JTSEC white Hat teste de tool sur un site amis #1

1. #######################################################################################################################################
2. Nom de l'hôte www.crsouellet.com FAI Amazon.com, Inc.
3. Continent Europe Drapeau
4. IE
5. Pays Irlande Code du pays IE
6. Région Leinster Heure locale 03 Oct 2018 08:53 IST
7. Ville Dublin Code Postal D02
8. Adresse IP 52.31.170.172 Latitude 53.333
9. Longitude -6.249
10. #######################################################################################################################################
11. Domain Name: CRSOUELLET.COM
12. Registry Domain ID: 1897652470_DOMAIN_COM-VRSN
13. Registrar WHOIS Server: whois.psi-usa.info
14. Registrar URL: http://www.psi-usa.info
15. Updated Date: 2018-01-23T09:04:09Z
16. Creation Date: 2015-01-23T01:58:15Z
17. Registry Expiry Date: 2019-01-23T01:58:15Z
18. Registrar: PSI-USA, Inc. dba Domain Robot
19. Registrar IANA ID: 151
20. Registrar Abuse Contact Email: domain-abuse@psi-usa.info
21. Registrar Abuse Contact Phone: +49.94159559482
22. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
23. Name Server: NS1.JIMDO.COM
24. Name Server: NS2.JIMDO.COM
25. DNSSEC: unsigned
26. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
27. >>> Last update of whois database: 2018-10-03T08:05:01Z <<<
28.  
29. For more information on Whois status codes, please visit https://icann.org/epp
30.  
31. NOTICE: The expiration date displayed in this record is the date the
32. registrar's sponsorship of the domain name registration in the registry is
33. currently set to expire. This date does not necessarily reflect the expiration
34. date of the domain name registrant's agreement with the sponsoring
35. registrar. Users may consult the sponsoring registrar's Whois database to
36. view the registrar's reported date of expiration for this registration.
37.  
38. TERMS OF USE: You are not authorized to access or query our Whois
39. database through the use of electronic processes that are high-volume and
40. automated except as reasonably necessary to register domain names or
41. modify existing registrations; the Data in VeriSign Global Registry
42. Services' ("VeriSign") Whois database is provided by VeriSign for
43. information purposes only, and to assist persons in obtaining information
44. about or related to a domain name registration record. VeriSign does not
45. guarantee its accuracy. By submitting a Whois query, you agree to abide
46. by the following terms of use: You agree that you may use this Data only
47. for lawful purposes and that under no circumstances will you use this Data
48. to: (1) allow, enable, or otherwise support the transmission of mass
49. unsolicited, commercial advertising or solicitations via e-mail, telephone,
50. or facsimile; or (2) enable high volume, automated, electronic processes
51. that apply to VeriSign (or its computer systems). The compilation,
52. repackaging, dissemination or other use of this Data is expressly
53. prohibited without the prior written consent of VeriSign. You agree not to
54. use electronic processes that are automated and high-volume to access or
55. query the Whois database except as reasonably necessary to register
56. domain names or modify existing registrations. VeriSign reserves the right
57. to restrict your access to the Whois database in its sole discretion to ensure
58. operational stability. VeriSign may restrict or terminate your access to the
59. Whois database for failure to abide by these terms of use. VeriSign
60. reserves the right to modify these terms at any time.
61.  
62. The Registry database contains ONLY .COM, .NET, .EDU domains and
63. Registrars.
64. Domain Name: crsouellet.com
65. Registry Domain ID: 1897652470_DOMAIN_COM-VRSN
66. Registrar WHOIS Server: whois.psi-usa.info
67. Registrar URL: http://www.psi-usa.info
68. Updated Date: 2018-01-24T22:35:43Z
69. Creation Date: 2015-01-23T01:58:15Z
70. Registrar Registration Expiration Date: 2019-01-23T01:58:15Z
71. Registrar: PSI-USA, Inc. dba Domain Robot
72. Registrar IANA ID: 151
73. Registrar Abuse Contact Email: domain-abuse@psi-usa.info
74. Registrar Abuse Contact Phone: +49.94159559482
75. Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
76. Registry Registrant ID:
77. Registrant Name: Admin Contact
78. Registrant Organization: PrivateName Services Inc.
79. Registrant Street: 1100-1200 West 73rd Avenue
80. Registrant City: Vancouver
81. Registrant State/Province: BC
82. Registrant Postal Code: V6P 6G5
83. Registrant Country: CA
84. Registrant Phone: +1.6047572882
85. Registrant Phone Ext:
86. Registrant Fax: +1.6047572882
87. Registrant Fax Ext:
88. Registrant Email: info@privatename.com
89. Registry Admin ID:
90. Admin Name: Admin Contact
91. Admin Organization: PrivateName Services Inc.
92. Admin Street: 1100-1200 West 73rd Avenue
93. Admin City: Vancouver
94. Admin State/Province: BC
95. Admin Postal Code: V6P 6G5
96. Admin Country: CA
97. Admin Phone: +1.6047572882
98. Admin Phone Ext:
99. Admin Fax: +1.6047572882
100. Admin Fax Ext:
101. Admin Email: info@privatename.com
102. Registry Tech ID:
103. Tech Name: Admin Contact
104. Tech Organization: PrivateName Services Inc.
105. Tech Street: 1100-1200 West 73rd Avenue
106. Tech City: Vancouver
107. Tech State/Province: BC
108. Tech Postal Code: V6P 6G5
109. Tech Country: CA
110. Tech Phone: +1.6047572882
111. Tech Phone Ext:
112. Tech Fax: +1.6047572882
113. Tech Fax Ext:
114. Tech Email: info@privatename.com
115. Name Server: ns1.jimdo.com
116. Name Server: ns2.jimdo.com
117. DNSSEC: unsigned
118. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
119. >>> Last update of WHOIS database: 2018-10-03T08:05:11Z <<<
120.  
121. For more information on Whois status codes, please visit https://www.icann.org/epp
122.  
123.  
124. # Terms and conditions:
125. #
126. # The data in the WHOIS database of PSI-USA, Inc. is provided by
127. # PSI-USA, Inc. for information purposes, and to assist persons in
128. # obtaining information about or related to a domain name registration
129. # record. PSI-USA, Inc. does not guarantee its accuracy. By submitting
130. # a WHOIS query, you agree that you will use this data only for lawful
131. # purposes and that, under no circumstances, you will use this data to
132. # (1) allow, enable, or otherwise support the transmission of mass
133. # unsolicited, commercial advertising or solicitations via E-mail
134. # (spam); or
135. # (2) enable high volume, automated, electronic processes that apply to
136. # PSI-USA, Inc. or its systems.
137. # PSI-USA, Inc. reserves the right to modify these terms at any time.
138. # By submitting this query, you agree to abide by this policy.
139. ######################################################################################################################################
140. [i] Scanning Site: https://crsouellet.com
141.  
142.  
143.  
144. B A S I C I N F O
145. ======================================================================================================================================
146.  
147.  
148. [+] Site Title:
149. [+] IP address: 54.72.52.102
150. [+] Web Server: nginx
151. [+] CMS: Could Not Detect
152. [+] Cloudflare: Not Detected
153. [+] Robots File: Could NOT Find robots.txt!
154.  
155.  
156.  
157.  
158. W H O I S L O O K U P
159. =======================================================================================================================================
160.  
161. Domain Name: CRSOUELLET.COM
162. Registry Domain ID: 1897652470_DOMAIN_COM-VRSN
163. Registrar WHOIS Server: whois.psi-usa.info
164. Registrar URL: http://www.psi-usa.info
165. Updated Date: 2018-01-23T09:04:09Z
166. Creation Date: 2015-01-23T01:58:15Z
167. Registry Expiry Date: 2019-01-23T01:58:15Z
168. Registrar: PSI-USA, Inc. dba Domain Robot
169. Registrar IANA ID: 151
170. Registrar Abuse Contact Email: domain-abuse@psi-usa.info
171. Registrar Abuse Contact Phone: +49.94159559482
172. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
173. Name Server: NS1.JIMDO.COM
174. Name Server: NS2.JIMDO.COM
175. DNSSEC: unsigned
176. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
177. >>> Last update of whois database: 2018-10-03T08:07:46Z <<<
178.  
179. For more information on Whois status codes, please visit https://icann.org/epp
180.  
181.  
182.  
183. The Registry database contains ONLY .COM, .NET, .EDU domains and
184. Registrars.
185.  
186.  
187.  
188.  
189. G E O I P L O O K U P
190. =======================================================================================================================================
191.  
192. [i] IP Address: 54.72.52.102
193. [i] Country: IE
194. [i] State: Dublin
195. [i] City: Dublin
196. [i] Latitude: 53.338902
197. [i] Longitude: -6.259500
198.  
199.  
200.  
201.  
202. H T T P H E A D E R S
203. =======================================================================================================================================
204.  
205.  
206. [i] HTTP/1.1 403 Forbidden
207. [i] Date: Wed, 03 Oct 2018 08:08:00 GMT
208. [i] Content-Type: text/html
209. [i] Content-Length: 175
210. [i] Connection: close
211. [i] Vary: Accept-Encoding
212. [i] X-RateLimit-Limit: 0
213. [i] X-RateLimit-Remaining: 0
214. [i] X-RateLimit-Reset: 0
215. [i] Server: nginx
216.  
217.  
218.  
219.  
220. D N S L O O K U P
221. ===================
222.  
223. ;; Truncated, retrying in TCP mode.
224. crsouellet.com. 3789 IN HINFO "ANY/RRSIG query Disabled" "See draft-ietf-dnsop-refuse-any"
225.  
226.  
227.  
228.  
229. S U B N E T C A L C U L A T I O N
230. ======================================================================================================================================
231.  
232. Address = 54.72.52.102
233. Network = 54.72.52.102 / 32
234. Netmask = 255.255.255.255
235. Broadcast = not needed on Point-to-Point links
236. Wildcard Mask = 0.0.0.0
237. Hosts Bits = 0
238. Max. Hosts = 1 (2^0 - 0)
239. Host Range = { 54.72.52.102 - 54.72.52.102 }
240.  
241.  
242.  
243. N M A P P O R T S C A N
244. =======================================================================================================================================
245.  
246.  
247. Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-03 08:08 UTC
248. Nmap scan report for crsouellet.com (54.72.52.102)
249. Host is up (0.084s latency).
250. rDNS record for 54.72.52.102: ec2-54-72-52-102.eu-west-1.compute.amazonaws.com
251. PORT STATE SERVICE
252. 21/tcp closed ftp
253. 22/tcp closed ssh
254. 23/tcp closed telnet
255. 80/tcp open http
256. 110/tcp closed pop3
257. 143/tcp closed imap
258. 443/tcp open https
259. 3389/tcp closed ms-wbt-server
260.  
261. Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
262. #######################################################################################################################################
263. [?] Enter the target: https://www.crsouellet.com/contactez-nous/
264. [!] IP Address : 52.31.170.172
265. [!] Server: nginx
266. [+] Clickjacking protection is not in place.
267. [!] www.crsouellet.com doesn't seem to use a CMS
268. [+] Honeypot Probabilty: 0%
269. ----------------------------------------
270. [~] Trying to gather whois information for www.crsouellet.com
271. [+] Whois information found
272. [-] Unable to build response, visit https://who.is/whois/www.crsouellet.com
273. ----------------------------------------
274. PORT STATE SERVICE
275. 21/tcp closed ftp
276. 22/tcp closed ssh
277. 23/tcp closed telnet
278. 80/tcp open http
279. 110/tcp closed pop3
280. 143/tcp closed imap
281. 443/tcp open https
282. 3389/tcp closed ms-wbt-server
283. Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
284. --------------------------------------------------------------------------------------------------------------------------------------
285. #######################################################################################################################################
286. [*] Performing General Enumeration of Domain: crsouellet.com
287. [-] DNSSEC is not configured for crsouellet.com
288. [*] SOA ns1.jimdo.com 162.159.24.150
289. [*] NS ns2.jimdo.com 162.159.25.62
290. [*] Bind Version for 162.159.25.62 Salt-master
291. [*] NS ns1.jimdo.com 162.159.24.150
292. [*] Bind Version for 162.159.24.150 Salt-master
293. [*] MX mx2.jimdo.com 108.166.43.2
294. [*] MX mx1.jimdo.com 173.203.187.1
295. [*] A crsouellet.com 54.72.52.102
296. [*] TXT crsouellet.com v=spf1 include:spf.mandrillapp.com include:sendgrid.net include:emailsrvr.com ~all
297. [*] Enumerating SRV Records
298. [-] No SRV Records Found for crsouellet.com
299. [+] 0 Records Found
300. #######################################################################################################################################
301. ] Processing domain crsouellet.com
302. [+] Getting nameservers
303. 162.159.24.150 - ns1.jimdo.com
304. 162.159.25.62 - ns2.jimdo.com
305. [-] Zone transfer failed
306.  
307. [+] TXT records found
308. "v=spf1 include:spf.mandrillapp.com include:sendgrid.net include:emailsrvr.com ~all"
309.  
310. [+] MX records found, added to target list
311. 20 mx2.jimdo.com.
312. 10 mx1.jimdo.com.
313.  
314. [*] Scanning crsouellet.com for A records
315. 52.31.170.172 - crsouellet.com
316. 52.215.51.91 - autoconfig.crsouellet.com
317. 52.209.234.101 - autoconfig.crsouellet.com
318. 184.106.31.93 - autodiscover.crsouellet.com
319. 52.31.170.172 - www.crsouellet.com
320. 54.72.52.102 - www.crsouellet.com
321. #######################################################################################################################################
322. Ip Address Status Type Domain Name Server
323. ---------- ------ ---- ----------- ------
324. 52.31.170.172 301 alias www.crsouellet.com nginx
325. 52.31.170.172 301 alias web.jimdo.com nginx
326. 52.31.170.172 301 alias web-prod.jimdo-platform.net nginx
327. 52.31.170.172 301 host web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com nginx
328. 54.72.52.102 301 host web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com nginx
329. ######################################################################################################################################
330. [+] Hosting Info for Website: www.crsouellet.com
331. [+] Visitors per day: < 200
332. [+] IP Address: 52.31.170.172
333. [+] IP Reverse DNS (Host): ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
334. [+] Hosting Company: Amazon.com, Inc
335. [+] Hosting IP Range: 52.0.0.0 - 52.31.255.255 (2,097,152 ip)
336. [+] Hosting Address: 1200 12Th Avenue South, Seattle, WA, 98144, US
337. [+] Hosting Country: USA
338. [+] Hosting Phone: +1-206-266-4064
339. [+] Hosting Website: www.amazonaws.com
340. [+] CIDR: 52.0.0.0/11
341. [+] Hosting CIDR: 52.0.0.0/11
342.  
343. [+] NS: web.jimdo.com
344. [+] NS: web-prod.jimdo-platform.net
345. [+] NS: web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com
346. #######################################################################################################################################
347. http://www.crsouellet.com [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[nginx], IP[52.31.170.172], RedirectLocation[https://www.crsouellet.com/], UncommonHeaders[x-jimdo-instance,x-jimdo-wid,x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset], nginx
348. https://www.crsouellet.com/ [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[52.31.170.172], Open-Graph-Protocol[website], Script[text/javascript], Strict-Transport-Security[max-age=604800], Title[Accueil - Construction et Rénovation Stéphane Ouellet inc.], UncommonHeaders[x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset,x-jimdo-instance,x-jimdo-wid], X-UA-Compatible[IE=edge], nginx
349. #######################################################################################################################################
350. dnsenum VERSION:1.2.4
351.  
352. ----- www.crsouellet.com -----
353.  
354.  
355. Host's addresses:
356. __________________
357.  
358. web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com. 60 IN A (
359. web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com. 60 IN A (
360.  
361.  
362. Name Servers:
363. ______________
364. #######################################################################################################################################
365. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:49 EDT
366. Nmap scan report for www.crsouellet.com (52.31.170.172)
367. Host is up (0.14s latency).
368. Other addresses for www.crsouellet.com (not scanned): 54.72.52.102
369. rDNS record for 52.31.170.172: ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
370. Not shown: 468 closed ports, 6 filtered ports
371. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
372. PORT STATE SERVICE
373. 80/tcp open http
374. 443/tcp open https
375. ######################################################################################################################################
376. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:49 EDT
377. Nmap scan report for www.crsouellet.com (54.72.52.102)
378. Host is up.
379. Other addresses for www.crsouellet.com (not scanned): 52.31.170.172
380. rDNS record for 54.72.52.102: ec2-54-72-52-102.eu-west-1.compute.amazonaws.com
381.  
382. PORT STATE SERVICE
383. 53/udp open|filtered domain
384. 67/udp open|filtered dhcps
385. 68/udp open|filtered dhcpc
386. 69/udp open|filtered tftp
387. 88/udp open|filtered kerberos-sec
388. 123/udp open|filtered ntp
389. 137/udp open|filtered netbios-ns
390. 138/udp open|filtered netbios-dgm
391. 139/udp open|filtered netbios-ssn
392. 161/udp open|filtered snmp
393. 162/udp open|filtered snmptrap
394. 389/udp open|filtered ldap
395. 520/udp open|filtered route
396. 2049/udp open|filtered nfs
397. #######################################################################################################################################
398. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:49 EDT
399. Nmap scan report for www.crsouellet.com (52.31.170.172)
400. Host is up (0.11s latency).
401. Other addresses for www.crsouellet.com (not scanned): 54.72.52.102
402. rDNS record for 52.31.170.172: ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
403.  
404. PORT STATE SERVICE VERSION
405. 67/udp open|filtered dhcps
406. Too many fingerprints match this host to give specific OS details
407.  
408. TRACEROUTE (using proto 1/icmp)
409. HOP RTT ADDRESS
410. 1 7.18 ms 192.168.0.1
411. 2 18.23 ms 10.177.112.1
412. 3 19.81 ms 172.30.12.13
413. 4 27.54 ms 172.30.9.209
414. 5 30.16 ms 172.30.249.6
415. 6 29.11 ms motl-b1-link.telia.net (213.248.88.64)
416. 7 106.44 ms nyk-bb4-link.telia.net (62.115.134.52)
417. 8 107.22 ms ldn-bb4-link.telia.net (62.115.136.184)
418. 9 102.27 ms ldn-b7-link.telia.net (62.115.138.155)
419. 10 100.07 ms a100row-ic-304712-ldn-b3.c.telia.net (213.248.99.214)
420. 11 106.56 ms 54.239.100.108
421. 12 99.75 ms 54.239.100.121
422. 13 111.32 ms 54.239.42.105
423. 14 115.17 ms 54.239.42.175
424. 15 ...
425. 16 116.59 ms 52.93.6.140
426. 17 110.09 ms 52.93.101.53
427. 18 110.87 ms 52.93.101.4
428. 19 109.52 ms 52.93.7.145
429. 20 ... 30
430.  
431. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
432. Nmap done: 1 IP address (1 host up) scanned in 114.97 seconds
433. + -- --=[Port 68 opened... running tests...
434. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:51 EDT
435. Nmap scan report for www.crsouellet.com (54.72.52.102)
436. Host is up (0.15s latency).
437. Other addresses for www.crsouellet.com (not scanned): 52.31.170.172
438. rDNS record for 54.72.52.102: ec2-54-72-52-102.eu-west-1.compute.amazonaws.com
439.  
440. PORT STATE SERVICE VERSION
441. 68/udp open|filtered dhcpc
442. Too many fingerprints match this host to give specific OS details
443.  
444. TRACEROUTE (using proto 1/icmp)
445. HOP RTT ADDRESS
446. 1 12.64 ms 192.168.0.1
447. 2 29.16 ms 10.177.112.1
448. 3 29.56 ms 172.30.12.13
449. 4 43.54 ms 172.30.9.209
450. 5 44.72 ms 172.30.249.6
451. 6 43.90 ms motl-b1-link.telia.net (213.248.88.64)
452. 7 50.75 ms nyk-bb4-link.telia.net (62.115.134.52)
453. 8 112.91 ms ldn-bb4-link.telia.net (62.115.136.184)
454. 9 115.92 ms ldn-b1-link.telia.net (62.115.143.27)
455. 10 117.70 ms a100-ic-314170-ldn-b1.c.telia.net (213.248.104.222)
456. 11 111.29 ms 54.239.101.154
457. 12 112.17 ms 54.239.101.159
458. 13 ...
459. 14 119.95 ms 54.239.44.150
460. 15 ...
461. 16 120.54 ms 52.93.6.134
462. 17 112.69 ms 52.93.101.27
463. 18 146.89 ms 52.93.101.58
464. 19 135.36 ms 52.93.7.111
465. 20 ... 30
466.  
467. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
468. Nmap done: 1 IP address (1 host up) scanned in 109.90 seconds
469. + -- --=[Port 69 opened... running tests...
470. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:53 EDT
471. Nmap scan report for www.crsouellet.com (52.31.170.172)
472. Host is up (0.12s latency).
473. Other addresses for www.crsouellet.com (not scanned): 54.72.52.102
474. rDNS record for 52.31.170.172: ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
475.  
476. PORT STATE SERVICE VERSION
477. 69/udp open|filtered tftp
478. Too many fingerprints match this host to give specific OS details
479.  
480. TRACEROUTE (using proto 1/icmp)
481. HOP RTT ADDRESS
482. 1 8.24 ms 192.168.0.1
483. 2 21.03 ms 10.177.112.1
484. 3 22.64 ms 172.30.12.13
485. 4 30.69 ms 172.30.9.209
486. 5 31.65 ms 172.30.249.6
487. 6 32.45 ms motl-b1-link.telia.net (213.248.88.64)
488. 7 109.85 ms nyk-bb4-link.telia.net (62.115.134.52)
489. 8 113.03 ms ldn-bb4-link.telia.net (62.115.136.184)
490. 9 104.96 ms ldn-b7-link.telia.net (62.115.138.155)
491. 10 104.20 ms a100row-ic-304712-ldn-b3.c.telia.net (213.248.99.214)
492. 11 110.59 ms 54.239.100.108
493. 12 113.70 ms 54.239.100.121
494. 13 115.02 ms 54.239.42.105
495. 14 119.44 ms 54.239.42.175
496. 15 ...
497. 16 126.61 ms 52.93.6.140
498. 17 115.38 ms 52.93.101.53
499. 18 144.92 ms 52.93.101.4
500. 19 112.41 ms 52.93.7.145
501. 20 ... 30
502. #######################################################################################################################################
503. ^ ^
504. _ __ _ ____ _ __ _ _ ____
505. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
506. | V V // o // _/ | V V // 0 // 0 // _/
507. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
508. <
509. ...'
510.  
511. WAFW00F - Web Application Firewall Detection Tool
512.  
513. By Sandro Gauci && Wendel G. Henrique
514.  
515. Checking http://www.crsouellet.com
516. Generic Detection results:
517. No WAF detected by the generic detection
518. Number of requests: 15
519. #######################################################################################################################################
520. http://www.crsouellet.com [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[nginx], IP[52.31.170.172], RedirectLocation[https://www.crsouellet.com/], UncommonHeaders[x-jimdo-instance,x-jimdo-wid,x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset], nginx
521. https://www.crsouellet.com/ [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[54.72.52.102], Open-Graph-Protocol[website], Script[text/javascript], Strict-Transport-Security[max-age=604800], Title[Accueil - Construction et Rénovation Stéphane Ouellet inc.], UncommonHeaders[x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset,x-jimdo-instance,x-jimdo-wid], X-UA-Compatible[IE=edge], nginx
522. #######################################################################################################################################
523. wig - WebApp Information Gatherer
524.  
525.  
526. Scanning https://www.crsouellet.com...
527. ____________________ SITE INFO _____________________
528. IP Title
529. 54.72.52.102 Accueil - Construction et Rénovatio
530. 52.31.170.172
531.  
532. _____________________ VERSION ______________________
533. Name Versions Type
534. nginx Platform
535.  
536. ___________________ INTERESTING ____________________
537. URL Note Type
538. /robots.txt robots.txt index Interesting
539.  
540. ____________________________________________________
541. Time: 1.6 sec Urls: 597 Fingerprints: 40401
542. #######################################################################################################################################
543. HTTP/1.1 301 Moved Permanently
544. Cache-Control: no-cache, no-store, must-revalidate
545. Content-Type: text/html; charset=UTF-8
546. Date: Wed, 03 Oct 2018 11:55:54 GMT
547. Location: https://www.crsouellet.com/
548. Server: nginx
549. X-Jimdo-Instance: i-0353c19788b6e3266
550. X-Jimdo-Wid: s1af4e0a64d4eee5c
551. X-RateLimit-Limit: 0
552. X-RateLimit-Remaining: 0
553. X-RateLimit-Reset: 0
554. Connection: keep-alive
555. #######################################################################################################################################
556. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:55 EDT
557. Nmap scan report for www.crsouellet.com (52.31.170.172)
558. Host is up (0.17s latency).
559. Other addresses for www.crsouellet.com (not scanned): 54.72.52.102
560. rDNS record for 52.31.170.172: ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
561.  
562. PORT STATE SERVICE VERSION
563. 123/udp open|filtered ntp
564. Too many fingerprints match this host to give specific OS details
565.  
566. TRACEROUTE (using proto 1/icmp)
567. HOP RTT ADDRESS
568. 1 9.42 ms 192.168.0.1
569. 2 24.89 ms 10.177.112.1
570. 3 26.05 ms 172.30.12.13
571. 4 36.02 ms 172.30.9.209
572. 5 30.85 ms 172.30.249.6
573. 6 30.48 ms motl-b1-link.telia.net (213.248.88.64)
574. 7 107.66 ms nyk-bb4-link.telia.net (62.115.134.52)
575. 8 106.15 ms ldn-bb4-link.telia.net (62.115.136.184)
576. 9 109.84 ms ldn-b7-link.telia.net (62.115.138.155)
577. 10 107.17 ms a100row-ic-304712-ldn-b3.c.telia.net (213.248.99.214)
578. 11 108.26 ms 54.239.100.108
579. 12 99.58 ms 54.239.100.121
580. 13 112.66 ms 54.239.42.103
581. 14 116.30 ms 54.239.41.124
582. 15 ...
583. 16 116.88 ms 52.93.6.154
584. 17 119.42 ms 52.93.101.47
585. 18 136.65 ms 52.93.101.30
586. 19 115.98 ms 52.93.7.151
587. 20 ... 30
588.  
589. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
590. Nmap done: 1 IP address (1 host up) scanned in 130.02 seconds
591. + -- --=[Port 135 closed... skipping.
592. + -- --=[Port 137 closed... skipping.
593. + -- --=[Port 139 closed... skipping.
594. + -- --=[Port 161 opened... running tests...
595. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 07:58 EDT
596. Nmap scan report for www.crsouellet.com (54.72.52.102)
597. Host is up (0.13s latency).
598. Other addresses for www.crsouellet.com (not scanned): 52.31.170.172
599. rDNS record for 54.72.52.102: ec2-54-72-52-102.eu-west-1.compute.amazonaws.com
600.  
601. PORT STATE SERVICE VERSION
602. 161/tcp closed snmp
603. 161/udp open|filtered snmp
604. Too many fingerprints match this host to give specific OS details
605.  
606. TRACEROUTE (using proto 1/icmp)
607. HOP RTT ADDRESS
608. 1 9.60 ms 192.168.0.1
609. 2 30.83 ms 10.177.112.1
610. 3 26.96 ms 172.30.12.13
611. 4 34.44 ms 172.30.9.209
612. 5 35.14 ms 172.30.249.6
613. 6 34.85 ms motl-b1-link.telia.net (213.248.88.64)
614. 7 39.49 ms nyk-bb4-link.telia.net (62.115.134.52)
615. 8 114.22 ms ldn-bb4-link.telia.net (62.115.136.184)
616. 9 114.61 ms ldn-b1-link.telia.net (62.115.143.27)
617. 10 117.64 ms a100-ic-314170-ldn-b1.c.telia.net (213.248.104.222)
618. 11 112.59 ms 54.239.101.154
619. 12 103.89 ms 54.239.101.159
620. 13 ...
621. 14 115.45 ms 54.239.44.144
622. 15 ...
623. 16 126.01 ms 52.93.6.134
624. 17 114.03 ms 52.93.101.27
625. 18 144.95 ms 52.93.101.58
626. 19 115.78 ms 52.93.7.111
627. 20 ... 30
628.  
629. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
630. Nmap done: 1 IP address (1 host up) scanned in 125.42 seconds
631.  
632. +-------------------------------------------------------+
633. | METASPLOIT by Rapid7 |
634. +---------------------------+---------------------------+
635. | __________________ | |
636. | ==c(______(o(______(_() | |""""""""""""|======[*** |
637. | )=\ | | EXPLOIT \ |
638. | // \\ | |_____________\_______ |
639. | // \\ | |==[msf >]============\ |
640. | // \\ | |______________________\ |
641. | // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
642. | // \\ | ********************* |
643. +---------------------------+---------------------------+
644. | o O o | \'\/\/\/'/ |
645. | o O | )======( |
646. | o | .' LOOT '. |
647. | |^^^^^^^^^^^^^^|l___ | / _||__ \ |
648. | | PAYLOAD |""\___, | / (_||_ \ |
649. | |________________|__|)__| | | __||_) | |
650. | |(@)(@)"""**|(@)(@)**|(@) | " || " |
651. | = = = = = = = = = = = = | '--------------' |
652. +---------------------------+---------------------------+
653.  
654.  
655. =[ metasploit v4.17.15-dev ]
656. + -- --=[ 1811 exploits - 1031 auxiliary - 314 post ]
657. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
658. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
659. #######################################################################################################################################
660.  
661. ^ ^
662. _ __ _ ____ _ __ _ _ ____
663. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
664. | V V // o // _/ | V V // 0 // 0 // _/
665. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
666. <
667. ...'
668.  
669. WAFW00F - Web Application Firewall Detection Tool
670.  
671. By Sandro Gauci && Wendel G. Henrique
672.  
673. Checking https://www.crsouellet.com
674. Generic Detection results:
675. No WAF detected by the generic detection
676. Number of requests: 14
677. ######################################################################################################################################
678. https://www.crsouellet.com [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[54.72.52.102], Open-Graph-Protocol[website], Script[text/javascript], Strict-Transport-Security[max-age=604800], Title[Accueil - Construction et Rénovation Stéphane Ouellet inc.], UncommonHeaders[x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset,x-jimdo-instance,x-jimdo-wid], X-UA-Compatible[IE=edge], nginx
679. #######################################################################################################################################
680. wig - WebApp Information Gatherer
681.  
682.  
683. Scanning https://www.crsouellet.com...
684. ____________________ SITE INFO _____________________
685. IP Title
686. 54.72.52.102 Accueil - Construction et Rénovatio
687. 52.31.170.172
688.  
689. _____________________ VERSION ______________________
690. Name Versions Type
691. nginx Platform
692.  
693. ___________________ INTERESTING ____________________
694. URL Note Type
695. /robots.txt robots.txt index Interesting
696.  
697. ____________________________________________________
698. Time: 1.6 sec Urls: 597 Fingerprints: 40401
699. #######################################################################################################################################
700. HTTP/1.1 200 OK
701. Date: Wed, 03 Oct 2018 12:00:41 GMT
702. Content-Type: text/html; charset=UTF-8
703. Connection: keep-alive
704. Vary: Accept-Encoding
705. X-RateLimit-Limit: 0
706. X-RateLimit-Remaining: 0
707. X-RateLimit-Reset: 0
708. X-Jimdo-Instance: i-0b715a44d5ce2f135
709. X-Jimdo-Wid: s1af4e0a64d4eee5c
710. Cache-Control: no-cache, no-store, must-revalidate
711. Strict-Transport-Security: max-age=604800
712. Server: nginx
713. #######################################################################################################################################
714.  
715.  
716. AVAILABLE PLUGINS
717. -----------------
718.  
719. PluginHeartbleed
720. PluginHSTS
721. PluginOpenSSLCipherSuites
722. PluginSessionResumption
723. PluginSessionRenegotiation
724. PluginCertInfo
725. PluginCompression
726. PluginChromeSha1Deprecation
727.  
728.  
729.  
730. CHECKING HOST(S) AVAILABILITY
731. -----------------------------
732.  
733. www.crsouellet.com:443 => 52.31.170.172:443
734.  
735.  
736.  
737. SCAN RESULTS FOR WWW.CRSOUELLET.COM:443 - 52.31.170.172:443
738. -----------------------------------------------------------
739.  
740. * Deflate Compression:
741. OK - Compression disabled
742.  
743. * Session Renegotiation:
744. Client-initiated Renegotiations: OK - Rejected
745. Secure Renegotiation: OK - Supported
746.  
747. * Certificate - Content:
748. SHA1 Fingerprint: bd2499317d8d684c83a74612a7cae235713f7fe6
749. Common Name: www.crsouellet.com
750. Issuer: Let's Encrypt Authority X3
751. Serial Number: 042E24B1DA5D1F79F60185B5DD7EC6E57223
752. Not Before: Aug 31 20:38:29 2018 GMT
753. Not After: Nov 29 20:38:29 2018 GMT
754. Signature Algorithm: sha256WithRSAEncryption
755. Public Key Algorithm: rsaEncryption
756. Key Size: 2048 bit
757. Exponent: 65537 (0x10001)
758. X509v3 Subject Alternative Name: {'DNS': ['www.crsouellet.com']}
759.  
760. * Certificate - Trust:
761. Hostname Validation: OK - Subject Alternative Name matches
762. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
763. Java 6 CA Store (Update 65): OK - Certificate is trusted
764. Microsoft CA Store (09/2015): OK - Certificate is trusted
765. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
766. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
767. Certificate Chain Received: ['www.crsouellet.com', "Let's Encrypt Authority X3"]
768.  
769. * Certificate - OCSP Stapling:
770. OCSP Response Status: successful
771. Validation w/ Mozilla's CA Store: OK - Response is trusted
772. Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
773. Cert Status: good
774. Cert Serial Number: 042E24B1DA5D1F79F60185B5DD7EC6E57223
775. This Update: Sep 30 21:00:00 2018 GMT
776. Next Update: Oct 7 21:00:00 2018 GMT
777.  
778. * Session Resumption:
779. With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
780. With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned.
781.  
782. * SSLV2 Cipher Suites:
783. Server rejected all cipher suites.
784.  
785. * SSLV3 Cipher Suites:
786. Server rejected all cipher suites.
787.  
788.  
789.  
790. SCAN COMPLETED IN 2.72 S
791. ------------------------
792. Version: 1.11.11-static
793. OpenSSL 1.0.2-chacha (1.0.2g-dev)
794.  
795. Connected to 54.72.52.102
796.  
797. Testing SSL server www.crsouellet.com on port 443 using SNI name www.crsouellet.com
798.  
799. TLS Fallback SCSV:
800. Server supports TLS Fallback SCSV
801.  
802. TLS renegotiation:
803. Secure session renegotiation supported
804.  
805. TLS Compression:
806. Compression disabled
807.  
808. Heartbleed:
809. TLS 1.2 not vulnerable to heartbleed
810. TLS 1.1 not vulnerable to heartbleed
811. TLS 1.0 not vulnerable to heartbleed
812.  
813. Supported Server Cipher(s):
814. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
815. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
816. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
817. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
818. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
819. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
820. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
821. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
822. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
823. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
824. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
825. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
826. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
827. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
828. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
829. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
830. Accepted TLSv1.2 128 bits AES128-SHA256
831. Accepted TLSv1.2 256 bits AES256-SHA256
832. Accepted TLSv1.2 128 bits AES128-SHA
833. Accepted TLSv1.2 256 bits AES256-SHA
834. Accepted TLSv1.2 112 bits DES-CBC3-SHA
835. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
836. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
837. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
838. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
839. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
840. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
841. Accepted TLSv1.1 128 bits AES128-SHA
842. Accepted TLSv1.1 256 bits AES256-SHA
843. Accepted TLSv1.1 112 bits DES-CBC3-SHA
844. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
845. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
846. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
847. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
848. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
849. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
850. Accepted TLSv1.0 128 bits AES128-SHA
851. Accepted TLSv1.0 256 bits AES256-SHA
852. Accepted TLSv1.0 112 bits DES-CBC3-SHA
853.  
854. SSL Certificate:
855. Signature Algorithm: sha256WithRSAEncryption
856. RSA Key Strength: 2048
857.  
858. Subject: www.crsouellet.com
859. Altnames: DNS:www.crsouellet.com
860. Issuer: Let's Encrypt Authority X3
861.  
862. Not valid before: Aug 31 20:38:29 2018 GMT
863. Not valid after: Nov 29 20:38:29 2018 GMT
864.  
865. #######################################################################################################################################
866. I, [2018-10-03T08:01:13.374221 #31064] INFO -- : Initiating port scan
867. I, [2018-10-03T08:01:35.248252 #31064] INFO -- : Using nmap scan output file logs/nmap_output_2018-10-03_08-01-13.xml
868. I, [2018-10-03T08:01:35.249141 #31064] INFO -- : Discovered open port: 52.31.170.172:80
869. I, [2018-10-03T08:01:35.764772 #31064] INFO -- : Discovered open port: 52.31.170.172:443
870. I, [2018-10-03T08:01:36.231715 #31064] INFO -- : <<<Enumerating vulnerable applications>>>
871. --------------------------------------------------------
872. <<<Yasuo discovered following vulnerable applications>>>
873. --------------------------------------------------------
874. +----------+--------------------+-------------------+----------+----------+
875. | App Name | URL to Application | Potential Exploit | Username | Password |
876. +----------+--------------------+-------------------+----------+----------+
877. +----------+--------------------+-------------------+----------+----------+
878. ######################################################################################################################################
879. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 08:02 EDT
880. NSE: Loaded 285 scripts for scanning.
881. NSE: Script Pre-scanning.
882. Initiating NSE at 08:02
883. NSE: [shodan-api] Error: Please specify your ShodanAPI key with the shodan-api.apikey argument
884. NSE: [mtrace] A source IP must be provided through fromip argument.
885. Completed NSE at 08:02, 10.62s elapsed
886. Initiating NSE at 08:02
887. Completed NSE at 08:02, 0.00s elapsed
888. Initiating NSE at 08:02
889. Completed NSE at 08:02, 0.00s elapsed
890. Pre-scan script results:
891. | broadcast-igmp-discovery:
892. | 192.168.0.1
893. | Interface: eth0
894. | Version: 2
895. | Group: 224.0.0.2
896. | Description: All Routers on this Subnet
897. | 192.168.0.1
898. | Interface: eth0
899. | Version: 2
900. | Group: 224.0.0.22
901. | Description: IGMP
902. | 192.168.0.2
903. | Interface: eth0
904. | Version: 2
905. | Group: 224.0.0.251
906. | Description: mDNS (rfc6762)
907. | 192.168.0.2
908. | Interface: eth0
909. | Version: 2
910. | Group: 224.0.0.252
911. | Description: Link-local Multicast Name Resolution (rfc4795)
912. | 192.168.0.3
913. | Interface: eth0
914. | Version: 2
915. | Group: 239.255.255.246
916. | Description: Organization-Local Scope (rfc2365)
917. | 192.168.0.3
918. | Interface: eth0
919. | Version: 2
920. | Group: 239.255.255.250
921. | Description: Organization-Local Scope (rfc2365)
922. |_ Use the newtargets script-arg to add the results as targets
923. | broadcast-ping:
924. | IP: 192.168.0.1 MAC: 38:70:0c:d7:c1:0a
925. |_ Use --script-args=newtargets to add the results as targets
926. | lltd-discovery:
927. | 192.168.0.3
928. | Hostname: [TV]UN46ES7100
929. | Mac: 1c:5a:3e:1e:10:51 (Samsung Electronics)
930. |_ Use the newtargets script-arg to add the results as targets
931. | targets-asn:
932. |_ targets-asn.asn is a mandatory parameter
933. Initiating Ping Scan at 08:02
934. Scanning www.crsouellet.com (52.31.170.172) [7 ports]
935. Completed Ping Scan at 08:02, 0.16s elapsed (1 total hosts)
936. Initiating Parallel DNS resolution of 1 host. at 08:02
937. Completed Parallel DNS resolution of 1 host. at 08:02, 0.02s elapsed
938. Initiating SYN Stealth Scan at 08:02
939. Scanning www.crsouellet.com (52.31.170.172) [1000 ports]
940. Discovered open port 80/tcp on 52.31.170.172
941. Discovered open port 443/tcp on 52.31.170.172
942. Completed SYN Stealth Scan at 08:02, 9.11s elapsed (1000 total ports)
943. Initiating UDP Scan at 08:02
944. Scanning www.crsouellet.com (52.31.170.172) [1000 ports]
945. Completed UDP Scan at 08:03, 10.84s elapsed (1000 total ports)
946. Initiating Service scan at 08:03
947. Scanning 1000 services on www.crsouellet.com (52.31.170.172)
948. Service scan Timing: About 0.40% done
949. Service scan Timing: About 0.60% done
950. Service scan Timing: About 3.30% done; ETC: 09:11 (1:06:25 remaining)
951. Service scan Timing: About 3.50% done; ETC: 09:22 (1:16:17 remaining)
952. Service scan Timing: About 3.60% done; ETC: 09:33 (1:27:28 remaining)
953. Service scan Timing: About 6.30% done; ETC: 09:06 (0:59:00 remaining)
954. Service scan Timing: About 6.60% done; ETC: 09:17 (1:09:06 remaining)
955. Service scan Timing: About 9.30% done; ETC: 09:03 (0:54:37 remaining)
956. Service scan Timing: About 9.60% done; ETC: 09:11 (1:01:22 remaining)
957. Service scan Timing: About 12.30% done; ETC: 09:01 (0:51:27 remaining)
958. Service scan Timing: About 12.60% done; ETC: 09:07 (0:56:25 remaining)
959. Service scan Timing: About 15.30% done; ETC: 09:00 (0:49:00 remaining)
960. Service scan Timing: About 15.60% done; ETC: 09:05 (0:52:50 remaining)
961. Service scan Timing: About 18.30% done; ETC: 09:00 (0:46:44 remaining)
962. Service scan Timing: About 18.60% done; ETC: 09:04 (0:49:49 remaining)
963. Service scan Timing: About 21.30% done; ETC: 08:59 (0:44:42 remaining)
964. Service scan Timing: About 24.20% done; ETC: 08:57 (0:41:21 remaining)
965. Service scan Timing: About 24.60% done; ETC: 09:02 (0:44:51 remaining)
966. Service scan Timing: About 27.30% done; ETC: 08:59 (0:40:53 remaining)
967. Service scan Timing: About 30.20% done; ETC: 08:57 (0:38:01 remaining)
968. Service scan Timing: About 35.80% done; ETC: 08:57 (0:35:09 remaining)
969. Service scan Timing: About 41.80% done; ETC: 08:57 (0:31:49 remaining)
970. Service scan Timing: About 47.80% done; ETC: 08:57 (0:28:30 remaining)
971. Service scan Timing: About 53.80% done; ETC: 08:57 (0:25:12 remaining)
972. Service scan Timing: About 59.80% done; ETC: 08:57 (0:21:55 remaining)
973. Service scan Timing: About 65.80% done; ETC: 08:57 (0:18:38 remaining)
974. Service scan Timing: About 71.70% done; ETC: 08:57 (0:15:26 remaining)
975. Service scan Timing: About 77.70% done; ETC: 08:57 (0:12:09 remaining)
976. Service scan Timing: About 83.70% done; ETC: 08:57 (0:08:53 remaining)
977. Service scan Timing: About 89.20% done; ETC: 08:57 (0:05:55 remaining)
978. Service scan Timing: About 95.20% done; ETC: 08:57 (0:02:38 remaining)
979. Completed Service scan at 08:58, 3315.84s elapsed (1000 services on 1 host)
980. Initiating OS detection (try #1) against www.crsouellet.com (52.31.170.172)
981. Retrying OS detection (try #2) against www.crsouellet.com (52.31.170.172)
982. Retrying OS detection (try #3) against www.crsouellet.com (52.31.170.172)
983. Retrying OS detection (try #4) against www.crsouellet.com (52.31.170.172)
984. Retrying OS detection (try #5) against www.crsouellet.com (52.31.170.172)
985. Initiating Traceroute at 08:58
986. Completed Traceroute at 08:58, 3.26s elapsed
987. Initiating Parallel DNS resolution of 19 hosts. at 08:58
988. Completed Parallel DNS resolution of 19 hosts. at 08:58, 0.15s elapsed
989. NSE: Script scanning 52.31.170.172.
990. Initiating NSE at 08:58
991. NSE: [ip-geolocation-maxmind] You must specify a Maxmind database file with the maxmind_db argument.
992. NSE: [ip-geolocation-maxmind] Download the database from http://dev.maxmind.com/geoip/legacy/geolite/
993. Completed NSE at 09:00, 111.42s elapsed
994. Initiating NSE at 09:00
995. NSOCK ERROR [3498.6060s] mksock_bind_addr(): Bind to 0.0.0.0:920 failed (IOD #885): Address already in use (98)
996. NSOCK ERROR [3507.6590s] mksock_bind_addr(): Bind to 0.0.0.0:919 failed (IOD #1061): Address already in use (98)
997. NSOCK ERROR [3507.6590s] mksock_bind_addr(): Bind to 0.0.0.0:919 failed (IOD #1071): Address already in use (98)
998. NSOCK ERROR [3520.7010s] mksock_bind_addr(): Bind to 0.0.0.0:919 failed (IOD #1343): Address already in use (98)
999. Completed NSE at 09:01, 48.67s elapsed
1000. Initiating NSE at 09:01
1001. Completed NSE at 09:01, 3.31s elapsed
1002. Nmap scan report for www.crsouellet.com (52.31.170.172)
1003. Host is up (0.11s latency).
1004. Other addresses for www.crsouellet.com (not scanned): 54.72.52.102
1005. rDNS record for 52.31.170.172: ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
1006. Not shown: 998 open|filtered ports, 994 closed ports
1007. PORT STATE SERVICE VERSION
1008. 25/tcp filtered smtp
1009. 80/tcp open http nginx
1010. |_http-comments-displayer: Couldn't find any comments.
1011. |_http-date: Wed, 03 Oct 2018 12:58:52 GMT; 0s from local time.
1012. | http-headers:
1013. | Cache-Control: no-cache, no-store, must-revalidate
1014. | Content-Type: text/html; charset=UTF-8
1015. | Date: Wed, 03 Oct 2018 12:58:56 GMT
1016. | Location: https://www.crsouellet.com/
1017. | Server: nginx
1018. | X-Jimdo-Instance: i-0bb42b4f4e2b5d690
1019. | X-Jimdo-Wid: s1af4e0a64d4eee5c
1020. | X-RateLimit-Limit: 0
1021. | X-RateLimit-Remaining: 0
1022. | X-RateLimit-Reset: 0
1023. | Content-Length: 0
1024. | Connection: Close
1025. |
1026. |_ (Request type: GET)
1027. | http-methods:
1028. |_ Supported Methods: GET HEAD POST OPTIONS
1029. |_http-mobileversion-checker: No mobile version detected.
1030. |_http-referer-checker: Couldn't find any cross-domain scripts.
1031. | http-robots.txt: 2 disallowed entries
1032. |_/app/ /j/
1033. | http-security-headers:
1034. | Strict_Transport_Security:
1035. | Header: Strict-Transport-Security: max-age=604800
1036. | Cache_Control:
1037. |_ Header: Cache-Control: no-cache, no-store, must-revalidate
1038. |_http-server-header: nginx
1039. |_http-title: Did not follow redirect to https://www.crsouellet.com/
1040. | http-traceroute:
1041. |_ Possible reverse proxy detected.
1042. | http-useragent-tester:
1043. | Status for browser useragent: 400
1044. | Redirected To: https://www.crsouellet.com/
1045. | Allowed User Agents:
1046. | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
1047. | libwww
1048. | Change in Status Code:
1049. | Wget/1.13.4 (linux-gnu): 200
1050. | GT::WWW: 200
1051. | lwp-trivial: 200
1052. | PECL::HTTP: 200
1053. | http client: 200
1054. | Zend_Http_Client: 200
1055. | URI::Fetch: 200
1056. | WWW-Mechanize/1.34: 200
1057. | HTTP::Lite: 200
1058. | Snoopy: 200
1059. | libcurl-agent/1.0: 200
1060. | MFC_Tear_Sample: 200
1061. | PHPCrawl: 200
1062. | Python-urllib/2.5: 200
1063. |_ PHP/: 200
1064. |_http-xssed: No previously reported XSS vuln.
1065. 135/tcp filtered msrpc
1066. 139/tcp filtered netbios-ssn
1067. 443/tcp open ssl/http nginx
1068. | http-affiliate-id:
1069. |_ Google Analytics ID: UA-24232538-69
1070. | http-comments-displayer:
1071. | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.crsouellet.com
1072. |
1073. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1074. | Line number: 117
1075. | Comment:
1076. | <!-- _subnavigation.sass -->
1077. |
1078. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1079. | Line number: 46
1080. | Comment:
1081. | //<![CDATA[
1082. |
1083. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1084. | Line number: 169
1085. | Comment:
1086. | <!-- _cart.sass -->
1087. |
1088. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1089. | Line number: 96
1090. | Comment:
1091. | <!-- _section-main.sass -->
1092. |
1093. | Path: https://www.crsouellet.com:443/nos-r%c3%a9alisations/finition-ext%c3%a9rieure/
1094. | Line number: 321
1095. | Comment:
1096. |
1097. | //]]>
1098. |
1099. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1100. | Line number: 114
1101. | Comment:
1102. | <!-- END _section-main -->
1103. |
1104. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1105. | Line number: 93
1106. | Comment:
1107. | <!-- END _navigation.sass -->
1108. |
1109. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1110. | Line number: 48
1111. | Comment:
1112. | // ]]>
1113. |
1114. | Path: https://www.crsouellet.com:443/nos-r%c3%a9alisations/finition-ext%c3%a9rieure/
1115. | Line number: 300
1116. | Comment:
1117. |
1118. | //<![CDATA[
1119. |
1120. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1121. | Line number: 80
1122. | Comment:
1123. | <!-- _mobile-navigation.sass -->
1124. |
1125. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1126. | Line number: 38
1127. | Comment:
1128. |
1129. | // ]]>
1130. |
1131. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1132. | Line number: 146
1133. | Comment:
1134. | <!-- _footer.sass -->
1135. |
1136. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1137. | Line number: 169
1138. | Comment:
1139. | <!-- END _footer.sass -->
1140. |
1141. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1142. | Line number: 176
1143. | Comment:
1144. | <!-- END _main.sass -->
1145. |
1146. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1147. | Line number: 33
1148. | Comment:
1149. | /* ]]> */
1150. |
1151. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1152. | Line number: 34
1153. | Comment:
1154. |
1155. | // <![CDATA[
1156. |
1157. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1158. | Line number: 120
1159. | Comment:
1160. | <!-- END _subnavigation.sass -->
1161. |
1162. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1163. | Line number: 33
1164. | Comment:
1165. | /*! loadCss [c]2014 @scottjehl, Filament Group, Inc. Licensed MIT */
1166. |
1167. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1168. | Line number: 172
1169. | Comment:
1170. | <!-- END _cart.sass -->
1171. |
1172. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1173. | Line number: 116
1174. | Comment:
1175. | <!-- _section-aside.sass -->
1176. |
1177. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1178. | Line number: 65
1179. | Comment:
1180. | <!-- _header.sass -->
1181. |
1182. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1183. | Line number: 60
1184. | Comment:
1185. | <!-- _main.sass -->
1186. |
1187. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1188. | Line number: 91
1189. | Comment:
1190. | <!-- _navigation.sass -->
1191. |
1192. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1193. | Line number: 33
1194. | Comment:
1195. | /* <![CDATA[ */
1196. |
1197. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1198. | Line number: 96
1199. | Comment:
1200. | <!-- END _header.sass -->
1201. |
1202. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1203. | Line number: 146
1204. | Comment:
1205. | <!-- END _section-aside.sass -->
1206. |
1207. | Path: https://www.crsouellet.com:443/%20'https:/www.google-analytics.com/like
1208. | Line number: 89
1209. | Comment:
1210. |_ <!-- END _mobile-navigation.sass -->
1211. |_http-date: Wed, 03 Oct 2018 12:59:12 GMT; -1s from local time.
1212. | http-grep:
1213. | (1) https://www.crsouellet.com:443/contactez-nous/:
1214. | (1) email:
1215. |_ + info@crsouellet.com
1216. | http-headers:
1217. | Date: Wed, 03 Oct 2018 12:59:14 GMT
1218. | Content-Type: text/html; charset=UTF-8
1219. | Connection: close
1220. | Vary: Accept-Encoding
1221. | X-RateLimit-Limit: 0
1222. | X-RateLimit-Remaining: 0
1223. | X-RateLimit-Reset: 0
1224. | X-Jimdo-Instance: i-08d175a1ab1ce3d10
1225. | X-Jimdo-Wid: s1af4e0a64d4eee5c
1226. | Cache-Control: no-cache, no-store, must-revalidate
1227. | Strict-Transport-Security: max-age=604800
1228. | Server: nginx
1229. |
1230. |_ (Request type: HEAD)
1231. | http-methods:
1232. |_ Supported Methods: GET HEAD POST OPTIONS
1233. |_http-mobileversion-checker: No mobile version detected.
1234. | http-referer-checker:
1235. | Spidering limited to: maxpagecount=30
1236. | https://www.google-analytics.com:443/ga.js
1237. | https://assets.jimstatic.com:443/web.js.9f4f6a7612079b0db1ca.js
1238. |_ https://assets.jimstatic.com:443/ckies.js.6ba749c796f52a37720e.js
1239. | http-robots.txt: 2 disallowed entries
1240. |_/app/ /j/
1241. | http-security-headers:
1242. | Strict_Transport_Security:
1243. | Header: Strict-Transport-Security: max-age=604800
1244. | Cache_Control:
1245. |_ Header: Cache-Control: no-cache, no-store, must-revalidate
1246. |_http-server-header: nginx
1247. |_http-title: Accueil - Construction et R\xC3\xA9novation St\xC3\xA9phane Ouellet inc.
1248. | http-traceroute:
1249. |_ Possible reverse proxy detected.
1250. | http-useragent-tester:
1251. | Status for browser useragent: 200
1252. | Allowed User Agents:
1253. | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
1254. | libwww
1255. | lwp-trivial
1256. | libcurl-agent/1.0
1257. | PHP/
1258. | Python-urllib/2.5
1259. | GT::WWW
1260. | Snoopy
1261. | MFC_Tear_Sample
1262. | HTTP::Lite
1263. | PHPCrawl
1264. | URI::Fetch
1265. | Zend_Http_Client
1266. | http client
1267. | PECL::HTTP
1268. | Wget/1.13.4 (linux-gnu)
1269. |_ WWW-Mechanize/1.34
1270. |_http-xssed: No previously reported XSS vuln.
1271. | ssl-cert: Subject: commonName=www.crsouellet.com
1272. | Subject Alternative Name: DNS:www.crsouellet.com
1273. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1274. | Public Key type: rsa
1275. | Public Key bits: 2048
1276. | Signature Algorithm: sha256WithRSAEncryption
1277. | Not valid before: 2018-08-31T20:38:29
1278. | Not valid after: 2018-11-29T20:38:29
1279. | MD5: 3c3f 1ab6 e0a0 bd37 f41f 21fc 4ff3 23b2
1280. |_SHA-1: bd24 9931 7d8d 684c 83a7 4612 a7ca e235 713f 7fe6
1281. |_ssl-date: TLS randomness does not represent time
1282. | tls-alpn:
1283. |_ http/1.1
1284. | tls-nextprotoneg:
1285. |_ http/1.1
1286. 445/tcp filtered microsoft-ds
1287. 137/udp filtered netbios-ns
1288. 445/udp filtered microsoft-ds
1289. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1290. TCP/IP fingerprint:
1291. OS:SCAN(V=7.70%E=4%D=10/3%OT=80%CT=1%CU=%PV=N%DS=27%DC=T%G=Y%TM=5BB4BDA4%P=
1292. OS:x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=109%TI=Z%TS=8)OPS(O1=M5B4ST11NW
1293. OS:8%O2=M5B4ST11NW8%O3=M5B4NNT11NW8%O4=M5B4ST11NW8%O5=M5B4ST11NW8%O6=M5B4ST
1294. OS:11)WIN(W1=68DF%W2=68DF%W3=68DF%W4=68DF%W5=68DF%W6=68DF)ECN(R=Y%DF=Y%TG=F
1295. OS:F%W=6903%O=M5B4NNSNW8%CC=Y%Q=)T1(R=Y%DF=Y%TG=FF%S=O%A=S+%F=AS%RD=0%Q=)T2
1296. OS:(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N
1297. OS:)T7(R=N)U1(R=N)IE(R=N)
1298.  
1299. Uptime guess: 3.067 days (since Sun Sep 30 07:25:17 2018)
1300. Network Distance: 27 hops
1301. TCP Sequence Prediction: Difficulty=261 (Good luck!)
1302. IP ID Sequence Generation: All zeros
1303.  
1304. Host script results:
1305. | asn-query:
1306. | BGP: 52.30.0.0/15 | Country: US
1307. | Origin AS: 16509 - AMAZON-02 - Amazon.com, Inc., US
1308. |_ Peer AS: 174 1103 1299 2914 3356
1309. | fcrdns:
1310. | ec2-52-31-170-172.eu-west-1.compute.amazonaws.com:
1311. | status: pass
1312. | addresses:
1313. |_ 52.31.170.172
1314. | firewalk:
1315. | HOP HOST PROTOCOL BLOCKED PORTS
1316. | 1 192.168.0.1 tcp 25,135,139,445
1317. |_19 52.93.7.129 udp 2
1318. |_hostmap-robtex: ERROR: Script execution failed (use -d to debug)
1319. | ip-geolocation-geoplugin:
1320. |_52.31.170.172 (www.crsouellet.com)
1321. |_ipidseq: All zeros
1322. |_path-mtu: PMTU == 1500
1323. | qscan:
1324. | PORT FAMILY MEAN (us) STDDEV LOSS (%)
1325. | 1 0 114685.30 3381.31 0.0%
1326. | 80 0 113144.00 1866.59 0.0%
1327. |_443 0 114346.30 2625.26 0.0%
1328. | resolveall:
1329. | Host 'www.crsouellet.com' also resolves to:
1330. | 54.72.52.102
1331. | Use the 'newtargets' script-arg to add the results as targets
1332. |_ Use the --resolve-all option to scan all resolved addresses without using this script.
1333. |_traceroute-geolocation: ERROR: Script execution failed (use -d to debug)
1334. | whois-domain:
1335. |
1336. | Domain name record found at whois.verisign-grs.com
1337. | Domain Name: CRSOUELLET.COM\x0D
1338. | Registry Domain ID: 1897652470_DOMAIN_COM-VRSN\x0D
1339. | Registrar WHOIS Server: whois.psi-usa.info\x0D
1340. | Registrar URL: http://www.psi-usa.info\x0D
1341. | Updated Date: 2018-01-23T09:04:09Z\x0D
1342. | Creation Date: 2015-01-23T01:58:15Z\x0D
1343. | Registry Expiry Date: 2019-01-23T01:58:15Z\x0D
1344. | Registrar: PSI-USA, Inc. dba Domain Robot\x0D
1345. | Registrar IANA ID: 151\x0D
1346. | Registrar Abuse Contact Email: domain-abuse@psi-usa.info\x0D
1347. | Registrar Abuse Contact Phone: +49.94159559482\x0D
1348. | Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\x0D
1349. | Name Server: NS1.JIMDO.COM\x0D
1350. | Name Server: NS2.JIMDO.COM\x0D
1351. | DNSSEC: unsigned\x0D
1352. | URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/\x0D
1353. | >>> Last update of whois database: 2018-10-03T12:58:35Z <<<\x0D
1354. | \x0D
1355. | For more information on Whois status codes, please visit https://icann.org/epp\x0D
1356. | \x0D
1357. | NOTICE: The expiration date displayed in this record is the date the\x0D
1358. | registrar's sponsorship of the domain name registration in the registry is\x0D
1359. | currently set to expire. This date does not necessarily reflect the expiration\x0D
1360. | date of the domain name registrant's agreement with the sponsoring\x0D
1361. | registrar. Users may consult the sponsoring registrar's Whois database to\x0D
1362. | view the registrar's reported date of expiration for this registration.\x0D
1363. | \x0D
1364. | TERMS OF USE: You are not authorized to access or query our Whois\x0D
1365. | database through the use of electronic processes that are high-volume and\x0D
1366. | automated except as reasonably necessary to register domain names or\x0D
1367. | modify existing registrations; the Data in VeriSign Global Registry\x0D
1368. | Services' ("VeriSign") Whois database is provided by VeriSign for\x0D
1369. | information purposes only, and to assist persons in obtaining information\x0D
1370. | about or related to a domain name registration record. VeriSign does not\x0D
1371. | guarantee its accuracy. By submitting a Whois query, you agree to abide\x0D
1372. | by the following terms of use: You agree that you may use this Data only\x0D
1373. | for lawful purposes and that under no circumstances will you use this Data\x0D
1374. | to: (1) allow, enable, or otherwise support the transmission of mass\x0D
1375. | unsolicited, commercial advertising or solicitations via e-mail, telephone,\x0D
1376. | or facsimile; or (2) enable high volume, automated, electronic processes\x0D
1377. | that apply to VeriSign (or its computer systems). The compilation,\x0D
1378. | repackaging, dissemination or other use of this Data is expressly\x0D
1379. | prohibited without the prior written consent of VeriSign. You agree not to\x0D
1380. | use electronic processes that are automated and high-volume to access or\x0D
1381. | query the Whois database except as reasonably necessary to register\x0D
1382. | domain names or modify existing registrations. VeriSign reserves the right\x0D
1383. | to restrict your access to the Whois database in its sole discretion to ensure\x0D
1384. | operational stability. VeriSign may restrict or terminate your access to the\x0D
1385. | Whois database for failure to abide by these terms of use. VeriSign\x0D
1386. | reserves the right to modify these terms at any time.\x0D
1387. | \x0D
1388. | The Registry database contains ONLY .COM, .NET, .EDU domains and\x0D
1389. |_Registrars.\x0D
1390. | whois-ip: Record found at whois.arin.net
1391. | netrange: 52.30.0.0 - 52.31.255.255
1392. | netname: AMAZON-DUB
1393. | orgname: Amazon Data Services Ireland Limited
1394. | orgid: ADSIL-1
1395. | country: IE stateprov: D24
1396. | orgtechname: Amazon EC2 Network Operations
1397. |_orgtechemail: amzn-noc-contact@amazon.com
1398.  
1399. TRACEROUTE (using port 3389/tcp)
1400. HOP RTT ADDRESS
1401. 1 9.93 ms 192.168.0.1
1402. 2 18.62 ms 10.177.112.1
1403. 3 19.43 ms 172.30.12.13
1404. 4 27.58 ms 172.30.9.209
1405. 5 30.21 ms 172.30.249.6
1406. 6 29.28 ms motl-b1-link.telia.net (213.248.88.64)
1407. 7 106.76 ms nyk-bb4-link.telia.net (62.115.134.52)
1408. 8 106.39 ms ldn-bb4-link.telia.net (62.115.136.184)
1409. 9 108.57 ms ldn-b7-link.telia.net (62.115.138.155)
1410. 10 104.37 ms a100row-ic-304712-ldn-b3.c.telia.net (213.248.99.214)
1411. 11 118.17 ms 54.239.100.30
1412. 12 105.09 ms 54.239.100.37
1413. 13 121.97 ms 54.239.42.105
1414. 14 115.80 ms 54.239.41.122
1415. 15 ...
1416. 16 117.71 ms 52.93.6.162
1417. 17 115.39 ms 52.93.101.5
1418. 18 146.17 ms 52.93.101.18
1419. 19 120.99 ms 52.93.7.129
1420. 20 ... 26
1421. 27 119.88 ms ec2-52-31-170-172.eu-west-1.compute.amazonaws.com (52.31.170.172)
1422.  
1423. NSE: Script Post-scanning.
1424. Initiating NSE at 09:01
1425. Completed NSE at 09:01, 0.00s elapsed
1426. Initiating NSE at 09:01
1427. Completed NSE at 09:01, 0.00s elapsed
1428. Initiating NSE at 09:01
1429. Completed NSE at 09:01, 0.00s elapsed
1430. Read data files from: /usr/bin/../share/nmap
1431. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1432. Nmap done: 1 IP address (1 host up) scanned in 3528.11 seconds
1433. Raw packets sent: 4746 (174.891KB) | Rcvd: 1103 (45.840KB)
1434. #######################################################################################################################################
1435. dnsenum VERSION:1.2.4
1436.  
1437. ----- www.crsouellet.com -----
1438.  
1439.  
1440. Host's addresses:
1441. __________________
1442.  
1443. web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com. 55 IN A (
1444. web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com. 55 IN A (
1445.  
1446.  
1447. Name Servers:
1448. ______________
1449. #######################################################################################################################################
1450. No match for "WWW.CRSOUELLET.COM".
1451. >>> Last update of whois database: 2018-10-03T08:51:03Z <<<
1452.  
1453. NOTICE: The expiration date displayed in this record is the date the
1454. registrar's sponsorship of the domain name registration in the registry is
1455. currently set to expire. This date does not necessarily reflect the expiration
1456. date of the domain name registrant's agreement with the sponsoring
1457. registrar. Users may consult the sponsoring registrar's Whois database to
1458. view the registrar's reported date of expiration for this registration.
1459.  
1460. TERMS OF USE: You are not authorized to access or query our Whois
1461. database through the use of electronic processes that are high-volume and
1462. automated except as reasonably necessary to register domain names or
1463. modify existing registrations; the Data in VeriSign Global Registry
1464. Services' ("VeriSign") Whois database is provided by VeriSign for
1465. information purposes only, and to assist persons in obtaining information
1466. about or related to a domain name registration record. VeriSign does not
1467. guarantee its accuracy. By submitting a Whois query, you agree to abide
1468. by the following terms of use: You agree that you may use this Data only
1469. for lawful purposes and that under no circumstances will you use this Data
1470. to: (1) allow, enable, or otherwise support the transmission of mass
1471. unsolicited, commercial advertising or solicitations via e-mail, telephone,
1472. or facsimile; or (2) enable high volume, automated, electronic processes
1473. that apply to VeriSign (or its computer systems). The compilation,
1474. repackaging, dissemination or other use of this Data is expressly
1475. prohibited without the prior written consent of VeriSign. You agree not to
1476. use electronic processes that are automated and high-volume to access or
1477. query the Whois database except as reasonably necessary to register
1478. domain names or modify existing registrations. VeriSign reserves the right
1479. to restrict your access to the Whois database in its sole discretion to ensure
1480. operational stability. VeriSign may restrict or terminate your access to the
1481. Whois database for failure to abide by these terms of use. VeriSign
1482. reserves the right to modify these terms at any time.
1483. #######################################################################################################################################
1484. [+] www.crsouellet.com has no SPF record!
1485. [*] No DMARC record found. Looking for organizational record
1486. [+] No organizational DMARC record
1487. [+] Spoofing possible for www.crsouellet.com!
1488. #######################################################################################################################################
1489. __
1490. ____ _____ ___ ______ _/ /_____ ____ ___
1491. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1492. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1493. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1494. /_/ discover v0.5.0 - by @michenriksen
1495.  
1496. Identifying nameservers for www.crsouellet.com... Done
1497. Using nameservers:
1498.  
1499. - 162.159.24.150
1500. - 162.159.25.62
1501.  
1502. Checking for wildcard DNS... Done
1503.  
1504. Running collector: VirusTotal... Skipped
1505. -> Key 'virustotal' has not been set
1506. Running collector: Certificate Search... Done (0 hosts)
1507. Running collector: Wayback Machine... Done (2 hosts)
1508. Running collector: PassiveTotal... Skipped
1509. -> Key 'passivetotal_key' has not been set
1510. Running collector: Shodan... Skipped
1511. -> Key 'shodan' has not been set
1512. Running collector: Google Transparency Report... Done (0 hosts)
1513. Running collector: Netcraft... Done (0 hosts)
1514. Running collector: Censys... Skipped
1515. -> Key 'censys_secret' has not been set
1516. Running collector: HackerTarget... Done (1 host)
1517. Running collector: PublicWWW... Done (0 hosts)
1518. Running collector: Threat Crowd... Done (0 hosts)
1519. Running collector: PTRArchive... Error
1520. -> PTRArchive returned unexpected response code: 502
1521. Running collector: Riddler... Skipped
1522. -> Key 'riddler_username' has not been set
1523. Running collector: DNSDB... Error
1524. -> DNSDB returned unexpected response code: 503
1525. Running collector: Dictionary... Done (27 hosts)
1526.  
1527. Resolving 29 unique hosts...
1528. 54.72.52.102 .www.crsouellet.com
1529. 54.72.52.102 crsouellet.com
1530. 54.72.52.102 www.crsouellet.com
1531.  
1532. Found subnets:
1533.  
1534. - 54.72.52.0-255 : 3 hosts
1535.  
1536. Wrote 3 hosts to:
1537.  
1538. - file:///root/aquatone/www.crsouellet.com/hosts.txt
1539. - file:///root/aquatone/www.crsouellet.com/hosts.json
1540. __
1541. ____ _____ ___ ______ _/ /_____ ____ ___
1542. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1543. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1544. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1545. /_/ takeover v0.5.0 - by @michenriksen
1546.  
1547. Loaded 3 hosts from /root/aquatone/www.crsouellet.com/hosts.json
1548. Loaded 25 domain takeover detectors
1549.  
1550. Identifying nameservers for www.crsouellet.com... Done
1551. Using nameservers:
1552.  
1553. - 162.159.24.150
1554. - 162.159.25.62
1555.  
1556. Checking hosts for domain takeover vulnerabilities...
1557.  
1558. Finished checking hosts:
1559.  
1560. - Vulnerable : 0
1561. - Not Vulnerable : 3
1562.  
1563. Wrote 0 potential subdomain takeovers to:
1564.  
1565. - file:///root/aquatone/www.crsouellet.com/takeovers.json
1566.  
1567. __
1568. ____ _____ ___ ______ _/ /_____ ____ ___
1569. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1570. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1571. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1572. /_/ scan v0.5.0 - by @michenriksen
1573.  
1574. Loaded 3 hosts from /root/aquatone/www.crsouellet.com/hosts.json
1575.  
1576. Probing 2 ports...
1577.  
1578. Wrote open ports to file:///root/aquatone/www.crsouellet.com/open_ports.txt
1579. Wrote URLs to file:///root/aquatone/www.crsouellet.com/urls.txt
1580. __
1581. ____ _____ ___ ______ _/ /_____ ____ ___
1582. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1583. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1584. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1585. /_/ gather v0.5.0 - by @michenriksen
1586.  
1587. Installing Nightmare.js package, please wait... Done
1588.  
1589. Processing 0 pages...
1590.  
1591. Finished processing pages:
1592.  
1593. - Successful : 0
1594. - Failed : 0
1595.  
1596. Generating report...done
1597. Report pages generated:
1598. ######################################################################################################################################
1599. INFO[0004] Starting to process queue....
1600. INFO[0004] Starting to process permutations....
1601. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1602. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1603. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1604. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1605. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1606. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1607. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1608. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1609. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1610. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1611. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1612. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1613. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1614. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1615. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1616. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1617. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1618. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1619. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1620. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1621. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1622. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1623. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1624. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1625. ERRO[0005] Get http://s3-1-w.amazonaws.com: dial tcp 54.231.72.51:80: getsockopt: connection refused
1626. #######################################################################################################################################
1627. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 04:59 EDT
1628. Nmap scan report for www.crsouellet.com (52.31.170.172)
1629. Host is up (0.55s latency).
1630. Other addresses for www.crsouellet.com (not scanned): 54.72.52.102
1631. rDNS record for 52.31.170.172: ec2-52-31-170-172.eu-west-1.compute.amazonaws.com
1632. Not shown: 468 closed ports, 6 filtered ports
1633. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1634. PORT STATE SERVICE
1635. 80/tcp open http
1636. 443/tcp open https
1637. ######################################################################################################################################
1638. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 04:59 EDT
1639. Nmap scan report for www.crsouellet.com (54.72.52.102)
1640. Host is up.
1641. Other addresses for www.crsouellet.com (not scanned): 52.31.170.172
1642. rDNS record for 54.72.52.102: ec2-54-72-52-102.eu-west-1.compute.amazonaws.com
1643.  
1644. PORT STATE SERVICE
1645. 53/udp open|filtered domain
1646. 67/udp open|filtered dhcps
1647. 68/udp open|filtered dhcpc
1648. 69/udp open|filtered tftp
1649. 88/udp open|filtered kerberos-sec
1650. 123/udp open|filtered ntp
1651. 137/udp open|filtered netbios-ns
1652. 138/udp open|filtered netbios-dgm
1653. 139/udp open|filtered netbios-ssn
1654. 161/udp open|filtered snmp
1655. 162/udp open|filtered snmptrap
1656. 389/udp open|filtered ldap
1657. 520/udp open|filtered route
1658. 2049/udp open|filtered nfs
1659. #####################################################################################################################################
1660. ^ ^
1661. _ __ _ ____ _ __ _ _ ____
1662. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1663. | V V // o // _/ | V V // 0 // 0 // _/
1664. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1665. <
1666. ...'
1667.  
1668. WAFW00F - Web Application Firewall Detection Tool
1669.  
1670. By Sandro Gauci && Wendel G. Henrique
1671.  
1672. Checking http://www.crsouellet.com
1673. Generic Detection results:
1674. No WAF detected by the generic detection
1675. Number of requests: 15
1676. #######################################################################################################################################
1677. wig - WebApp Information Gatherer
1678.  
1679.  
1680. Scanning https://www.crsouellet.com...
1681. _____________________ SITE INFO ______________________
1682. IP Title
1683. 52.31.170.172 Accueil - Construction et Rénovatio
1684. 54.72.52.102
1685.  
1686. ______________________ VERSION _______________________
1687. Name Versions Type
1688. nginx Platform
1689.  
1690. ____________________ INTERESTING _____________________
1691. URL Note Type
1692. /robots.txt robots.txt index Interesting
1693.  
1694. ______________________________________________________
1695. Time: 230.6 sec Urls: 597 Fingerprints: 40401
1696. #######################################################################################################################################
1697. HTTP/1.1 301 Moved Permanently
1698. Cache-Control: no-cache, no-store, must-revalidate
1699. Content-Type: text/html; charset=UTF-8
1700. Date: Wed, 03 Oct 2018 09:04:29 GMT
1701. Location: https://www.crsouellet.com/
1702. Server: nginx
1703. X-Jimdo-Instance: i-0e93dc1f7792f8e20
1704. X-Jimdo-Wid: s1af4e0a64d4eee5c
1705. X-RateLimit-Limit: 0
1706. X-RateLimit-Remaining: 0
1707. X-RateLimit-Reset: 0
1708. Connection: keep-alive
1709. ######################################################################################################################################
1710. --------------------------------------------------------------------------------------------------------------------------------------
1711.  
1712. [ ! ] Starting SCANNER INURLBR 2.1 at [03-10-2018 05:05:10]
1713. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
1714. It is the end user's responsibility to obey all applicable local, state and federal laws.
1715. Developers assume no liability and are not responsible for any misuse or damage caused by this program
1716.  
1717. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.crsouellet.com.txt ]
1718. [ INFO ][ DORK ]::[ site:www.crsouellet.com ]
1719. [ INFO ][ SEARCHING ]:: {
1720. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.co.zm ]
1721.  
1722. [ INFO ][ SEARCHING ]::
1723. -[:::]
1724. [ INFO ][ ENGINE ]::[ GOOGLE API ]
1725.  
1726. [ INFO ][ SEARCHING ]::
1727. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1728. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.gl ID: 003917828085772992913:gmoeray5sa8 ]
1729.  
1730. [ INFO ][ SEARCHING ]::
1731. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1732.  
1733. [ INFO ][ TOTAL FOUND VALUES ]:: [ 14 ]
1734.  
1735.  
1736. _[ - ]::--------------------------------------------------------------------------------------------------------------
1737. |_[ + ] [ 0 / 14 ]-[05:05:35] [ - ]
1738. |_[ + ] Target:: [ https://www.crsouellet.com/ ]
1739. |_[ + ] Exploit::
1740. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1741. |_[ + ] More details:: / - / , ISP:
1742. |_[ + ] Found:: UNIDENTIFIED
1743.  
1744. _[ - ]::--------------------------------------------------------------------------------------------------------------
1745. |_[ + ] [ 1 / 14 ]-[05:05:40] [ - ]
1746. |_[ + ] Target:: [ https://www.crsouellet.com/sitemap/ ]
1747. |_[ + ] Exploit::
1748. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1749. |_[ + ] More details:: / - / , ISP:
1750. |_[ + ] Found:: UNIDENTIFIED
1751.  
1752. _[ - ]::--------------------------------------------------------------------------------------------------------------
1753. |_[ + ] [ 2 / 14 ]-[05:05:45] [ - ]
1754. |_[ + ] Target:: [ https://www.crsouellet.com/contactez-nous/ ]
1755. |_[ + ] Exploit::
1756. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1757. |_[ + ] More details:: / - / , ISP:
1758. |_[ + ] Found:: UNIDENTIFIED
1759.  
1760. _[ - ]::--------------------------------------------------------------------------------------------------------------
1761. |_[ + ] [ 3 / 14 ]-[05:05:50] [ - ]
1762. |_[ + ] Target:: [ https://www.crsouellet.com/nos-services/ ]
1763. |_[ + ] Exploit::
1764. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1765. |_[ + ] More details:: / - / , ISP:
1766. |_[ + ] Found:: UNIDENTIFIED
1767.  
1768. _[ - ]::--------------------------------------------------------------------------------------------------------------
1769. |_[ + ] [ 4 / 14 ]-[05:05:55] [ - ]
1770. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/ ]
1771. |_[ + ] Exploit::
1772. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1773. |_[ + ] More details:: / - / , ISP:
1774. |_[ + ] Found:: UNIDENTIFIED
1775.  
1776. _[ - ]::--------------------------------------------------------------------------------------------------------------
1777. |_[ + ] [ 5 / 14 ]-[05:06:01] [ - ]
1778. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/fondations/ ]
1779. |_[ + ] Exploit::
1780. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1781. |_[ + ] More details:: / - / , ISP:
1782. |_[ + ] Found:: UNIDENTIFIED
1783.  
1784. _[ - ]::--------------------------------------------------------------------------------------------------------------
1785. |_[ + ] [ 6 / 14 ]-[05:06:06] [ - ]
1786. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/toitures/ ]
1787. |_[ + ] Exploit::
1788. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1789. |_[ + ] More details:: / - / , ISP:
1790. |_[ + ] Found:: UNIDENTIFIED
1791.  
1792. _[ - ]::--------------------------------------------------------------------------------------------------------------
1793. |_[ + ] [ 7 / 14 ]-[05:06:11] [ - ]
1794. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/cuisines/ ]
1795. |_[ + ] Exploit::
1796. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1797. |_[ + ] More details:: / - / , ISP:
1798. |_[ + ] Found:: UNIDENTIFIED
1799.  
1800. _[ - ]::--------------------------------------------------------------------------------------------------------------
1801. |_[ + ] [ 8 / 14 ]-[05:06:17] [ - ]
1802. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/finition-intérieure/ ]
1803. |_[ + ] Exploit::
1804. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1805. |_[ + ] More details:: / - / , ISP:
1806. |_[ + ] Found:: UNIDENTIFIED
1807.  
1808. _[ - ]::--------------------------------------------------------------------------------------------------------------
1809. |_[ + ] [ 9 / 14 ]-[05:06:22] [ - ]
1810. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/finition-extérieure/ ]
1811. |_[ + ] Exploit::
1812. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1813. |_[ + ] More details:: / - / , ISP:
1814. |_[ + ] Found:: UNIDENTIFIED
1815.  
1816. _[ - ]::--------------------------------------------------------------------------------------------------------------
1817. |_[ + ] [ 10 / 14 ]-[05:06:28] [ - ]
1818. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/cabanons-et-garages/ ]
1819. |_[ + ] Exploit::
1820. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1821. |_[ + ] More details:: / - / , ISP:
1822. |_[ + ] Found:: UNIDENTIFIED
1823.  
1824. _[ - ]::--------------------------------------------------------------------------------------------------------------
1825. |_[ + ] [ 11 / 14 ]-[05:06:33] [ - ]
1826. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/salles-de-bain/ ]
1827. |_[ + ] Exploit::
1828. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1829. |_[ + ] More details:: / - / , ISP:
1830. |_[ + ] Found:: UNIDENTIFIED
1831.  
1832. _[ - ]::--------------------------------------------------------------------------------------------------------------
1833. |_[ + ] [ 12 / 14 ]-[05:06:38] [ - ]
1834. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/portes-et-fenêtres/ ]
1835. |_[ + ] Exploit::
1836. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1837. |_[ + ] More details:: / - / , ISP:
1838. |_[ + ] Found:: UNIDENTIFIED
1839.  
1840. _[ - ]::--------------------------------------------------------------------------------------------------------------
1841. |_[ + ] [ 13 / 14 ]-[05:06:43] [ - ]
1842. |_[ + ] Target:: [ https://www.crsouellet.com/nos-réalisations/patios-et-aménagement-extérieur/ ]
1843. |_[ + ] Exploit::
1844. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:54.72.52.102:443
1845. |_[ + ] More details:: / - / , ISP:
1846. |_[ + ] Found:: UNIDENTIFIED
1847.  
1848. [ INFO ] [ Shutting down ]
1849. [ INFO ] [ End of process INURLBR at [03-10-2018 05:06:43]
1850. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
1851. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.crsouellet.com.txt ]
1852. |_________________________________________________________________________________________
1853.  
1854. \_________________________________________________________________________________________/
1855. #######################################################################################################################################
1856.  
1857. ^ ^
1858. _ __ _ ____ _ __ _ _ ____
1859. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1860. | V V // o // _/ | V V // 0 // 0 // _/
1861. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1862. <
1863. ...'
1864.  
1865. WAFW00F - Web Application Firewall Detection Tool
1866.  
1867. By Sandro Gauci && Wendel G. Henrique
1868.  
1869. Checking https://www.crsouellet.com
1870. Generic Detection results:
1871. No WAF detected by the generic detection
1872. Number of requests: 14
1873. ######################################################################################################################################
1874. https://www.crsouellet.com [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[54.72.52.102], Open-Graph-Protocol[website], Script[text/javascript], Strict-Transport-Security[max-age=604800], Title[Accueil - Construction et Rénovation Stéphane Ouellet inc.], UncommonHeaders[x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset,x-jimdo-instance,x-jimdo-wid], X-UA-Compatible[IE=edge], nginx
1875. ######################################################################################################################################
1876. wig - WebApp Information Gatherer
1877.  
1878.  
1879. Scanning https://www.crsouellet.com...
1880. ____________________ SITE INFO _____________________
1881. IP Title
1882. 54.72.52.102 Accueil - Construction et Rénovatio
1883. 52.31.170.172
1884.  
1885. _____________________ VERSION ______________________
1886. Name Versions Type
1887. nginx Platform
1888.  
1889. ___________________ INTERESTING ____________________
1890. URL Note Type
1891. /robots.txt robots.txt index Interesting
1892.  
1893. ____________________________________________________
1894. Time: 5.4 sec Urls: 597 Fingerprints: 40401
1895. #######################################################################################################################################
1896. HTTP/1.1 200 OK
1897. Date: Wed, 03 Oct 2018 09:08:02 GMT
1898. Content-Type: text/html; charset=UTF-8
1899. Connection: keep-alive
1900. Vary: Accept-Encoding
1901. X-RateLimit-Limit: 0
1902. X-RateLimit-Remaining: 0
1903. X-RateLimit-Reset: 0
1904. X-Jimdo-Instance: i-0a809d321029e7416
1905. X-Jimdo-Wid: s1af4e0a64d4eee5c
1906. Cache-Control: no-cache, no-store, must-revalidate
1907. Strict-Transport-Security: max-age=604800
1908. Server: nginx
1909. #######################################################################################################################################
1910.  
1911.  
1912. AVAILABLE PLUGINS
1913. -----------------
1914.  
1915. PluginHeartbleed
1916. PluginCompression
1917. PluginOpenSSLCipherSuites
1918. PluginSessionResumption
1919. PluginCertInfo
1920. PluginSessionRenegotiation
1921. PluginHSTS
1922. PluginChromeSha1Deprecation
1923.  
1924.  
1925.  
1926. CHECKING HOST(S) AVAILABILITY
1927. -----------------------------
1928.  
1929. www.crsouellet.com:443 => 52.31.170.172:443
1930.  
1931.  
1932.  
1933. SCAN RESULTS FOR WWW.CRSOUELLET.COM:443 - 52.31.170.172:443
1934. -----------------------------------------------------------
1935.  
1936. * Deflate Compression:
1937. OK - Compression disabled
1938.  
1939. * Session Renegotiation:
1940. Client-initiated Renegotiations: OK - Rejected
1941. Secure Renegotiation: OK - Supported
1942.  
1943. * Certificate - Content:
1944. SHA1 Fingerprint: bd2499317d8d684c83a74612a7cae235713f7fe6
1945. Common Name: www.crsouellet.com
1946. Issuer: Let's Encrypt Authority X3
1947. Serial Number: 042E24B1DA5D1F79F60185B5DD7EC6E57223
1948. Not Before: Aug 31 20:38:29 2018 GMT
1949. Not After: Nov 29 20:38:29 2018 GMT
1950. Signature Algorithm: sha256WithRSAEncryption
1951. Public Key Algorithm: rsaEncryption
1952. Key Size: 2048 bit
1953. Exponent: 65537 (0x10001)
1954. X509v3 Subject Alternative Name: {'DNS': ['www.crsouellet.com']}
1955.  
1956. * Certificate - Trust:
1957. Hostname Validation: OK - Subject Alternative Name matches
1958. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1959. Java 6 CA Store (Update 65): OK - Certificate is trusted
1960. Microsoft CA Store (09/2015): OK - Certificate is trusted
1961. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
1962. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
1963. Certificate Chain Received: ['www.crsouellet.com', "Let's Encrypt Authority X3"]
1964.  
1965. * Certificate - OCSP Stapling:
1966. OCSP Response Status: successful
1967. Validation w/ Mozilla's CA Store: OK - Response is trusted
1968. Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1969. Cert Status: good
1970. Cert Serial Number: 042E24B1DA5D1F79F60185B5DD7EC6E57223
1971. This Update: Sep 30 21:00:00 2018 GMT
1972. Next Update: Oct 7 21:00:00 2018 GMT
1973.  
1974. * Session Resumption:
1975. With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
1976. With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned.
1977.  
1978. * SSLV2 Cipher Suites:
1979. Server rejected all cipher suites.
1980.  
1981. * SSLV3 Cipher Suites:
1982. Server rejected all cipher suites.
1983.  
1984.  
1985.  
1986. SCAN COMPLETED IN 12.43 S
1987. -------------------------
1988. Version: 1.11.11-static
1989. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1990.  
1991. Connected to 54.72.52.102
1992.  
1993. Testing SSL server www.crsouellet.com on port 443 using SNI name www.crsouellet.com
1994.  
1995. TLS Fallback SCSV:
1996. Server supports TLS Fallback SCSV
1997.  
1998. TLS renegotiation:
1999. Secure session renegotiation supported
2000.  
2001. TLS Compression:
2002. Compression disabled
2003.  
2004. Heartbleed:
2005. TLS 1.2 not vulnerable to heartbleed
2006. TLS 1.1 not vulnerable to heartbleed
2007. TLS 1.0 not vulnerable to heartbleed
2008.  
2009. Supported Server Cipher(s):
2010. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2011. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2012. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2013. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2014. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2015. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2016. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2017. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2018. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
2019. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2020. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2021. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2022. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2023. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2024. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2025. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2026. Accepted TLSv1.2 128 bits AES128-SHA256
2027. Accepted TLSv1.2 256 bits AES256-SHA256
2028. Accepted TLSv1.2 128 bits AES128-SHA
2029. Accepted TLSv1.2 256 bits AES256-SHA
2030. Accepted TLSv1.2 112 bits DES-CBC3-SHA
2031. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2032. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2033. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2034. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2035. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2036. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2037. Accepted TLSv1.1 128 bits AES128-SHA
2038. Accepted TLSv1.1 256 bits AES256-SHA
2039. Accepted TLSv1.1 112 bits DES-CBC3-SHA
2040. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2041. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2042. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2043. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2044. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2045. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2046. Accepted TLSv1.0 128 bits AES128-SHA
2047. Accepted TLSv1.0 256 bits AES256-SHA
2048. Accepted TLSv1.0 112 bits DES-CBC3-SHA
2049.  
2050. SSL Certificate:
2051. Signature Algorithm: sha256WithRSAEncryption
2052. RSA Key Strength: 2048
2053.  
2054. Subject: www.crsouellet.com
2055. Altnames: DNS:www.crsouellet.com
2056. Issuer: Let's Encrypt Authority X3
2057.  
2058. Not valid before: Aug 31 20:38:29 2018 GMT
2059. Not valid after: Nov 29 20:38:29 2018 GMT
2060.  
2061. #######################################################################################################################################
2062.  
2063. I, [2018-10-03T05:10:12.312219 #27789] INFO -- : Initiating port scan
2064. I, [2018-10-03T05:11:23.634183 #27789] INFO -- : Using nmap scan output file logs/nmap_output_2018-10-03_05-10-12.xml
2065. I, [2018-10-03T05:11:23.648693 #27789] INFO -- : Discovered open port: 54.72.52.102:80
2066. I, [2018-10-03T05:11:26.593393 #27789] INFO -- : Discovered open port: 54.72.52.102:443
2067. I, [2018-10-03T05:11:29.892652 #27789] INFO -- : <<<Enumerating vulnerable applications>>>
2068.  
2069.  
2070. --------------------------------------------------------
2071. <<<Yasuo discovered following vulnerable applications>>>
2072. --------------------------------------------------------
2073. +----------+--------------------+-------------------+----------+----------+
2074. | App Name | URL to Application | Potential Exploit | Username | Password |
2075. +----------+--------------------+-------------------+----------+----------+
2076. +----------+--------------------+-------------------+----------+----------+
2077. #####################################################################################################################################
2078. ---------------------------------------------------------------------------------------------------------------------------------------
2079. + Target IP: 54.72.52.102
2080. + Target Hostname: www.crsouellet.com
2081. + Target Port: 443
2082. ---------------------------------------------------------------------------------------------------------------------------------------
2083. + SSL Info: Subject: /CN=www.crsouellet.com
2084. Ciphers: ECDHE-RSA-AES128-GCM-SHA256
2085. Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2086. + Start Time: 2018-10-03 06:51:12 (GMT-4)
2087. --------------------------------------------------------------------------------------------------------------------------------------
2088. + Server: nginx
2089. + The anti-clickjacking X-Frame-Options header is not present.
2090. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
2091. + Uncommon header 'x-ratelimit-limit' found, with contents: 0
2092. + Uncommon header 'x-jimdo-wid' found, with contents: s1af4e0a64d4eee5c
2093. + Uncommon header 'x-ratelimit-reset' found, with contents: 0
2094. + Uncommon header 'x-ratelimit-remaining' found, with contents: 0
2095. + Uncommon header 'x-jimdo-instance' found, with contents: i-0cba9eba311cb2108
2096. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
2097. + Entry '/app/module/webproduct/goto/' in robots.txt returned a non-forbidden or redirect HTTP code (301)
2098. + "robots.txt" contains 4 entries which should be manually viewed.
2099. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error at /var/lib/nikto/plugins/LW2.pm line 5157.
2100. at /var/lib/nikto/plugins/LW2.pm line 5157.
2101. ; at /var/lib/nikto/plugins/LW2.pm line 5157.
2102. + Scan terminated: 20 error(s) and 10 item(s) reported on remote host
2103. + End Time: 2018-10-03 06:56:14 (GMT-4) (302 seconds)
2104. ######################################################################################################################################
2105. ======================================================================================================================================
2106. | [*] http://crsouellet.com/ redirected to http://www.crsouellet.com/
2107. | [*] New target is: http://www.crsouellet.com/
2108. =======================================================================================================================================
2109. | Domain: http://www.crsouellet.com/
2110. | Server: nginx
2111. | IP: 54.72.52.102
2112. =======================================================================================================================================
2113. |
2114. | Directory check:
2115. | [+] CODE: 200 URL: http://www.crsouellet.com/about/
2116. | [+] CODE: 200 URL: http://www.crsouellet.com/search/
2117. | [+] CODE: 200 URL: http://www.crsouellet.com/sitemap/
2118. ======================================================================================================================================
2119. |
2120. | File check:
2121. | [+] CODE: 200 URL: http://www.crsouellet.com/index.php
2122. | [+] CODE: 200 URL: http://www.crsouellet.com/login.php
2123. | [+] CODE: 200 URL: http://www.crsouellet.com/robots.txt
2124. | [+] CODE: 200 URL: http://www.crsouellet.com/search.php
2125. | [+] CODE: 200 URL: http://www.crsouellet.com/sitemap.xml
2126. ======================================================================================================================================
2127. |
2128. | Check robots.txt:
2129. | [+] User-agent: *
2130. | [+] Disallow: /app/
2131. | [+] Disallow: /j/
2132. | [+] Allow: /app/module/webproduct/goto/
2133. | [+] Allow: /app/download/
2134. | [+] Sitemap: http://www.crsouellet.com/sitemap.xml
2135. |
2136. | Check sitemap.xml:
2137. | [+] http://www.crsouellet.com/
2138. | [+] http://www.crsouellet.com/nos-services/
2139. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/
2140. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/cabanons-et-garages/
2141. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/cuisines/
2142. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/finition-int%C3%A9rieure/
2143. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/finition-ext%C3%A9rieure/
2144. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/patios-et-am%C3%A9nagement-ext%C3%A9rieur/
2145. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/portes-et-fen%C3%AAtres/
2146. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/salles-de-bain/
2147. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/toitures/
2148. | [+] http://www.crsouellet.com/nos-r%C3%A9alisations/fondations/
2149. | [+] http://www.crsouellet.com/contactez-nous/
2150. =======================================================================================================================================
2151. #####################################################################################################################################
2152. | E-mails:
2153. | [+] E-mail Found: info@crsouellet.com
2154. |
2155. | Source Code Disclosure:
2156. |
2157. | FCKeditor File Upload:
2158. |
2159. | Timthumb:
2160. |
2161. | Web Backdoors:
2162. |
2163. | External hosts:
2164. | [+] External Host Found: https://fr.jimdo.com?utm_medium=about%20box&amp;utm_source=pro
2165. | [+] External Host Found: https://cdn.bunchbox.co
2166. | [+] External Host Found: https://cms.e.jimdo.com
2167. | [+] External Host Found: https://assets.jimstatic.com
2168. | [+] External Host Found: https://a.jimdo.com
2169. | [+] External Host Found: https://account-assets.jimstatic.com
2170. | [+] External Host Found: https://www.googletagmanager.com
2171. | [+] External Host Found: https://webteam.jimstatic.com
2172. | [+] External Host Found: https://jimdo.github.io
2173. #######################################################################################################################################
2174. tarting Nmap 7.70 ( https://nmap.org ) at 2018-10-03 15:19 EDT
2175. Nmap scan report for ec2-54-72-52-102.eu-west-1.compute.amazonaws.com (54.72.52.102)
2176. Host is up (0.11s latency).
2177. Not shown: 994 closed ports
2178. PORT STATE SERVICE
2179. 25/tcp filtered smtp
2180. 80/tcp open http
2181. 135/tcp filtered msrpc
2182. 139/tcp filtered netbios-ssn
2183. 443/tcp open https
2184. 445/tcp filtered microsoft-ds
2185. Device type: general purpose
2186. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (91%)
2187. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:4
2188. Aggressive OS guesses: Linux 3.2 - 3.8 (91%), Linux 3.8 (85%), Linux 2.6.32 (85%), Linux 3.11 - 4.1 (85%), Linux 2.6.32 - 3.0 (85%)
2189. No exact OS matches for host (test conditions non-ideal).
2190.  
2191. OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2192. Nmap done: 1 IP address (1 host up) scanned in 11.66 seconds
2193. ######################################################################################################################################
2194. ARNING: polenum.py is not in your path. Check that package is installed and your PATH is sane.
2195. Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Wed Oct 3 15:58:31 2018
2196.  
2197. ==========================
2198. | Target Information |
2199. ==========================
2200. Target ........... 54.72.52.102
2201. RID Range ........ 500-550,1000-1050
2202. Username ......... ''
2203. Password ......... ''
2204. Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
2205.  
2206.  
2207. ====================================================
2208. | Enumerating Workgroup/Domain on 54.72.52.102 |
2209. ====================================================
2210. [E] Can't find workgroup/domain
2211.  
2212.  
2213. =====================================
2214. | Session Check on 54.72.52.102 |
2215. ######################################################################################################################################
2216. JTSEC white Hat teste de tool sur un site amis #1