Anonymous JTSEC #OpSudan Full Recon #60

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname mga.gov.sd ISP MAX-NET-FOR-INTERNET-SERVICES
4. Continent Africa Flag
5. SD
6. Country Sudan Country Code SD
7. Region Unknown Local time 29 Apr 2019 17:54 CAT
8. City Unknown Postal Code Unknown
9. IP Address 196.223.159.7 Latitude 15
10. Longitude 30
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > mga.gov.sd
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. Name: mga.gov.sd
19. Address: 196.223.159.7
20. >
21. #######################################################################################################################################
22. HostIP:196.223.159.7
23. HostName:mga.gov.sd
24.  
25. Gathered Inet-whois information for 196.223.159.7
26. --------------------------------------------------------------------------------------------------------------------------------------
27.  
28.  
29. inetnum: 196.15.64.0 - 198.10.255.255
30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
31. descr: IPv4 address block not managed by the RIPE NCC
32. remarks: ------------------------------------------------------
33. remarks:
34. remarks: For registration information,
35. remarks: you can consult the following sources:
36. remarks:
37. remarks: IANA
38. remarks: http://www.iana.org/assignments/ipv4-address-space
39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
41. remarks:
42. remarks: AFRINIC (Africa)
43. remarks: http://www.afrinic.net/ whois.afrinic.net
44. remarks:
45. remarks: APNIC (Asia Pacific)
46. remarks: http://www.apnic.net/ whois.apnic.net
47. remarks:
48. remarks: ARIN (Northern America)
49. remarks: http://www.arin.net/ whois.arin.net
50. remarks:
51. remarks: LACNIC (Latin America and the Carribean)
52. remarks: http://www.lacnic.net/ whois.lacnic.net
53. remarks:
54. remarks: ------------------------------------------------------
55. country: EU # Country is really world wide
56. admin-c: IANA1-RIPE
57. tech-c: IANA1-RIPE
58. status: ALLOCATED UNSPECIFIED
59. mnt-by: RIPE-NCC-HM-MNT
60. created: 2019-01-07T10:49:04Z
61. last-modified: 2019-01-07T10:49:04Z
62. source: RIPE
63.  
64. role: Internet Assigned Numbers Authority
65. address: see http://www.iana.org.
66. admin-c: IANA1-RIPE
67. tech-c: IANA1-RIPE
68. nic-hdl: IANA1-RIPE
69. remarks: For more information on IANA services
70. remarks: go to IANA web site at http://www.iana.org.
71. mnt-by: RIPE-NCC-MNT
72. created: 1970-01-01T00:00:00Z
73. last-modified: 2001-09-22T09:31:27Z
74. source: RIPE # Filtered
75.  
76. % Information related to '196.223.152.0/21AS37211'
77.  
78. route: 196.223.152.0/21
79. origin: AS37211
80. mnt-by: RIPE-MAXNET-MNT
81. created: 2016-07-24T12:11:55Z
82. last-modified: 2018-09-04T18:30:00Z
83. source: RIPE-NONAUTH
84.  
85. % This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)
86.  
87.  
88.  
89. Gathered Inic-whois information for mga.gov.sd
90. ---------------------------------------------------------------------------------------------------------------------------------------
91. Error: Unable to connect - Invalid Host
92. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
93. close error
94.  
95. Gathered Netcraft information for mga.gov.sd
96. ---------------------------------------------------------------------------------------------------------------------------------------
97.  
98. Retrieving Netcraft.com information for mga.gov.sd
99. Netcraft.com Information gathered
100.  
101. Gathered Subdomain information for mga.gov.sd
102. ---------------------------------------------------------------------------------------------------------------------------------------
103. Searching Google.com:80...
104. HostName:webmail.mga.gov.sd
105. HostIP:62.12.101.2
106. HostName:mail.mga.gov.sd
107. HostIP:62.12.101.2
108. Searching Altavista.com:80...
109. Found 2 possible subdomain(s) for host mga.gov.sd, Searched 0 pages containing 0 results
110.  
111. Gathered E-Mail information for mga.gov.sd
112. ---------------------------------------------------------------------------------------------------------------------------------------
113. Searching Google.com:80...
114. Searching Altavista.com:80...
115. Found 0 E-Mail(s) for host mga.gov.sd, Searched 0 pages containing 0 results
116.  
117. Gathered TCP Port information for 196.223.159.7
118. ---------------------------------------------------------------------------------------------------------------------------------------
119.  
120. Port State
121.  
122. 80/tcp open
123.  
124. Portscan Finished: Scanned 150 ports, 3 ports were in state closed
125. #######################################################################################################################################
126. [i] Scanning Site: https://mga.gov.sd
127.  
128.  
129.  
130. B A S I C I N F O
131. =======================================================================================================================================
132.  
133.  
134. [+] Site Title: وكالة ضمان التمويل الأصغر – تيسير
135. [+] IP address: 196.223.159.7
136. [+] Web Server: Apache
137. [+] CMS: WordPress
138. [+] Cloudflare: Not Detected
139. [+] Robots File: Found
140.  
141. -------------[ contents ]----------------
142. User-agent: *
143. Disallow: /wp-admin/
144. Allow: /wp-admin/admin-ajax.php
145.  
146. -----------[end of contents]-------------
147.  
148.  
149.  
150.  
151.  
152.  
153.  
154. G E O I P L O O K U P
155. =======================================================================================================================================
156.  
157. [i] IP Address: 196.223.159.7
158. [i] Country: Sudan
159. [i] State:
160. [i] City:
161. [i] Latitude: 15.0
162. [i] Longitude: 30.0
163.  
164.  
165.  
166.  
167. H T T P H E A D E R S
168. =======================================================================================================================================
169.  
170.  
171. [i] HTTP/1.0 200 OK
172. [i] Date: Mon, 29 Apr 2019 15:57:04 GMT
173. [i] Server: Apache
174. [i] X-Frame-Options: SAMEORIGIN
175. [i] Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
176. [i] Link: <https://mga.gov.sd/>; rel=shortlink
177. [i] Content-Length: 124980
178. [i] Connection: close
179. [i] Content-Type: text/html; charset=UTF-8
180.  
181.  
182.  
183.  
184. D N S L O O K U P
185. =======================================================================================================================================
186.  
187. mga.gov.sd. 21599 IN A 196.223.159.7
188. mga.gov.sd. 21599 IN MX 10 mail.mga.gov.sd.
189.  
190.  
191.  
192.  
193. S U B N E T C A L C U L A T I O N
194. =======================================================================================================================================
195.  
196. Address = 196.223.159.7
197. Network = 196.223.159.7 / 32
198. Netmask = 255.255.255.255
199. Broadcast = not needed on Point-to-Point links
200. Wildcard Mask = 0.0.0.0
201. Hosts Bits = 0
202. Max. Hosts = 1 (2^0 - 0)
203. Host Range = { 196.223.159.7 - 196.223.159.7 }
204.  
205.  
206.  
207. N M A P P O R T S C A N
208. =======================================================================================================================================
209.  
210. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:20 UTC
211. Nmap scan report for mga.gov.sd (196.223.159.7)
212. Host is up (0.18s latency).
213.  
214. PORT STATE SERVICE
215. 21/tcp filtered ftp
216. 22/tcp filtered ssh
217. 23/tcp filtered telnet
218. 80/tcp open http
219. 110/tcp filtered pop3
220. 143/tcp filtered imap
221. 443/tcp open https
222. 3389/tcp filtered ms-wbt-server
223.  
224. Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds
225.  
226.  
227.  
228. S U B - D O M A I N F I N D E R
229. =======================================================================================================================================
230.  
231.  
232. [i] Total Subdomains Found : 1
233.  
234. [+] Subdomain: mail.mga.gov.sd
235. [-] IP: 62.12.101.2
236. #######################################################################################################################################
237. [?] Enter the target: example( http://domain.com )
238. https://mga.gov.sd/
239. [!] IP Address : 196.223.159.7
240. [!] CMS Detected : WordPress
241. [?] Would you like to use WPScan? [Y/n] Y
242. Scan Aborted: invalid option: --random-agent
243. ---------------------------------------------------------------------------------------------------------------------------------------
244. [~] Trying to gather whois information for mga.gov.sd
245. [+] Whois information found
246. [-] Unable to build response, visit https://who.is/whois/mga.gov.sd
247. ---------------------------------------------------------------------------------------------------------------------------------------
248. PORT STATE SERVICE
249. 21/tcp filtered ftp
250. 22/tcp filtered ssh
251. 23/tcp filtered telnet
252. 80/tcp open http
253. 110/tcp filtered pop3
254. 143/tcp filtered imap
255. 443/tcp open https
256. 3389/tcp filtered ms-wbt-server
257. Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
258. ---------------------------------------------------------------------------------------------------------------------------------------
259. There was an error getting results
260.  
261. [-] DNS Records
262. [>] Initiating 3 intel modules
263. [>] Loading Alpha module (1/3)
264. [>] Beta module deployed (2/3)
265. [>] Gamma module initiated (3/3)
266.  
267.  
268. [+] Emails found:
269. ---------------------------------------------------------------------------------------------------------------------------------------
270. pixel-1556554847800942-web-@mga.gov.sd
271. pixel-1556554850158555-web-@mga.gov.sd
272.  
273. [+] Hosts found in search engines:
274. ---------------------------------------------------------------------------------------------------------------------------------------
275. [-] Resolving hostnames IPs...
276. 62.12.101.2:webmail.mga.gov.sd
277. [+] Virtual hosts:
278. ---------------------------------------------------------------------------------------------------------------------------------------
279. #######################################################################################################################################
280. Enter : 16
281. Enter Address Website = mga.gov.sd
282.  
283. Reverse IP With YouGetSignal 'mga.gov.sd'
284. ---------------------------------------------------------------------------------------------------------------------------------------
285.  
286. [*] IP: 196.223.159.7
287. [*] Domain: mga.gov.sd
288. [*] Total Domains: 1
289.  
290. [+] mga.gov.sd
291. #######################################################################################################################################
292.  
293. Geo IP Lookup 'mga.gov.sd'
294. ---------------------------------------------------------------------------------------------------------------------------------------
295.  
296. [+] IP Address: 196.223.159.7
297. [+] Country: Sudan
298. [+] State:
299. [+] City:
300. [+] Latitude: 15.0
301. [+] Longitude: 30.0
302. #######################################################################################################################################
303.  
304. Bypass Cloudflare 'mga.gov.sd'
305. ---------------------------------------------------------------------------------------------------------------------------------------
306.  
307. [!] CloudFlare Bypass 62.12.101.2 | webmail.mga.gov.sd
308. [!] CloudFlare Bypass 62.12.101.2 | mail.mga.gov.sd
309. #######################################################################################################################################
310.  
311. DNS Lookup 'mga.gov.sd'
312. ---------------------------------------------------------------------------------------------------------------------------------------
313.  
314. [+] mga.gov.sd. 21599 IN A 196.223.159.7
315. [+] mga.gov.sd. 21599 IN MX 10 mail.mga.gov.sd.
316. #######################################################################################################################################
317.  
318. Show HTTP Header 'mga.gov.sd'
319. ---------------------------------------------------------------------------------------------------------------------------------------
320.  
321. [+] HTTP/1.1 301 Moved Permanently
322. [+] Date: Mon, 29 Apr 2019 15:56:28 GMT
323. [+] Server: Apache
324. [+] Location: https://mga.gov.sd/
325. [+] Content-Type: text/html; charset=iso-8859-1
326. #######################################################################################################################################
327.  
328. Port Scan 'mga.gov.sd'
329. ---------------------------------------------------------------------------------------------------------------------------------------
330.  
331. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:19 UTC
332. Nmap scan report for mga.gov.sd (196.223.159.7)
333. Host is up (0.18s latency).
334.  
335. PORT STATE SERVICE
336. 21/tcp filtered ftp
337. 22/tcp filtered ssh
338. 23/tcp filtered telnet
339. 80/tcp open http
340. 110/tcp filtered pop3
341. 143/tcp filtered imap
342. 443/tcp open https
343. 3389/tcp filtered ms-wbt-server
344.  
345. Nmap done: 1 IP address (1 host up) scanned in 7.26 seconds
346. #######################################################################################################################################
347.  
348. Cms Scan 'mga.gov.sd'
349. ---------------------------------------------------------------------------------------------------------------------------------------
350.  
351. [+] Cms : WordPress
352. [+] Web Servers : Apache
353. [+] Programming Languages : PHP
354. #######################################################################################################################################
355.  
356. Robot.txt 'mga.gov.sd'
357. ---------------------------------------------------------------------------------------------------------------------------------------
358.  
359. User-agent: *
360. Disallow: /wp-admin/
361. Allow: /wp-admin/admin-ajax.php
362. #######################################################################################################################################
363.  
364. Traceroute 'mga.gov.sd'
365. ---------------------------------------------------------------------------------------------------------------------------------------
366.  
367. Start: 2019-04-29T16:19:59+0000
368. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
369. 1.|-- 45.79.12.202 0.0% 3 0.9 0.9 0.9 0.9 0.0
370. 2.|-- 45.79.12.2 0.0% 3 0.7 0.9 0.7 1.3 0.3
371. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.4 1.6 1.4 2.0 0.3
372. 4.|-- tisparkle.dfw03.atlas.cogentco.com 0.0% 3 1.3 1.4 1.3 1.6 0.1
373. 5.|-- ae1.palermo3.pal.seabone.net 0.0% 3 182.7 184.5 182.6 188.1 3.1
374. 6.|-- sudatel.palermo3.pal.seabone.net 0.0% 3 194.7 195.1 194.7 195.6 0.5
375. 7.|-- 212.0.131.109 0.0% 3 223.2 223.3 223.1 223.6 0.3
376. 8.|-- 196.202.137.249 0.0% 3 211.3 211.3 211.2 211.4 0.1
377. 9.|-- 196.202.137.250 0.0% 3 211.4 211.9 211.4 212.6 0.6
378. 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
379. 11.|-- 196.223.156.10 0.0% 3 214.8 221.1 214.8 228.0 6.6
380. 12.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
381. #######################################################################################################################################
382.  
383. Ping 'mga.gov.sd'
384. ---------------------------------------------------------------------------------------------------------------------------------------
385.  
386.  
387. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-04-29 16:20 UTC
388. SENT (0.8467s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=1] IP [ttl=64 id=40352 iplen=28 ]
389. SENT (1.8469s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=2] IP [ttl=64 id=40352 iplen=28 ]
390. SENT (2.8483s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=3] IP [ttl=64 id=40352 iplen=28 ]
391. SENT (3.8500s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=4] IP [ttl=64 id=40352 iplen=28 ]
392.  
393. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
394. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
395. Nping done: 1 IP address pinged in 4.85 seconds
396. #######################################################################################################################################
397. ; <<>> DiG 9.11.5-P4-3-Debian <<>> mga.gov.sd
398. ;; global options: +cmd
399. ;; Got answer:
400. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47881
401. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
402.  
403. ;; OPT PSEUDOSECTION:
404. ; EDNS: version: 0, flags:; udp: 4096
405. ;; QUESTION SECTION:
406. ;mga.gov.sd. IN A
407.  
408. ;; ANSWER SECTION:
409. mga.gov.sd. 79221 IN A 196.223.159.7
410.  
411. ;; Query time: 36 msec
412. ;; SERVER: 38.132.106.139#53(38.132.106.139)
413. ;; WHEN: lun avr 29 13:51:48 EDT 2019
414. ;; MSG SIZE rcvd: 55
415. #######################################################################################################################################
416. ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace mga.gov.sd
417. ;; global options: +cmd
418. . 85526 IN NS i.root-servers.net.
419. . 85526 IN NS a.root-servers.net.
420. . 85526 IN NS l.root-servers.net.
421. . 85526 IN NS d.root-servers.net.
422. . 85526 IN NS k.root-servers.net.
423. . 85526 IN NS e.root-servers.net.
424. . 85526 IN NS g.root-servers.net.
425. . 85526 IN NS m.root-servers.net.
426. . 85526 IN NS h.root-servers.net.
427. . 85526 IN NS j.root-servers.net.
428. . 85526 IN NS f.root-servers.net.
429. . 85526 IN NS c.root-servers.net.
430. . 85526 IN NS b.root-servers.net.
431. . 85526 IN RRSIG NS 8 0 518400 20190512170000 20190429160000 25266 . y0YDAK25lovphaX52TQexBmA67CnqvhTlSS8QOV3Rb8BNBaub+jlyD3K rVdfuG+vM3acpcGq8db1jZ5L3FcYGZWyNX3wngka/JiosHkPTdygq9+P YzQYpAlqMtcMUDt3IQnxraSStO+3DtkbW2zw79lsrsEwsjHIop8vWF29 Qgls3IbhcOqauEjP3MU+Mcrmmw9KMjIekdQf1geg71noATpmLkYyeVKr zL+TDL0HVElFetoGQUlEz5zyibzdPtpHeiZchEsxp0rZEoZiyyW9NgAx cdijqLB/+ccP7w/SgTzPXiGdkQicTckFOpmkDorO+TQadSAqQ+5wYNBa VMfRVg==
432. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
433.  
434. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
435. sd. 172800 IN NS ns-sd.afrinic.net.
436. sd. 172800 IN NS ns1.uaenic.ae.
437. sd. 172800 IN NS ns2.uaenic.ae.
438. sd. 172800 IN NS ans1.sis.sd.
439. sd. 172800 IN NS ans1.canar.sd.
440. sd. 172800 IN NS ans2.canar.sd.
441. sd. 86400 IN NSEC se. NS RRSIG NSEC
442. sd. 86400 IN RRSIG NSEC 8 1 86400 20190512170000 20190429160000 25266 . de8bUIfgGggYP5tEhwkEWuiE7GurL+Seuhejtz37CzW1+f4xf8DET2xy LBpW6TsLS3cmPUFsTQOL5PvLGEZFuYjiRQkkz0xI2Yzh43roorjNsBLj GrEDM4uCJbb5Br3ADATASDJWb/hzdUdbpBS3rDbrMA7FZPcNedsXanvu 0ks5T/7fYaUu6WUt3HL5LxkUTALUCvAI/FtDt5qADlkFoTwMRfZh98S1 WYweewjxJ4Vcj5BRVlFgg8FrZ5zuIHz/Rc5qOGelB+HTnBKy7bGnHZIK F5BFzNhQU3KMpZcY8Fz67AaTBD5PKuQE83RYliejwqrsgiMbut3aBh+u TozfJg==
443. ;; Received 697 bytes from 2001:7fd::1#53(k.root-servers.net) in 69 ms
444.  
445. ;; Received 67 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 222 ms
446. #######################################################################################################################################
447. [*] Performing General Enumeration of Domain: mga.gov.sd
448. [-] DNSSEC is not configured for mga.gov.sd
449. [*] SOA ns.nctr.sd 196.223.159.8
450. [*] NS ns.nctr.sd 196.223.159.8
451. [*] Bind Version for 196.223.159.8 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2
452. [*] MX mail.mga.gov.sd 62.12.101.2
453. [*] A mga.gov.sd 196.223.159.7
454. [*] Enumerating SRV Records
455. [-] No SRV Records Found for mga.gov.sd
456. [+] 0 Records Found
457. #######################################################################################################################################
458. [*] Processing domain mga.gov.sd
459. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
460. [+] Getting nameservers
461. 196.223.159.8 - ns.nctr.sd
462. [-] Zone transfer failed
463.  
464. [+] MX records found, added to target list
465. 10 mail.mga.gov.sd.
466.  
467. [*] Scanning mga.gov.sd for A records
468. 196.223.159.7 - mga.gov.sd
469. 62.12.101.2 - mail.mga.gov.sd
470. 62.12.101.2 - webmail.mga.gov.sd
471. #######################################################################################################################################
472.  
473. Ip Address Status Type Domain Name Server
474. ---------- ------ ---- ----------- ------
475. 62.12.101.2 302 host mail.mga.gov.sd nginx
476. 62.12.101.2 302 alias webmail.mga.gov.sd nginx
477. 62.12.101.2 302 host mail.mga.gov.sd nginx
478. #######################################################################################################################################
479. dnsenum VERSION:1.2.4
480.  
481. ----- mga.gov.sd -----
482.  
483.  
484. Host's addresses:
485. __________________
486.  
487. mga.gov.sd. 82016 IN A 196.223.159.7
488.  
489.  
490. Name Servers:
491. ______________
492.  
493. ns.nctr.sd. 82524 IN A 196.223.159.8
494.  
495.  
496. Mail (MX) Servers:
497. ___________________
498.  
499. mail.mga.gov.sd. 86400 IN A 62.12.101.2
500.  
501.  
502. Trying Zone Transfers and getting Bind Versions:
503. _________________________________________________
504.  
505.  
506. Trying Zone Transfer for mga.gov.sd on ns.nctr.sd ...
507.  
508. brute force file not specified, bay.
509. #######################################################################################################################################
510.  
511. ____ _ _ _ _ _____
512. / ___| _ _| |__ | (_)___| |_|___ / _ __
513. \___ \| | | | '_ \| | / __| __| |_ \| '__|
514. ___) | |_| | |_) | | \__ \ |_ ___) | |
515. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
516.  
517. # Coded By Ahmed Aboul-Ela - @aboul3la
518.  
519. [-] Enumerating subdomains now for mga.gov.sd
520. [-] verbosity is enabled, will show the subdomains results in realtime
521. [-] Searching now in Baidu..
522. [-] Searching now in Yahoo..
523. [-] Searching now in Google..
524. [-] Searching now in Bing..
525. [-] Searching now in Ask..
526. [-] Searching now in Netcraft..
527. [-] Searching now in DNSdumpster..
528. [-] Searching now in Virustotal..
529. [-] Searching now in ThreatCrowd..
530. [-] Searching now in SSL Certificates..
531. [-] Searching now in PassiveDNS..
532. SSL Certificates: mail.mga.gov.sd
533. DNSdumpster: mail.mga.gov.sd
534. Google: webmail.mga.gov.sd
535. Google: mail.mga.gov.sd
536. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-mga.gov.sd.txt
537. [-] Total Unique Subdomains Found: 2
538. mail.mga.gov.sd
539. webmail.mga.gov.sd
540. #######################################################################################################################################
541. mga.gov.sd 196.223.159.7
542. mail.mga.gov.sd 62.12.101.2
543. webmail.mga.gov.sd 62.12.101.2
544. #######################################################################################################################################
545. ===============================================
546. -=Subfinder v1.1.3 github.com/subfinder/subfinder
547. ===============================================
548.  
549.  
550. Running Source: Ask
551. Running Source: Archive.is
552. Running Source: Baidu
553. Running Source: Bing
554. Running Source: CertDB
555. Running Source: CertificateTransparency
556. Running Source: Certspotter
557. Running Source: Commoncrawl
558. Running Source: Crt.sh
559. Running Source: Dnsdb
560. Running Source: DNSDumpster
561. Running Source: DNSTable
562. Running Source: Dogpile
563. Running Source: Exalead
564. Running Source: Findsubdomains
565. Running Source: Googleter
566. Running Source: Hackertarget
567. Running Source: Ipv4Info
568. Running Source: PTRArchive
569. Running Source: Sitedossier
570. Running Source: Threatcrowd
571. Running Source: ThreatMiner
572. Running Source: WaybackArchive
573. Running Source: Yahoo
574.  
575. Running enumeration on mga.gov.sd
576.  
577. dnsdb: Unexpected return status 503
578.  
579. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.mga.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
580.  
581. dogpile: Get https://www.dogpile.com/search/web?q=mga.gov.sd&qsi=1: EOF
582.  
583. archiveis: Get http://archive.is/*.mga.gov.sd: dial tcp 51.38.113.224:80: connect: connection timed out
584.  
585.  
586. Starting Bruteforcing of mga.gov.sd with 9985 words
587.  
588. Total 5 Unique subdomains found for mga.gov.sd
589.  
590. .mga.gov.sd
591. mail.mga.gov.sd
592. mail.mga.gov.sd
593. webmail.mga.gov.sd
594. webmail.mga.gov.sd
595. #######################################################################################################################################
596. [*] Processing domain mga.gov.sd
597. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
598. [+] Getting nameservers
599. 196.223.159.8 - ns.nctr.sd
600. [-] Zone transfer failed
601.  
602. [+] MX records found, added to target list
603. 10 mail.mga.gov.sd.
604.  
605. [*] Scanning mga.gov.sd for A records
606. 196.223.159.7 - mga.gov.sd
607. 62.12.101.2 - mail.mga.gov.sd
608. 62.12.101.2 - webmail.mga.gov.sd
609. #######################################################################################################################################
610. [+] mga.gov.sd has no SPF record!
611. [*] No DMARC record found. Looking for organizational record
612. [+] No organizational DMARC record
613. [+] Spoofing possible for mga.gov.sd!
614. #######################################################################################################################################
615. INFO[0000] Starting to process queue....
616. INFO[0000] Starting to process permutations....
617. INFO[0000] FORBIDDEN http://mga.s3.amazonaws.com (http://mga.gov.sd)
618. INFO[0000] FORBIDDEN http://mga-uploads.s3.amazonaws.com (http://mga.gov.sd)
619. INFO[0000] FORBIDDEN http://mga-media.s3.amazonaws.com (http://mga.gov.sd)
620. INFO[0000] FORBIDDEN http://mga-public.s3.amazonaws.com (http://mga.gov.sd)
621. INFO[0000] FORBIDDEN http://mga-backup.s3.amazonaws.com (http://mga.gov.sd)
622. INFO[0000] FORBIDDEN http://mga-billing.s3.amazonaws.com (http://mga.gov.sd)
623. INFO[0000] FORBIDDEN http://mga-logs.s3.amazonaws.com (http://mga.gov.sd)
624. INFO[0000] FORBIDDEN http://mga-training.s3.amazonaws.com (http://mga.gov.sd)
625. INFO[0000] FORBIDDEN http://mga-temp.s3.amazonaws.com (http://mga.gov.sd)
626. #######################################################################################################################################
627. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:18 EDT
628. Nmap scan report for mga.gov.sd (196.223.159.7)
629. Host is up (0.13s latency).
630. Not shown: 470 filtered ports, 4 closed ports
631. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
632. PORT STATE SERVICE
633. 80/tcp open http
634. 443/tcp open https
635. #######################################################################################################################################
636. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:18 EDT
637. Nmap scan report for mga.gov.sd (196.223.159.7)
638. Host is up (0.021s latency).
639. Not shown: 2 filtered ports
640. PORT STATE SERVICE
641. 53/udp open|filtered domain
642. 67/udp open|filtered dhcps
643. 68/udp open|filtered dhcpc
644. 69/udp open|filtered tftp
645. 88/udp open|filtered kerberos-sec
646. 123/udp open|filtered ntp
647. 139/udp open|filtered netbios-ssn
648. 161/udp open|filtered snmp
649. 162/udp open|filtered snmptrap
650. 389/udp open|filtered ldap
651. 520/udp open|filtered route
652. 2049/udp open|filtered nfs
653. #######################################################################################################################################
654.  
655. wig - WebApp Information Gatherer
656.  
657.  
658. Scanning https://mga.gov.sd...
659. _________________________________________ SITE INFO __________________________________________
660. IP Title
661. 196.223.159.7 وكالة ضمان التمويل الأصغر &#8211; تيسير
662.  
663. __________________________________________ VERSION ___________________________________________
664. Name Versions Type
665. WordPress 5.1 CMS
666. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
667. 2.4.9
668.  
669. ________________________________________ INTERESTING _________________________________________
670. URL Note Type
671. /robots.txt robots.txt index Interesting
672. /test.html Test file Interesting
673.  
674. ___________________________________________ TOOLS ____________________________________________
675. Name Link Software
676. wpscan https://github.com/wpscanteam/wpscan WordPress
677. CMSmap https://github.com/Dionach/CMSmap WordPress
678.  
679. ______________________________________________________________________________________________
680. Time: 103.9 sec Urls: 229 Fingerprints: 40401
681. #######################################################################################################################################
682. HTTP/1.1 301 Moved Permanently
683. Date: Mon, 29 Apr 2019 16:57:09 GMT
684. Server: Apache
685. Location: https://mga.gov.sd/
686. Content-Type: text/html; charset=iso-8859-1
687.  
688. HTTP/1.1 301 Moved Permanently
689. Date: Mon, 29 Apr 2019 16:57:10 GMT
690. Server: Apache
691. Location: https://mga.gov.sd/
692. Content-Type: text/html; charset=iso-8859-1
693.  
694. HTTP/1.1 200 OK
695. Date: Mon, 29 Apr 2019 16:57:11 GMT
696. Server: Apache
697. X-Frame-Options: SAMEORIGIN
698. Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
699. Link: <https://mga.gov.sd/>; rel=shortlink
700. Content-Type: text/html; charset=UTF-8
701. #######################################################################################################################################
702. jQuery Migrate
703. Google Font API
704. prettyPhoto
705. Apache
706. jQuery 1.12.4
707. WordPress 5.1
708. Slick
709. YouTube
710. WordPress
711. #######################################################################################################################################
712. HTTP/1.1 200 OK
713. Date: Mon, 29 Apr 2019 16:58:05 GMT
714. Server: Apache
715. X-Frame-Options: SAMEORIGIN
716. Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
717. Link: <https://mga.gov.sd/>; rel=shortlink
718. Content-Type: text/html; charset=UTF-8
719.  
720. HTTP/1.1 200 OK
721. Date: Mon, 29 Apr 2019 16:58:06 GMT
722. Server: Apache
723. X-Frame-Options: SAMEORIGIN
724. Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
725. Link: <https://mga.gov.sd/>; rel=shortlink
726. Content-Type: text/html; charset=UTF-8
727. #######################################################################################################################################
728. jQuery Migrate
729. prettyPhoto
730. Apache
731. Google Font API
732. jQuery 1.12.4
733. WordPress 5.1
734. Slick
735. YouTube
736. WordPress
737. #######################################################################################################################################
738. Version: 1.11.13-static
739. OpenSSL 1.0.2-chacha (1.0.2g-dev)
740.  
741. Connected to 196.223.159.7
742.  
743. Testing SSL server mga.gov.sd on port 443 using SNI name mga.gov.sd
744.  
745. TLS Fallback SCSV:
746. Server supports TLS Fallback SCSV
747.  
748. TLS renegotiation:
749. Secure session renegotiation supported
750.  
751. TLS Compression:
752. Compression disabled
753.  
754. Heartbleed:
755. TLS 1.2 not vulnerable to heartbleed
756. TLS 1.1 not vulnerable to heartbleed
757. TLS 1.0 not vulnerable to heartbleed
758.  
759. Supported Server Cipher(s):
760. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
761. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
762. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
763. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
764. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
765. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
766. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
767. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
768. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
769. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
770. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
771. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
772. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
773. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
774. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
775. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
776. Accepted TLSv1.2 128 bits AES128-SHA256
777. Accepted TLSv1.2 256 bits AES256-SHA256
778. Accepted TLSv1.2 128 bits AES128-SHA
779. Accepted TLSv1.2 256 bits AES256-SHA
780. Accepted TLSv1.2 112 bits DES-CBC3-SHA
781. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
782. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
783. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
784. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
785. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
786. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
787. Accepted TLSv1.1 128 bits AES128-SHA
788. Accepted TLSv1.1 256 bits AES256-SHA
789. Accepted TLSv1.1 112 bits DES-CBC3-SHA
790. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
791. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
792. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
793. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
794. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
795. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
796. Accepted TLSv1.0 128 bits AES128-SHA
797. Accepted TLSv1.0 256 bits AES256-SHA
798. Accepted TLSv1.0 112 bits DES-CBC3-SHA
799.  
800. SSL Certificate:
801. Signature Algorithm: sha256WithRSAEncryption
802. RSA Key Strength: 2048
803.  
804. Subject: mga.gov.sd
805. Altnames: DNS:mga.gov.sd
806. Issuer: Let's Encrypt Authority X3
807.  
808. Not valid before: Mar 7 05:21:22 2019 GMT
809. Not valid after: Jun 5 05:21:22 2019 GMT
810. #######################################################################################################################################
811. --------------------------------------------------------
812. <<<Yasuo discovered following vulnerable applications>>>
813. --------------------------------------------------------
814. +----------+---------------------------------+----------------------------------------------+----------+----------+
815. | App Name | URL to Application | Potential Exploit | Username | Password |
816. +----------+---------------------------------+----------------------------------------------+----------+----------+
817. | SVN | https://196.223.159.7:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
818. +----------+---------------------------------+----------------------------------------------+----------+----------+
819. #######################################################################################################################################
820. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
821. Nmap scan report for 196.223.159.7
822. Host is up (0.12s latency).
823. Not shown: 470 filtered ports, 4 closed ports
824. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
825. PORT STATE SERVICE
826. 80/tcp open http
827. 443/tcp open https
828. #######################################################################################################################################
829. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
830. Nmap scan report for 196.223.159.7
831. Host is up (0.021s latency).
832. Not shown: 2 filtered ports
833. PORT STATE SERVICE
834. 53/udp open|filtered domain
835. 67/udp open|filtered dhcps
836. 68/udp open|filtered dhcpc
837. 69/udp open|filtered tftp
838. 88/udp open|filtered kerberos-sec
839. 123/udp open|filtered ntp
840. 139/udp open|filtered netbios-ssn
841. 161/udp open|filtered snmp
842. 162/udp open|filtered snmptrap
843. 389/udp open|filtered ldap
844. 520/udp open|filtered route
845. 2049/udp open|filtered nfs
846. #######################################################################################################################################
847. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
848. Nmap scan report for 196.223.159.7
849. Host is up.
850.  
851. PORT STATE SERVICE VERSION
852. 67/udp open|filtered dhcps
853. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
854. Too many fingerprints match this host to give specific OS details
855.  
856. TRACEROUTE (using proto 1/icmp)
857. HOP RTT ADDRESS
858. 1 22.57 ms 10.243.200.1
859. 2 23.15 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
860. 3 43.56 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
861. 4 22.64 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
862. 5 23.42 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
863. 6 23.39 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
864. 7 28.79 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
865. 8 31.66 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
866. 9 31.63 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
867. 10 31.26 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
868. 11 153.43 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
869. 12 188.35 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
870. 13 220.45 ms 212.0.131.109
871. 14 213.02 ms 196.202.137.249
872. 15 210.64 ms 196.202.137.250
873. 16 ...
874. 17 216.94 ms 196.223.156.10
875. 18 ... 30
876. #######################################################################################################################################
877. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:31 EDT
878. Nmap scan report for 196.223.159.7
879. Host is up.
880.  
881. PORT STATE SERVICE VERSION
882. 68/udp open|filtered dhcpc
883. Too many fingerprints match this host to give specific OS details
884.  
885. TRACEROUTE (using proto 1/icmp)
886. HOP RTT ADDRESS
887. 1 22.05 ms 10.243.200.1
888. 2 22.45 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
889. 3 38.09 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
890. 4 22.44 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
891. 5 22.87 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
892. 6 22.56 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
893. 7 28.15 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
894. 8 30.86 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
895. 9 30.93 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
896. 10 30.95 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
897. 11 153.47 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
898. 12 189.62 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
899. 13 220.81 ms 212.0.131.109
900. 14 213.41 ms 196.202.137.249
901. 15 216.19 ms 196.202.137.250
902. 16 ...
903. 17 219.45 ms 196.223.156.10
904. 18 ... 30
905. #######################################################################################################################################
906. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:33 EDT
907. Nmap scan report for 196.223.159.7
908. Host is up.
909.  
910. PORT STATE SERVICE VERSION
911. 69/udp open|filtered tftp
912. Too many fingerprints match this host to give specific OS details
913.  
914. TRACEROUTE (using proto 1/icmp)
915. HOP RTT ADDRESS
916. 1 20.25 ms 10.243.200.1
917. 2 20.65 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
918. 3 38.83 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
919. 4 20.42 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
920. 5 21.02 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
921. 6 20.84 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
922. 7 26.46 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
923. 8 28.89 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
924. 9 29.13 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
925. 10 29.17 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
926. 11 153.63 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
927. 12 201.26 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
928. 13 221.23 ms 212.0.131.109
929. 14 213.81 ms 196.202.137.249
930. 15 211.22 ms 196.202.137.250
931. 16 ...
932. 17 217.99 ms 196.223.156.10
933. 18 ... 30
934. #######################################################################################################################################
935. HTTP/1.1 301 Moved Permanently
936. Date: Mon, 29 Apr 2019 17:13:09 GMT
937. Server: Apache
938. Location: https://196.223.159.7/
939. Content-Type: text/html; charset=iso-8859-1
940.  
941. HTTP/1.1 301 Moved Permanently
942. Date: Mon, 29 Apr 2019 17:13:09 GMT
943. Server: Apache
944. Location: https://196.223.159.7/
945. Content-Type: text/html; charset=iso-8859-1
946. #######################################################################################################################################
947. jQuery Migrate
948. prettyPhoto
949. Apache
950. jQuery 1.12.4
951. WordPress 5.1
952. Slick
953. YouTube
954. Google Font API
955. WordPress
956. #######################################################################################################################################
957. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:36 EDT
958. Nmap scan report for 196.223.159.7
959. Host is up.
960.  
961. PORT STATE SERVICE VERSION
962. 123/udp open|filtered ntp
963. Too many fingerprints match this host to give specific OS details
964.  
965. TRACEROUTE (using proto 1/icmp)
966. HOP RTT ADDRESS
967. 1 20.89 ms 10.243.200.1
968. 2 21.09 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
969. 3 33.11 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
970. 4 21.08 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
971. 5 21.54 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
972. 6 21.53 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
973. 7 26.71 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
974. 8 29.57 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
975. 9 29.93 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
976. 10 30.00 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
977. 11 152.29 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
978. 12 185.41 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
979. 13 219.49 ms 212.0.131.109
980. 14 212.06 ms 196.202.137.249
981. 15 209.66 ms 196.202.137.250
982. 16 ...
983. 17 216.29 ms 196.223.156.10
984. 18 ... 30
985. #######################################################################################################################################
986. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:38 EDT
987. Nmap scan report for 196.223.159.7
988. Host is up (0.22s latency).
989.  
990. PORT STATE SERVICE VERSION
991. 161/tcp filtered snmp
992. 161/udp open|filtered snmp
993. Too many fingerprints match this host to give specific OS details
994.  
995. TRACEROUTE (using proto 1/icmp)
996. HOP RTT ADDRESS
997. 1 20.29 ms 10.243.200.1
998. 2 20.75 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
999. 3 35.36 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1000. 4 20.73 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1001. 5 20.80 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1002. 6 20.79 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
1003. 7 26.36 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
1004. 8 29.33 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
1005. 9 29.56 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
1006. 10 30.76 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
1007. 11 153.69 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
1008. 12 186.38 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
1009. 13 220.36 ms 212.0.131.109
1010. 14 213.35 ms 196.202.137.249
1011. 15 210.96 ms 196.202.137.250
1012. 16 ...
1013. 17 223.93 ms 196.223.156.10
1014. 18 ... 30
1015. #######################################################################################################################################
1016. jQuery Migrate
1017. prettyPhoto
1018. Apache
1019. jQuery 1.12.4
1020. WordPress 5.1
1021. Slick
1022. YouTube
1023. Google Font API
1024. WordPress
1025. #######################################################################################################################################
1026. Version: 1.11.13-static
1027. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1028.  
1029. Connected to 196.223.159.7
1030.  
1031. Testing SSL server 196.223.159.7 on port 443 using SNI name 196.223.159.7
1032.  
1033. TLS Fallback SCSV:
1034. Server supports TLS Fallback SCSV
1035.  
1036. TLS renegotiation:
1037. Secure session renegotiation supported
1038.  
1039. TLS Compression:
1040. Compression disabled
1041.  
1042. Heartbleed:
1043. TLS 1.2 not vulnerable to heartbleed
1044. TLS 1.1 not vulnerable to heartbleed
1045. TLS 1.0 not vulnerable to heartbleed
1046.  
1047. Supported Server Cipher(s):
1048. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1049. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1050. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1051. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1052. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1053. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1054. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1055. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1056. Accepted TLSv1.2 256 bits AES256-SHA256
1057. Accepted TLSv1.2 256 bits AES256-SHA
1058. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1059. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1060. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1061. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1062. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1063. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1064. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1065. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1066. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1067. Accepted TLSv1.2 128 bits AES128-SHA256
1068. Accepted TLSv1.2 128 bits AES128-SHA
1069. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1070. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1071. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1072. Accepted TLSv1.2 112 bits DES-CBC3-SHA
1073. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1074. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1075. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1076. Accepted TLSv1.1 256 bits AES256-SHA
1077. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1078. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1079. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1080. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1081. Accepted TLSv1.1 128 bits AES128-SHA
1082. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1083. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1084. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1085. Accepted TLSv1.1 112 bits DES-CBC3-SHA
1086. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1087. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1088. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1089. Accepted TLSv1.0 256 bits AES256-SHA
1090. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1091. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1092. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1093. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1094. Accepted TLSv1.0 128 bits AES128-SHA
1095. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1096. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1097. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1098. Accepted TLSv1.0 112 bits DES-CBC3-SHA
1099.  
1100. SSL Certificate:
1101. Signature Algorithm: sha256WithRSAEncryption
1102. RSA Key Strength: 2048
1103.  
1104. Subject: localhost.localdomain
1105. Issuer: localhost.localdomain
1106.  
1107. Not valid before: Mar 4 10:48:37 2019 GMT
1108. Not valid after: Mar 3 10:48:37 2020 GMT
1109. #######################################################################################################################################
1110. --------------------------------------------------------
1111. <<<Yasuo discovered following vulnerable applications>>>
1112. --------------------------------------------------------
1113. +----------+---------------------------------+----------------------------------------------+----------+----------+
1114. | App Name | URL to Application | Potential Exploit | Username | Password |
1115. +----------+---------------------------------+----------------------------------------------+----------+----------+
1116. | SVN | https://196.223.159.7:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
1117. +----------+---------------------------------+----------------------------------------------+----------+----------+
1118. #######################################################################################################################################
1119. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:48 EDT
1120. NSE: Loaded 148 scripts for scanning.
1121. NSE: Script Pre-scanning.
1122. NSE: Starting runlevel 1 (of 2) scan.
1123. Initiating NSE at 13:48
1124. Completed NSE at 13:48, 0.00s elapsed
1125. NSE: Starting runlevel 2 (of 2) scan.
1126. Initiating NSE at 13:48
1127. Completed NSE at 13:48, 0.00s elapsed
1128. Initiating Ping Scan at 13:48
1129. Scanning 196.223.159.7 [4 ports]
1130. Completed Ping Scan at 13:48, 0.25s elapsed (1 total hosts)
1131. Initiating Parallel DNS resolution of 1 host. at 13:48
1132. Completed Parallel DNS resolution of 1 host. at 13:48, 0.02s elapsed
1133. Initiating Connect Scan at 13:48
1134. Scanning 196.223.159.7 [65535 ports]
1135. Discovered open port 443/tcp on 196.223.159.7
1136. Discovered open port 80/tcp on 196.223.159.7
1137. Connect Scan Timing: About 6.58% done; ETC: 13:55 (0:07:20 remaining)
1138. Connect Scan Timing: About 19.31% done; ETC: 13:53 (0:04:15 remaining)
1139. Connect Scan Timing: About 33.45% done; ETC: 13:52 (0:03:01 remaining)
1140. Discovered open port 55555/tcp on 196.223.159.7
1141. Connect Scan Timing: About 47.78% done; ETC: 13:52 (0:02:12 remaining)
1142. Connect Scan Timing: About 60.63% done; ETC: 13:52 (0:01:38 remaining)
1143. Connect Scan Timing: About 78.07% done; ETC: 13:51 (0:00:51 remaining)
1144. Completed Connect Scan at 13:51, 229.09s elapsed (65535 total ports)
1145. Initiating Service scan at 13:51
1146. Scanning 3 services on 196.223.159.7
1147. Completed Service scan at 13:52, 54.35s elapsed (3 services on 1 host)
1148. Initiating OS detection (try #1) against 196.223.159.7
1149. Retrying OS detection (try #2) against 196.223.159.7
1150. Initiating Traceroute at 13:52
1151. Completed Traceroute at 13:52, 6.08s elapsed
1152. Initiating Parallel DNS resolution of 16 hosts. at 13:52
1153. Completed Parallel DNS resolution of 16 hosts. at 13:53, 2.54s elapsed
1154. NSE: Script scanning 196.223.159.7.
1155. NSE: Starting runlevel 1 (of 2) scan.
1156. Initiating NSE at 13:53
1157. Completed NSE at 13:53, 13.68s elapsed
1158. NSE: Starting runlevel 2 (of 2) scan.
1159. Initiating NSE at 13:53
1160. Completed NSE at 13:53, 0.43s elapsed
1161. Nmap scan report for 196.223.159.7
1162. Host is up, received syn-ack ttl 44 (0.16s latency).
1163. Scanned at 2019-04-29 13:48:02 EDT for 313s
1164. Not shown: 65528 filtered ports
1165. Reason: 65528 no-responses
1166. PORT STATE SERVICE REASON VERSION
1167. 25/tcp closed smtp conn-refused
1168. 80/tcp open http syn-ack Apache httpd
1169. |_http-server-header: Apache
1170. 113/tcp closed ident conn-refused
1171. 139/tcp closed netbios-ssn conn-refused
1172. 443/tcp open ssl/http syn-ack Apache httpd
1173. |_http-server-header: Apache
1174. |_http-title: 403 Forbidden
1175. | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--/organizationalUnitName=SomeOrganizationalUnit/localityName=SomeCity/emailAddress=root@localhost.localdomain
1176. | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--/organizationalUnitName=SomeOrganizationalUnit/localityName=SomeCity/emailAddress=root@localhost.localdomain
1177. | Public Key type: rsa
1178. | Public Key bits: 2048
1179. | Signature Algorithm: sha256WithRSAEncryption
1180. | Not valid before: 2019-03-04T10:48:37
1181. | Not valid after: 2020-03-03T10:48:37
1182. | MD5: f0a4 68ed bf02 8b9c 3d57 ab8c 95d4 0db4
1183. | SHA-1: 0f54 2301 b567 052f 2b60 9b96 830c 747b 28bd 1ca2
1184. | -----BEGIN CERTIFICATE-----
1185. | MIIEDjCCAvagAwIBAgICXzMwDQYJKoZIhvcNAQELBQAwgbsxCzAJBgNVBAYTAi0t
1186. | MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
1187. | DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
1188. | bml0MR4wHAYDVQQDDBVsb2NhbGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0B
1189. | CQEWGnJvb3RAbG9jYWxob3N0LmxvY2FsZG9tYWluMB4XDTE5MDMwNDEwNDgzN1oX
1190. | DTIwMDMwMzEwNDgzN1owgbsxCzAJBgNVBAYTAi0tMRIwEAYDVQQIDAlTb21lU3Rh
1191. | dGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQKDBBTb21lT3JnYW5pemF0aW9u
1192. | MR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxVbml0MR4wHAYDVQQDDBVsb2Nh
1193. | bGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0BCQEWGnJvb3RAbG9jYWxob3N0
1194. | LmxvY2FsZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwG1
1195. | x7bk9JOxI2Ah0JXVcEXE/dctQwwSjfM3Rr4PjZ3zRXak7trJuj7VdCu9sGn+B2MX
1196. | eKhBRx9jPDSirlryLpv4rCEomOMkGOSunsTswJMfaiCC5qNEu5PXKRuWa9BJLj3n
1197. | uwNGhLbGY5ZlAZMKysYj6AHhH2ASLX8SphAGTiaRTyX0R/nDeQIEBwJXRa/326WW
1198. | T6EbODaKj6Db7w40Yf+ISXbs+GoRQq0RNwMvg9i/AdGhvT9RiBMMlhTj65QG29Ym
1199. | AJEqQLCS5BiaiH2k/dZV9ytAcjF2Qd9JeI3mat7twkNI3nJ2xToSSluPpOUeJN9g
1200. | Ga3VZ0h/yOu5loAGbwIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAN
1201. | BgkqhkiG9w0BAQsFAAOCAQEAPR1wyeSlX0cJ8Fu7NUCNDJFY1YGM+NsHRIhwYCgy
1202. | jgKARTiJEyAWFr2xNhFdPinE5pQEuV05TG4N7PoQLi8gSji4dTg+o8JFqMer3AxE
1203. | ghNFCwIwsG/splefluQyMZA4avwlC4Vi2HOV3tL3k4u4JCMSlqU10/btpIWWx7H1
1204. | elkXMSV8v+kCFJz069JzUtTCQXtYW4s2617aa37fIWQs1sBDJhkGDYUMDvxY66YE
1205. | C0XPc0ecjzBxrO7qCeDmdXAQCKPmEv3QLWC20AGHxC+QikgBgx551DlNblgjBAip
1206. | hEIpxtagkIy+g/hPi3zeVsHJuUNIL82F116rRiIwvTnb7A==
1207. |_-----END CERTIFICATE-----
1208. |_ssl-date: TLS randomness does not represent time
1209. 445/tcp closed microsoft-ds conn-refused
1210. 55555/tcp open ssl/unknown syn-ack
1211. | ssl-cert: Subject: commonName=SN2KXA16C0776A7/organizationName=NETASQ - Secure Internet Connectivity/stateOrProvinceName=Nord/countryName=FR/localityName=Villeneuve d'Ascq/organizationalUnitName=SN2000-A
1212. | Issuer: organizationName=NETASQ - Secure Internet Connectivity/stateOrProvinceName=Nord/countryName=FR/localityName=Villeneuve d'Ascq/organizationalUnitName=NETASQ Firewall Certification Authority
1213. | Public Key type: rsa
1214. | Public Key bits: 2048
1215. | Signature Algorithm: sha1WithRSAEncryption
1216. | Not valid before: 2016-03-15T05:32:57
1217. | Not valid after: 2026-03-15T05:32:57
1218. | MD5: 682f b959 b4e1 72e9 90a9 ca84 bf3c 48ed
1219. | SHA-1: d7ae 82f8 9ede 6bdc 9d5e 2f0a e77d 1870 1b15 7ebf
1220. | -----BEGIN CERTIFICATE-----
1221. | MIIEyDCCA7CgAwIBAgIDAppUMA0GCSqGSIb3DQEBBQUAMIGaMQswCQYDVQQGEwJG
1222. | UjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAs
1223. | BgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxMDAu
1224. | BgNVBAsTJ05FVEFTUSBGaXJld2FsbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
1225. | Fw0xNjAzMTUwNTMyNTdaFw0yNjAzMTUwNTMyNTdaMIGVMQswCQYDVQQGEwJGUjEN
1226. | MAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
1227. | BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxETAPBgNV
1228. | BAsTCFNOMjAwMC1BMRgwFgYDVQQDEw9TTjJLWEExNkMwNzc2QTcwggEiMA0GCSqG
1229. | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz9ykvEkvmKbJg8J9LI/bE1Q7WIp3kU96+
1230. | XAXQl7Wcjjn8QfXr/kuJrn5mDfJA9Dhpd+80rh/8VN2t9431RqL2BoO2i8DsgFwO
1231. | hWVGHqiPH+OUq7Cos1Gw8qBBIkA05Kyc+vhj33eC4gEcsWQbUfWzFW5NlSs1WzF7
1232. | gTM1H2XIQxkg1J6jNUBXggLREfVE+HzbLUTXjHTB7kG5A5RpLhhAwMki61oAAmGZ
1233. | rlOElYV8kcHhw/B9RzJYiqeMFPd8NZN+OhMjSEkn/KR5i2+ute7MaYq1MQkytqR0
1234. | dAKKFxenOAa2ML7Jc2Pas/19t9Tyz/DSBIQOK7HSGOtGiXYVUo0LAgMBAAGjggEY
1235. | MIIBFDAdBgNVHQ4EFgQUwZH7ZQXFbXnQaS4zLbdyw6hXE9owgccGA1UdIwSBvzCB
1236. | vIAUzXQlIDavu8lTfZi4VukOpt8n7m2hgaCkgZ0wgZoxCzAJBgNVBAYTAkZSMQ0w
1237. | CwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UE
1238. | ChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEwMC4GA1UE
1239. | CxMnTkVUQVNRIEZpcmV3YWxsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAkG
1240. | A1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgVgMAsGA1UdDwQEAwIF4DANBgkqhkiG
1241. | 9w0BAQUFAAOCAQEAey/0czwaTCnqbRaT9oxjtR9cSXVhHLwKN6J9kew6hiWuAFhO
1242. | TARS4+Zu0neXcTjpQiV2eAfXo0NxWWYMXhfJwBxrjIlneqPgrY5vC84xn7FjzMRI
1243. | 4j20W4BQ/JdPabsWtouu4uNI2ifTCcryufKcztHN4jmTTgKPPu3mcmND15mFYOvQ
1244. | 3/MvLKDe1xlaY5oD5VsOmRW7/1Wx4j2TgXBROLkroE9yIoxyvy6DwBh32BYjN7B6
1245. | q8IHUK2c/WU6eo3GZTtJ4uKCmHmwpnk3i67YGSXmLVXye/d8w745vTA+yEdzx+Bc
1246. | XXwiRsj0uUmBPTU8Kh9sPBE7yzU9+TX2f/RWeA==
1247. |_-----END CERTIFICATE-----
1248. Device type: general purpose|firewall|storage-misc
1249. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (86%), Synology DiskStation Manager 5.X (85%)
1250. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
1251. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1252. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 2.6.32 (88%), Linux 2.6.32 - 3.1 (88%), Linux 2.6.32 - 3.13 (87%), Linux 2.6.32 or 3.10 (86%), Linux 3.4 (86%), WatchGuard Fireware 11.8 (86%), Linux 2.6.39 (86%), Linux 2.6.32 - 2.6.39 (85%), Linux 3.10 (85%)
1253. No exact OS matches for host (test conditions non-ideal).
1254. TCP/IP fingerprint:
1255. SCAN(V=7.70%E=4%D=4/29%OT=80%CT=25%CU=%PV=N%G=N%TM=5CC73A0B%P=x86_64-pc-linux-gnu)
1256. SEQ(SP=104%GCD=1%ISR=109%TI=Z%CI=Z%TS=A)
1257. OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
1258. WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)
1259. ECN(R=Y%DF=Y%TG=40%W=3908%O=M44FNNSNW7%CC=Y%Q=)
1260. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
1261. T2(R=N)
1262. T3(R=N)
1263. T4(R=N)
1264. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1265. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1266. T7(R=N)
1267. U1(R=N)
1268. IE(R=N)
1269.  
1270. Uptime guess: 11.600 days (since Wed Apr 17 23:29:09 2019)
1271. TCP Sequence Prediction: Difficulty=260 (Good luck!)
1272. IP ID Sequence Generation: All zeros
1273.  
1274. TRACEROUTE (using proto 1/icmp)
1275. HOP RTT ADDRESS
1276. 1 22.98 ms 10.243.200.1
1277. 2 23.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1278. 3 38.72 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1279. 4 23.05 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1280. 5 24.45 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1281. 6 23.08 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
1282. 7 29.16 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
1283. 8 30.96 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
1284. 9 30.99 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
1285. 10 31.03 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
1286. 11 153.46 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
1287. 12 209.44 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
1288. 13 220.20 ms 212.0.131.109
1289. 14 213.12 ms 196.202.137.249
1290. 15 210.58 ms 196.202.137.250
1291. 16 ...
1292. 17 217.07 ms 196.223.156.10
1293. 18 ... 30
1294.  
1295. NSE: Script Post-scanning.
1296. NSE: Starting runlevel 1 (of 2) scan.
1297. Initiating NSE at 13:53
1298. Completed NSE at 13:53, 0.00s elapsed
1299. NSE: Starting runlevel 2 (of 2) scan.
1300. Initiating NSE at 13:53
1301. Completed NSE at 13:53, 0.00s elapsed
1302. Read data files from: /usr/bin/../share/nmap
1303. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1304. Nmap done: 1 IP address (1 host up) scanned in 314.01 seconds
1305. Raw packets sent: 136 (9.976KB) | Rcvd: 564 (76.424KB)
1306. #######################################################################################################################################
1307. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:53 EDT
1308. NSE: Loaded 148 scripts for scanning.
1309. NSE: Script Pre-scanning.
1310. Initiating NSE at 13:53
1311. Completed NSE at 13:53, 0.00s elapsed
1312. Initiating NSE at 13:53
1313. Completed NSE at 13:53, 0.00s elapsed
1314. Initiating Parallel DNS resolution of 1 host. at 13:53
1315. Completed Parallel DNS resolution of 1 host. at 13:53, 0.03s elapsed
1316. Initiating UDP Scan at 13:53
1317. Scanning 196.223.159.7 [14 ports]
1318. Completed UDP Scan at 13:53, 1.48s elapsed (14 total ports)
1319. Initiating Service scan at 13:53
1320. Scanning 12 services on 196.223.159.7
1321. Service scan Timing: About 8.33% done; ETC: 14:12 (0:17:58 remaining)
1322. Completed Service scan at 13:55, 102.58s elapsed (12 services on 1 host)
1323. Initiating OS detection (try #1) against 196.223.159.7
1324. Retrying OS detection (try #2) against 196.223.159.7
1325. Initiating Traceroute at 13:55
1326. Completed Traceroute at 13:55, 7.11s elapsed
1327. Initiating Parallel DNS resolution of 1 host. at 13:55
1328. Completed Parallel DNS resolution of 1 host. at 13:55, 0.01s elapsed
1329. NSE: Script scanning 196.223.159.7.
1330. Initiating NSE at 13:55
1331. Completed NSE at 13:55, 20.32s elapsed
1332. Initiating NSE at 13:55
1333. Completed NSE at 13:55, 1.02s elapsed
1334. Nmap scan report for 196.223.159.7
1335. Host is up (0.022s latency).
1336.  
1337. PORT STATE SERVICE VERSION
1338. 53/udp open|filtered domain
1339. 67/udp open|filtered dhcps
1340. 68/udp open|filtered dhcpc
1341. 69/udp open|filtered tftp
1342. 88/udp open|filtered kerberos-sec
1343. 123/udp open|filtered ntp
1344. 137/udp filtered netbios-ns
1345. 138/udp filtered netbios-dgm
1346. 139/udp open|filtered netbios-ssn
1347. 161/udp open|filtered snmp
1348. 162/udp open|filtered snmptrap
1349. 389/udp open|filtered ldap
1350. 520/udp open|filtered route
1351. 2049/udp open|filtered nfs
1352. Too many fingerprints match this host to give specific OS details
1353.  
1354. TRACEROUTE (using port 138/udp)
1355. HOP RTT ADDRESS
1356. 1 22.61 ms 10.243.200.1
1357. 2 ... 3
1358. 4 20.64 ms 10.243.200.1
1359. 5 23.77 ms 10.243.200.1
1360. 6 23.76 ms 10.243.200.1
1361. 7 23.75 ms 10.243.200.1
1362. 8 23.75 ms 10.243.200.1
1363. 9 23.74 ms 10.243.200.1
1364. 10 23.76 ms 10.243.200.1
1365. 11 ... 18
1366. 19 25.32 ms 10.243.200.1
1367. 20 21.98 ms 10.243.200.1
1368. 21 21.74 ms 10.243.200.1
1369. 22 ... 27
1370. 28 21.60 ms 10.243.200.1
1371. 29 ...
1372. 30 28.45 ms 10.243.200.1
1373.  
1374. NSE: Script Post-scanning.
1375. Initiating NSE at 13:55
1376. Completed NSE at 13:55, 0.00s elapsed
1377. Initiating NSE at 13:55
1378. Completed NSE at 13:55, 0.00s elapsed
1379. Read data files from: /usr/bin/../share/nmap
1380. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1381. Nmap done: 1 IP address (1 host up) scanned in 135.71 seconds
1382. Raw packets sent: 148 (9.992KB) | Rcvd: 131 (22.794KB)
1383. #######################################################################################################################################
1384. [+] URL: https://mga.gov.sd/
1385. [+] Started: Mon Apr 29 12:12:57 2019
1386.  
1387. Interesting Finding(s):
1388.  
1389. [+] https://mga.gov.sd/
1390. | Interesting Entry: Server: Apache
1391. | Found By: Headers (Passive Detection)
1392. | Confidence: 100%
1393.  
1394. [+] https://mga.gov.sd/robots.txt
1395. | Interesting Entries:
1396. | - /wp-admin/
1397. | - /wp-admin/admin-ajax.php
1398. | Found By: Robots Txt (Aggressive Detection)
1399. | Confidence: 100%
1400.  
1401. [+] https://mga.gov.sd/xmlrpc.php
1402. | Found By: Link Tag (Passive Detection)
1403. | Confidence: 100%
1404. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
1405. | References:
1406. | - http://codex.wordpress.org/XML-RPC_Pingback_API
1407. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1408. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1409. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1410. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1411.  
1412. [+] This site seems to be a multisite
1413. | Found By: Direct Access (Aggressive Detection)
1414. | Confidence: 100%
1415. | Reference: http://codex.wordpress.org/Glossary#Multisite
1416.  
1417. [+] This site has 'Must Use Plugins': https://mga.gov.sd/wp-content/mu-plugins/
1418. | Found By: Direct Access (Aggressive Detection)
1419. | Confidence: 80%
1420. | Reference: http://codex.wordpress.org/Must_Use_Plugins
1421.  
1422. [+] https://mga.gov.sd/wp-cron.php
1423. | Found By: Direct Access (Aggressive Detection)
1424. | Confidence: 60%
1425. | References:
1426. | - https://www.iplocation.net/defend-wordpress-from-ddos
1427. | - https://github.com/wpscanteam/wpscan/issues/1299
1428.  
1429. [+] WordPress version 5.1 identified (Insecure, released on 2019-02-21).
1430. | Detected By: Rss Generator (Passive Detection)
1431. | - https://mga.gov.sd/feed, <generator>https://wordpress.org/?v=5.1</generator>
1432. | Confirmed By: Emoji Settings (Passive Detection)
1433. | - https://mga.gov.sd/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.1'
1434. |
1435. | [!] 1 vulnerability identified:
1436. |
1437. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
1438. | Fixed in: 5.1.1
1439. | References:
1440. | - https://wpvulndb.com/vulnerabilities/9230
1441. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
1442. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
1443. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
1444. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
1445.  
1446. [+] WordPress theme in use: microbankpro
1447. | Location: https://mga.gov.sd/wp-content/themes/microbankpro/
1448. | Readme: https://mga.gov.sd/wp-content/themes/microbankpro/readme.txt
1449. | Style URL: https://mga.gov.sd/wp-content/themes/microbankpro/style.css?ver=5.1
1450. | Style Name: MicroBank Pro
1451. | Style URI: https://inkthemes.com/microbankpro-wordpress-theme
1452. | Description: MicroBank Pro for WordPress is one of the easiest themes to build your Web Presence in 10 Minutes. J...
1453. | Author: InkThemes.com
1454. | Author URI: http://www.inkthemes.com
1455. |
1456. | Detected By: Css Style (Passive Detection)
1457. |
1458. | Version: 2.2.1 (80% confidence)
1459. | Detected By: Style (Passive Detection)
1460. | - https://mga.gov.sd/wp-content/themes/microbankpro/style.css?ver=5.1, Match: 'Version: 2.2.1'
1461.  
1462. [+] Enumerating All Plugins (via Passive Methods)
1463. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
1464.  
1465. [i] Plugin(s) Identified:
1466.  
1467. [+] archives-calendar-widget
1468. | Location: https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/
1469. | Latest Version: 1.0.12 (up to date)
1470. | Last Updated: 2016-11-13T11:55:00.000Z
1471. |
1472. | Detected By: Urls In Homepage (Passive Detection)
1473. |
1474. | Version: 1.0.12 (100% confidence)
1475. | Detected By: Query Parameter (Passive Detection)
1476. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/themes/calendrier.css?ver=1.0.12
1477. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/admin/js/jquery.arcw-init.js?ver=1.0.12
1478. | Confirmed By:
1479. | Readme - Stable Tag (Aggressive Detection)
1480. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/readme.txt
1481. | Readme - ChangeLog Section (Aggressive Detection)
1482. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/readme.txt
1483.  
1484. [+] contact-form-7
1485. | Location: https://mga.gov.sd/wp-content/plugins/contact-form-7/
1486. | Latest Version: 5.1.1 (up to date)
1487. | Last Updated: 2018-12-18T18:05:00.000Z
1488. |
1489. | Detected By: Urls In Homepage (Passive Detection)
1490. |
1491. | Version: 5.1.1 (100% confidence)
1492. | Detected By: Query Parameter (Passive Detection)
1493. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
1494. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
1495. | Confirmed By:
1496. | Readme - Stable Tag (Aggressive Detection)
1497. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/readme.txt
1498. | Readme - ChangeLog Section (Aggressive Detection)
1499. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/readme.txt
1500.  
1501. [+] dk-new-medias-image-rotator-widget
1502. | Location: https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/
1503. | Latest Version: 1.2.1 (up to date)
1504. | Last Updated: 2016-05-06T17:30:00.000Z
1505. |
1506. | Detected By: Urls In Homepage (Passive Detection)
1507. |
1508. | Version: 1.2.1 (100% confidence)
1509. | Detected By: Readme - Stable Tag (Aggressive Detection)
1510. | - https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/readme.txt
1511. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1512. | - https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/readme.txt
1513.  
1514. [+] multi-rating
1515. | Location: https://mga.gov.sd/wp-content/plugins/multi-rating/
1516. | Latest Version: 4.3 (up to date)
1517. | Last Updated: 2018-05-18T12:15:00.000Z
1518. |
1519. | Detected By: Urls In Homepage (Passive Detection)
1520. |
1521. | Version: 4.3 (60% confidence)
1522. | Detected By: Query Parameter (Passive Detection)
1523. | - https://mga.gov.sd/wp-content/plugins/multi-rating/assets/js/frontend-min.js?ver=4.3
1524. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1525. | - https://mga.gov.sd/wp-content/plugins/multi-rating/readme.txt
1526.  
1527. [+] newsletter
1528. | Location: https://mga.gov.sd/wp-content/plugins/newsletter/
1529. | Last Updated: 2019-04-18T06:55:00.000Z
1530. | [!] The version is out of date, the latest version is 5.9.3
1531. |
1532. | Detected By: Urls In Homepage (Passive Detection)
1533. |
1534. | Version: 5.8.9 (100% confidence)
1535. | Detected By: Query Parameter (Passive Detection)
1536. | - https://mga.gov.sd/wp-content/plugins/newsletter/subscription/validate.js?ver=5.8.9
1537. | Confirmed By:
1538. | Readme - Stable Tag (Aggressive Detection)
1539. | - https://mga.gov.sd/wp-content/plugins/newsletter/readme.txt
1540. | Readme - ChangeLog Section (Aggressive Detection)
1541. | - https://mga.gov.sd/wp-content/plugins/newsletter/readme.txt
1542.  
1543. [+] popups
1544. | Location: https://mga.gov.sd/wp-content/plugins/popups/
1545. | Last Updated: 2019-04-09T15:37:00.000Z
1546. | [!] The version is out of date, the latest version is 1.9.3.6
1547. |
1548. | Detected By: Urls In Homepage (Passive Detection)
1549. |
1550. | Version: 1.9.3.4 (100% confidence)
1551. | Detected By: Query Parameter (Passive Detection)
1552. | - https://mga.gov.sd/wp-content/plugins/popups/public/assets/css/public.css?ver=1.9.3.4
1553. | Confirmed By:
1554. | Readme - Stable Tag (Aggressive Detection)
1555. | - https://mga.gov.sd/wp-content/plugins/popups/README.txt
1556. | Readme - ChangeLog Section (Aggressive Detection)
1557. | - https://mga.gov.sd/wp-content/plugins/popups/README.txt
1558.  
1559. [+] searchwp-live-ajax-search
1560. | Location: https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/
1561. | Latest Version: 1.3.1 (up to date)
1562. | Last Updated: 2018-02-19T01:47:00.000Z
1563. |
1564. | Detected By: Urls In Homepage (Passive Detection)
1565. |
1566. | Version: 1.3.1 (100% confidence)
1567. | Detected By: Query Parameter (Passive Detection)
1568. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.css?ver=1.3.1
1569. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/build/searchwp-live-search.min.js?ver=1.3.1
1570. | Confirmed By:
1571. | Readme - Stable Tag (Aggressive Detection)
1572. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/readme.txt
1573. | Readme - ChangeLog Section (Aggressive Detection)
1574. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/readme.txt
1575.  
1576. [+] siteorigin-panels
1577. | Location: https://mga.gov.sd/wp-content/plugins/siteorigin-panels/
1578. | Last Updated: 2019-04-06T00:55:00.000Z
1579. | [!] The version is out of date, the latest version is 2.10.5
1580. |
1581. | Detected By: Urls In Homepage (Passive Detection)
1582. |
1583. | Version: 2.10.2 (100% confidence)
1584. | Detected By: Readme - Stable Tag (Aggressive Detection)
1585. | - https://mga.gov.sd/wp-content/plugins/siteorigin-panels/readme.txt
1586. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1587. | - https://mga.gov.sd/wp-content/plugins/siteorigin-panels/readme.txt
1588.  
1589. [+] smart-slider-3
1590. | Location: https://mga.gov.sd/wp-content/plugins/smart-slider-3/
1591. | Last Updated: 2019-04-05T08:59:00.000Z
1592. | [!] The version is out of date, the latest version is 3.3.18
1593. |
1594. | Detected By: Urls In Homepage (Passive Detection)
1595. |
1596. | Version: 3.3.15 (100% confidence)
1597. | Detected By: Readme - Stable Tag (Aggressive Detection)
1598. | - https://mga.gov.sd/wp-content/plugins/smart-slider-3/readme.txt
1599. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1600. | - https://mga.gov.sd/wp-content/plugins/smart-slider-3/readme.txt
1601.  
1602. [+] stop-user-enumeration
1603. | Location: https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/
1604. | Latest Version: 1.3.20 (up to date)
1605. | Last Updated: 2019-02-27T08:57:00.000Z
1606. |
1607. | Detected By: Urls In Homepage (Passive Detection)
1608. |
1609. | Version: 1.3.20 (100% confidence)
1610. | Detected By: Query Parameter (Passive Detection)
1611. | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.20
1612. | Confirmed By:
1613. | Readme - Stable Tag (Aggressive Detection)
1614. | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/readme.txt
1615. | Readme - ChangeLog Section (Aggressive Detection)
1616. | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/readme.txt
1617.  
1618. [+] tablepress
1619. | Location: https://mga.gov.sd/wp-content/plugins/tablepress/
1620. | Latest Version: 1.9.2 (up to date)
1621. | Last Updated: 2019-02-22T15:10:00.000Z
1622. |
1623. | Detected By: Urls In Homepage (Passive Detection)
1624. |
1625. | Version: 1.9.2 (90% confidence)
1626. | Detected By: Query Parameter (Passive Detection)
1627. | - https://mga.gov.sd/wp-content/plugins/tablepress/css/default.min.css?ver=1.9.2
1628. | Confirmed By: Readme - Stable Tag (Aggressive Detection)
1629. | - https://mga.gov.sd/wp-content/plugins/tablepress/readme.txt
1630.  
1631. [+] widget-countdown
1632. | Location: https://mga.gov.sd/wp-content/plugins/widget-countdown/
1633. | Last Updated: 2019-03-18T18:09:00.000Z
1634. | [!] The version is out of date, the latest version is 2.0.4
1635. |
1636. | Detected By: Urls In Homepage (Passive Detection)
1637. |
1638. | Version: 2.0.3 (100% confidence)
1639. | Detected By: Readme - Stable Tag (Aggressive Detection)
1640. | - https://mga.gov.sd/wp-content/plugins/widget-countdown/readme.txt
1641. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1642. | - https://mga.gov.sd/wp-content/plugins/widget-countdown/readme.txt
1643.  
1644. [+] wp-google-map-plugin
1645. | Location: https://mga.gov.sd/wp-content/plugins/wp-google-map-plugin/
1646. | Latest Version: 4.0.8 (up to date)
1647. | Last Updated: 2019-03-18T04:32:00.000Z
1648. |
1649. | Detected By: Urls In Homepage (Passive Detection)
1650. |
1651. | Version: 4.0.8 (50% confidence)
1652. | Detected By: Readme - ChangeLog Section (Aggressive Detection)
1653. | - https://mga.gov.sd/wp-content/plugins/wp-google-map-plugin/readme.txt
1654.  
1655. [+] wp-logo-showcase-responsive-slider-slider
1656. | Location: https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/
1657. | Last Updated: 2019-04-12T08:50:00.000Z
1658. | [!] The version is out of date, the latest version is 2.2.3
1659. |
1660. | Detected By: Urls In Homepage (Passive Detection)
1661. |
1662. | Version: 2.2.2 (20% confidence)
1663. | Detected By: Query Parameter (Passive Detection)
1664. | - https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/slick.css?ver=2.2.2
1665. | - https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/logo-showcase.css?ver=2.2.2
1666.  
1667. [+] wp-statistics
1668. | Location: https://mga.gov.sd/wp-content/plugins/wp-statistics/
1669. | Last Updated: 2019-04-24T06:57:00.000Z
1670. | [!] The version is out of date, the latest version is 12.6.4
1671. |
1672. | Detected By: Comment (Passive Detection)
1673. |
1674. | [!] 1 vulnerability identified:
1675. |
1676. | [!] Title: WP Statistics <= 12.6.3 - Cross-Site Scripting (XSS)
1677. | Fixed in: 12.6.4
1678. | References:
1679. | - https://wpvulndb.com/vulnerabilities/9261
1680. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10864
1681. | - https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c
1682. |
1683. | Version: 12.6 (60% confidence)
1684. | Detected By: Comment (Passive Detection)
1685. | - https://mga.gov.sd/, Match: 'Analytics by WP-Statistics v12.6'
1686.  
1687. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
1688. Checking Config Backups - Time: 00:00:02 <===> (21 / 21) 100.00% Time: 00:00:02
1689.  
1690. [i] No Config Backups Found.
1691.  
1692.  
1693. [+] Finished: Mon Apr 29 12:13:35 2019
1694. [+] Requests Done: 91
1695. [+] Cached Requests: 6
1696. [+] Data Sent: 20.692 KB
1697. [+] Data Received: 944.714 KB
1698. [+] Memory used: 177.352 MB
1699. [+] Elapsed time: 00:00:37
1700. #######################################################################################################################################
1701. Anonymous JTSEC #OpSudan Full Recon #60