Anonymous JTSEC #OpAmazonia Full Recon #25

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname www.camarapavao.mg.gov.br ISP SECURED SERVERS LLC
4. Continent North America Flag
5. US
6. Country United States Country Code US
7. Region Arizona Local time 09 Sep 2019 09:59 MST
8. City Tempe Postal Code 85281
9. IP Address 184.95.55.138 Latitude 33.431
10. Longitude -111.926
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > www.camarapavao.mg.gov.br
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. www.camarapavao.mg.gov.br canonical name = camarapavao.mg.gov.br.
19. Name: camarapavao.mg.gov.br
20. Address: 184.95.55.138
21. >
22. #######################################################################################################################################
23. domain: mg.gov.br
24. owner: COMPANHIA DE TECNOLOGIA DA INFORMAÇÃO ESTADO MG
25. ownerid: 16.636.540/0001-04
26. responsible: Governo do Estado de Minas Gerais
27. country: BR
28. owner-c: PGM14
29. admin-c: PGM14
30. tech-c: PGM14
31. billing-c: PGM14
32. nserver: zeus.prodemge.gov.br
33. nsstat: 20190909 AA
34. nslastaa: 20190909
35. nserver: titanio.prodemge.gov.br
36. nsstat: 20190909 AA
37. nslastaa: 20190909
38. nserver: tupan.prodemge.gov.br
39. nsstat: 20190909 AA
40. nslastaa: 20190909
41. nserver: jupiter.prodemge.gov.br
42. nsstat: 20190909 AA
43. nslastaa: 20190909
44. nserver: dnsipv6.prodemge.gov.br
45. nsstat: 20190909 AA
46. nslastaa: 20190909
47. created: 19950727
48. changed: 20190405
49. status: published
50.  
51. nic-hdl-br: PGM14
52. person: Prodemge Ger. Rede - Dominios MG.GOV.BR
53. e-mail: registro@mg.gov.br
54. country: BR
55. created: 20000901
56. changed: 20190131
57. ######################################################################################################################################
58. [+] Target : www.camarapavao.mg.gov.br
59.  
60. [+] IP Address : 184.95.55.138
61.  
62. [+] Headers :
63.  
64. [+] Date : Mon, 09 Sep 2019 17:06:59 GMT
65. [+] Server : Apache
66. [+] Cache-Control : no-cache, private
67. [+] Set-Cookie : XSRF-TOKEN=eyJpdiI6ImErQ1J0VURUd2J1UVhuQ29mM3M4anc9PSIsInZhbHVlIjoibGg5NTBuTzNKMER4cFwvRU80SnhvSUxOVG0xRE5RVzh3bXlKWGxEbTc5QllyNW0wMjBOeDZvcDZxZ1VvYkR3ZXgiLCJtYWMiOiJmZjQyYmU5N2IwYjczMWQ5NGZmMGExMjkwNGM4MDM0YWM1ZjA0OGM0OGIzMzE1NTlkYzk2ZTVhNGU2MzE4ZDI3In0%3D; expires=Mon, 09-Sep-2019 19:06:59 GMT; Max-Age=7200; path=/, camara_municipal_de_pavao_session=eyJpdiI6ImpUWkFzdkJNa3hnWXUwVWY5SGgrUEE9PSIsInZhbHVlIjoidkdzcUw0ZVJMNXRGU2lBUjlvaWw0SVBqRFh3UDVFSlJFUndEc3ZyUjByTEJleVFcL2hwcytINEVYSkswUWJQeVAiLCJtYWMiOiI5MTA2YTE1YTFkMDVlYTNkOTcxMTcxYWVjMDBhZTIxY2MwZDNiMjE3YmM0ZWU3ODI1ZDkxZTE5NDczYjc3MGEzIn0%3D; expires=Mon, 09-Sep-2019 19:06:59 GMT; Max-Age=7200; path=/; httponly
68. [+] Vary : Accept-Encoding,User-Agent
69. [+] Content-Encoding : gzip
70. [+] Content-Length : 9012
71. [+] Keep-Alive : timeout=5, max=100
72. [+] Connection : Keep-Alive
73. [+] Content-Type : text/html; charset=UTF-8
74.  
75. [+] SSL Certificate Information :
76.  
77. [+] commonName : camarapavao.mg.gov.br
78. [+] countryName : US
79. [+] stateOrProvinceName : TX
80. [+] localityName : Houston
81. [+] organizationName : cPanel, Inc.
82. [+] commonName : cPanel, Inc. Certification Authority
83. [+] Version : 3
84. [+] Serial Number : 17662C6F6421305186ECD1D95F5F8CBB
85. [+] Not Before : Jul 21 00:00:00 2019 GMT
86. [+] Not After : Oct 19 23:59:59 2019 GMT
87. [+] OCSP : ('http://ocsp.comodoca.com',)
88. [+] subject Alt Name : (('DNS', 'camarapavao.mg.gov.br'), ('DNS', 'cpanel.camarapavao.mg.gov.br'), ('DNS', 'mail.camarapavao.mg.gov.br'), ('DNS', 'webdisk.camarapavao.mg.gov.br'), ('DNS', 'webmail.camarapavao.mg.gov.br'), ('DNS', 'www.camarapavao.mg.gov.br'))
89. [+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
90. [+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
91.  
92. [+] Whois Lookup :
93.  
94. [+] NIR : None
95. [+] ASN Registry : arin
96. [+] ASN : 20454
97. [+] ASN CIDR : 184.95.32.0/19
98. [+] ASN Country Code : US
99. [+] ASN Date : 2011-02-02
100. [+] ASN Description : SSASN2 - SECURED SERVERS LLC, US
101. [+] cidr : 184.95.32.0/19
102. [+] name : SECUREDSERVERS
103. [+] handle : NET-184-95-32-0-1
104. [+] range : 184.95.32.0 - 184.95.63.255
105. [+] description : SECURED SERVERS LLC
106. [+] country : US
107. [+] state : AZ
108. [+] city : Tempe
109. [+] address : 2353 W University Bldg A
110. [+] postal_code : 85281
111. [+] emails : ['ipadmin@phoenixnap.com', 'abuse@phoenixnap.com']
112. [+] created : 2011-02-02
113. [+] updated : 2011-02-10
114.  
115. [+] Crawling Target...
116.  
117. [+] Looking for robots.txt........[ Found ]
118. [+] Extracting robots Links.......[ 1 ]
119. [+] Looking for sitemap.xml.......[ Not Found ]
120. [+] Extracting CSS Links..........[ 3 ]
121. [+] Extracting Javascript Links...[ 8 ]
122. [+] Extracting Internal Links.....[ 45 ]
123. [+] Extracting External Links.....[ 47 ]
124. [+] Extracting Images.............[ 3 ]
125.  
126. [+] Total Links Extracted : 107
127.  
128. [+] Dumping Links in /opt/FinalRecon/dumps/www.camarapavao.mg.gov.br.dump
129. [+] Completed!
130. #######################################################################################################################################
131. [+] Starting At 2019-09-09 13:07:18.832990
132. [+] Collecting Information On: http://www.camarapavao.mg.gov.br/
133. [#] Status: 200
134. --------------------------------------------------
135. [#] Web Server Detected: Apache
136. [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
137. - Date: Mon, 09 Sep 2019 17:07:14 GMT
138. - Server: Apache
139. - Cache-Control: no-cache, private
140. - Set-Cookie: XSRF-TOKEN=eyJpdiI6ImdudEhHdWplNTRkZm1aSHFTM01JT0E9PSIsInZhbHVlIjoic2E3QkVXT2EySG5sM0lNOWp2dXJkcXprRnNOOEdsQTk2VmVoblBVZ1dRd2hwXC9kakVGVlRKZTZLcHlIXC9kdDBZIiwibWFjIjoiNjBhYzUzN2I3ZWZlYjk4YWMzYWZlOGFjYWNiNmQxMDA5MmYxYjQ0MjMyNWZkZjY2ODA4NjMxNWEzMmYyNzUzOSJ9; expires=Mon, 09-Sep-2019 19:07:15 GMT; Max-Age=7200; path=/, camara_municipal_de_pavao_session=eyJpdiI6IjBPQ1BHMmFuM1ZHRTN6ZEh6cE53N0E9PSIsInZhbHVlIjoiZ0lkT1JOeHNDR2RHQWx5UEdXc0xZQzJ5Mjl1TWZ1WThCNnJxa2RBZ3VZR3ZlalgwUEdoSHJmZ0duVnA1UTBZbiIsIm1hYyI6IjE2MzEyN2Q4MmU3MDhiMmEwNjc4NmE3MTIwMzNhZGQzMWQyYjBlM2RlNzZhZGViYThjNmM5ZjVlOGQwOGY5YjkifQ%3D%3D; expires=Mon, 09-Sep-2019 19:07:15 GMT; Max-Age=7200; path=/; httponly
141. - Vary: Accept-Encoding,User-Agent
142. - Content-Encoding: gzip
143. - Content-Length: 9012
144. - Keep-Alive: timeout=5, max=100
145. - Connection: Keep-Alive
146. - Content-Type: text/html; charset=UTF-8
147. --------------------------------------------------
148. [#] Finding Location..!
149. [#] as: AS20454 SECURED SERVERS LLC
150. [#] city: Tempe
151. [#] country: United States
152. [#] countryCode: US
153. [#] isp: Secured Servers LLC
154. [#] lat: 33.4215
155. [#] lon: -111.974
156. [#] org: Secured Servers LLC
157. [#] query: 184.95.55.138
158. [#] region: AZ
159. [#] regionName: Arizona
160. [#] status: success
161. [#] timezone: America/Phoenix
162. [#] zip: 85281
163. --------------------------------------------------
164. [x] Didn't Detect WAF Presence on: http://www.camarapavao.mg.gov.br/
165. --------------------------------------------------
166. [#] Starting Reverse DNS
167. [-] Failed ! Fail
168. --------------------------------------------------
169. [!] Scanning Open Port
170. [#] 21/tcp open ftp
171. [#] 22/tcp open ssh
172. [#] 53/tcp open domain
173. [#] 80/tcp open http
174. [#] 110/tcp open pop3
175. [#] 111/tcp open rpcbind
176. [#] 143/tcp open imap
177. [#] 443/tcp open https
178. [#] 465/tcp open smtps
179. [#] 587/tcp open submission
180. [#] 993/tcp open imaps
181. [#] 995/tcp open pop3s
182. [#] 3306/tcp open mysql
183. [#] 5960/tcp open unknown
184. --------------------------------------------------
185. [+] Collecting Information Disclosure!
186. [#] Detecting sitemap.xml file
187. [-] sitemap.xml file not Found!?
188. [#] Detecting robots.txt file
189. [!] robots.txt File Found: http://www.camarapavao.mg.gov.br//robots.txt
190. [#] Detecting GNU Mailman
191. [!] GNU Mailman App Detected: http://www.camarapavao.mg.gov.br//mailman/admin
192. [!] version: 2.1.27
193. --------------------------------------------------
194. [+] Crawling Url Parameter On: http://www.camarapavao.mg.gov.br/
195. --------------------------------------------------
196. [#] Searching Html Form !
197. [-] No Html Form Found!?
198. --------------------------------------------------
199. [!] Found 7 dom parameter
200. [#] http://www.camarapavao.mg.gov.br//#
201. [#] http://www.camarapavao.mg.gov.br//#
202. [#] http://www.camarapavao.mg.gov.br//#
203. [#] http://www.camarapavao.mg.gov.br//#
204. [#] http://www.camarapavao.mg.gov.br#servicos
205. [#] http://www.camarapavao.mg.gov.br//#
206. [#] http://www.camarapavao.mg.gov.br//#inicio
207. --------------------------------------------------
208. [!] 2 Internal Dynamic Parameter Discovered
209. [+] http://www.camarapavao.mg.gov.br?page=2
210. [+] http://www.camarapavao.mg.gov.br?page=2
211. --------------------------------------------------
212. [!] 2 External Dynamic Parameter Discovered
213. [#] http://servicos.receita.fazenda.gov.br/Servicos/certidao/CndConjuntaInter/InformaNICertidao.asp?Tipo=1
214. [#] http://servicos.receita.fazenda.gov.br/Servicos/certidao/certaut/OptaAutenticidade.asp?origem=PJ
215. --------------------------------------------------
216. [!] 49 Internal links Discovered
217. [+] http://www.camarapavao.mg.gov.br/dependencias/icons/simple-line-icons.css
218. [+] http://www.camarapavao.mg.gov.br/css/bootstrap.min.css
219. [+] http://www.camarapavao.mg.gov.br/css/site.css
220. [+] http://www.camarapavao.mg.gov.br
221. [+] http://www.camarapavao.mg.gov.br/gestor
222. [+] http://www.camarapavao.mg.gov.br/vereadores
223. [+] http://www.camarapavao.mg.gov.br/mesa-diretora
224. [+] http://www.camarapavao.mg.gov.br/comissoes
225. [+] http://www.camarapavao.mg.gov.br/reuniao
226. [+] http://www.camarapavao.mg.gov.br/projetos-leis
227. [+] http://www.camarapavao.mg.gov.br/estruturas
228. [+] http://www.camarapavao.mg.gov.br/orgaos
229. [+] http://www.camarapavao.mg.gov.br/cidade
230. [+] http://www.camarapavao.mg.gov.br/turismo
231. [+] http://www.camarapavao.mg.gov.br/noticias
232. [+] http://www.camarapavao.mg.gov.br/legislacao/4/Leis
233. [+] http://www.camarapavao.mg.gov.br/legislacao/5/Leis%20Complementares
234. [+] http://www.camarapavao.mg.gov.br/legislacao/2/Lei%20Or%C3%A7ament%C3%A1ria%20Anual
235. [+] http://www.camarapavao.mg.gov.br/legislacao/1/Lei%20Diretrizs%20Or%C3%A7ament%C3%A1rias
236. [+] http://www.camarapavao.mg.gov.br/legislacao/6/Lei%20Delegada
237. [+] http://www.camarapavao.mg.gov.br/legislacao/3/Plano%20Plurianual%20
238. [+] http://www.camarapavao.mg.gov.br/legislacao/7/Decretos
239. [+] http://www.camarapavao.mg.gov.br/legislacao/8/Portarias%20
240. [+] http://www.camarapavao.mg.gov.br/legislacao/9/Resolu%C3%A7%C3%B5es%20
241. [+] http://www.camarapavao.mg.gov.br/legislacao/10/Proposi%C3%A7%C3%A3o
242. [+] http://www.camarapavao.mg.gov.br/legislacao/12/Decis%C3%A3o
243. [+] http://www.camarapavao.mg.gov.br/legislacao/11/Emenda%20Lei%20Org%C3%A2nica
244. [+] http://www.camarapavao.mg.gov.br/editais
245. [+] http://www.camarapavao.mg.gov.br/licitacoes
246. [+] http://www.camarapavao.mg.gov.br/portal
247. [+] http://www.camarapavao.mg.gov.br/cidade
248. [+] http://www.camarapavao.mg.gov.br/noticia/23/dia-internacional-da-alfabetizacao
249. [+] http://www.camarapavao.mg.gov.br/noticia/22/dia-da-independencia-do-brasil
250. [+] http://www.camarapavao.mg.gov.br/noticia/21/dia-da-amazonia
251. [+] http://www.camarapavao.mg.gov.br/noticia/20/dia-nacional-de-combate-ao-fumo
252. [+] http://www.camarapavao.mg.gov.br/noticia/19/dia-do-inicio-da-semana-nacional-da-crianca-excepcional
253. [+] http://www.camarapavao.mg.gov.br/noticia/18/feliz-dia-dos-pais
254. [+] http://www.camarapavao.mg.gov.br/noticia/17/dia-da-campanha-educativa-de-combate-ao-cancer
255. [+] http://www.camarapavao.mg.gov.br/noticia/16/dia-do-agricultor
256. [+] http://www.camarapavao.mg.gov.br/noticia/15/dia-da-protecao-as-florestas
257. [+] http://www.camarapavao.mg.gov.br/noticia/14/dia-do-bombeiro-brasileiro
258. [+] http://www.camarapavao.mg.gov.br/noticia/13/dia-mundial-de-combate-as-drogas
259. [+] http://www.camarapavao.mg.gov.br/noticia/12/dia-do-lavrador
260. [+] http://www.camarapavao.mg.gov.br/portal
261. [+] http://www.camarapavao.mg.gov.br/contracheque
262. [+] http://www.camarapavao.mg.gov.br/webmail
263. [+] http://www.camarapavao.mg.gov.br/diario
264. [+] http://www.camarapavao.mg.gov.br/licitacoes
265. [+] http://www.camarapavao.mg.gov.br/portal/ouvidoria
266. --------------------------------------------------
267. [!] 46 External links Discovered
268. [#] https://digitaliza-institucional.s3.us-east-2.amazonaws.com/camara-municipal-de-pavao/site/dQJ66VPMr8VhSGg9n2UxhqMY0ZlxECMfh9hor64v.png
269. [#] http://www.digitaliza.com.br/ged/
270. [#] https://www.digitaliza.com.br/ged/
271. [#] http://portal.tcu.gov.br/inicio/index.htm
272. [#] http://www.tce.mg.gov.br/
273. [#] http://portalsicom1.tce.mg.gov.br/
274. [#] http://www.tjmg.jus.br/portal-tjmg/
275. [#] http://www.tst.jus.br/certidao
276. [#] http://www.tse.jus.br/eleitor/servicos/titulo-de-eleitor/situacao-eleitoral/consulta-por-nome
277. [#] http://www.portaltransparencia.gov.br/
278. [#] http://www.cgu.gov.br/
279. [#] https://www12.senado.leg.br/hpsenado
280. [#] http://www2.camara.leg.br/
281. [#] http://www.iof.mg.gov.br/
282. [#] http://consultasintegra.fazenda.mg.gov.br/sintegra/
283. [#] http://www.sintegra.gov.br/
284. [#] http://brasilescola.gov.br/
285. [#] https://www.almg.gov.br/home/index.html
286. [#] http://www.tesouro.fazenda.gov.br/gru
287. [#] https://sti.tesouro.gov.br/cauc/index.jsf
288. [#] https://siconfi.tesouro.gov.br/siconfi/index.jsf
289. [#] http://www.previdencia.gov.br
290. [#] http://cnd.dataprev.gov.br/cws/contexto/cnd/cnd.html
291. [#] http://portal.imprensanacional.gov.br/
292. [#] http://www4.planalto.gov.br/legislacao
293. [#] http://portalfns.saude.gov.br/
294. [#] http://www.fnde.gov.br/index.php
295. [#] http://www2.copasa.com.br/servicos/copanor/2avia2/msginicial.asp
296. [#] https://www.detran.mg.gov.br/
297. [#] http://www.fazenda.mg.gov.br/governo/receita_estado/pagrecmunic_ano.htm
298. [#] http://bussolaescolar.com.br/
299. [#] http://portalamm.org.br/
300. [#] http://portal.anvisa.gov.br/
301. [#] http://idg.receita.fazenda.gov.br/
302. [#] http://www.receita.fazenda.gov.br/PessoaJuridica/CNPJ/cnpjreva/Cnpjreva_Solicitacao.asp
303. [#] http://www.receita.fazenda.gov.br/Aplicacoes/ATCTA/CPF/Fisica.htm
304. [#] http://www.caixa.gov.br/Paginas/home-caixa.aspx
305. [#] https://www1.caixa.gov.br/sistn/asp/login/login.asp
306. [#] https://www.sifge.caixa.gov.br/Cidadao/Crf/FgeCfSCriteriosPesquisa.asp
307. [#] http://www.correios.com.br/
308. [#] https://www42.bb.com.br/portalbb/daf/beneficiario,802,4647,4652,0,1.bbx
309. [#] https://atende.cemig.com.br/EntrarSemCadastro/Index
310. [#] http://www2.copasa.com.br/servicos/2avia2/msginicial.asp
311. [#] https://impostometro.com.br
312. [#] http://www.amuc.org.br/
313. [#] http://www.digitaliza.com.br
314. --------------------------------------------------
315. [#] Mapping Subdomain..
316. [!] Found 3 Subdomain
317. - webdisk.camarapavao.mg.gov.br
318. - cpanel.camarapavao.mg.gov.br
319. - webmail.camarapavao.mg.gov.br
320. --------------------------------------------------
321. [!] Done At 2019-09-09 13:07:28.559417
322. #######################################################################################################################################
323. [i] Scanning Site: http://www.camarapavao.mg.gov.br
324.  
325.  
326.  
327. B A S I C I N F O
328. ====================
329.  
330.  
331. [+] Site Title: Câmara Municipal de Pavão
332. [+] IP address: 184.95.55.138
333. [+] Web Server: Apache
334. [+] CMS: Could Not Detect
335. [+] Cloudflare: Not Detected
336. [+] Robots File: Found
337.  
338. -------------[ contents ]----------------
339. User-agent: *
340. Disallow:
341.  
342. -----------[end of contents]-------------
343.  
344.  
345.  
346. W H O I S L O O K U P
347. ========================
348.  
349.  
350. % Copyright (c) Nic.br
351. % The use of the data below is only permitted as described in
352. % full by the terms of use at https://registro.br/termo/en.html ,
353. % being prohibited its distribution, commercialization or
354. % reproduction, in particular, to use it for advertising or
355. % any similar purpose.
356. % 2019-09-09T14:07:16-03:00
357.  
358. domain: mg.gov.br
359. owner: COMPANHIA DE TECNOLOGIA DA INFORMAÇÃO ESTADO MG
360. ownerid: 16.636.540/0001-04
361. responsible: Governo do Estado de Minas Gerais
362. country: BR
363. owner-c: PGM14
364. admin-c: PGM14
365. tech-c: PGM14
366. billing-c: PGM14
367. nserver: zeus.prodemge.gov.br
368. nsstat: 20190909 AA
369. nslastaa: 20190909
370. nserver: titanio.prodemge.gov.br
371. nsstat: 20190909 AA
372. nslastaa: 20190909
373. nserver: tupan.prodemge.gov.br
374. nsstat: 20190909 AA
375. nslastaa: 20190909
376. nserver: jupiter.prodemge.gov.br
377. nsstat: 20190909 AA
378. nslastaa: 20190909
379. nserver: dnsipv6.prodemge.gov.br
380. nsstat: 20190909 AA
381. nslastaa: 20190909
382. created: 19950727
383. changed: 20190405
384. status: published
385.  
386. nic-hdl-br: PGM14
387. person: Prodemge Ger. Rede - Dominios MG.GOV.BR
388. e-mail: registro@mg.gov.br
389. country: BR
390. created: 20000901
391. changed: 20190131
392.  
393. % Security and mail abuse issues should also be addressed to
394. % cert.br, http://www.cert.br/ , respectivelly to cert@cert.br
395. % and mail-abuse@cert.br
396. %
397. % whois.registro.br accepts only direct match queries. Types
398. % of queries are: domain (.br), registrant (tax ID), ticket,
399. % provider, contact handle (ID), CIDR block, IP and ASN.
400.  
401.  
402.  
403.  
404. G E O I P L O O K U P
405. =========================
406.  
407. [i] IP Address: 184.95.55.138
408. [i] Country: United States
409. [i] State: Arizona
410. [i] City: Tempe
411. [i] Latitude: 33.4306
412. [i] Longitude: -111.9256
413.  
414.  
415.  
416.  
417. H T T P H E A D E R S
418. =======================
419.  
420.  
421. [i] HTTP/1.1 200 OK
422. [i] Date: Mon, 09 Sep 2019 17:07:16 GMT
423. [i] Server: Apache
424. [i] Cache-Control: private, must-revalidate
425. [i] pragma: no-cache
426. [i] expires: -1
427. [i] Set-Cookie: XSRF-TOKEN=eyJpdiI6Ino0VFNSdGtvUFhaUkJHZ2lPN1lQK2c9PSIsInZhbHVlIjoiSVdyejdUVmZlXC9lWHhhV3Z6d1dqdlJcL0I0emZ4T1NkT25EVzlKanJSYWNCWUJJbmtUTmkxT3FmTnNVQXpkV2p2IiwibWFjIjoiMGZkZjMwMDkyYmI5NzVjMDBjZjZlYzdjZWEyODQzYWI2OTE4ZTdkYjVmOWNjMjJkNWE5Zjg1YTFmNGJlNDY1MiJ9; expires=Mon, 09-Sep-2019 19:07:16 GMT; Max-Age=7200; path=/
428. [i] Set-Cookie: camara_municipal_de_pavao_session=eyJpdiI6ImtFSUFxTnllSVBBOGRVd3dTSWk5Vnc9PSIsInZhbHVlIjoiOFY1dnk5WFZRUThYcmJOU0MrTTFSZ1k5VmJQQ0lWUTVoemVnQ0I5MjBmb1NBQ1wvNzlsSkI2dWZ0ZWxsZVhMMHoiLCJtYWMiOiIwNTMxZGU0OGViODczMjU3NzYzMDFiMmFmNjc2YzA3MDQ3ZWZiZTlhY2M1NzlhMGE5OWVhNGJiMzY4ODZmOWU1In0%3D; expires=Mon, 09-Sep-2019 19:07:16 GMT; Max-Age=7200; path=/; httponly
429. [i] Vary: Accept-Encoding,User-Agent
430. [i] Connection: close
431. [i] Content-Type: text/html; charset=UTF-8
432.  
433.  
434.  
435.  
436. D N S L O O K U P
437. ===================
438.  
439. camarapavao.mg.gov.br. 14399 IN TXT "v=spf1 +a +mx +ip4:184.95.55.138 ~all"
440. camarapavao.mg.gov.br. 21599 IN SOA ns1.leidatransparencia.com.br. contato.digitaliza.com.br. 2019021902 3600 1800 1209600 86400
441. camarapavao.mg.gov.br. 21599 IN NS ns1.leidatransparencia.com.br.
442. camarapavao.mg.gov.br. 21599 IN NS ns2.leidatransparencia.com.br.
443. camarapavao.mg.gov.br. 14399 IN A 184.95.55.138
444. camarapavao.mg.gov.br. 14399 IN MX 0 camarapavao.mg.gov.br.
445.  
446.  
447.  
448.  
449. S U B N E T C A L C U L A T I O N
450. ====================================
451.  
452. Address = 184.95.55.138
453. Network = 184.95.55.138 / 32
454. Netmask = 255.255.255.255
455. Broadcast = not needed on Point-to-Point links
456. Wildcard Mask = 0.0.0.0
457. Hosts Bits = 0
458. Max. Hosts = 1 (2^0 - 0)
459. Host Range = { 184.95.55.138 - 184.95.55.138 }
460.  
461.  
462.  
463. N M A P P O R T S C A N
464. ============================
465.  
466. Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-09 17:07 UTC
467. Nmap scan report for camarapavao.mg.gov.br (184.95.55.138)
468. Host is up (0.066s latency).
469. rDNS record for 184.95.55.138: ns1.leidatransparencia.com.br
470.  
471. PORT STATE SERVICE
472. 21/tcp open ftp
473. 22/tcp open ssh
474. 23/tcp closed telnet
475. 80/tcp open http
476. 110/tcp open pop3
477. 143/tcp open imap
478. 443/tcp open https
479. 3389/tcp closed ms-wbt-server
480.  
481. Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
482.  
483.  
484.  
485. S U B - D O M A I N F I N D E R
486. ==================================
487.  
488.  
489. [i] Total Subdomains Found : 2
490.  
491. [+] Subdomain: cpanel.camarapavao.mg.gov.br
492. [-] IP: 184.95.55.138
493.  
494. [+] Subdomain: webmail.camarapavao.mg.gov.br
495. [-] IP: 184.95.55.138
496. #######################################################################################################################################
497. [INFO] ------TARGET info------
498. [*] TARGET: http://www.camarapavao.mg.gov.br/
499. [*] TARGET IP: 184.95.55.138
500. [INFO] NO load balancer detected for www.camarapavao.mg.gov.br...
501. [*] DNS servers: camarapavao.mg.gov.br.
502. [*] TARGET server: Apache
503. [*] CC: US
504. [*] Country: United States
505. [*] RegionCode: AZ
506. [*] RegionName: Arizona
507. [*] City: Tempe
508. [*] ASN: AS20454
509. [*] BGP_PREFIX: 184.95.32.0/19
510. [*] ISP: SSASN2 - SECURED SERVERS LLC, US
511. [INFO] DNS enumeration:
512. [*] ftp.camarapavao.mg.gov.br 184.95.55.138
513. [*] mail.camarapavao.mg.gov.br camarapavao.mg.gov.br. 184.95.55.138
514. [*] webmail.camarapavao.mg.gov.br 184.95.55.138
515. [INFO] Possible abuse mails are:
516. [*] abuse@mail.mg.gov.br
517. [*] abuse@mg.gov.br
518. [*] abuse@phoenixnap.com
519. [*] dominio@mg.gov.br
520. [*] mail-abuse@cert.br
521. [*] postmaster@mail.mg.gov.br
522. [*] root@mail.mg.gov.br
523. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
524. [ALERT] robots.txt file FOUND in http://www.camarapavao.mg.gov.br/robots.txt
525. [INFO] Checking for HTTP status codes recursively from http://www.camarapavao.mg.gov.br/robots.txt
526. [INFO] Status code Folders
527. [INFO] Starting FUZZing in http://www.camarapavao.mg.gov.br/FUzZzZzZzZz...
528. [INFO] Status code Folders
529. [ALERT] Look in the source code. It may contain passwords
530. [INFO] Links found from http://www.camarapavao.mg.gov.br/ http://184.95.55.138/:
531. [*] http://184.95.55.138/cgi-sys/defaultwebpage.cgi
532. [*] http://brasilescola.gov.br/
533. [*] http://bussolaescolar.com.br/
534. [*] http://cnd.dataprev.gov.br/cws/contexto/cnd/cnd.html
535. [*] http://consultasintegra.fazenda.mg.gov.br/sintegra/
536. [*] http://idg.receita.fazenda.gov.br/
537. [*] http://portalamm.org.br/
538. [*] http://portal.anvisa.gov.br/
539. [*] http://portalfns.saude.gov.br/
540. [*] http://portal.imprensanacional.gov.br/
541. [*] http://portalsicom1.tce.mg.gov.br/
542. [*] http://portal.tcu.gov.br/inicio/index.htm
543. [*] https://atende.cemig.com.br/EntrarSemCadastro/Index
544. [*] http://servicos.receita.fazenda.gov.br/Servicos/certidao/certaut/OptaAutenticidade.asp?origem=PJ
545. [*] http://servicos.receita.fazenda.gov.br/Servicos/certidao/CndConjuntaInter/InformaNICertidao.asp?Tipo=1
546. [*] https://impostometro.com.br/
547. [*] https://siconfi.tesouro.gov.br/siconfi/index.jsf
548. [*] https://sti.tesouro.gov.br/cauc/index.jsf
549. [*] https://www12.senado.leg.br/hpsenado
550. [*] https://www1.caixa.gov.br/sistn/asp/login/login.asp
551. [*] https://www42.bb.com.br/portalbb/daf/beneficiario,802,4647,4652,0,1.bbx
552. [*] https://www.almg.gov.br/home/index.html
553. [*] https://www.detran.mg.gov.br/
554. [*] https://www.digitaliza.com.br/ged/
555. [*] https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d15226.58788596225!2d-41.00783347985214!3d-17.428721636186786!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x74b4b1ca8bc8cad:0xf5772be86c73e759!2zUGF2w6NvLCBNRywgMzk4MTQtMDAw!5e0!3m2!1spt-BR!2sbr!4v1534515732470https://www.sifge.caixa.gov.br/Cidadao/Crf/FgeCfSCriteriosPesquisa.asp
556. [*] http://www2.camara.leg.br/
557. [*] http://www2.copasa.com.br/servicos/2avia2/msginicial.asp
558. [*] http://www2.copasa.com.br/servicos/copanor/2avia2/msginicial.asp
559. [*] http://www4.planalto.gov.br/legislacao
560. [*] http://www.amuc.org.br/
561. [*] http://www.caixa.gov.br/Paginas/home-caixa.aspx
562. [*] http://www.camarapavao.mg.gov.br/
563. [*] http://www.camarapavao.mg.gov.br/cidade
564. [*] http://www.camarapavao.mg.gov.br/comissoes
565. [*] http://www.camarapavao.mg.gov.br/contracheque
566. [*] http://www.camarapavao.mg.gov.br/diario
567. [*] http://www.camarapavao.mg.gov.br/editais
568. [*] http://www.camarapavao.mg.gov.br/estruturas
569. [*] http://www.camarapavao.mg.gov.br/gestor
570. [*] http://www.camarapavao.mg.gov.br/#inicio
571. [*] http://www.camarapavao.mg.gov.br/legislacao/10/Proposição
572. [*] http://www.camarapavao.mg.gov.br/legislacao/11/Emenda Lei Orgânica
573. [*] http://www.camarapavao.mg.gov.br/legislacao/12/Decisão
574. [*] http://www.camarapavao.mg.gov.br/legislacao/1/Lei Diretrizs Orçamentárias
575. [*] http://www.camarapavao.mg.gov.br/legislacao/2/Lei Orçamentária Anual
576. [*] http://www.camarapavao.mg.gov.br/legislacao/3/Plano Plurianual
577. [*] http://www.camarapavao.mg.gov.br/legislacao/4/Leis
578. [*] http://www.camarapavao.mg.gov.br/legislacao/5/Leis Complementares
579. [*] http://www.camarapavao.mg.gov.br/legislacao/6/Lei Delegada
580. [*] http://www.camarapavao.mg.gov.br/legislacao/7/Decretos
581. [*] http://www.camarapavao.mg.gov.br/legislacao/8/Portarias
582. [*] http://www.camarapavao.mg.gov.br/legislacao/9/Resoluções
583. [*] http://www.camarapavao.mg.gov.br/licitacoes
584. [*] http://www.camarapavao.mg.gov.br/mesa-diretora
585. [*] http://www.camarapavao.mg.gov.br/noticia/12/dia-do-lavrador
586. [*] http://www.camarapavao.mg.gov.br/noticia/13/dia-mundial-de-combate-as-drogas
587. [*] http://www.camarapavao.mg.gov.br/noticia/14/dia-do-bombeiro-brasileiro
588. [*] http://www.camarapavao.mg.gov.br/noticia/15/dia-da-protecao-as-florestas
589. [*] http://www.camarapavao.mg.gov.br/noticia/16/dia-do-agricultor
590. [*] http://www.camarapavao.mg.gov.br/noticia/17/dia-da-campanha-educativa-de-combate-ao-cancer
591. [*] http://www.camarapavao.mg.gov.br/noticia/18/feliz-dia-dos-pais
592. [*] http://www.camarapavao.mg.gov.br/noticia/19/dia-do-inicio-da-semana-nacional-da-crianca-excepcional
593. [*] http://www.camarapavao.mg.gov.br/noticia/20/dia-nacional-de-combate-ao-fumo
594. [*] http://www.camarapavao.mg.gov.br/noticia/21/dia-da-amazonia
595. [*] http://www.camarapavao.mg.gov.br/noticia/22/dia-da-independencia-do-brasil
596. [*] http://www.camarapavao.mg.gov.br/noticia/23/dia-internacional-da-alfabetizacao
597. [*] http://www.camarapavao.mg.gov.br/noticias
598. [*] http://www.camarapavao.mg.gov.br/orgaos
599. [*] http://www.camarapavao.mg.gov.br/?page=2
600. [*] http://www.camarapavao.mg.gov.br/portal
601. [*] http://www.camarapavao.mg.gov.br/portal/ouvidoria
602. [*] http://www.camarapavao.mg.gov.br/projetos-leis
603. [*] http://www.camarapavao.mg.gov.br/reuniao
604. [*] http://www.camarapavao.mg.gov.br/#servicos
605. [*] http://www.camarapavao.mg.gov.br/turismo
606. [*] http://www.camarapavao.mg.gov.br/vereadores
607. [*] http://www.camarapavao.mg.gov.br/webmail
608. [*] http://www.cgu.gov.br/
609. [*] http://www.correios.com.br/
610. [*] http://www.digitaliza.com.br/
611. [*] http://www.digitaliza.com.br/ged/
612. [*] http://www.fazenda.mg.gov.br/governo/receita_estado/pagrecmunic_ano.htm
613. [*] http://www.fnde.gov.br/index.php
614. [*] http://www.iof.mg.gov.br/
615. [*] http://www.portaltransparencia.gov.br/
616. [*] http://www.previdencia.gov.br/
617. [*] http://www.receita.fazenda.gov.br/Aplicacoes/ATCTA/CPF/Fisica.htm
618. [*] http://www.receita.fazenda.gov.br/PessoaJuridica/CNPJ/cnpjreva/Cnpjreva_Solicitacao.asp
619. [*] http://www.sintegra.gov.br/
620. [*] http://www.tce.mg.gov.br/
621. [*] http://www.tesouro.fazenda.gov.br/gru
622. [*] http://www.tjmg.jus.br/portal-tjmg/
623. [*] http://www.tse.jus.br/eleitor/servicos/titulo-de-eleitor/situacao-eleitoral/consulta-por-nome
624. [*] http://www.tst.jus.br/certidao
625. [INFO] Shodan detected the following opened ports on 184.95.55.138:
626. [*] 0
627. [*] 1
628. [*] 110
629. [*] 111
630. [*] 143
631. [*] 2079
632. [*] 2082
633. [*] 2083
634. [*] 2086
635. [*] 2087
636. [*] 2095
637. [*] 2096
638. [*] 21
639. [*] 214
640. [*] 22
641. [*] 3
642. [*] 3306
643. [*] 4
644. [*] 443
645. [*] 465
646. [*] 53
647. [*] 587
648. [*] 6
649. [*] 7
650. [*] 8
651. [*] 80
652. [*] 993
653. [*] 995
654. [INFO] ------VirusTotal SECTION------
655. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
656. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
657. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
658. [INFO] ------Alexa Rank SECTION------
659. [INFO] Percent of Visitors Rank in Country:
660. [INFO] Percent of Search Traffic:
661. [INFO] Percent of Unique Visits:
662. [INFO] Total Sites Linking In:
663. [*] Total Sites
664. [INFO] Useful links related to www.camarapavao.mg.gov.br - 184.95.55.138:
665. [*] https://www.virustotal.com/pt/ip-address/184.95.55.138/information/
666. [*] https://www.hybrid-analysis.com/search?host=184.95.55.138
667. [*] https://www.shodan.io/host/184.95.55.138
668. [*] https://www.senderbase.org/lookup/?search_string=184.95.55.138
669. [*] https://www.alienvault.com/open-threat-exchange/ip/184.95.55.138
670. [*] http://pastebin.com/search?q=184.95.55.138
671. [*] http://urlquery.net/search.php?q=184.95.55.138
672. [*] http://www.alexa.com/siteinfo/www.camarapavao.mg.gov.br
673. [*] http://www.google.com/safebrowsing/diagnostic?site=www.camarapavao.mg.gov.br
674. [*] https://censys.io/ipv4/184.95.55.138
675. [*] https://www.abuseipdb.com/check/184.95.55.138
676. [*] https://urlscan.io/search/#184.95.55.138
677. [*] https://github.com/search?q=184.95.55.138&type=Code
678. [INFO] Useful links related to AS20454 - 184.95.32.0/19:
679. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:20454
680. [*] https://www.senderbase.org/lookup/?search_string=184.95.32.0/19
681. [*] http://bgp.he.net/AS20454
682. [*] https://stat.ripe.net/AS20454
683. [INFO] Date: 09/09/19 | Time: 13:08:06
684. [INFO] Total time: 0 minute(s) and 41 second(s)
685. #######################################################################################################################################
686. [⍥] Perfoming Sud⍥my scans
687.  
688. [*] Load target domain: camarapavao.mg.gov.br
689. - starting scanning @ 2019-09-09 13:10:12
690.  
691. [+] Running & Checking source to be used
692. ---------------------------------------------
693.  
694. ⍥ Shodan [ ✕ ]
695. ⍥ Dnsdumpster [ ✔ ]
696. ⍥ Certspotter [ ✔ ]
697. ⍥ Securitytrails [ ✕ ]
698. ⍥ Riddler [ ✔ ]
699. ⍥ Entrust [ ✔ ]
700. ⍥ Hackertarget [ ✔ ]
701. ⍥ Threatminer [ ✔ ]
702. ⍥ Binaryedge [ ✕ ]
703. ⍥ Webarchive [ ✔ ]
704. ⍥ Certsh [ ✔ ]
705. ⍥ Censys [ ✕ ]
706. ⍥ Threatcrowd [ ✔ ]
707. ⍥ Bufferover [ ✔ ]
708. ⍥ Virustotal [ ✕ ]
709. ⍥ Findsubdomain [ ✔ ]
710.  
711. [+] Get & Count subdomain total From source
712. ---------------------------------------------
713.  
714. ⍥ Hackertarget: Total Subdomain (3)
715. ⍥ Findsubdomain: Total Subdomain (6)
716. ⍥ Certspotter: Total Subdomain (6)
717. ⍥ Threatminer: Total Subdomain (0)
718. ⍥ Certsh: Total Subdomain (10)
719. ⍥ BufferOver: Total Subdomain (5)
720. ⍥ Entrust: Total Subdomain (1)
721. ⍥ Threatcrowd: Total Subdomain (0)
722. ⍥ Dnsdumpster: Total Subdomain (6)
723. ⍥ Riddler: Total Subdomain (0)
724. ⍥ Webarchive: Total Subdomain (2)
725.  
726. [+] Parsing & Sorting list Domain
727. ---------------------------------------------
728.  
729. ⍥ Total [12]
730.  
731. - 0 camarapavao.mg.gov.br.
732. - autodiscover.camarapavao.mg.gov.br
733. - camarapavao.mg.gov.br
734. - cpanel.camarapavao.mg.gov.br
735. - esic.camarapavao.mg.gov.br
736. - mail.camarapavao.mg.gov.br
737. - transparencia.camarapavao.mg.gov.br
738. - webdisk.camarapavao.mg.gov.br
739. - webmail.camarapavao.mg.gov.br
740. - www.camarapavao.mg.gov.br
741. - www.esic.camarapavao.mg.gov.br
742. - www.transparencia.camarapavao.mg.gov.br
743.  
744. ⍥ Total [12]
745.  
746. [+] Probe subdomain for working on http/https
747. ---------------------------------------------
748.  
749. - http://www.camarapavao.mg.gov.br
750. - http://camarapavao.mg.gov.br
751. - https://cpanel.camarapavao.mg.gov.br
752. - https://www.camarapavao.mg.gov.br
753. - https://camarapavao.mg.gov.br
754. - https://mail.camarapavao.mg.gov.br
755. - http://cpanel.camarapavao.mg.gov.br
756. - http://webmail.camarapavao.mg.gov.br
757. - http://mail.camarapavao.mg.gov.br
758. - https://webmail.camarapavao.mg.gov.br
759. - http://webdisk.camarapavao.mg.gov.br
760. - https://webdisk.camarapavao.mg.gov.br
761.  
762. ⍥ Total [12]
763.  
764.  
765. [+] Check Live Host: Ping Sweep - ICMP PING
766. ---------------------------------------------
767.  
768. ⍥ [LIVE] 0
769. ⍥ [LIVE] camarapavao.mg.gov.br.
770. ⍥ [DEAD] autodiscover.camarapavao.mg.gov.br
771. ⍥ [LIVE] camarapavao.mg.gov.br
772. ⍥ [LIVE] cpanel.camarapavao.mg.gov.br
773. ⍥ [DEAD] esic.camarapavao.mg.gov.br
774. ⍥ [LIVE] mail.camarapavao.mg.gov.br
775. ⍥ [DEAD] transparencia.camarapavao.mg.gov.br
776. ⍥ [LIVE] webdisk.camarapavao.mg.gov.br
777. ⍥ [LIVE] webmail.camarapavao.mg.gov.br
778. ⍥ [LIVE] www.camarapavao.mg.gov.br
779. ⍥ [DEAD] www.esic.camarapavao.mg.gov.br
780. ⍥ [DEAD] www.transparencia.camarapavao.mg.gov.br
781.  
782. [+] Check Resolving: Subdomains & Domains
783. ---------------------------------------------
784.  
785. ⍥ Resolving domains to: RESOLVE ERROR
786. ⍥ Resolving domains to: 184.95.55.138
787. ⍥ Resolving domains to: RESOLVE ERROR
788. ⍥ Resolving domains to: 184.95.55.138
789. ⍥ Resolving domains to: 184.95.55.138
790. ⍥ Resolving domains to: RESOLVE ERROR
791. ⍥ Resolving domains to: 184.95.55.138
792. ⍥ Resolving domains to: RESOLVE ERROR
793. ⍥ Resolving domains to: 184.95.55.138
794. ⍥ Resolving domains to: 184.95.55.138
795. ⍥ Resolving domains to: 184.95.55.138
796. ⍥ Resolving domains to: RESOLVE ERROR
797. ⍥ Resolving domains to: RESOLVE ERROR
798.  
799. [+] Subdomain TakeOver - Check Possible Vulns
800. ---------------------------------------------
801.  
802. ⍥ [FAILS] En: Unknown http://camarapavao.mg.gov.br
803. ⍥ [FAILS] En: Unknown http://www.camarapavao.mg.gov.br
804. ⍥ [FAILS] En: Unknown https://webmail.camarapavao.mg.gov.br
805. ⍥ [FAILS] En: Unknown https://cpanel.camarapavao.mg.gov.br
806. ⍥ [FAILS] En: Unknown https://www.camarapavao.mg.gov.br
807. ⍥ [FAILS] En: Unknown https://camarapavao.mg.gov.br
808. ⍥ [FAILS] En: Unknown http://mail.camarapavao.mg.gov.br
809. ⍥ [FAILS] En: Unknown http://webmail.camarapavao.mg.gov.br
810. ⍥ [FAILS] En: Unknown http://cpanel.camarapavao.mg.gov.br
811. ⍥ [FAILS] En: Unknown https://mail.camarapavao.mg.gov.br
812. ⍥ [FAILS] En: Unknown http://webdisk.camarapavao.mg.gov.br
813. ⍥ [FAILS] En: Unknown https://webdisk.camarapavao.mg.gov.br
814.  
815. [+] Checks status code on port 80 and 443
816. ---------------------------------------------
817.  
818. ⍥ [200] http://camarapavao.mg.gov.br
819. ⍥ [200] http://www.camarapavao.mg.gov.br
820. ⍥ [200] https://webmail.camarapavao.mg.gov.br
821. ⍥ [200] https://cpanel.camarapavao.mg.gov.br
822. ⍥ [200] https://www.camarapavao.mg.gov.br
823. ⍥ [200] https://camarapavao.mg.gov.br
824. ⍥ [200] http://mail.camarapavao.mg.gov.br
825. ⍥ [200] http://cpanel.camarapavao.mg.gov.br
826. ⍥ [200] https://mail.camarapavao.mg.gov.br
827. ⍥ [401] http://webdisk.camarapavao.mg.gov.br
828. ⍥ [401] https://webdisk.camarapavao.mg.gov.br
829.  
830. [+] Web Screenshots: from domain list
831. ---------------------------------------------
832.  
833. [+] Sud⍥my has been sucessfully completed
834. ---------------------------------------------
835.  
836. ⍥ Location output:
837. - output/09-09-2019/camarapavao.mg.gov.br
838. - output/09-09-2019/camarapavao.mg.gov.br/report
839. - output/09-09-2019/camarapavao.mg.gov.br/screenshots
840.  
841. #######################################################################################################################################
842. Trying "camarapavao.mg.gov.br"
843. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39455
844. ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 3
845.  
846. ;; QUESTION SECTION:
847. ;camarapavao.mg.gov.br. IN ANY
848.  
849. ;; ANSWER SECTION:
850. camarapavao.mg.gov.br. 14400 IN MX 0 camarapavao.mg.gov.br.
851. camarapavao.mg.gov.br. 14400 IN A 184.95.55.138
852. camarapavao.mg.gov.br. 43200 IN SOA ns1.leidatransparencia.com.br. contato.digitaliza.com.br. 2019021902 3600 1800 1209600 86400
853. camarapavao.mg.gov.br. 14400 IN TXT "v=spf1 +a +mx +ip4:184.95.55.138 ~all"
854. camarapavao.mg.gov.br. 43200 IN NS ns1.leidatransparencia.com.br.
855. camarapavao.mg.gov.br. 43200 IN NS ns2.leidatransparencia.com.br.
856.  
857. ;; AUTHORITY SECTION:
858. camarapavao.mg.gov.br. 43200 IN NS ns1.leidatransparencia.com.br.
859. camarapavao.mg.gov.br. 43200 IN NS ns2.leidatransparencia.com.br.
860.  
861. ;; ADDITIONAL SECTION:
862. camarapavao.mg.gov.br. 14400 IN A 184.95.55.138
863. ns2.leidatransparencia.com.br. 3600 IN A 184.95.55.139
864. ns1.leidatransparencia.com.br. 3600 IN A 184.95.55.138
865.  
866. Received 311 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 521 ms
867. #######################################################################################################################################
868. ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace camarapavao.mg.gov.br
869. ;; global options: +cmd
870. . 82185 IN NS m.root-servers.net.
871. . 82185 IN NS b.root-servers.net.
872. . 82185 IN NS f.root-servers.net.
873. . 82185 IN NS c.root-servers.net.
874. . 82185 IN NS j.root-servers.net.
875. . 82185 IN NS a.root-servers.net.
876. . 82185 IN NS e.root-servers.net.
877. . 82185 IN NS d.root-servers.net.
878. . 82185 IN NS i.root-servers.net.
879. . 82185 IN NS g.root-servers.net.
880. . 82185 IN NS k.root-servers.net.
881. . 82185 IN NS h.root-servers.net.
882. . 82185 IN NS l.root-servers.net.
883. . 82185 IN RRSIG NS 8 0 518400 20190922050000 20190909040000 59944 . UdevRT5xRd+xLrIiCOgOJvCQyYg+GtsS+27xyFTrdzuu147InV6Z3rJG 588jQ6Qkv54DO2olI94IRTo+7rGpvBg3QR3uPNAI2CXyL3RtADrjQ1Eh AhvGuq3VAjGoLh4upughjB5Vz3ZFnj8hv+KeEodYDXEk58uAHnWM+fVt EI660UE2Lsm20pjkt6DC7ePkdad9c4tSboSCWUtqWJASkWDMJ27Jn4ww EWGx/QqfPV+gnd/dvB1iGbuk9KeUR7ZSVktrfsgAf3MWVx2yL9irmqf3 8haedccQxutc8B19xH9jUrW3BdLV0/BzINhBjmG1DVRi5P69ZonS5f/G PVh+Zg==
884. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 268 ms
885.  
886. br. 172800 IN NS a.dns.br.
887. br. 172800 IN NS b.dns.br.
888. br. 172800 IN NS c.dns.br.
889. br. 172800 IN NS e.dns.br.
890. br. 172800 IN NS d.dns.br.
891. br. 172800 IN NS f.dns.br.
892. br. 86400 IN DS 2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A 07D1A2E4
893. br. 86400 IN RRSIG DS 8 1 86400 20190922170000 20190909160000 59944 . mXoSYJOC0x7hMynzUilICD4Nf1Cm3l1wNELm9SvBtPl0K2DO4s3iYI/M wF8J5CV93flIy4qrrKy3JBfPzj5JbUYcHm1ehK/Nig3zRRmdtoxJBJIn BCKcK2sHDRCwOVgzSGwg5aTv6BpXDg9EOJHoQBJ9gIYsVMuuE9K9/nW6 kkCvcndOPZpZwpSS/DcYe1u77Y6QIZIZpglJOtlm54xXN1kHu8MIw9hq V9AJETTJ4SptkOvwY6rboJKKXp2WzWBREKihKMSXWoGzII6nIJkRDDBn hxDHl5UYNquhM85r3Xqi1dnSoMJQa7vBc7EnyUFsEsdSUMZE3LRHxkxs zC20fQ==
894. ;; Received 777 bytes from 2001:500:200::b#53(b.root-servers.net) in 68 ms
895.  
896. mg.gov.br. 3600 IN NS jupiter.prodemge.gov.br.
897. mg.gov.br. 3600 IN NS zeus.prodemge.gov.br.
898. mg.gov.br. 3600 IN NS tupan.prodemge.gov.br.
899. mg.gov.br. 3600 IN NS titanio.prodemge.gov.br.
900. mg.gov.br. 3600 IN NS dnsipv6.prodemge.gov.br.
901. mg.gov.br. 900 IN NSEC mi.gov.br. NS RRSIG NSEC
902. mg.gov.br. 900 IN RRSIG NSEC 13 3 900 20190923121007 20190909111007 50774 gov.br. 0GGLSu6Z1LrZ4EYSGhi3W+SQXKPusQ6pCivUOZLhuGGwwS6gccA1iAjd sqrTWMe1FUFRXyg6DZF1r4QUHB+nFQ==
903. ;; Received 433 bytes from 2001:12f8:8::10#53(b.dns.br) in 115 ms
904.  
905. camarapavao.mg.gov.br. 43200 IN NS ns1.leidatransparencia.com.br.
906. camarapavao.mg.gov.br. 43200 IN NS ns2.leidatransparencia.com.br.
907. ;; Received 109 bytes from 200.198.5.13#53(zeus.prodemge.gov.br) in 152 ms
908.  
909. camarapavao.mg.gov.br. 14400 IN A 184.95.55.138
910. camarapavao.mg.gov.br. 86400 IN NS ns2.leidatransparencia.com.br.
911. camarapavao.mg.gov.br. 86400 IN NS ns1.leidatransparencia.com.br.
912. ;; Received 157 bytes from 184.95.55.139#53(ns2.leidatransparencia.com.br) in 312 ms
913. #######################################################################################################################################
914. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
915. [+] Getting nameservers
916. 184.95.55.138 - ns1.leidatransparencia.com.br
917. 184.95.55.139 - ns2.leidatransparencia.com.br
918. [-] Zone transfer failed
919.  
920. [+] TXT records found
921. "v=spf1 +a +mx +ip4:184.95.55.138 ~all"
922.  
923. [+] MX records found, added to target list
924. 0 camarapavao.mg.gov.br.
925.  
926. [*] Scanning camarapavao.mg.gov.br for A records
927. 184.95.55.138 - camarapavao.mg.gov.br
928. 184.95.55.138 - cpanel.camarapavao.mg.gov.br
929. 184.95.55.138 - ftp.camarapavao.mg.gov.br
930. 184.95.55.138 - mail.camarapavao.mg.gov.br
931. 184.95.55.138 - webdisk.camarapavao.mg.gov.br
932. 184.95.55.138 - webmail.camarapavao.mg.gov.br
933. 184.95.55.138 - whm.camarapavao.mg.gov.br
934. 184.95.55.138 - www.camarapavao.mg.gov.br
935. #######################################################################################################################################
936.  
937.  
938. AVAILABLE PLUGINS
939. -----------------
940.  
941. OpenSslCcsInjectionPlugin
942. SessionResumptionPlugin
943. HttpHeadersPlugin
944. EarlyDataPlugin
945. CompressionPlugin
946. CertificateInfoPlugin
947. RobotPlugin
948. OpenSslCipherSuitesPlugin
949. HeartbleedPlugin
950. FallbackScsvPlugin
951. SessionRenegotiationPlugin
952.  
953.  
954.  
955. CHECKING HOST(S) AVAILABILITY
956. -----------------------------
957.  
958. 184.95.55.138:443 => 184.95.55.138
959.  
960.  
961.  
962.  
963. SCAN RESULTS FOR 184.95.55.138:443 - 184.95.55.138
964. --------------------------------------------------
965.  
966. * Downgrade Attacks:
967. TLS_FALLBACK_SCSV: OK - Supported
968.  
969. * Session Renegotiation:
970. Client-initiated Renegotiation: OK - Rejected
971. Secure Renegotiation: OK - Supported
972.  
973. * TLS 1.2 Session Resumption Support:
974. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
975. With TLS Tickets: OK - Supported
976.  
977. * OpenSSL CCS Injection:
978. OK - Not vulnerable to OpenSSL CCS injection
979.  
980. * SSLV2 Cipher Suites:
981. Server rejected all cipher suites.
982.  
983. * Certificate Information:
984. Content
985. SHA1 Fingerprint: 0bb9ffb54c6e98aa4cc1db836729653559d3ca66
986. Common Name: leidatransparencia.com.br
987. Issuer: cPanel, Inc. Certification Authority
988. Serial Number: 133719112027201498553866909398642790766
989. Not Before: 2019-08-28 00:00:00
990. Not After: 2019-11-26 23:59:59
991. Signature Algorithm: sha256
992. Public Key Algorithm: RSA
993. Key Size: 2048
994. Exponent: 65537 (0x10001)
995. DNS Subject Alternative Names: ['leidatransparencia.com.br', 'cpanel.leidatransparencia.com.br', 'mail.leidatransparencia.com.br', 'webdisk.leidatransparencia.com.br', 'webmail.leidatransparencia.com.br', 'www.leidatransparencia.com.br']
996.  
997. Trust
998. Hostname Validation: FAILED - Certificate does NOT match 184.95.55.138
999. Android CA Store (9.0.0_r9): OK - Certificate is trusted
1000. Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1001. Java CA Store (jdk-12.0.1): OK - Certificate is trusted
1002. Mozilla CA Store (2019-03-14): OK - Certificate is trusted
1003. Windows CA Store (2019-05-27): OK - Certificate is trusted
1004. Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
1005. Received Chain: leidatransparencia.com.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
1006. Verified Chain: leidatransparencia.com.br --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
1007. Received Chain Contains Anchor: OK - Anchor certificate not sent
1008. Received Chain Order: OK - Order is valid
1009. Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
1010.  
1011. Extensions
1012. OCSP Must-Staple: NOT SUPPORTED - Extension not found
1013. Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
1014.  
1015. OCSP Stapling
1016. OCSP Response Status: successful
1017. Validation w/ Mozilla Store: OK - Response is trusted
1018. Responder Id: 7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
1019. Cert Status: good
1020. Cert Serial Number: 64995D3C25637740B9A36E62D1D1116E
1021. This Update: Sep 8 20:50:46 2019 GMT
1022. Next Update: Sep 15 20:50:46 2019 GMT
1023.  
1024. * ROBOT Attack:
1025. OK - Not vulnerable, RSA cipher suites not supported
1026.  
1027. * TLSV1_3 Cipher Suites:
1028. Server rejected all cipher suites.
1029.  
1030. * Deflate Compression:
1031. OK - Compression disabled
1032.  
1033. * SSLV3 Cipher Suites:
1034. Server rejected all cipher suites.
1035.  
1036. * TLSV1_1 Cipher Suites:
1037. Server rejected all cipher suites.
1038.  
1039. * TLSV1_2 Cipher Suites:
1040. Forward Secrecy OK - Supported
1041. RC4 OK - Not Supported
1042.  
1043. Preferred:
1044. None - Server followed client cipher suite preference.
1045. Accepted:
1046. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 503 Service Unavailable
1047. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 503 Service Unavailable
1048. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 503 Service Unavailable
1049. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 503 Service Unavailable
1050.  
1051. * TLSV1 Cipher Suites:
1052. Server rejected all cipher suites.
1053.  
1054. * OpenSSL Heartbleed:
1055. OK - Not vulnerable to Heartbleed
1056.  
1057.  
1058. SCAN COMPLETED IN 9.02 S
1059. ------------------------
1060. #######################################################################################################################################
1061. Domains still to check: 1
1062. Checking if the hostname camarapavao.mg.gov.br. given is in fact a domain...
1063.  
1064. Analyzing domain: camarapavao.mg.gov.br.
1065. Checking NameServers using system default resolver...
1066. IP: 184.95.55.138 (United States)
1067. HostName: ns1.leidatransparencia.com.br Type: NS
1068. HostName: ns1.leidatransparencia.com.br Type: PTR
1069. IP: 184.95.55.139 (United States)
1070. HostName: ns2.leidatransparencia.com.br Type: NS
1071. HostName: ns2.leidatransparencia.com.br Type: PTR
1072.  
1073. Checking MailServers using system default resolver...
1074. IP: 184.95.55.138 (United States)
1075. HostName: ns1.leidatransparencia.com.br Type: NS
1076. HostName: ns1.leidatransparencia.com.br Type: PTR
1077. HostName: camarapavao.mg.gov.br Type: MX
1078.  
1079. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1080. No zone transfer found on nameserver 184.95.55.138
1081. No zone transfer found on nameserver 184.95.55.139
1082.  
1083. Checking SPF record...
1084.  
1085. Checking 192 most common hostnames using system default resolver...
1086. IP: 184.95.55.138 (United States)
1087. HostName: ns1.leidatransparencia.com.br Type: NS
1088. HostName: ns1.leidatransparencia.com.br Type: PTR
1089. HostName: camarapavao.mg.gov.br Type: MX
1090. Type: SPF
1091. HostName: www.camarapavao.mg.gov.br. Type: A
1092. IP: 184.95.55.138 (United States)
1093. HostName: ns1.leidatransparencia.com.br Type: NS
1094. HostName: ns1.leidatransparencia.com.br Type: PTR
1095. HostName: camarapavao.mg.gov.br Type: MX
1096. Type: SPF
1097. HostName: www.camarapavao.mg.gov.br. Type: A
1098. HostName: ftp.camarapavao.mg.gov.br. Type: A
1099. IP: 184.95.55.138 (United States)
1100. HostName: ns1.leidatransparencia.com.br Type: NS
1101. HostName: ns1.leidatransparencia.com.br Type: PTR
1102. HostName: camarapavao.mg.gov.br Type: MX
1103. Type: SPF
1104. HostName: www.camarapavao.mg.gov.br. Type: A
1105. HostName: ftp.camarapavao.mg.gov.br. Type: A
1106. HostName: mail.camarapavao.mg.gov.br. Type: A
1107. IP: 184.95.55.138 (United States)
1108. HostName: ns1.leidatransparencia.com.br Type: NS
1109. HostName: ns1.leidatransparencia.com.br Type: PTR
1110. HostName: camarapavao.mg.gov.br Type: MX
1111. Type: SPF
1112. HostName: www.camarapavao.mg.gov.br. Type: A
1113. HostName: ftp.camarapavao.mg.gov.br. Type: A
1114. HostName: mail.camarapavao.mg.gov.br. Type: A
1115. HostName: webmail.camarapavao.mg.gov.br. Type: A
1116.  
1117. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1118. Checking netblock 184.95.55.0
1119.  
1120. Searching for camarapavao.mg.gov.br. emails in Google
1121.  
1122. Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1123. Host 184.95.55.138 is up (reset ttl 64)
1124. Host 184.95.55.139 is up (reset ttl 64)
1125.  
1126. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1127. Scanning ip 184.95.55.138 (webmail.camarapavao.mg.gov.br.):
1128. 21/tcp open ftp syn-ack ttl 51 ProFTPD
1129. 22/tcp open ssh syn-ack ttl 53 OpenSSH 5.3 (protocol 2.0)
1130. 53/tcp open domain syn-ack ttl 53 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1131. 80/tcp open http syn-ack ttl 48 Apache httpd
1132. 110/tcp open pop3 syn-ack ttl 47 Dovecot pop3d
1133. 111/tcp open rpcbind syn-ack ttl 53
1134. 143/tcp open imap syn-ack ttl 51 Dovecot imapd
1135. 443/tcp open ssl/http syn-ack ttl 47 Apache httpd
1136. 465/tcp open ssl/smtp syn-ack ttl 47 Exim smtpd 4.92
1137. |_smtp-commands: Couldn't establish connection on port 465
1138. 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
1139. |_smtp-commands: Couldn't establish connection on port 587
1140. 993/tcp open imaps? syn-ack ttl 48
1141. 995/tcp open pop3s? syn-ack ttl 51
1142. 3306/tcp open mysql syn-ack ttl 51 MySQL 5.7.27
1143. OS Info: Service Info: Host: servidor.leidatransparencia.com.br; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1144. Scanning ip 184.95.55.139 (ns2.leidatransparencia.com.br (PTR)):
1145. WebCrawling domain's web servers... up to 50 max links.
1146.  
1147. + URL to crawl: http://ns1.leidatransparencia.com.br
1148. + Date: 2019-09-09
1149.  
1150. + Crawling URL: http://ns1.leidatransparencia.com.br:
1151. + Links:
1152. + Crawling http://ns1.leidatransparencia.com.br (timed out)
1153. + Searching for directories...
1154. + Searching open folders...
1155.  
1156.  
1157. + URL to crawl: http://www.camarapavao.mg.gov.br.
1158. + Date: 2019-09-09
1159.  
1160. + Crawling URL: http://www.camarapavao.mg.gov.br.:
1161. + Links:
1162. + Crawling http://www.camarapavao.mg.gov.br. (timed out)
1163. + Searching for directories...
1164. + Searching open folders...
1165.  
1166.  
1167. + URL to crawl: http://ftp.camarapavao.mg.gov.br.
1168. + Date: 2019-09-09
1169.  
1170. + Crawling URL: http://ftp.camarapavao.mg.gov.br.:
1171. + Links:
1172. + Crawling http://ftp.camarapavao.mg.gov.br. (timed out)
1173. + Searching for directories...
1174. + Searching open folders...
1175.  
1176.  
1177. + URL to crawl: http://camarapavao.mg.gov.br
1178. + Date: 2019-09-09
1179.  
1180. + Crawling URL: http://camarapavao.mg.gov.br:
1181. + Links:
1182. + Crawling http://camarapavao.mg.gov.br (timed out)
1183. + Searching for directories...
1184. + Searching open folders...
1185.  
1186.  
1187. + URL to crawl: http://mail.camarapavao.mg.gov.br.
1188. + Date: 2019-09-09
1189.  
1190. + Crawling URL: http://mail.camarapavao.mg.gov.br.:
1191. + Links:
1192. + Crawling http://mail.camarapavao.mg.gov.br. (timed out)
1193. + Searching for directories...
1194. + Searching open folders...
1195.  
1196.  
1197. + URL to crawl: http://webmail.camarapavao.mg.gov.br.
1198. + Date: 2019-09-09
1199.  
1200. + Crawling URL: http://webmail.camarapavao.mg.gov.br.:
1201. + Links:
1202. + Crawling http://webmail.camarapavao.mg.gov.br. (timed out)
1203. + Searching for directories...
1204. + Searching open folders...
1205.  
1206.  
1207. + URL to crawl: https://ns1.leidatransparencia.com.br
1208. + Date: 2019-09-09
1209.  
1210. + Crawling URL: https://ns1.leidatransparencia.com.br:
1211. + Links:
1212. + Crawling https://ns1.leidatransparencia.com.br (timed out)
1213. + Searching for directories...
1214. + Searching open folders...
1215.  
1216.  
1217. + URL to crawl: https://www.camarapavao.mg.gov.br.
1218. + Date: 2019-09-09
1219.  
1220. + Crawling URL: https://www.camarapavao.mg.gov.br.:
1221. + Links:
1222. + Crawling https://www.camarapavao.mg.gov.br. (timed out)
1223. + Searching for directories...
1224. + Searching open folders...
1225.  
1226.  
1227. + URL to crawl: https://ftp.camarapavao.mg.gov.br.
1228. + Date: 2019-09-09
1229.  
1230. + Crawling URL: https://ftp.camarapavao.mg.gov.br.:
1231. + Links:
1232. + Crawling https://ftp.camarapavao.mg.gov.br. (timed out)
1233. + Searching for directories...
1234. + Searching open folders...
1235.  
1236.  
1237. + URL to crawl: https://camarapavao.mg.gov.br
1238. + Date: 2019-09-09
1239.  
1240. + Crawling URL: https://camarapavao.mg.gov.br:
1241. + Links:
1242. + Crawling https://camarapavao.mg.gov.br (timed out)
1243. + Searching for directories...
1244. + Searching open folders...
1245.  
1246.  
1247. + URL to crawl: https://mail.camarapavao.mg.gov.br.
1248. + Date: 2019-09-09
1249.  
1250. + Crawling URL: https://mail.camarapavao.mg.gov.br.:
1251. + Links:
1252. + Crawling https://mail.camarapavao.mg.gov.br. (timed out)
1253. + Searching for directories...
1254. + Searching open folders...
1255.  
1256.  
1257. + URL to crawl: https://webmail.camarapavao.mg.gov.br.
1258. + Date: 2019-09-09
1259.  
1260. + Crawling URL: https://webmail.camarapavao.mg.gov.br.:
1261. + Links:
1262. + Crawling https://webmail.camarapavao.mg.gov.br. (timed out)
1263. + Searching for directories...
1264. + Searching open folders...
1265.  
1266. --Finished--
1267. Summary information for domain camarapavao.mg.gov.br.
1268. -----------------------------------------
1269.  
1270. Domain Ips Information:
1271. IP: 184.95.55.138
1272. HostName: ns1.leidatransparencia.com.br Type: NS
1273. HostName: ns1.leidatransparencia.com.br Type: PTR
1274. HostName: camarapavao.mg.gov.br Type: MX
1275. Type: SPF
1276. HostName: www.camarapavao.mg.gov.br. Type: A
1277. HostName: ftp.camarapavao.mg.gov.br. Type: A
1278. HostName: mail.camarapavao.mg.gov.br. Type: A
1279. HostName: webmail.camarapavao.mg.gov.br. Type: A
1280. Country: United States
1281. Is Active: True (reset ttl 64)
1282. Port: 21/tcp open ftp syn-ack ttl 51 ProFTPD
1283. Port: 22/tcp open ssh syn-ack ttl 53 OpenSSH 5.3 (protocol 2.0)
1284. Port: 53/tcp open domain syn-ack ttl 53 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1285. Port: 80/tcp open http syn-ack ttl 48 Apache httpd
1286. Port: 110/tcp open pop3 syn-ack ttl 47 Dovecot pop3d
1287. Port: 111/tcp open rpcbind syn-ack ttl 53
1288. Port: 143/tcp open imap syn-ack ttl 51 Dovecot imapd
1289. Port: 443/tcp open ssl/http syn-ack ttl 47 Apache httpd
1290. Port: 465/tcp open ssl/smtp syn-ack ttl 47 Exim smtpd 4.92
1291. Script Info: |_smtp-commands: Couldn't establish connection on port 465
1292. Port: 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
1293. Script Info: |_smtp-commands: Couldn't establish connection on port 587
1294. Port: 993/tcp open imaps? syn-ack ttl 48
1295. Port: 995/tcp open pop3s? syn-ack ttl 51
1296. Port: 3306/tcp open mysql syn-ack ttl 51 MySQL 5.7.27
1297. Os Info: Host: servidor.leidatransparencia.com.br; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1298. IP: 184.95.55.139
1299. HostName: ns2.leidatransparencia.com.br Type: NS
1300. HostName: ns2.leidatransparencia.com.br Type: PTR
1301. Country: United States
1302. Is Active: True (reset ttl 64)
1303.  
1304. #######################################################################################################################################
1305. dnsenum VERSION:1.2.4
1306.  
1307. ----- www.camarapavao.mg.gov.br -----
1308.  
1309.  
1310. Host's addresses:
1311. __________________
1312.  
1313. camarapavao.mg.gov.br. 12235 IN A 184.95.55.138
1314.  
1315.  
1316. Name Servers:
1317. ______________
1318.  
1319. ns2.leidatransparencia.com.br. 12234 IN A 184.95.55.139
1320. ns1.leidatransparencia.com.br. 10922 IN A 184.95.55.138
1321.  
1322.  
1323. Mail (MX) Servers:
1324. ___________________
1325.  
1326. camarapavao.mg.gov.br. 12234 IN A 184.95.55.138
1327.  
1328.  
1329. Trying Zone Transfers and getting Bind Versions:
1330. _________________________________________________
1331.  
1332.  
1333. Trying Zone Transfer for www.camarapavao.mg.gov.br on ns2.leidatransparencia.com.br ...
1334.  
1335. Trying Zone Transfer for www.camarapavao.mg.gov.br on ns1.leidatransparencia.com.br ...
1336.  
1337. brute force file not specified, bay.
1338. #######################################################################################################################################
1339. [*] Found SPF record:
1340. [*] v=spf1 +a +mx +ip4:184.95.55.138 ~all
1341. [*] SPF record contains an All item: ~all
1342. [*] No DMARC record found. Looking for organizational record
1343. [+] No organizational DMARC record
1344. [+] Spoofing possible for www.camarapavao.mg.gov.br!
1345. #######################################################################################################################################
1346. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:45 EDT
1347. Nmap scan report for www.camarapavao.mg.gov.br (184.95.55.138)
1348. Host is up (0.046s latency).
1349. rDNS record for 184.95.55.138: ns1.leidatransparencia.com.br
1350. Not shown: 2 filtered ports
1351. PORT STATE SERVICE
1352. 53/udp open|filtered domain
1353. 67/udp open|filtered dhcps
1354. 68/udp open|filtered dhcpc
1355. 69/udp open|filtered tftp
1356. 88/udp open|filtered kerberos-sec
1357. 123/udp open|filtered ntp
1358. 139/udp open|filtered netbios-ssn
1359. 161/udp open|filtered snmp
1360. 162/udp open|filtered snmptrap
1361. 389/udp open|filtered ldap
1362. 500/udp open|filtered isakmp
1363. 520/udp open|filtered route
1364. 2049/udp open|filtered nfs
1365.  
1366. Nmap done: 1 IP address (1 host up) scanned in 2.07 seconds
1367. #######################################################################################################################################
1368. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:14 EDT
1369. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1370. Host is up (0.092s latency).
1371. Not shown: 470 closed ports
1372. PORT STATE SERVICE
1373. 21/tcp open ftp
1374. 22/tcp open ssh
1375. 53/tcp open domain
1376. 80/tcp open http
1377. 110/tcp open pop3
1378. 111/tcp open rpcbind
1379. 143/tcp open imap
1380. 443/tcp open https
1381. 465/tcp open smtps
1382. 587/tcp open submission
1383. 993/tcp open imaps
1384. 995/tcp open pop3s
1385. 3306/tcp open mysql
1386.  
1387. Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds
1388. #######################################################################################################################################
1389. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:14 EDT
1390. NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1391. NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1392. NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
1393. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1394. Host is up (0.12s latency).
1395.  
1396. PORT STATE SERVICE VERSION
1397. 21/tcp open ftp ProFTPD
1398. | ftp-brute:
1399. | Accounts: No valid accounts found
1400. |_ Statistics: Performed 4726 guesses in 180 seconds, average tps: 24.9
1401. |_vulscan: ERROR: Script execution failed (use -d to debug)
1402. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1403. Aggressive OS guesses: Linux 2.6.32 - 3.1 (94%), Linux 3.11 (94%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 3.2 (93%), Linux 2.6.32 (93%), Linux 3.5 (93%), Linux 3.8 (93%), Linux 3.1 (92%)
1404. No exact OS matches for host (test conditions non-ideal).
1405. Network Distance: 19 hops
1406.  
1407. TRACEROUTE (using port 21/tcp)
1408. HOP RTT ADDRESS
1409. 1 97.04 ms 10.247.204.1
1410. 2 55.26 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1411. 3 55.28 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1412. 4 55.25 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1413. 5 55.51 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1414. 6 56.01 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
1415. 7 56.06 ms be2088.ccr21.alb02.atlas.cogentco.com (154.54.43.18)
1416. 8 56.12 ms be2915.ccr41.jfk02.atlas.cogentco.com (154.54.40.62)
1417. 9 56.22 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)
1418. 10 76.60 ms be3084.ccr41.iad02.atlas.cogentco.com (154.54.30.66)
1419. 11 76.57 ms be2962.rcr22.iad01.atlas.cogentco.com (154.54.46.114)
1420. 12 76.63 ms be3248.nr21.b023801-0.iad01.atlas.cogentco.com (154.24.4.46)
1421. 13 56.71 ms 38.88.249.10
1422. 14 ... 15
1423. 16 117.02 ms 10.110.10.3
1424. 17 117.03 ms 108.170.0.37
1425. 18 ...
1426. 19 96.59 ms ns1.leidatransparencia.com.br (184.95.55.138)
1427. #######################################################################################################################################
1428. # general
1429. (gen) banner: SSH-2.0-OpenSSH_5.3
1430. (gen) software: OpenSSH 5.3
1431. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
1432. (gen) compression: enabled (zlib@openssh.com)
1433.  
1434. # key exchange algorithms
1435. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1436. `- [info] available since OpenSSH 4.4
1437. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1438. `- [warn] using weak hashing algorithm
1439. `- [info] available since OpenSSH 2.3.0
1440. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1441. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1442. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1443. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1444. `- [warn] using small 1024-bit modulus
1445. `- [warn] using weak hashing algorithm
1446. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1447.  
1448. # host-key algorithms
1449. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1450. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1451. `- [warn] using small 1024-bit modulus
1452. `- [warn] using weak random number generator could reveal the key
1453. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1454.  
1455. # encryption algorithms (ciphers)
1456. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1457. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1458. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1459. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1460. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1461. `- [warn] using weak cipher
1462. `- [info] available since OpenSSH 4.2
1463. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1464. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1465. `- [warn] using weak cipher
1466. `- [info] available since OpenSSH 4.2
1467. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1468. `- [warn] using weak cipher mode
1469. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1470. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1471. `- [warn] using weak cipher
1472. `- [warn] using weak cipher mode
1473. `- [warn] using small 64-bit block size
1474. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1475. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1476. `- [fail] disabled since Dropbear SSH 0.53
1477. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1478. `- [warn] using weak cipher mode
1479. `- [warn] using small 64-bit block size
1480. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1481. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1482. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1483. `- [warn] using weak cipher mode
1484. `- [warn] using small 64-bit block size
1485. `- [info] available since OpenSSH 2.1.0
1486. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1487. `- [warn] using weak cipher mode
1488. `- [info] available since OpenSSH 2.3.0
1489. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1490. `- [warn] using weak cipher mode
1491. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1492. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1493. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1494. `- [warn] using weak cipher
1495. `- [info] available since OpenSSH 2.1.0
1496. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1497. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1498. `- [warn] using weak cipher mode
1499. `- [info] available since OpenSSH 2.3.0
1500.  
1501. # message authentication code algorithms
1502. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1503. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1504. `- [warn] using encrypt-and-MAC mode
1505. `- [warn] using weak hashing algorithm
1506. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1507. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1508. `- [warn] using weak hashing algorithm
1509. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1510. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1511. `- [warn] using small 64-bit tag size
1512. `- [info] available since OpenSSH 4.7
1513. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1514. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1515. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1516. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1517. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1518. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1519. `- [warn] using encrypt-and-MAC mode
1520. `- [info] available since OpenSSH 2.5.0
1521. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1522. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1523. `- [warn] using encrypt-and-MAC mode
1524. `- [info] available since OpenSSH 2.1.0
1525. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1526. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1527. `- [warn] using encrypt-and-MAC mode
1528. `- [warn] using weak hashing algorithm
1529. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1530. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1531. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1532. `- [warn] using encrypt-and-MAC mode
1533. `- [warn] using weak hashing algorithm
1534. `- [info] available since OpenSSH 2.5.0
1535.  
1536. # algorithm recommendations (for OpenSSH 5.3)
1537. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1538. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1539. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1540. (rec) -ssh-dss -- key algorithm to remove
1541. (rec) -arcfour -- enc algorithm to remove
1542. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1543. (rec) -blowfish-cbc -- enc algorithm to remove
1544. (rec) -3des-cbc -- enc algorithm to remove
1545. (rec) -aes256-cbc -- enc algorithm to remove
1546. (rec) -arcfour256 -- enc algorithm to remove
1547. (rec) -cast128-cbc -- enc algorithm to remove
1548. (rec) -aes192-cbc -- enc algorithm to remove
1549. (rec) -arcfour128 -- enc algorithm to remove
1550. (rec) -aes128-cbc -- enc algorithm to remove
1551. (rec) -hmac-md5-96 -- mac algorithm to remove
1552. (rec) -hmac-ripemd160 -- mac algorithm to remove
1553. (rec) -hmac-sha1-96 -- mac algorithm to remove
1554. (rec) -umac-64@openssh.com -- mac algorithm to remove
1555. (rec) -hmac-md5 -- mac algorithm to remove
1556. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1557. (rec) -hmac-sha1 -- mac algorithm to remove
1558. #######################################################################################################################################
1559. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1560. RHOSTS => 184.95.55.138
1561. RHOST => 184.95.55.138
1562. [*] 184.95.55.138:22 - SSH - Using malformed packet technique
1563. [*] 184.95.55.138:22 - SSH - Starting scan
1564. [+] 184.95.55.138:22 - SSH - User 'admin' found
1565. [+] 184.95.55.138:22 - SSH - User 'administrator' found
1566. [+] 184.95.55.138:22 - SSH - User 'anonymous' found
1567. [+] 184.95.55.138:22 - SSH - User 'backup' found
1568. [+] 184.95.55.138:22 - SSH - User 'bee' found
1569. [+] 184.95.55.138:22 - SSH - User 'ftp' found
1570. [+] 184.95.55.138:22 - SSH - User 'guest' found
1571. [+] 184.95.55.138:22 - SSH - User 'GUEST' found
1572. [+] 184.95.55.138:22 - SSH - User 'info' found
1573. [+] 184.95.55.138:22 - SSH - User 'mail' found
1574. [+] 184.95.55.138:22 - SSH - User 'mailadmin' found
1575. [+] 184.95.55.138:22 - SSH - User 'msfadmin' found
1576. [+] 184.95.55.138:22 - SSH - User 'mysql' found
1577. [+] 184.95.55.138:22 - SSH - User 'nobody' found
1578. [+] 184.95.55.138:22 - SSH - User 'oracle' found
1579. [+] 184.95.55.138:22 - SSH - User 'owaspbwa' found
1580. [+] 184.95.55.138:22 - SSH - User 'postfix' found
1581. [+] 184.95.55.138:22 - SSH - User 'postgres' found
1582. [+] 184.95.55.138:22 - SSH - User 'private' found
1583. [+] 184.95.55.138:22 - SSH - User 'proftpd' found
1584. [+] 184.95.55.138:22 - SSH - User 'public' found
1585. [+] 184.95.55.138:22 - SSH - User 'root' found
1586. [+] 184.95.55.138:22 - SSH - User 'superadmin' found
1587. [+] 184.95.55.138:22 - SSH - User 'support' found
1588. [+] 184.95.55.138:22 - SSH - User 'sys' found
1589. [+] 184.95.55.138:22 - SSH - User 'system' found
1590. [+] 184.95.55.138:22 - SSH - User 'systemadmin' found
1591. [+] 184.95.55.138:22 - SSH - User 'systemadministrator' found
1592. [+] 184.95.55.138:22 - SSH - User 'test' found
1593. [+] 184.95.55.138:22 - SSH - User 'tomcat' found
1594. [+] 184.95.55.138:22 - SSH - User 'user' found
1595. [+] 184.95.55.138:22 - SSH - User 'webmaster' found
1596. [+] 184.95.55.138:22 - SSH - User 'www-data' found
1597. [+] 184.95.55.138:22 - SSH - User 'Fortimanager_Access' found
1598. [*] Scanned 1 of 1 hosts (100% complete)
1599. [*] Auxiliary module execution completed
1600. #######################################################################################################################################
1601. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:19 EDT
1602. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1603. Host is up (0.10s latency).
1604.  
1605. PORT STATE SERVICE VERSION
1606. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1607. |_dns-fuzz: Server didn't response to our probe, can't fuzz
1608. | dns-nsec-enum:
1609. |_ No NSEC records found
1610. | dns-nsec3-enum:
1611. |_ DNSSEC NSEC3 not supported
1612. | dns-nsid:
1613. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
1614. |_vulscan: ERROR: Script execution failed (use -d to debug)
1615. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1616. Aggressive OS guesses: Linux 2.6.32 (93%), Linux 3.5 (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10 (93%), Linux 2.6.32 - 3.13 (93%), Linux 2.6.32 - 3.9 (93%), Linux 3.2 (93%), Linux 2.6.32 - 3.1 (92%), Linux 3.11 (92%), Linux 3.1 (92%)
1617. No exact OS matches for host (test conditions non-ideal).
1618. Network Distance: 19 hops
1619. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1620.  
1621. Host script results:
1622. | dns-blacklist:
1623. | SPAM
1624. |_ l2.apews.org - SPAM
1625. | dns-brute:
1626. | DNS Brute-force hostnames:
1627. | ns1.leidatransparencia.com.br - 184.95.55.138
1628. | ns2.leidatransparencia.com.br - 184.95.55.139
1629. | mail.leidatransparencia.com.br - 184.95.55.138
1630. | www.leidatransparencia.com.br - 184.95.55.138
1631. |_ ftp.leidatransparencia.com.br - 184.95.55.138
1632.  
1633. TRACEROUTE (using port 53/tcp)
1634. HOP RTT ADDRESS
1635. 1 95.26 ms 10.247.204.1
1636. 2 65.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1637. 3 65.64 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1638. 4 46.00 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1639. 5 65.65 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1640. 6 65.00 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
1641. 7 65.05 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
1642. 8 65.11 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
1643. 9 54.35 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)
1644. 10 93.93 ms be3083.ccr41.iad02.atlas.cogentco.com (154.54.30.54)
1645. 11 73.89 ms be2956.rcr21.iad01.atlas.cogentco.com (154.54.30.194)
1646. 12 93.99 ms be3249.nr21.b023801-0.iad01.atlas.cogentco.com (154.24.4.50)
1647. 13 94.01 ms 38.88.249.10
1648. 14 ... 15
1649. 16 135.45 ms 10.110.10.3
1650. 17 135.45 ms 108.170.0.37
1651. 18 ...
1652. 19 135.47 ms ns1.leidatransparencia.com.br (184.95.55.138)
1653. #######################################################################################################################################
1654. HTTP/1.1 200 OK
1655. Date: Mon, 09 Sep 2019 17:20:37 GMT
1656. Server: Apache
1657. Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
1658. Accept-Ranges: bytes
1659. Content-Length: 163
1660. Vary: Accept-Encoding,User-Agent
1661. Content-Type: text/html
1662.  
1663. HTTP/1.1 200 OK
1664. Date: Mon, 09 Sep 2019 17:20:37 GMT
1665. Server: Apache
1666. Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
1667. Accept-Ranges: bytes
1668. Content-Length: 163
1669. Vary: Accept-Encoding,User-Agent
1670. Content-Type: text/html
1671.  
1672. Allow: HEAD,GET,POST,OPTIONS
1673. #######################################################################################################################################
1674. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:20 EDT
1675. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1676. Host is up (0.11s latency).
1677.  
1678. PORT STATE SERVICE VERSION
1679. 110/tcp open pop3 Dovecot pop3d
1680. | pop3-brute:
1681. | Accounts: No valid accounts found
1682. | Statistics: Performed 55 guesses in 41 seconds, average tps: 1.5
1683. |_ ERROR: Failed to connect.
1684. |_pop3-capabilities: SASL(PLAIN LOGIN) CAPA USER STLS TOP UIDL PIPELINING AUTH-RESP-CODE RESP-CODES
1685. |_vulscan: ERROR: Script execution failed (use -d to debug)
1686. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1687. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 - 3.1 (91%), Linux 3.11 (91%), Linux 3.5 (91%), Linux 3.2 (91%), Linux 2.6.32 - 2.6.39 (91%)
1688. No exact OS matches for host (test conditions non-ideal).
1689. Network Distance: 19 hops
1690.  
1691. TRACEROUTE (using port 110/tcp)
1692. HOP RTT ADDRESS
1693. 1 108.14 ms 10.247.204.1
1694. 2 58.37 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1695. 3 58.39 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1696. 4 58.37 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1697. 5 58.47 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1698. 6 58.51 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
1699. 7 58.54 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
1700. 8 58.60 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
1701. 9 45.01 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
1702. 10 57.61 ms be3083.ccr41.iad02.atlas.cogentco.com (154.54.30.54)
1703. 11 81.72 ms be2962.rcr22.iad01.atlas.cogentco.com (154.54.46.114)
1704. 12 81.79 ms be3248.nr21.b023801-0.iad01.atlas.cogentco.com (154.24.4.46)
1705. 13 81.78 ms 38.88.249.10
1706. 14 ... 15
1707. 16 128.81 ms 10.110.10.3
1708. 17 105.86 ms 108.170.0.21
1709. 18 105.86 ms 10.220.17.12
1710. 19 81.91 ms ns1.leidatransparencia.com.br (184.95.55.138)
1711. #######################################################################################################################################
1712. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:31 EDT
1713. NSE: Loaded 164 scripts for scanning.
1714. NSE: Script Pre-scanning.
1715. Initiating NSE at 13:31
1716. Completed NSE at 13:31, 0.00s elapsed
1717. Initiating NSE at 13:31
1718. Completed NSE at 13:31, 0.00s elapsed
1719. Initiating Parallel DNS resolution of 1 host. at 13:31
1720. Completed Parallel DNS resolution of 1 host. at 13:31, 0.02s elapsed
1721. Initiating SYN Stealth Scan at 13:31
1722. Scanning ns1.leidatransparencia.com.br (184.95.55.138) [1 port]
1723. Completed SYN Stealth Scan at 13:31, 0.54s elapsed (1 total ports)
1724. Initiating Service scan at 13:31
1725. Initiating OS detection (try #1) against ns1.leidatransparencia.com.br (184.95.55.138)
1726. Retrying OS detection (try #2) against ns1.leidatransparencia.com.br (184.95.55.138)
1727. Initiating Traceroute at 13:31
1728. Completed Traceroute at 13:31, 6.09s elapsed
1729. Initiating Parallel DNS resolution of 16 hosts. at 13:31
1730. Completed Parallel DNS resolution of 16 hosts. at 13:31, 0.31s elapsed
1731. NSE: Script scanning 184.95.55.138.
1732. Initiating NSE at 13:31
1733. Completed NSE at 13:31, 0.01s elapsed
1734. Initiating NSE at 13:31
1735. Completed NSE at 13:31, 0.00s elapsed
1736. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1737. Host is up.
1738.  
1739. PORT STATE SERVICE VERSION
1740. 443/tcp filtered https
1741. Too many fingerprints match this host to give specific OS details
1742.  
1743. TRACEROUTE (using proto 1/icmp)
1744. HOP RTT ADDRESS
1745. 1 57.31 ms 10.247.204.1
1746. 2 57.34 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1747. 3 77.15 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1748. 4 57.39 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1749. 5 57.39 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1750. 6 57.40 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
1751. 7 57.44 ms be2088.ccr21.alb02.atlas.cogentco.com (154.54.43.18)
1752. 8 57.46 ms be2915.ccr41.jfk02.atlas.cogentco.com (154.54.40.62)
1753. 9 57.48 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
1754. 10 36.76 ms be2658.ccr22.iad02.atlas.cogentco.com (154.54.47.138)
1755. 11 57.45 ms be2962.rcr22.iad01.atlas.cogentco.com (154.54.46.114)
1756. 12 60.90 ms be3249.nr21.b023801-0.iad01.atlas.cogentco.com (154.24.4.50)
1757. 13 60.85 ms 38.88.249.10
1758. 14 ... 15
1759. 16 127.34 ms 10.110.10.3
1760. 17 127.31 ms 108.170.0.37
1761. 18 104.02 ms 10.220.17.12
1762. 19 ... 30
1763.  
1764. NSE: Script Post-scanning.
1765. Initiating NSE at 13:31
1766. Completed NSE at 13:31, 0.00s elapsed
1767. Initiating NSE at 13:31
1768. Completed NSE at 13:31, 0.00s elapsed
1769. #######################################################################################################################################
1770. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:36 EDT
1771. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1772. Host is up.
1773.  
1774. PORT STATE SERVICE VERSION
1775. 3306/tcp filtered mysql
1776. Too many fingerprints match this host to give specific OS details
1777.  
1778. TRACEROUTE (using proto 1/icmp)
1779. HOP RTT ADDRESS
1780. 1 74.20 ms 10.247.204.1
1781. 2 74.28 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1782. 3 74.51 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1783. 4 74.29 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1784. 5 74.41 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1785. 6 74.40 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
1786. 7 74.47 ms be2088.ccr21.alb02.atlas.cogentco.com (154.54.43.18)
1787. 8 74.50 ms be2915.ccr41.jfk02.atlas.cogentco.com (154.54.40.62)
1788. 9 74.53 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
1789. 10 74.61 ms be2658.ccr22.iad02.atlas.cogentco.com (154.54.47.138)
1790. 11 62.77 ms be2962.rcr22.iad01.atlas.cogentco.com (154.54.46.114)
1791. 12 62.74 ms be3249.nr21.b023801-0.iad01.atlas.cogentco.com (154.24.4.50)
1792. 13 62.67 ms 38.88.249.10
1793. 14 ... 15
1794. 16 105.09 ms 10.110.10.3
1795. 17 105.08 ms 108.170.0.37
1796. 18 105.06 ms 10.220.17.12
1797. 19 ... 30
1798. #######################################################################################################################################
1799. Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-09 13:37 EDT
1800. NSE: Loaded 47 scripts for scanning.
1801. NSE: Script Pre-scanning.
1802. Initiating NSE at 13:37
1803. Completed NSE at 13:37, 0.00s elapsed
1804. Initiating NSE at 13:37
1805. Completed NSE at 13:37, 0.00s elapsed
1806. Initiating Parallel DNS resolution of 1 host. at 13:37
1807. Completed Parallel DNS resolution of 1 host. at 13:37, 0.03s elapsed
1808. Initiating UDP Scan at 13:37
1809. Scanning ns1.leidatransparencia.com.br (184.95.55.138) [15 ports]
1810. Completed UDP Scan at 13:37, 1.73s elapsed (15 total ports)
1811. Initiating Service scan at 13:37
1812. Scanning 13 services on ns1.leidatransparencia.com.br (184.95.55.138)
1813. Service scan Timing: About 7.69% done; ETC: 13:58 (0:19:36 remaining)
1814. Completed Service scan at 13:39, 102.57s elapsed (13 services on 1 host)
1815. Initiating OS detection (try #1) against ns1.leidatransparencia.com.br (184.95.55.138)
1816. Retrying OS detection (try #2) against ns1.leidatransparencia.com.br (184.95.55.138)
1817. Initiating Traceroute at 13:39
1818. Completed Traceroute at 13:39, 7.89s elapsed
1819. Initiating Parallel DNS resolution of 1 host. at 13:39
1820. Completed Parallel DNS resolution of 1 host. at 13:39, 0.00s elapsed
1821. NSE: Script scanning 184.95.55.138.
1822. Initiating NSE at 13:39
1823. Completed NSE at 13:39, 7.12s elapsed
1824. Initiating NSE at 13:39
1825. Completed NSE at 13:39, 1.01s elapsed
1826. Nmap scan report for ns1.leidatransparencia.com.br (184.95.55.138)
1827. Host is up (0.043s latency).
1828.  
1829. PORT STATE SERVICE VERSION
1830. 53/udp open|filtered domain
1831. 67/udp open|filtered dhcps
1832. 68/udp open|filtered dhcpc
1833. 69/udp open|filtered tftp
1834. 88/udp open|filtered kerberos-sec
1835. 123/udp open|filtered ntp
1836. 137/udp filtered netbios-ns
1837. 138/udp filtered netbios-dgm
1838. 139/udp open|filtered netbios-ssn
1839. 161/udp open|filtered snmp
1840. 162/udp open|filtered snmptrap
1841. 389/udp open|filtered ldap
1842. 500/udp open|filtered isakmp
1843. |_ike-version: ERROR: Script execution failed (use -d to debug)
1844. 520/udp open|filtered route
1845. 2049/udp open|filtered nfs
1846. Too many fingerprints match this host to give specific OS details
1847.  
1848. TRACEROUTE (using port 137/udp)
1849. HOP RTT ADDRESS
1850. 1 29.38 ms 10.247.204.1
1851. 2 ... 3
1852. 4 24.80 ms 10.247.204.1
1853. 5 29.39 ms 10.247.204.1
1854. 6 29.38 ms 10.247.204.1
1855. 7 29.38 ms 10.247.204.1
1856. 8 29.38 ms 10.247.204.1
1857. 9 29.38 ms 10.247.204.1
1858. 10 29.39 ms 10.247.204.1
1859. 11 ... 18
1860. 19 784.98 ms 10.247.204.1
1861. 20 848.76 ms 10.247.204.1
1862. 21 ... 26
1863. 27 20.69 ms 10.247.204.1
1864. 28 ... 29
1865. 30 19.78 ms 10.247.204.1
1866.  
1867. NSE: Script Post-scanning.
1868. Initiating NSE at 13:39
1869. Completed NSE at 13:39, 0.00s elapsed
1870. Initiating NSE at 13:39
1871. Completed NSE at 13:39, 0.00s elapsed
1872. Read data files from: /usr/bin/../share/nmap
1873. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1874. Nmap done: 1 IP address (1 host up) scanned in 123.64 seconds
1875. Raw packets sent: 150 (14.132KB) | Rcvd: 1648 (203.966KB)
1876. #######################################################################################################################################
1877. Hosts
1878. =====
1879.  
1880. address mac name os_name os_flavor os_sp purpose info comments
1881. ------- --- ---- ------- --------- ----- ------- ---- --------
1882. 184.95.55.138 ns1.leidatransparencia.com.br Unknown device
1883.  
1884. Services
1885. ========
1886.  
1887. host port proto name state info
1888. ---- ---- ----- ---- ----- ----
1889. 184.95.55.138 53 udp domain open
1890. 184.95.55.138 67 udp dhcps unknown
1891. 184.95.55.138 68 udp dhcpc unknown
1892. 184.95.55.138 69 udp tftp unknown
1893. 184.95.55.138 88 udp kerberos-sec unknown
1894. 184.95.55.138 123 udp ntp unknown
1895. 184.95.55.138 137 udp netbios-ns filtered
1896. 184.95.55.138 138 udp netbios-dgm filtered
1897. 184.95.55.138 139 udp netbios-ssn unknown
1898. 184.95.55.138 161 udp snmp unknown
1899. 184.95.55.138 162 udp snmptrap unknown
1900. 184.95.55.138 389 udp ldap unknown
1901. 184.95.55.138 500 udp isakmp unknown
1902. 184.95.55.138 520 udp route unknown
1903. 184.95.55.138 2049 udp nfs unknown
1904. #######################################################################################################################################
1905. Anonymous JTSEC #OpAmazonia Full Recon #25