy open
891. 104.27.159.2 8443 tcp https-alt open
892. 104.27.159.2 8880 tcp cddbp-alt open
893. 104.28.16.8 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
894. 104.28.16.38 80 tcp http open
895. 104.28.16.38 443 tcp https open
896. 104.28.16.38 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
897. 104.28.16.38 8443 tcp https-alt open
898. 104.28.16.38 8880 tcp cddbp-alt open
899. 104.28.17.8 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
900. 104.28.17.38 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
901. 104.31.74.118 80 tcp http open
902. 104.31.74.118 443 tcp https open
903. 104.31.74.118 8080 tcp http-proxy open
904. 104.31.74.118 8443 tcp https-alt open
905. 104.31.74.118 8880 tcp cddbp-alt open
906. 104.31.78.132 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
907. 104.31.79.132 80 tcp http open
908. 104.31.79.132 443 tcp https open
909. 104.31.79.132 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
910. 104.31.79.132 8443 tcp https-alt open
911. 104.31.79.132 8880 tcp cddbp-alt open
912. 104.31.92.110 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
913. 104.31.93.110 80 tcp http open
914. 104.31.93.110 443 tcp https open
915. 104.31.93.110 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
916. 104.31.93.110 8443 tcp https-alt open
917. 104.31.93.110 8880 tcp cddbp-alt open
918. 104.196.229.229 80 tcp http open
919. 104.196.229.229 443 tcp https open
920. 104.196.229.229 2222 tcp ethernetip-1 open
921. 137.200.4.16 80 tcp http open
922. 137.200.4.16 443 tcp https open
923. 147.237.1.133 80 tcp http open
924. 147.237.77.108 80 tcp http open
925. 178.32.123.64 22 tcp ssh open SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
926. 185.17.120.155 22 tcp ssh open SSH-2.0-OpenSSH_7.4
927. 185.17.120.155 80 tcp http open
928. 185.82.202.39 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
929. 185.82.202.39 80 tcp http open
930. 185.112.82.253 22 tcp ssh open SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
931. 185.112.82.253 53 tcp domain open
932. 185.112.82.253 80 tcp http open
933. 185.112.82.253 111 tcp rpcbind open
934. 185.112.82.253 443 tcp https open
935. 185.112.82.253 8333 tcp bitcoin open
936. 185.174.172.177 22 tcp ssh open SSH-2.0-OpenSSH_7.4
937. 185.174.172.177 80 tcp http open
938. 192.169.188.31 53 tcp domain open
939. 192.169.188.31 80 tcp http open
940. 192.169.188.31 443 tcp https open
941. 192.169.188.31 993 tcp imaps open
942. 192.243.48.235 21 tcp ftp open
943. 192.243.48.235 22 tcp ssh open SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
944. 192.243.48.235 80 tcp http open
945. 192.243.48.235 222 tcp rsh-spx open
946. 193.189.143.34 80 tcp http open
947. 193.189.143.34 443 tcp https open
948. 206.188.192.153 21 tcp ftp open
949. 206.188.192.153 22 tcp ssh open
950. 206.188.192.153 80 tcp http open
951. 206.188.192.153 443 tcp https open
952. 2400:cb00:2048:1::6812:3024 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
953. 2400:cb00:2048:1::6812:3124 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
954. 2400:cb00:2048:1::6818:62b4 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
955. 2400:cb00:2048:1::6818:63b4 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
956. 2400:cb00:2048:1::6819:bd76 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
957. 2400:cb00:2048:1::6819:be76 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
958. 2400:cb00:2048:1::681b:92ef 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
959. 2400:cb00:2048:1::681b:93ef 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
960. 2400:cb00:2048:1::681b:948a 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
961. 2400:cb00:2048:1::681b:958a 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
962. 2400:cb00:2048:1::681b:9a49 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
963. 2400:cb00:2048:1::681b:9b49 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
964. 2400:cb00:2048:1::681c:1008 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
965. 2400:cb00:2048:1::681c:1026 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
966. 2400:cb00:2048:1::681c:1108 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
967. 2400:cb00:2048:1::681c:1126 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
968. 2400:cb00:2048:1::681f:4e84 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
969. 2400:cb00:2048:1::681f:4f84 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
970. 2400:cb00:2048:1::681f:5c6e 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
971. 2400:cb00:2048:1::681f:5d6e 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
972. ######################################################################################################################################
973. Nom de l'hôte www.data.gov FAI Inconnu
974. Continent Inconnu Drapeau
975. US
976. Pays Etats-Unis d'Amérique Code du pays US
977. Région Inconnu Heure locale 10 Dec 2017 11:21 CST
978. Ville Inconnu Latitude 37.751
979. Adresse IP (IPv6) 2600:1400:a:18b::1f36 Longitude -97.822
980. ######################################################################################################################################
981. [i] Scanning Site: https://data.gov
982.  
983.  
984.  
985. B A S I C I N F O
986. ====================
987.  
988.  
989. [+] Site Title: Data.gov
990. [+] IP address: 34.193.244.109
991. [+] Web Server: Could Not Detect
992. [+] CMS: Could Not Detect
993. [+] Cloudflare: Not Detected
994. [+] Robots File: Found
995.  
996. -------------[ contents ]----------------
997. # Hello robots!
998. # For information on crawling the data.gov data catalog, see http://data.gov/developers/harvesting
999.  
1000. User-agent: *
1001. Allow: /
1002.  
1003. # Disallow these directories, url types & file-types
1004. Disallow: /cgi-bin
1005. Disallow: /wp-admin/
1006. Disallow: /wp-includes/
1007. Disallow: /wp-content/
1008. Disallow: /search/*/feed
1009. Disallow: /search/*/*
1010. Disallow: /readme.html
1011. Disallow: /license.txt
1012. Disallow: /*?*
1013. Disallow: /*?
1014. Disallow: /*.php$
1015. Disallow: /*.js$
1016. Disallow: /*.inc$
1017. Disallow: /*.css$
1018. Disallow: /*.gz$
1019. Disallow: /*.wmv$
1020. Disallow: /*.cgi$
1021. Disallow: /*.xhtml$
1022. Allow: /wp-content/uploads/
1023. Allow: /wp-content/media/
1024. Allow: /*?page=*
1025.  
1026. User-agent: Mediapartners-Google
1027. Allow: /
1028.  
1029. User-agent: Adsbot-Google
1030. Allow: /
1031.  
1032. User-agent: Googlebot-Image
1033. Allow: /
1034.  
1035. User-agent: Googlebot-Mobile
1036. Allow: /
1037.  
1038. Sitemap: http://data.gov/sitemap.xml
1039. -----------[end of contents]-------------
1040.  
1041.  
1042.  
1043. W H O I S L O O K U P
1044. ========================
1045.  
1046. % DOTGOV WHOIS Server ready
1047. Domain Name: DATA.GOV
1048. Status: ACTIVE
1049.  
1050. >>> Last update of whois database: 2017-12-10T17:26:14Z <<<
1051. Please be advised that this whois server only contains information pertaining
1052. to the .GOV domain. For information for other domains please use the whois
1053. server at RS.INTERNIC.NET.
1054.  
1055.  
1056.  
1057.  
1058. G E O I P L O O K U P
1059. =========================
1060.  
1061. [i] IP Address: 34.193.244.109
1062. [i] Country: US
1063. [i] State: Virginia
1064. [i] City: Ashburn
1065. [i] Latitude: 39.048100
1066. [i] Longitude: -77.472801
1067.  
1068.  
1069.  
1070.  
1071. H T T P H E A D E R S
1072. =======================
1073.  
1074.  
1075. [i] HTTP/1.1 302 Found
1076. [i] Date: Sun, 10 Dec 2017 17:26:33 GMT
1077. [i] Content-Type: text/html; charset=UTF-8
1078. [i] Connection: close
1079. [i] Location: https://www.data.gov/
1080. [i] Cache-Control: max-age=0, no-cache, no-store, must-revalidate
1081. [i] Pragma: no-cache
1082. [i] X-XSS-Protection: 1; mode=block
1083. [i] X-Content-Type-Options: nosniff
1084. [i] Access-Control-Allow-Origin: *
1085. [i] Access-Control-Allow-Methods: POST, PUT, GET, DELETE, OPTIONS
1086. [i] Referrer-Policy: origin
1087. [i] X-Frame-Options: SAMEORIGIN
1088. [i] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
1089. [i] Set-Cookie: PHPSESSID=j7l0ejnkp10op1gltae35midj5; Path=/; Secure; HttpOnly
1090. [i] Set-Cookie: citrix_ns_id=Q5sYDqWVLs+ABdm5+sVgZyjg8PA0001; Domain=.data.gov; Path=/; Secure; HttpOnly
1091. [i] Set-Cookie: citrix_ns_id_.data.gov_%2F_wat=AAAAAAX1B2ImWYT4riCwdjmyKiU2bHOi94HaaCmUrD2N80q0mI6gYDke-hfUzfgHgweNYZ_93g3VSkbe9FCCu1O60kwE&; Domain=.data.gov; Path=/; Secure; HttpOnly
1092. [i] Expires: Mon, 26 Jul 1997 05:00:00 GMT
1093. [i] HTTP/1.0 200 OK
1094. [i] Content-Type: text/html; charset=UTF-8
1095. [i] X-Pingback: https://www.data.gov/wp/xmlrpc.php
1096. [i] Link: <https://www.data.gov/wp-json/>; rel="https://api.w.org/"
1097. [i] Link: <https://www.data.gov/>; rel=shortlink
1098. [i] X-TEC-API-VERSION: v1
1099. [i] X-TEC-API-ROOT: https://www.data.gov/wp-json/tribe/events/v1/
1100. [i] X-TEC-API-ORIGIN: https://www.data.gov
1101. [i] Pragma: no-cache
1102. [i] X-XSS-Protection: 1; mode=block
1103. [i] X-Content-Type-Options: nosniff
1104. [i] Access-Control-Allow-Origin: *
1105. [i] Access-Control-Allow-Methods: POST, PUT, GET, DELETE, OPTIONS
1106. [i] Referrer-Policy: origin
1107. [i] X-Frame-Options: SAMEORIGIN
1108. [i] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
1109. [i] Content-Length: 45666
1110. [i] Cache-Control: must-revalidate, max-age=900
1111. [i] Date: Sun, 10 Dec 2017 17:26:41 GMT
1112. [i] Connection: close
1113.  
1114.  
1115.  
1116.  
1117. D N S L O O K U P
1118. ===================
1119.  
1120. data.gov. 3599 IN SOA dns.gsa.gov. hostmaster.gsa.gov. 530976538 3600 180 1209600 3600
1121. data.gov. 3599 IN RRSIG SOA 8 2 3600 20171229132857 20171129132357 51550 data.gov. CfohIYs2zzctF5bBdDutb1QBbKZn9hFcd+lFX+PhyKoC5C//7NPQCr/z evAxRlzcyXF1CUQ9GDcKczEz/pa24MGFIPk1M4SaBPZIK/orCL0+Ypnu LxHS9kyQXetk2OKV9eKa8DZTrfXrlyvCOFORy/YyUvxHzDrASsMyITxW YeI=
1122. data.gov. 3599 IN NS dns3.gsa.gov.
1123. data.gov. 3599 IN NS dns2.gsa.gov.
1124. data.gov. 3599 IN NS dns4.gsa.gov.
1125. data.gov. 3599 IN NS dns5.gsa.gov.
1126. data.gov. 3599 IN NS dns.gsa.gov.
1127. data.gov. 3599 IN RRSIG NS 8 2 3600 20171229132857 20171129132357 51550 data.gov. Ru3R0W7K9icN6GhjhAuFW8r7iyQLCKexPOjqI7auNFAqjU2SLQU7M9q3 WEAFT/cgFSQ6yHx1trwT/LZIatYZGZJMV13E1uBoLTZa8vScWIs2YOw1 vjsLf0nQtSluXzZU4aTG2uRUeZWFebXlV/JOGSAoKiew404KtJInMN3K lls=
1128. data.gov. 299 IN A 34.193.244.109
1129. data.gov. 299 IN RRSIG A 8 2 300 20171229132857 20171129132357 51550 data.gov. dzszoutoI1XOk93ufBz2Unh3tI5vbVQyS8HFs4TNPrZvVtwW4RVpL3xs XZxIipo+2+qU8TsMHgP8COJt9YKHUazE+2bHYrnmckdhWSMNBVqkO0sV x3JM0b4T2RjtemBlBiDf3E9VuU2TY/Fot/NKlANlD0OoLMmpeDJDuaQj +N8=
1130. data.gov. 3599 IN MX 10 phx-smt-03.data.gov.
1131. data.gov. 3599 IN MX 30 phl-smt-04.data.gov.
1132. data.gov. 3599 IN RRSIG MX 8 2 3600 20171229132857 20171129132357 51550 data.gov. hFJMYWOkqhsm3TSFPW5JMVo5gMNi4Cv7/UQB/sfFV9eBpyu00oRW0DHW KNQOg3PsvacJ+cQYyQVFyjIUEFM/EHIXhIryGXDIsgc+uuUfhW1wGp1S B2ljnJWasAH7YKd8CXsejwrhPWuz02VwvpKHpotdMsR23FKD1Ox29Dyg n24=
1133. data.gov. 3599 IN TXT "v=spf1 mx ptr mx:phx-smt-03.cgipdc.com mx:phl-smt-04.cgipdc.com ip4:216.128.240.144/32 ip4:173.252.148.16/32 ~all"
1134. data.gov. 3599 IN RRSIG TXT 8 2 3600 20171229132857 20171129132357 51550 data.gov. ayloQ39rDf43AmoSHp6BKvSDfjamhMQeOioqZxnD52hcBHBz5TpWwUfN ne3X5q5i0qf0jH2Q/E98hOtXmW0/c0nvoPUiKMGdzx3e069Iv/TISNg9 qG9HSYm4mrp1kyW1x67p/Gz16hmhBbX/w1px1ZRoJGm6mu2x8F9LpPGc o9s=
1135. data.gov. 3599 IN DNSKEY 257 3 8 AwEAAZkYJ+gN/O+pAiHqRAzhJZgV/i36fqpHHoc8CxQEuvhSV4Zau4lD fc8CcHrbsT8ZzR0jB64fqmRStgQGh4DodiZYs8bIipeoAGkHHMFVyWrE bp1eFW3chhUoZ06iB3dLbj2710WyrSYjvvVPmPnZAv/m4LXPQa1xWaKZ 9IRtXuq1
1136. data.gov. 3599 IN DNSKEY 256 3 8 AwEAAbi1Zmr9cPmGjJdkwLfnYfR3LEXz5pLm/GWM2F9MQj23nQzD3dqP E8MU8L/5VzdJ3GlAQeoVf/rmdQ/jAn/rfHdVD+KVLsV7oecn1WQ2W6PS sX+3sRWAjHw0jfgFHU9ElU6Z9eYUd3mvGcRBIoIQ/ZJan8xmTKS4PC5c LAG/Y3Pt
1137. data.gov. 3599 IN RRSIG DNSKEY 8 2 3600 20171229132857 20171129132357 14054 data.gov. Jq7ri0oEz9ppzE9d+ybfEwAwJqJUTv61ZXerkZhSbObllJ/cnVYCBdQr h+ZzWmYD5B+e7gM8sEOyzKoI+Knyr/z8GRf1jPLCSkguakERrtvgPk5f qgWZYNBE+1DNCfHF7XomxANhWui9nFMMdWapgRQsOaQRxnOVoeQ+7bAl 95Y=
1138. data.gov. 3599 IN RRSIG DNSKEY 8 2 3600 20171229132857 20171129132357 51550 data.gov. ByjgCmRZc2Ni8G8o8BRr1kRnvE7nGHZXvC7Wriw4muPVPNJsBw0EkRqs 9/2h8YoFnHGHD8b/RgxsZW7h6uD5+yXcweS/2seR/WeSEpFtCNmpaH3X Hz/YynQHZ8MMsAIqjxO1iqv7xzfCLOk97VUiWVrLkSwUKk1My8Gp4FZa MvQ=
1139. data.gov. 0 IN NSEC3PARAM 1 0 10 -
1140. data.gov. 0 IN RRSIG NSEC3PARAM 8 2 0 20171229132857 20171129132357 51550 data.gov. i2IdmJGXa3Bp82WKFrtuCN8CEIXdaIc/Kdyn2iklVjjmRCKeukToR9KN ZEEZNZgKxW4wI4JrCoXOabMz8DZlvcrCx+s3hZVOjnS69eLwtw7Tm7jw G5INsdZKdxEUYK9cN6F6pCUUk2/QU5Gg3ivHu+3Ugt30tVzdBjHA5iof kdI=
1141. data.gov. 3599 IN SPF "v=spf1" "mx" "ptr" "mx:phx-smt-03.cgipdc.com" "mx:phl-smt-04.cgipdc.com" "ip4:216.128.240.144/32" "ip4:173.252.148.16/32" "~all"
1142. data.gov. 3599 IN RRSIG SPF 8 2 3600 20171229132857 20171129132357 51550 data.gov. YHwrqDPk0MdDTGfEW3JZZkIM8SqDe062tbCPbuM2FjnAkyK3pbH9jU2p HNeyzi2e2C4u1YOeXLlbqXehtRAD/tTog1ZAO/mOdN3IHX+WJVnp9j1O FBLl2vBlBU+xN3t6gvPaEPieV7uGHrNU6A/Hzyy0CzyVe/ljijTbO/o/ Wok=
1143.  
1144.  
1145.  
1146.  
1147. S U B N E T C A L C U L A T I O N
1148. ====================================
1149.  
1150. Address = 34.193.244.109
1151. Network = 34.193.244.109 / 32
1152. Netmask = 255.255.255.255
1153. Broadcast = not needed on Point-to-Point links
1154. Wildcard Mask = 0.0.0.0
1155. Hosts Bits = 0
1156. Max. Hosts = 1 (2^0 - 0)
1157. Host Range = { 34.193.244.109 - 34.193.244.109 }
1158.  
1159.  
1160.  
1161. N M A P P O R T S C A N
1162. ============================
1163.  
1164.  
1165. Starting Nmap 7.01 ( https://nmap.org ) at 2017-12-10 17:27 UTC
1166. Nmap scan report for data.gov (34.193.244.109)
1167. Host is up (0.0031s latency).
1168. rDNS record for 34.193.244.109: ec2-34-193-244-109.compute-1.amazonaws.com
1169. PORT STATE SERVICE VERSION
1170. 21/tcp filtered ftp
1171. 22/tcp filtered ssh
1172. 23/tcp filtered telnet
1173. 25/tcp filtered smtp
1174. 80/tcp open http?
1175. 110/tcp filtered pop3
1176. 143/tcp filtered imap
1177. 443/tcp open ssl/https?
1178. 445/tcp filtered microsoft-ds
1179. 3389/tcp filtered ms-wbt-server
1180. 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at
1181.  
1182. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1183. Nmap done: 1 IP address (1 host up) scanned in 18.88 seconds
1184.  
1185.  
1186.  
1187. S U B - D O M A I N F I N D E R
1188. ==================================
1189.  
1190.  
1191. [i] Total Subdomains Found : 9
1192.  
1193. [+] Subdomain: phxsmt-03.data.gov
1194. [-] IP: 216.128.240.144
1195.  
1196. [+] Subdomain: phlsmt-04.data.gov
1197. [-] IP: 173.252.148.16
1198.  
1199. [+] Subdomain: api.data.gov
1200. [-] IP: 52.4.121.208
1201.  
1202. [+] Subdomain: nal.usda.domains.api.data.gov
1203. [-] IP: 52.22.156.172
1204.  
1205. [+] Subdomain: apiusa-gov.domains.api.data.gov
1206. [-] IP: 52.22.156.172
1207.  
1208. [+] Subdomain: developernrel-gov.domains.api.data.gov
1209. [-] IP: 52.22.190.82
1210.  
1211. [+] Subdomain: apinps-gov.domains.api.data.gov
1212. [-] IP: 52.22.156.172
1213.  
1214. [+] Subdomain: developernps-gov.domains.api.data.gov
1215. [-] IP: 52.22.156.172
1216.  
1217. [+] Subdomain: smallbusiness.data.gov
1218. [-] IP: 63.236.110.157
1219.  
1220.  
1221.  
1222.  
1223.  
1224. R E V E R S E I P L O O K U P
1225. ==================================
1226.  
1227.  
1228. [i] Total Sites Found On This Server : 0
1229.  
1230. [!] IP Address : 23.9.106.52
1231. [!] CMS Detected : WordPress
1232. [?] Would you like to use WPScan? [Y/n] y
1233. _______________________________________________________________
1234. __ _______ _____
1235. \ \ / / __ \ / ____|
1236. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
1237. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
1238. \ /\ / | | ____) | (__| (_| | | | |
1239. \/ \/ |_| |_____/ \___|\__,_|_| |_|
1240.  
1241. WordPress Security Scanner by the WPScan Team
1242. Version 2.9.3
1243. Sponsored by Sucuri - https://sucuri.net
1244. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
1245. _______________________________________________________________
1246.  
1247. [i] The remote host tried to redirect to: https://www.data.gov/
1248. [?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]Y
1249. [+] URL: https://www.data.gov/
1250. [+] Started: Sun Dec 10 12:48:10 2017
1251.  
1252. [+] robots.txt available under: 'https://www.data.gov/robots.txt'
1253. [+] Interesting entry from robots.txt: https://www.data.gov/cgi-bin
1254. [+] Interesting entry from robots.txt: https://www.data.gov/search/*/feed
1255. [+] Interesting entry from robots.txt: https://www.data.gov/search/*/*
1256. [+] Interesting entry from robots.txt: https://www.data.gov/readme.html
1257. [+] Interesting entry from robots.txt: https://www.data.gov/license.txt
1258. [+] Interesting entry from robots.txt: /*?*
1259. [+] Interesting entry from robots.txt: /*?
1260. [+] Interesting entry from robots.txt: https://www.data.gov/*.php$
1261. [+] Interesting entry from robots.txt: https://www.data.gov/*.js$
1262. [+] Interesting entry from robots.txt: https://www.data.gov/*.inc$
1263. [+] Interesting entry from robots.txt: https://www.data.gov/*.css$
1264. [+] Interesting entry from robots.txt: https://www.data.gov/*.gz$
1265. [+] Interesting entry from robots.txt: https://www.data.gov/*.wmv$
1266. [+] Interesting entry from robots.txt: https://www.data.gov/*.cgi$
1267. [+] Interesting entry from robots.txt: https://www.data.gov/*.xhtml$
1268. [+] Interesting entry from robots.txt: https://www.data.gov/wp-content/uploads/
1269. [+] Interesting entry from robots.txt: https://www.data.gov/wp-content/media/
1270. [+] Interesting entry from robots.txt: /*?page=*
1271. [+] Interesting header: ACCESS-CONTROL-ALLOW-METHODS: POST, PUT, GET, DELETE, OPTIONS
1272. [+] Interesting header: ACCESS-CONTROL-ALLOW-ORIGIN: *
1273. [+] Interesting header: LINK: <https://www.data.gov/wp-json/>; rel="https://api.w.org/"
1274. [+] Interesting header: LINK: <https://www.data.gov/>; rel=shortlink
1275. [+] Interesting header: REFERRER-POLICY: origin
1276. [+] Interesting header: STRICT-TRANSPORT-SECURITY: max-age=31536000; includeSubDomains; preload
1277. [+] Interesting header: X-CONTENT-TYPE-OPTIONS: nosniff
1278. [+] Interesting header: X-FRAME-OPTIONS: SAMEORIGIN
1279. [+] Interesting header: X-TEC-API-ORIGIN: https://www.data.gov
1280. [+] Interesting header: X-TEC-API-ROOT: https://www.data.gov/wp-json/tribe/events/v1/
1281. [+] Interesting header: X-TEC-API-VERSION: v1
1282. [+] Interesting header: X-XSS-PROTECTION: 1; mode=block
1283. [+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
1284.  
1285. [+] WordPress version 4.9 (Released on 2017-11-15) identified from stylesheets numbers
1286. [!] 4 vulnerabilities identified from the version number
1287.  
1288. [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
1289. Reference: https://wpvulndb.com/vulnerabilities/8966
1290. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1291. Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
1292. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
1293. [i] Fixed in: 4.9.1
1294.  
1295. [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
1296. Reference: https://wpvulndb.com/vulnerabilities/8967
1297. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1298. Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
1299. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
1300. [i] Fixed in: 4.9.1
1301.  
1302. [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
1303. Reference: https://wpvulndb.com/vulnerabilities/8968
1304. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1305. Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
1306. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
1307. [i] Fixed in: 4.9.1
1308.  
1309. [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
1310. Reference: https://wpvulndb.com/vulnerabilities/8969
1311. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1312. Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
1313. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
1314. [i] Fixed in: 4.9.1
1315.  
1316. [+] Enumerating plugins from passive detection ...
1317. | 9 plugins found:
1318.  
1319. [+] Name: contact-form-7 - v4.9.1
1320. | Latest version: 4.9.1 (up to date)
1321. | Last updated: 2017-10-31T09:39:00.000Z
1322. | Location: https://www.data.gov/app/plugins/contact-form-7/
1323. | Readme: https://www.data.gov/app/plugins/contact-form-7/readme.txt
1324.  
1325. [+] Name: custom-post-view-generator - v0.4.5
1326. | Last updated: 2014-08-31T22:11:00.000Z
1327. | Location: https://www.data.gov/app/plugins/custom-post-view-generator/
1328. | Readme: https://www.data.gov/app/plugins/custom-post-view-generator/readme.txt
1329. [!] The version is out of date, the latest version is 0.4.6
1330.  
1331. [+] Name: google-analyticator - v6.5.4
1332. | Latest version: 6.5.4 (up to date)
1333. | Last updated: 2017-07-18T21:32:00.000Z
1334. | Location: https://www.data.gov/app/plugins/google-analyticator/
1335. | Readme: https://www.data.gov/app/plugins/google-analyticator/readme.txt
1336.  
1337. [+] Name: m-wp-popup - v1.0
1338. | Last updated: 2017-09-16T19:52:00.000Z
1339. | Location: https://www.data.gov/app/plugins/m-wp-popup/
1340. | Readme: https://www.data.gov/app/plugins/m-wp-popup/readme.txt
1341. [!] The version is out of date, the latest version is 1.3
1342.  
1343. [+] Name: si-captcha-for-wordpress - v3.0.2
1344. | Latest version: 3.0.2 (up to date)
1345. | Last updated: 2017-07-28T00:18:00.000Z
1346. | Location: https://www.data.gov/app/plugins/si-captcha-for-wordpress/
1347. | Readme: https://www.data.gov/app/plugins/si-captcha-for-wordpress/readme.txt
1348.  
1349. [+] Name: simple-tooltips - v2.1.3
1350. | Latest version: 2.1.3 (up to date)
1351. | Last updated: 2016-04-21T19:43:00.000Z
1352. | Location: https://www.data.gov/app/plugins/simple-tooltips/
1353. | Readme: https://www.data.gov/app/plugins/simple-tooltips/readme.txt
1354.  
1355. [+] Name: the-events-calendar - v4.6.6
1356. | Last updated: 2017-12-07T18:38:00.000Z
1357. | Location: https://www.data.gov/app/plugins/the-events-calendar/
1358. | Readme: https://www.data.gov/app/plugins/the-events-calendar/readme.txt
1359. [!] The version is out of date, the latest version is 4.6.7
1360.  
1361. [+] Name: wp-open311
1362. | Location: https://www.data.gov/app/plugins/wp-open311/
1363.  
1364. [+] Name: wordpress-seo - v4.9
1365. | Last updated: 2017-12-05T11:24:00.000Z
1366. | Location: https://www.data.gov/app/plugins/wordpress-seo/
1367. | Readme: https://www.data.gov/app/plugins/wordpress-seo/readme.txt
1368. [!] The version is out of date, the latest version is 5.9.1
1369.  
1370. [!] Title: Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS)
1371. Reference: https://wpvulndb.com/vulnerabilities/8960
1372. Reference: https://plugins.trac.wordpress.org/changeset/1766831/wordpress-seo/trunk/admin/google_search_console/class-gsc-table.php
1373. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16842
1374. [i] Fixed in: 5.8
1375.  
1376. [+] Finished: Sun Dec 10 12:50:18 2017
1377. [+] Requests Done: 388
1378. [+] Memory used: 144.988 MB
1379. [+] Elapsed time: 00:02:07
1380. [+] Honeypot Probabilty: 0%
1381. ----------------------------------------
1382. [+] Robots.txt retrieved
1383. User-agent: *
1384. Disallow: /wp/wp-admin/
1385. Allow: /wp/wp-admin/admin-ajax.php
1386.  
1387. ----------------------------------------
1388. PORT STATE SERVICE VERSION
1389. 21/tcp filtered ftp
1390. 22/tcp filtered ssh
1391. 23/tcp filtered telnet
1392. 25/tcp filtered smtp
1393. 80/tcp open http AkamaiGHost (Akamais HTTP Acceleration/Mirror service)
1394. 110/tcp filtered pop3
1395. 143/tcp filtered imap
1396. 443/tcp open ssl/http AkamaiGHost (Akamais HTTP Acceleration/Mirror service)
1397. 445/tcp filtered microsoft-ds
1398. 3389/tcp filtered ms-wbt-server
1399. ----------------------------------------
1400.  
1401. [+] DNS Records
1402.  
1403. [+] Host Records (A)
1404. www.data.govHTTP: (a96-6-50-248.deploy.akamaitechnologies.com) (96.6.50.248) AS20940 Akamai International B.V. United States
1405.  
1406. [+] TXT Records
1407.  
1408. [+] DNS Map: https://dnsdumpster.com/static/map/www.data.gov.png
1409.  
1410. [>] Initiating 3 intel modules
1411. [>] Loading Alpha module (1/3)
1412. [>] Beta module deployed (2/3)
1413. [>] Gamma module initiated (3/3)
1414. No emails found
1415. No hosts found
1416. [+] Virtual hosts:
1417. -----------------
1418. [>] Crawling the target for fuzzable URLs
1419.  
1420. #
1421. # ARIN WHOIS data and services are subject to the Terms of Use
1422. # available at: https://www.arin.net/whois_tou.html
1423. #
1424. # If you see inaccuracies in the results, please report at
1425. # https://www.arin.net/public/whoisinaccuracy/index.xhtml
1426. #
1427.  
1428.  
1429. #
1430. # The following results may also be obtained via:
1431. # https://whois.arin.net/rest/nets;q=34.193.244.109?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
1432. #
1433.  
1434. NetRange: 34.192.0.0 - 34.255.255.255
1435. CIDR: 34.192.0.0/10
1436. NetName: AT-88-Z
1437. NetHandle: NET-34-192-0-0-1
1438. Parent: NET34 (NET-34-0-0-0-0)
1439. NetType: Direct Allocation
1440. OriginAS:
1441. Organization: Amazon Technologies Inc. (AT-88-Z)
1442. RegDate: 2016-09-12
1443. Updated: 2016-09-12
1444. Ref: https://whois.arin.net/rest/net/NET-34-192-0-0-1
1445.  
1446.  
1447.  
1448. OrgName: Amazon Technologies Inc.
1449. OrgId: AT-88-Z
1450. Address: 410 Terry Ave N.
1451. City: Seattle
1452. StateProv: WA
1453. PostalCode: 98109
1454. Country: US
1455. RegDate: 2011-12-08
1456. Updated: 2017-01-28
1457. Comment: All abuse reports MUST include:
1458. Comment: * src IP
1459. Comment: * dest IP (your IP)
1460. Comment: * dest port
1461. Comment: * Accurate date/timestamp and timezone of activity
1462. Comment: * Intensity/frequency (short log extracts)
1463. Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
1464. Ref: https://whois.arin.net/rest/org/AT-88-Z
1465.  
1466.  
1467. OrgNOCHandle: AANO1-ARIN
1468. OrgNOCName: Amazon AWS Network Operations
1469. OrgNOCPhone: +1-206-266-4064
1470. OrgNOCEmail: amzn-noc-contact@amazon.com
1471. OrgNOCRef: https://whois.arin.net/rest/poc/AANO1-ARIN
1472.  
1473. OrgAbuseHandle: AEA8-ARIN
1474. OrgAbuseName: Amazon EC2 Abuse
1475. OrgAbusePhone: +1-206-266-4064
1476. OrgAbuseEmail: abuse@amazonaws.com
1477. OrgAbuseRef: https://whois.arin.net/rest/poc/AEA8-ARIN
1478.  
1479. OrgTechHandle: ANO24-ARIN
1480. OrgTechName: Amazon EC2 Network Operations
1481. OrgTechPhone: +1-206-266-4064
1482. OrgTechEmail: amzn-noc-contact@amazon.com
1483. OrgTechRef: https://whois.arin.net/rest/poc/ANO24-ARIN
1484.  
1485.  
1486. #
1487. # ARIN WHOIS data and services are subject to the Terms of Use
1488. # available at: https://www.arin.net/whois_tou.html
1489. #
1490. # If you see inaccuracies in the results, please report at
1491. # https://www.arin.net/public/whoisinaccuracy/index.xhtml
1492. #[92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
1493. Server: 2001:568:ff09:10c::53
1494. Address: 2001:568:ff09:10c::53#53
1495.  
1496. Non-authoritative answer:
1497. Name: investinisrael.gov.il
1498. Address: 147.237.1.133
1499.  
1500. investinisrael.gov.il has address 147.237.1.133
1501.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
1502.  
1503. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
1504.  
1505. [+] Target is investinisrael.gov.il
1506. [+] Loading modules.
1507. [+] Following modules are loaded:
1508. [x] [1] ping:icmp_ping - ICMP echo discovery module
1509. [x] [2] ping:tcp_ping - TCP-based ping discovery module
1510. [x] [3] ping:udp_ping - UDP-based ping discovery module
1511. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
1512. [x] [5] infogather:portscan - TCP and UDP PortScanner
1513. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
1514. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
1515. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
1516. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
1517. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
1518. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
1519. [x] [12] fingerprint:smb - SMB fingerprinting module
1520. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
1521. [+] 13 modules registered
1522. [+] Initializing scan engine
1523. [+] Running scan engine
1524. [-] ping:tcp_ping module: no closed/open TCP ports known on 147.237.1.133. Module test failed
1525. [-] ping:udp_ping module: no closed/open UDP ports known on 147.237.1.133. Module test failed
1526. [-] No distance calculation. 147.237.1.133 appears to be dead or no ports known
1527. [+] Host: 147.237.1.133 is down (Guess probability: 0%)
1528. [+] Cleaning up scan engine
1529. [+] Modules deinitialized
1530. [+] Execution completed.
1531.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
1532.  
1533. % The data in the WHOIS database of the .il registry is provided
1534. % by ISOC-IL for information purposes, and to assist persons in
1535. % obtaining information about or related to a domain name
1536. % registration record. ISOC-IL does not guarantee its accuracy.
1537. % By submitting a WHOIS query, you agree that you will use this
1538. % Data only for lawful purposes and that, under no circumstances
1539. % will you use this Data to: (1) allow, enable, or otherwise
1540. % support the transmission of mass unsolicited, commercial
1541. % advertising or solicitations via e-mail (spam);
1542. % or (2) enable high volume, automated, electronic processes that
1543. % apply to ISOC-IL (or its systems).
1544. % ISOC-IL reserves the right to modify these terms at any time.
1545. % By submitting this query, you agree to abide by this policy.
1546.  
1547. % No data was found to match the request criteria.
1548.  
1549.  
1550. % Rights to the data above are restricted by copyright.
1551.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
1552.  
1553. *******************************************************************
1554. * *
1555. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
1556. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
1557. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
1558. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
1559. * *
1560. * TheHarvester Ver. 2.7 *
1561. * Coded by Christian Martorella *
1562. * Edge-Security Research *
1563. * cmartorella@edge-security.com *
1564. *******************************************************************
1565.  
1566.  
1567. [-] Searching in Bing:
1568. Searching 50 results...
1569. Searching 100 results...
1570.  
1571.  
1572. [+] Emails found:
1573. ------------------
1574. No emails found
1575.  
1576. [+] Hosts found in search engines:
1577. ------------------------------------
1578. [-] Resolving hostnames IPs...
1579. 147.237.1.133:www.investinisrael.gov.il
1580.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
1581.  
1582. ; <<>> DiG 9.11.2-4-Debian <<>> -x investinisrael.gov.il
1583. ;; global options: +cmd
1584. ;; Got answer:
1585. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45129
1586. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
1587.  
1588. ;; OPT PSEUDOSECTION:
1589. ; EDNS: version: 0, flags:; udp: 4096
1590. ;; QUESTION SECTION:
1591. ;il.gov.investinisrael.in-addr.arpa. IN PTR
1592.  
1593. ;; AUTHORITY SECTION:
1594. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102477 1800 900 604800 3600
1595.  
1596. ;; Query time: 398 msec
1597. ;; SERVER: 2001:568:ff09:10c::53#53(2001:568:ff09:10c::53)
1598. ;; WHEN: Sun Dec 10 15:37:51 EST 2017
1599. ;; MSG SIZE rcvd: 131
1600.  
1601. dnsenum VERSION:1.2.4
1602. 
1603. ----- investinisrael.gov.il -----
1604. 
1605.  
1606. Host's addresses:
1607. __________________
1608.  
1609. investinisrael.gov.il. 517 IN A 147.237.1.133
1610. 
1611.  
1612. Name Servers:
1613. ______________
1614.  
1615.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
1616. 
1617. ____ _ _ _ _ _____
1618. / ___| _ _| |__ | (_)___| |_|___ / _ __
1619. \___ \| | | | '_ \| | / __| __| |_ \| '__|
1620. ___) | |_| | |_) | | \__ \ |_ ___) | |
1621. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
1622.  
1623. # Coded By Ahmed Aboul-Ela - @aboul3la
1624.  
1625. [-] Enumerating subdomains now for investinisrael.gov.il
1626. [-] verbosity is enabled, will show the subdomains results in realtime
1627. [-] Searching now in Baidu..
1628. [-] Searching now in Yahoo..
1629. [-] Searching now in Google..
1630. [-] Searching now in Bing..
1631. [-] Searching now in Ask..
1632. [-] Searching now in Netcraft..
1633. [-] Searching now in DNSdumpster..
1634. [-] Searching now in Virustotal..
1635. [-] Searching now in ThreatCrowd..
1636. [-] Searching now in SSL Certificates..
1637. [-] Searching now in PassiveDNS..
1638. Yahoo: www.investinisrael.gov.il
1639. Virustotal: www.investinisrael.gov.il
1640. DNSdumpster: e.investinisrael.gov.il
1641. DNSdumpster: www.investinisrael.gov.il
1642. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-investinisrael.gov.il.txt
1643. [-] Total Unique Subdomains Found: 2
1644. www.investinisrael.gov.il
1645. e.investinisrael.gov.il
1646.  
1647.  ╔═╗╦═╗╔╦╗╔═╗╦ ╦
1648.  ║ ╠╦╝ ║ ╚═╗╠═╣
1649.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
1650.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
1651. 
1652.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-investinisrael.gov.il-full.txt
1653. 
1654.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
1655.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
1656.  
1657.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
1658. PING investinisrael.gov.il (147.237.1.133) 56(84) bytes of data.
1659.  
1660. --- investinisrael.gov.il ping statistics ---
1661. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
1662.  
1663.  
1664.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
1665.  
1666. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-10 15:39 EST
1667. Nmap done: 1 IP address (1 host up) scanned in 33.50 seconds
1668.  
1669.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
1670.  + -- --=[Port 21 closed... skipping.
1671.  + -- --=[Port 22 closed... skipping.
1672.  + -- --=[Port 23 closed... skipping.
1673.  + -- --=[Port 25 closed... skipping.
1674.  + -- --=[Port 53 closed... skipping.
1675.  + -- --=[Port 79 closed... skipping.
1676.  + -- --=[Port 80 closed... skipping.
1677.  + -- --=[Port 110 closed... skipping.
1678.  + -- --=[Port 111 closed... skipping.
1679.  + -- --=[Port 135 closed... skipping.
1680.  + -- --=[Port 139 closed... skipping.
1681.  + -- --=[Port 161 closed... skipping.
1682.  + -- --=[Port 162 closed... skipping.
1683.  + -- --=[Port 389 closed... skipping.
1684.  + -- --=[Port 443 closed... skipping.
1685.  + -- --=[Port 445 closed... skipping.
1686.  + -- --=[Port 512 closed... skipping.
1687.  + -- --=[Port 513 closed... skipping.
1688.  + -- --=[Port 514 closed... skipping.
1689.  + -- --=[Port 623 closed... skipping.
1690.  + -- --=[Port 624 closed... skipping.
1691.  + -- --=[Port 1099 closed... skipping.
1692.  + -- --=[Port 1433 closed... skipping.
1693.  + -- --=[Port 2049 closed... skipping.
1694.  + -- --=[Port 2121 closed... skipping.
1695.  + -- --=[Port 3306 closed... skipping.
1696.  + -- --=[Port 3310 closed... skipping.
1697.  + -- --=[Port 3128 closed... skipping.
1698.  + -- --=[Port 3389 closed... skipping.
1699.  + -- --=[Port 3632 closed... skipping.
1700.  + -- --=[Port 4443 closed... skipping.
1701.  + -- --=[Port 5432 closed... skipping.
1702.  + -- --=[Port 5800 closed... skipping.
1703.  + -- --=[Port 5900 closed... skipping.
1704.  + -- --=[Port 5984 closed... skipping.
1705.  + -- --=[Port 6000 closed... skipping.
1706.  + -- --=[Port 6667 closed... skipping.
1707.  + -- --=[Port 8000 closed... skipping.
1708.  + -- --=[Port 8100 closed... skipping.
1709.  + -- --=[Port 8080 closed... skipping.
1710.  + -- --=[Port 8180 closed... skipping.
1711.  + -- --=[Port 8443 closed... skipping.
1712.  + -- --=[Port 8888 closed... skipping.
1713.  + -- --=[Port 10000 closed... skipping.
1714.  + -- --=[Port 16992 closed... skipping.
1715.  + -- --=[Port 27017 closed... skipping.
1716.  + -- --=[Port 27018 closed... skipping.
1717.  + -- --=[Port 27019 closed... skipping.
1718.  + -- --=[Port 28017 closed... skipping.
1719.  + -- --=[Port 49152 closed... skipping.
1720.  + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
1721.  + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +
1722.  + -- ----------------------------=[Running Brute Force]=--------------------- -- +
1723.  __________ __ ____ ___
1724.  \______ \_______ __ ___/ |_ ____ \ \/ /
1725.  | | _/\_ __ \ | \ __\/ __ \ \ / 
1726.  | | \ | | \/ | /| | \ ___/ / \ 
1727.  |______ / |__| |____/ |__| \___ >___/\ \ 
1728.  \/ \/ \_/
1729.  
1730.  + -- --=[BruteX v1.7 by 1N3
1731.  + -- --=[http://crowdshield.com
1732.  
1733.  
1734. ################################### Running Port Scan ##############################
1735.  
1736. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-10 15:39 EST
1737. Nmap done: 1 IP address (1 host up) scanned in 12.38 seconds
1738.  
1739. ################################### Running Brute Force ############################
1740.  
1741.  + -- --=[Port 21 closed... skipping.
1742.  + -- --=[Port 22 closed... skipping.
1743.  + -- --=[Port 23 closed... skipping.
1744.  + -- --=[Port 25 closed... skipping.
1745.  + -- --=[Port 80 closed... skipping.
1746.  + -- --=[Port 110 closed... skipping.
1747.  + -- --=[Port 139 closed... skipping.
1748.  + -- --=[Port 162 closed... skipping.
1749.  + -- --=[Port 389 closed... skipping.
1750.  + -- --=[Port 443 closed... skipping.
1751.  + -- --=[Port 445 closed... skipping.
1752.  + -- --=[Port 512 closed... skipping.
1753.  + -- --=[Port 513 closed... skipping.
1754.  + -- --=[Port 514 closed... skipping.
1755.  + -- --=[Port 993 closed... skipping.
1756.  + -- --=[Port 1433 closed... skipping.
1757.  + -- --=[Port 1521 closed... skipping.
1758.  + -- --=[Port 3306 closed... skipping.
1759.  + -- --=[Port 3389 closed... skipping.
1760.  + -- --=[Port 5432 closed... skipping.
1761.  + -- --=[Port 5900 closed... skipping.
1762.  + -- --=[Port 5901 closed... skipping.
1763.  + -- --=[Port 8000 closed... skipping.
1764.  + -- --=[Port 8080 closed... skipping.
1765.  + -- --=[Port 8100 closed... skipping.
1766.  + -- --=[Port 6667 closed... skipping.
1767.  
1768. ################################### Done! ###########################################
1769.  
1770.  + -- ----------------------------=[Done]=------------------------------------ -- +
1771.  ____ 
1772.  _________ / _/___ ___ _____
1773.  / ___/ __ \ / // __ \/ _ \/ ___/
1774.  (__ ) / / // // /_/ / __/ / 
1775.  /____/_/ /_/___/ .___/\___/_/ 
1776.  /_/ 
1777.  
1778.  + -- --=[Current reports...
1779.  + -- --=[Current workspaces...
1780. total 12K
1781. drwxr-xr-x 10 root root 4,0K nov 9 20:10 default
1782. drwxr-xr-x 10 root root 4,0K nov 11 23:00 desktop
1783. drwxr-xr-x 3 root root 4,0K nov 9 15:49 usr
1784.  + -- --=[Enter a name for the workspace:
1785.  + -- --=[Generating reports...
1786.  + -- --=[Removing blank web screenshots...
1787.  + -- --=[Starting Metasploit service...
1788.  + -- --=[Importing NMap XML files into Metasploit...
1789. 
1790. _---------.
1791. .' ####### ;."
1792. .---,. ;@ @@`; .---,..
1793. ." @@@@@'.,'@@ @@@@@',.'@@@@ ".
1794. '-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
1795. `.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
1796. "--'.@@@ -.@ @ ,'- .'--"
1797. ".@' ; @ @ `. ;'
1798. |@@@@ @@@ @ .
1799. ' @@@ @@ @@ ,
1800. `.@@@@ @@ .
1801. ',@@ @ ; _____________
1802. ( 3 C ) /|___ / Metasploit! \
1803. ;@'. __*__,." \|--- \_____________/
1804. '(.,...."/
1805. 
1806.  
1807. =[ metasploit v4.16.21-dev ]
1808. + -- --=[ 1705 exploits - 970 auxiliary - 299 post ]
1809. + -- --=[ 503 payloads - 40 encoders - 10 nops ]
1810. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
1811.  
1812. [*] Added workspace: default
1813. [*] Workspace: default
1814. [*] Importing 'Nmap XML' data
1815. [*] Import: Parsing with 'Nokogiri v1.8.1'
1816. [*] Successfully imported /usr/share/sniper/loot/nmap/nmap-investinisrael.gov.il.xml
1817. [*] Importing 'Nmap XML' data
1818. [*] Import: Parsing with 'Nokogiri v1.8.1'
1819. [*] Importing host 23.38.141.104
1820. [*] Successfully imported /usr/share/sniper/loot/nmap/nmap-whitehouse.gov.xml
1821. [*] Importing 'Nmap XML' data
1822. [*] Import: Parsing with 'Nokogiri v1.8.1'
1823. [*] Importing host 34.193.244.109
1824. [*] Successfully imported /usr/share/sniper/loot/nmap/nmap-data.gov.xml
1825. [*] Importing 'Nmap XML' data
1826. [*] Import: Parsing with 'Nokogiri v1.8.1'
1827. [*] Importing host 137.200.4.16
1828. [*] Successfully imported /usr/share/sniper/loot/nmap/nmap-ssa.gov.xml
1829. 
1830. Hosts
1831. =====
1832.  
1833. address mac name os_name os_flavor os_sp purpose info comments
1834. ------- --- ---- ------- --------- ----- ------- ---- --------
1835. 5.45.65.180 Unknown device
1836. 5.45.67.72 Unknown device
1837. 5.79.65.33 Unknown device
1838. 5.255.87.27 Unknown device
1839. 23.38.141.104 a23-38-141-104.deploy.static.akamaitechnologies.com Unknown device
1840. 34.193.244.109 ec2-34-193-244-109.compute-1.amazonaws.com Unknown device
1841. 46.229.163.113 Unknown device
1842. 46.229.174.6 Unknown device
1843. 51.254.238.68 ares-eam.hukot.net Linux 7.0 server
1844. 54.85.132.205 ec2-54-85-132-205.compute-1.amazonaws.com Unknown device
1845. 72.166.186.169 rt.dos.iad.qwest.net Unknown device
1846. 74.208.90.110 u16385664.onlinehome-server.com Unknown device
1847. 78.140.176.124 Unknown device
1848. 82.94.188.230 Unknown device
1849. 82.94.222.132 Unknown device
1850. 88.80.17.71 host-88-80-17-71.cust.prq.se Unknown device
1851. 94.102.48.102 server2.anonymous-hosting-service.com Linux 7.0 server
1852. 94.102.49.234 no-reverse-dns-configured.com Linux 8.0 server
1853. 94.125.167.244 nx3144.nexylan.net Unknown device
1854. 95.211.5.91 91.kaasserver.com Unknown device
1855. 95.211.239.7 Unknown device
1856. 95.213.224.126 Linux 14.04 server
1857. 96.127.141.228 sh88-477.ich-9.com Unknown device
1858. 104.18.48.36 104.18.48.36 Unknown device
1859. 104.18.49.36 104.18.49.36 Unknown device
1860. 104.20.44.57 Unknown device
1861. 104.24.98.180 104.24.98.180 Unknown device
1862. 104.24.99.180 104.24.99.180 Unknown device
1863. 104.25.189.118 104.25.189.118 Unknown device
1864. 104.25.190.118 104.25.190.118 Unknown device
1865. 104.27.146.239 104.27.146.239 Unknown device
1866. 104.27.147.239 104.27.147.239 Unknown device
1867. 104.27.148.138 104.27.148.138 Unknown device
1868. 104.27.149.138 104.27.149.138 Unknown device
1869. 104.27.154.73 104.27.154.73 Unknown device
1870. 104.27.155.73 104.27.155.73 Unknown device
1871. 104.27.159.2 Unknown device
1872. 104.28.16.8 104.28.16.8 Unknown device
1873. 104.28.16.38 104.28.16.38 Unknown device
1874. 104.28.17.8 104.28.17.8 Unknown device
1875. 104.28.17.38 104.28.17.38 Unknown device
1876. 104.31.74.118 Unknown device
1877. 104.31.78.132 104.31.78.132 Unknown device
1878. 104.31.79.132 104.31.79.132 Unknown device
1879. 104.31.92.110 104.31.92.110 Unknown device
1880. 104.31.93.110 104.31.93.110 Unknown device
1881. 104.196.229.229 229.229.196.104.bc.googleusercontent.com Unknown device
1882. 137.200.4.16 Unknown device
1883. 147.237.1.133 Unknown device
1884. 147.237.77.108 Unknown device
1885. 178.32.123.64 Linux server
1886. 185.17.120.155 amandatap.example.com Unknown device
1887. 185.82.202.39 Linux 14.04 server
1888. 185.112.82.253 server-185-112-82-253.creanova.org Linux 8.0 server
1889. 185.174.172.177 vds9691.hyperhost.name Unknown device
1890. 192.169.188.31 ip-192-169-188-31.ip.secureserver.net Unknown device
1891. 192.243.48.235 FreeBSD device
1892. 193.189.143.34 www.netvibes.com Unknown device
1893. 206.188.192.153 vux.netsolhost.com Unknown device
1894. 2400:cb00:2048:1::6812:3024 2400:cb00:2048:1::6812:3024 Unknown device
1895. 2400:cb00:2048:1::6812:3124 2400:cb00:2048:1::6812:3124 Unknown device
1896. 2400:cb00:2048:1::6818:62b4 2400:cb00:2048:1::6818:62b4 Unknown device
1897. 2400:cb00:2048:1::6818:63b4 2400:cb00:2048:1::6818:63b4 Unknown device
1898. 2400:cb00:2048:1::6819:bd76 2400:cb00:2048:1::6819:bd76 Unknown device
1899. 2400:cb00:2048:1::6819:be76 2400:cb00:2048:1::6819:be76 Unknown device
1900. 2400:cb00:2048:1::681b:92ef 2400:cb00:2048:1::681b:92ef Unknown device
1901. 2400:cb00:2048:1::681b:93ef 2400:cb00:2048:1::681b:93ef Unknown device
1902. 2400:cb00:2048:1::681b:948a 2400:cb00:2048:1::681b:948a Unknown device
1903. 2400:cb00:2048:1::681b:958a 2400:cb00:2048:1::681b:958a Unknown device
1904. 2400:cb00:2048:1::681b:9a49 2400:cb00:2048:1::681b:9a49 Unknown device
1905. 2400:cb00:2048:1::681b:9b49 2400:cb00:2048:1::681b:9b49 Unknown device
1906. 2400:cb00:2048:1::681c:1008 2400:cb00:2048:1::681c:1008 Unknown device
1907. 2400:cb00:2048:1::681c:1026 2400:cb00:2048:1::681c:1026 Unknown device
1908. 2400:cb00:2048:1::681c:1108 2400:cb00:2048:1::681c:1108 Unknown device
1909. 2400:cb00:2048:1::681c:1126 2400:cb00:2048:1::681c:1126 Unknown device
1910. 2400:cb00:2048:1::681f:4e84 2400:cb00:2048:1::681f:4e84 Unknown device
1911. 2400:cb00:2048:1::681f:4f84 2400:cb00:2048:1::681f:4f84 Unknown device
1912. 2400:cb00:2048:1::681f:5c6e 2400:cb00:2048:1::681f:5c6e Unknown device
1913. 2400:cb00:2048:1::681f:5d6e 2400:cb00:2048:1::681f:5d6e Unknown device
1914.  
1915. 
1916. Services
1917. ========
1918.  
1919. host port proto name state info
1920. ---- ---- ----- ---- ----- ----
1921. 5.45.65.180 21 tcp ftp open
1922. 5.45.65.180 22 tcp ssh open SSH-2.0-OpenSSH_6.6
1923. 5.45.65.180 80 tcp http open
1924. 5.45.65.180 1723 tcp pptp open
1925. 5.45.65.180 3306 tcp mysql open
1926. 5.45.65.180 8000 tcp http-alt open
1927. 5.45.65.180 10000 tcp snet-sensor-mgmt open
1928. 5.45.67.72 22 tcp ssh open
1929. 5.79.65.33 53 tcp domain open
1930. 5.79.65.33 80 tcp http open
1931. 5.79.65.33 111 tcp rpcbind open
1932. 5.79.65.33 443 tcp https open
1933. 5.79.65.33 3306 tcp mysql open
1934. 5.255.87.27 22 tcp ssh open SSH-2.0-OpenSSH_5.3
1935. 23.38.141.104 80 tcp http open
1936. 23.38.141.104 443 tcp https open
1937. 34.193.244.109 80 tcp http open
1938. 34.193.244.109 443 tcp https open
1939. 46.229.163.113 21 tcp ftp open
1940. 46.229.163.113 22 tcp ssh open SSH-2.0-OpenSSH_5.5
1941. 46.229.163.113 53 tcp domain open
1942. 46.229.163.113 80 tcp http open
1943. 46.229.163.113 110 tcp pop3 open
1944. 46.229.163.113 111 tcp rpcbind open
1945. 46.229.163.113 143 tcp imap open
1946. 46.229.163.113 222 tcp rsh-spx open
1947. 46.229.163.113 993 tcp imaps open
1948. 46.229.163.113 995 tcp pop3s open
1949. 46.229.163.113 8080 tcp http-proxy open
1950. 46.229.174.6 222 tcp rsh-spx open
1951. 51.254.238.68 21 tcp ftp open
1952. 51.254.238.68 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
1953. 51.254.238.68 53 tcp domain open
1954. 51.254.238.68 80 tcp http open
1955. 51.254.238.68 443 tcp https open
1956. 51.254.238.68 5666 tcp nrpe open
1957. 54.85.132.205 80 tcp http open
1958. 54.85.132.205 443 tcp https open
1959. 72.166.186.169 80 tcp http open
1960. 72.166.186.169 443 tcp https open
1961. 72.166.186.169 8008 tcp http open
1962. 74.208.90.110 21 tcp ftp open
1963. 74.208.90.110 22 tcp ssh open SSH-2.0-OpenSSH_5.3
1964. 74.208.90.110 53 tcp domain open
1965. 74.208.90.110 80 tcp http open
1966. 74.208.90.110 110 tcp pop3 open
1967. 74.208.90.110 143 tcp imap open
1968. 74.208.90.110 443 tcp https open
1969. 74.208.90.110 993 tcp imaps open
1970. 74.208.90.110 995 tcp pop3s open
1971. 74.208.90.110 8443 tcp https-alt open
1972. 74.208.90.110 8880 tcp cddbp-alt open
1973. 78.140.176.124 21 tcp ftp open
1974. 78.140.176.124 80 tcp http open
1975. 78.140.176.124 110 tcp pop3 open
1976. 78.140.176.124 873 tcp rsync open
1977. 78.140.176.124 5666 tcp nrpe open
1978. 82.94.188.230 80 tcp http open
1979. 82.94.188.230 443 tcp https open
1980. 82.94.222.132 80 tcp http open
1981. 82.94.222.132 443 tcp https open
1982. 82.94.222.132 993 tcp imaps open
1983. 82.94.222.132 995 tcp pop3s open
1984. 88.80.17.71 80 tcp http open
1985. 88.80.17.71 443 tcp https open
1986. 88.80.17.71 993 tcp imaps open
1987. 88.80.17.71 995 tcp pop3s open
1988. 88.80.17.71 8080 tcp http-proxy open
1989. 88.80.17.71 32022 tcp unknown open
1990. 94.102.48.102 21 tcp ftp open
1991. 94.102.48.102 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
1992. 94.102.48.102 53 tcp domain open
1993. 94.102.48.102 80 tcp http open
1994. 94.102.48.102 111 tcp rpcbind open
1995. 94.102.49.234 21 tcp ftp open
1996. 94.102.49.234 22 tcp ssh open SSH-2.0-OpenSSH_5.1p1 Debian-5
1997. 94.102.49.234 80 tcp http open
1998. 94.102.49.234 111 tcp rpcbind open
1999. 94.102.49.234 222 tcp rsh-spx open
2000. 94.102.49.234 3306 tcp mysql open
2001. 94.102.49.234 10050 tcp zabbix-agent open
2002. 94.125.167.244 21 tcp ftp open
2003. 94.125.167.244 53 tcp domain open
2004. 94.125.167.244 80 tcp http open
2005. 94.125.167.244 110 tcp pop3 open
2006. 94.125.167.244 143 tcp imap open
2007. 94.125.167.244 443 tcp https open
2008. 94.125.167.244 2121 tcp ccproxy-ftp open
2009. 95.211.5.91 80 tcp http open
2010. 95.211.239.7 22 tcp ssh open SSH-2.0-OpenSSH_5.3
2011. 95.213.224.126 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
2012. 95.213.224.126 80 tcp http open
2013. 96.127.141.228 21 tcp ftp open
2014. 96.127.141.228 53 tcp domain open
2015. 96.127.141.228 80 tcp http open
2016. 96.127.141.228 110 tcp pop3 open
2017. 96.127.141.228 111 tcp rpcbind open
2018. 96.127.141.228 143 tcp imap open
2019. 96.127.141.228 443 tcp https open
2020. 96.127.141.228 993 tcp imaps open
2021. 96.127.141.228 995 tcp pop3s open
2022. 96.127.141.228 1035 tcp multidropper open
2023. 96.127.141.228 3306 tcp mysql open
2024. 104.18.48.36 80 tcp http open
2025. 104.18.48.36 443 tcp https open
2026. 104.18.48.36 8080 tcp http-proxy open cloudflare-nginx ( 403-Forbidden )
2027. 104.18.48.36 8443 tcp https-alt open
2028. 104.18.48.36 8880 tcp cddbp-alt open
2029. 104.18.49.36 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2030. 104.20.44.57 80 tcp http open
2031. 104.20.44.57 443 tcp https open
2032. 104.20.44.57 8080 tcp http-proxy open
2033. 104.20.44.57 8443 tcp https-alt open
2034. 104.20.44.57 8880 tcp cddbp-alt open
2035. 104.24.98.180 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2036. 104.24.99.180 80 tcp http open
2037. 104.24.99.180 443 tcp https open
2038. 104.24.99.180 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2039. 104.24.99.180 8443 tcp https-alt open
2040. 104.24.99.180 8880 tcp cddbp-alt open
2041. 104.25.189.118 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2042. 104.25.190.118 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2043. 104.27.146.239 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2044. 104.27.147.239 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2045. 104.27.148.138 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2046. 104.27.149.138 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2047. 104.27.149.138 8443 tcp https-alt open
2048. 104.27.149.138 8880 tcp cddbp-alt open
2049. 104.27.154.73 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2050. 104.27.155.73 80 tcp http open
2051. 104.27.155.73 443 tcp https open
2052. 104.27.155.73 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2053. 104.27.155.73 8443 tcp https-alt open
2054. 104.27.155.73 8880 tcp cddbp-alt open
2055. 104.27.159.2 80 tcp http open
2056. 104.27.159.2 443 tcp https open
2057. 104.27.159.2 8080 tcp http-proxy open
2058. 104.27.159.2 8443 tcp https-alt open
2059. 104.27.159.2 8880 tcp cddbp-alt open
2060. 104.28.16.8 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2061. 104.28.16.38 80 tcp http open
2062. 104.28.16.38 443 tcp https open
2063. 104.28.16.38 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2064. 104.28.16.38 8443 tcp https-alt open
2065. 104.28.16.38 8880 tcp cddbp-alt open
2066. 104.28.17.8 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2067. 104.28.17.38 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2068. 104.31.74.118 80 tcp http open
2069. 104.31.74.118 443 tcp https open
2070. 104.31.74.118 8080 tcp http-proxy open
2071. 104.31.74.118 8443 tcp https-alt open
2072. 104.31.74.118 8880 tcp cddbp-alt open
2073. 104.31.78.132 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2074. 104.31.79.132 80 tcp http open
2075. 104.31.79.132 443 tcp https open
2076. 104.31.79.132 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2077. 104.31.79.132 8443 tcp https-alt open
2078. 104.31.79.132 8880 tcp cddbp-alt open
2079. 104.31.92.110 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2080. 104.31.93.110 80 tcp http open
2081. 104.31.93.110 443 tcp https open
2082. 104.31.93.110 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2083. 104.31.93.110 8443 tcp https-alt open
2084. 104.31.93.110 8880 tcp cddbp-alt open
2085. 104.196.229.229 80 tcp http open
2086. 104.196.229.229 443 tcp https open
2087. 104.196.229.229 2222 tcp ethernetip-1 open
2088. 137.200.4.16 80 tcp http open
2089. 137.200.4.16 443 tcp https open
2090. 147.237.1.133 80 tcp http open
2091. 147.237.77.108 80 tcp http open
2092. 178.32.123.64 22 tcp ssh open SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
2093. 185.17.120.155 22 tcp ssh open SSH-2.0-OpenSSH_7.4
2094. 185.17.120.155 80 tcp http open
2095. 185.82.202.39 22 tcp ssh open SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
2096. 185.82.202.39 80 tcp http open
2097. 185.112.82.253 22 tcp ssh open SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
2098. 185.112.82.253 53 tcp domain open
2099. 185.112.82.253 80 tcp http open
2100. 185.112.82.253 111 tcp rpcbind open
2101. 185.112.82.253 443 tcp https open
2102. 185.112.82.253 8333 tcp bitcoin open
2103. 185.174.172.177 22 tcp ssh open SSH-2.0-OpenSSH_7.4
2104. 185.174.172.177 80 tcp http open
2105. 192.169.188.31 53 tcp domain open
2106. 192.169.188.31 80 tcp http open
2107. 192.169.188.31 443 tcp https open
2108. 192.169.188.31 993 tcp imaps open
2109. 192.243.48.235 21 tcp ftp open
2110. 192.243.48.235 22 tcp ssh open SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
2111. 192.243.48.235 80 tcp http open
2112. 192.243.48.235 222 tcp rsh-spx open
2113. 193.189.143.34 80 tcp http open
2114. 193.189.143.34 443 tcp https open
2115. 206.188.192.153 21 tcp ftp open
2116. 206.188.192.153 22 tcp ssh open
2117. 206.188.192.153 80 tcp http open
2118. 206.188.192.153 443 tcp https open
2119. 2400:cb00:2048:1::6812:3024 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2120. 2400:cb00:2048:1::6812:3124 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2121. 2400:cb00:2048:1::6818:62b4 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2122. 2400:cb00:2048:1::6818:63b4 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2123. 2400:cb00:2048:1::6819:bd76 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2124. 2400:cb00:2048:1::6819:be76 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2125. 2400:cb00:2048:1::681b:92ef 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2126. 2400:cb00:2048:1::681b:93ef 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2127. 2400:cb00:2048:1::681b:948a 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2128. 2400:cb00:2048:1::681b:958a 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2129. 2400:cb00:2048:1::681b:9a49 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2130. 2400:cb00:2048:1::681b:9b49 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2131. 2400:cb00:2048:1::681c:1008 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2132. 2400:cb00:2048:1::681c:1026 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2133. 2400:cb00:2048:1::681c:1108 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2134. 2400:cb00:2048:1::681c:1126 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2135. 2400:cb00:2048:1::681f:4e84 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2136. 2400:cb00:2048:1::681f:4f84 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2137. 2400:cb00:2048:1::681f:5c6e 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2138. 2400:cb00:2048:1::681f:5d6e 8080 tcp http open cloudflare-nginx ( 403-Forbidden )
2139. #######################################################################################################################################