Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname mga.gov.sd ISP MAX-NET-FOR-INTERNET-SERVICES
- Continent Africa Flag
- SD
- Country Sudan Country Code SD
- Region Unknown Local time 29 Apr 2019 17:54 CAT
- City Unknown Postal Code Unknown
- IP Address 196.223.159.7 Latitude 15
- Longitude 30
- =======================================================================================================================================
- #######################################################################################################################################
- > mga.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: mga.gov.sd
- Address: 196.223.159.7
- >
- #######################################################################################################################################
- HostIP:196.223.159.7
- HostName:mga.gov.sd
- Gathered Inet-whois information for 196.223.159.7
- --------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 196.15.64.0 - 198.10.255.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:49:04Z
- last-modified: 2019-01-07T10:49:04Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % Information related to '196.223.152.0/21AS37211'
- route: 196.223.152.0/21
- origin: AS37211
- mnt-by: RIPE-MAXNET-MNT
- created: 2016-07-24T12:11:55Z
- last-modified: 2018-09-04T18:30:00Z
- source: RIPE-NONAUTH
- % This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)
- Gathered Inic-whois information for mga.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for mga.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for mga.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for mga.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:webmail.mga.gov.sd
- HostIP:62.12.101.2
- HostName:mail.mga.gov.sd
- HostIP:62.12.101.2
- Searching Altavista.com:80...
- Found 2 possible subdomain(s) for host mga.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for mga.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host mga.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 196.223.159.7
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 80/tcp open
- Portscan Finished: Scanned 150 ports, 3 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: https://mga.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: وكالة ضمان التمويل الأصغر – تيسير
- [+] IP address: 196.223.159.7
- [+] Web Server: Apache
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- -----------[end of contents]-------------
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 196.223.159.7
- [i] Country: Sudan
- [i] State:
- [i] City:
- [i] Latitude: 15.0
- [i] Longitude: 30.0
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.0 200 OK
- [i] Date: Mon, 29 Apr 2019 15:57:04 GMT
- [i] Server: Apache
- [i] X-Frame-Options: SAMEORIGIN
- [i] Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
- [i] Link: <https://mga.gov.sd/>; rel=shortlink
- [i] Content-Length: 124980
- [i] Connection: close
- [i] Content-Type: text/html; charset=UTF-8
- D N S L O O K U P
- =======================================================================================================================================
- mga.gov.sd. 21599 IN A 196.223.159.7
- mga.gov.sd. 21599 IN MX 10 mail.mga.gov.sd.
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 196.223.159.7
- Network = 196.223.159.7 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 196.223.159.7 - 196.223.159.7 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:20 UTC
- Nmap scan report for mga.gov.sd (196.223.159.7)
- Host is up (0.18s latency).
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds
- S U B - D O M A I N F I N D E R
- =======================================================================================================================================
- [i] Total Subdomains Found : 1
- [+] Subdomain: mail.mga.gov.sd
- [-] IP: 62.12.101.2
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- https://mga.gov.sd/
- [!] IP Address : 196.223.159.7
- [!] CMS Detected : WordPress
- [?] Would you like to use WPScan? [Y/n] Y
- Scan Aborted: invalid option: --random-agent
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for mga.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/mga.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- There was an error getting results
- [-] DNS Records
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1556554847800942-web-@mga.gov.sd
- pixel-1556554850158555-web-@mga.gov.sd
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- 62.12.101.2:webmail.mga.gov.sd
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Enter : 16
- Enter Address Website = mga.gov.sd
- Reverse IP With YouGetSignal 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 196.223.159.7
- [*] Domain: mga.gov.sd
- [*] Total Domains: 1
- [+] mga.gov.sd
- #######################################################################################################################################
- Geo IP Lookup 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 196.223.159.7
- [+] Country: Sudan
- [+] State:
- [+] City:
- [+] Latitude: 15.0
- [+] Longitude: 30.0
- #######################################################################################################################################
- Bypass Cloudflare 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [!] CloudFlare Bypass 62.12.101.2 | webmail.mga.gov.sd
- [!] CloudFlare Bypass 62.12.101.2 | mail.mga.gov.sd
- #######################################################################################################################################
- DNS Lookup 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] mga.gov.sd. 21599 IN A 196.223.159.7
- [+] mga.gov.sd. 21599 IN MX 10 mail.mga.gov.sd.
- #######################################################################################################################################
- Show HTTP Header 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 301 Moved Permanently
- [+] Date: Mon, 29 Apr 2019 15:56:28 GMT
- [+] Server: Apache
- [+] Location: https://mga.gov.sd/
- [+] Content-Type: text/html; charset=iso-8859-1
- #######################################################################################################################################
- Port Scan 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:19 UTC
- Nmap scan report for mga.gov.sd (196.223.159.7)
- Host is up (0.18s latency).
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 7.26 seconds
- #######################################################################################################################################
- Cms Scan 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] Cms : WordPress
- [+] Web Servers : Apache
- [+] Programming Languages : PHP
- #######################################################################################################################################
- Robot.txt 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- #######################################################################################################################################
- Traceroute 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-04-29T16:19:59+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 0.9 0.9 0.9 0.9 0.0
- 2.|-- 45.79.12.2 0.0% 3 0.7 0.9 0.7 1.3 0.3
- 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.4 1.6 1.4 2.0 0.3
- 4.|-- tisparkle.dfw03.atlas.cogentco.com 0.0% 3 1.3 1.4 1.3 1.6 0.1
- 5.|-- ae1.palermo3.pal.seabone.net 0.0% 3 182.7 184.5 182.6 188.1 3.1
- 6.|-- sudatel.palermo3.pal.seabone.net 0.0% 3 194.7 195.1 194.7 195.6 0.5
- 7.|-- 212.0.131.109 0.0% 3 223.2 223.3 223.1 223.6 0.3
- 8.|-- 196.202.137.249 0.0% 3 211.3 211.3 211.2 211.4 0.1
- 9.|-- 196.202.137.250 0.0% 3 211.4 211.9 211.4 212.6 0.6
- 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 11.|-- 196.223.156.10 0.0% 3 214.8 221.1 214.8 228.0 6.6
- 12.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ping 'mga.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-04-29 16:20 UTC
- SENT (0.8467s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=1] IP [ttl=64 id=40352 iplen=28 ]
- SENT (1.8469s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=2] IP [ttl=64 id=40352 iplen=28 ]
- SENT (2.8483s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=3] IP [ttl=64 id=40352 iplen=28 ]
- SENT (3.8500s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=4] IP [ttl=64 id=40352 iplen=28 ]
- Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
- Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
- Nping done: 1 IP address pinged in 4.85 seconds
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-3-Debian <<>> mga.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47881
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;mga.gov.sd. IN A
- ;; ANSWER SECTION:
- mga.gov.sd. 79221 IN A 196.223.159.7
- ;; Query time: 36 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: lun avr 29 13:51:48 EDT 2019
- ;; MSG SIZE rcvd: 55
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace mga.gov.sd
- ;; global options: +cmd
- . 85526 IN NS i.root-servers.net.
- . 85526 IN NS a.root-servers.net.
- . 85526 IN NS l.root-servers.net.
- . 85526 IN NS d.root-servers.net.
- . 85526 IN NS k.root-servers.net.
- . 85526 IN NS e.root-servers.net.
- . 85526 IN NS g.root-servers.net.
- . 85526 IN NS m.root-servers.net.
- . 85526 IN NS h.root-servers.net.
- . 85526 IN NS j.root-servers.net.
- . 85526 IN NS f.root-servers.net.
- . 85526 IN NS c.root-servers.net.
- . 85526 IN NS b.root-servers.net.
- . 85526 IN RRSIG NS 8 0 518400 20190512170000 20190429160000 25266 . y0YDAK25lovphaX52TQexBmA67CnqvhTlSS8QOV3Rb8BNBaub+jlyD3K rVdfuG+vM3acpcGq8db1jZ5L3FcYGZWyNX3wngka/JiosHkPTdygq9+P YzQYpAlqMtcMUDt3IQnxraSStO+3DtkbW2zw79lsrsEwsjHIop8vWF29 Qgls3IbhcOqauEjP3MU+Mcrmmw9KMjIekdQf1geg71noATpmLkYyeVKr zL+TDL0HVElFetoGQUlEz5zyibzdPtpHeiZchEsxp0rZEoZiyyW9NgAx cdijqLB/+ccP7w/SgTzPXiGdkQicTckFOpmkDorO+TQadSAqQ+5wYNBa VMfRVg==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 172800 IN NS ans1.sis.sd.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 172800 IN NS ans2.canar.sd.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190512170000 20190429160000 25266 . de8bUIfgGggYP5tEhwkEWuiE7GurL+Seuhejtz37CzW1+f4xf8DET2xy LBpW6TsLS3cmPUFsTQOL5PvLGEZFuYjiRQkkz0xI2Yzh43roorjNsBLj GrEDM4uCJbb5Br3ADATASDJWb/hzdUdbpBS3rDbrMA7FZPcNedsXanvu 0ks5T/7fYaUu6WUt3HL5LxkUTALUCvAI/FtDt5qADlkFoTwMRfZh98S1 WYweewjxJ4Vcj5BRVlFgg8FrZ5zuIHz/Rc5qOGelB+HTnBKy7bGnHZIK F5BFzNhQU3KMpZcY8Fz67AaTBD5PKuQE83RYliejwqrsgiMbut3aBh+u TozfJg==
- ;; Received 697 bytes from 2001:7fd::1#53(k.root-servers.net) in 69 ms
- ;; Received 67 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 222 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: mga.gov.sd
- [-] DNSSEC is not configured for mga.gov.sd
- [*] SOA ns.nctr.sd 196.223.159.8
- [*] NS ns.nctr.sd 196.223.159.8
- [*] Bind Version for 196.223.159.8 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2
- [*] MX mail.mga.gov.sd 62.12.101.2
- [*] A mga.gov.sd 196.223.159.7
- [*] Enumerating SRV Records
- [-] No SRV Records Found for mga.gov.sd
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain mga.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 196.223.159.8 - ns.nctr.sd
- [-] Zone transfer failed
- [+] MX records found, added to target list
- 10 mail.mga.gov.sd.
- [*] Scanning mga.gov.sd for A records
- 196.223.159.7 - mga.gov.sd
- 62.12.101.2 - mail.mga.gov.sd
- 62.12.101.2 - webmail.mga.gov.sd
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 62.12.101.2 302 host mail.mga.gov.sd nginx
- 62.12.101.2 302 alias webmail.mga.gov.sd nginx
- 62.12.101.2 302 host mail.mga.gov.sd nginx
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- mga.gov.sd -----
- Host's addresses:
- __________________
- mga.gov.sd. 82016 IN A 196.223.159.7
- Name Servers:
- ______________
- ns.nctr.sd. 82524 IN A 196.223.159.8
- Mail (MX) Servers:
- ___________________
- mail.mga.gov.sd. 86400 IN A 62.12.101.2
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for mga.gov.sd on ns.nctr.sd ...
- brute force file not specified, bay.
- #######################################################################################################################################
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for mga.gov.sd
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- SSL Certificates: mail.mga.gov.sd
- DNSdumpster: mail.mga.gov.sd
- Google: webmail.mga.gov.sd
- Google: mail.mga.gov.sd
- [-] Saving results to file: /usr/share/sniper/loot//domains/domains-mga.gov.sd.txt
- [-] Total Unique Subdomains Found: 2
- mail.mga.gov.sd
- webmail.mga.gov.sd
- #######################################################################################################################################
- mga.gov.sd 196.223.159.7
- mail.mga.gov.sd 62.12.101.2
- webmail.mga.gov.sd 62.12.101.2
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on mga.gov.sd
- dnsdb: Unexpected return status 503
- waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.mga.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
- dogpile: Get https://www.dogpile.com/search/web?q=mga.gov.sd&qsi=1: EOF
- archiveis: Get http://archive.is/*.mga.gov.sd: dial tcp 51.38.113.224:80: connect: connection timed out
- Starting Bruteforcing of mga.gov.sd with 9985 words
- Total 5 Unique subdomains found for mga.gov.sd
- .mga.gov.sd
- mail.mga.gov.sd
- mail.mga.gov.sd
- webmail.mga.gov.sd
- webmail.mga.gov.sd
- #######################################################################################################################################
- [*] Processing domain mga.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 196.223.159.8 - ns.nctr.sd
- [-] Zone transfer failed
- [+] MX records found, added to target list
- 10 mail.mga.gov.sd.
- [*] Scanning mga.gov.sd for A records
- 196.223.159.7 - mga.gov.sd
- 62.12.101.2 - mail.mga.gov.sd
- 62.12.101.2 - webmail.mga.gov.sd
- #######################################################################################################################################
- [+] mga.gov.sd has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for mga.gov.sd!
- #######################################################################################################################################
- INFO[0000] Starting to process queue....
- INFO[0000] Starting to process permutations....
- INFO[0000] FORBIDDEN http://mga.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-uploads.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-media.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-public.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-backup.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-billing.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-logs.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-training.s3.amazonaws.com (http://mga.gov.sd)
- INFO[0000] FORBIDDEN http://mga-temp.s3.amazonaws.com (http://mga.gov.sd)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:18 EDT
- Nmap scan report for mga.gov.sd (196.223.159.7)
- Host is up (0.13s latency).
- Not shown: 470 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:18 EDT
- Nmap scan report for mga.gov.sd (196.223.159.7)
- Host is up (0.021s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning https://mga.gov.sd...
- _________________________________________ SITE INFO __________________________________________
- IP Title
- 196.223.159.7 وكالة ضمان التمويل الأصغر – تيسير
- __________________________________________ VERSION ___________________________________________
- Name Versions Type
- WordPress 5.1 CMS
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- ________________________________________ INTERESTING _________________________________________
- URL Note Type
- /robots.txt robots.txt index Interesting
- /test.html Test file Interesting
- ___________________________________________ TOOLS ____________________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- ______________________________________________________________________________________________
- Time: 103.9 sec Urls: 229 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 301 Moved Permanently
- Date: Mon, 29 Apr 2019 16:57:09 GMT
- Server: Apache
- Location: https://mga.gov.sd/
- Content-Type: text/html; charset=iso-8859-1
- HTTP/1.1 301 Moved Permanently
- Date: Mon, 29 Apr 2019 16:57:10 GMT
- Server: Apache
- Location: https://mga.gov.sd/
- Content-Type: text/html; charset=iso-8859-1
- HTTP/1.1 200 OK
- Date: Mon, 29 Apr 2019 16:57:11 GMT
- Server: Apache
- X-Frame-Options: SAMEORIGIN
- Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
- Link: <https://mga.gov.sd/>; rel=shortlink
- Content-Type: text/html; charset=UTF-8
- #######################################################################################################################################
- jQuery Migrate
- Google Font API
- prettyPhoto
- Apache
- jQuery 1.12.4
- WordPress 5.1
- Slick
- YouTube
- WordPress
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Mon, 29 Apr 2019 16:58:05 GMT
- Server: Apache
- X-Frame-Options: SAMEORIGIN
- Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
- Link: <https://mga.gov.sd/>; rel=shortlink
- Content-Type: text/html; charset=UTF-8
- HTTP/1.1 200 OK
- Date: Mon, 29 Apr 2019 16:58:06 GMT
- Server: Apache
- X-Frame-Options: SAMEORIGIN
- Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
- Link: <https://mga.gov.sd/>; rel=shortlink
- Content-Type: text/html; charset=UTF-8
- #######################################################################################################################################
- jQuery Migrate
- prettyPhoto
- Apache
- Google Font API
- jQuery 1.12.4
- WordPress 5.1
- Slick
- YouTube
- WordPress
- #######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 196.223.159.7
- Testing SSL server mga.gov.sd on port 443 using SNI name mga.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: mga.gov.sd
- Altnames: DNS:mga.gov.sd
- Issuer: Let's Encrypt Authority X3
- Not valid before: Mar 7 05:21:22 2019 GMT
- Not valid after: Jun 5 05:21:22 2019 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------+---------------------------------+----------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------+---------------------------------+----------------------------------------------+----------+----------+
- | SVN | https://196.223.159.7:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
- +----------+---------------------------------+----------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
- Nmap scan report for 196.223.159.7
- Host is up (0.12s latency).
- Not shown: 470 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
- Nmap scan report for 196.223.159.7
- Host is up (0.021s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
- Nmap scan report for 196.223.159.7
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.57 ms 10.243.200.1
- 2 23.15 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 43.56 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 22.64 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 23.42 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.39 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 28.79 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
- 8 31.66 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
- 9 31.63 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
- 10 31.26 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
- 11 153.43 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
- 12 188.35 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
- 13 220.45 ms 212.0.131.109
- 14 213.02 ms 196.202.137.249
- 15 210.64 ms 196.202.137.250
- 16 ...
- 17 216.94 ms 196.223.156.10
- 18 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:31 EDT
- Nmap scan report for 196.223.159.7
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.05 ms 10.243.200.1
- 2 22.45 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 38.09 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 22.44 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 22.87 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 22.56 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 28.15 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
- 8 30.86 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
- 9 30.93 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
- 10 30.95 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
- 11 153.47 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
- 12 189.62 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
- 13 220.81 ms 212.0.131.109
- 14 213.41 ms 196.202.137.249
- 15 216.19 ms 196.202.137.250
- 16 ...
- 17 219.45 ms 196.223.156.10
- 18 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:33 EDT
- Nmap scan report for 196.223.159.7
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 20.25 ms 10.243.200.1
- 2 20.65 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 38.83 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 20.42 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 21.02 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 20.84 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 26.46 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
- 8 28.89 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
- 9 29.13 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
- 10 29.17 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
- 11 153.63 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
- 12 201.26 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
- 13 221.23 ms 212.0.131.109
- 14 213.81 ms 196.202.137.249
- 15 211.22 ms 196.202.137.250
- 16 ...
- 17 217.99 ms 196.223.156.10
- 18 ... 30
- #######################################################################################################################################
- HTTP/1.1 301 Moved Permanently
- Date: Mon, 29 Apr 2019 17:13:09 GMT
- Server: Apache
- Location: https://196.223.159.7/
- Content-Type: text/html; charset=iso-8859-1
- HTTP/1.1 301 Moved Permanently
- Date: Mon, 29 Apr 2019 17:13:09 GMT
- Server: Apache
- Location: https://196.223.159.7/
- Content-Type: text/html; charset=iso-8859-1
- #######################################################################################################################################
- jQuery Migrate
- prettyPhoto
- Apache
- jQuery 1.12.4
- WordPress 5.1
- Slick
- YouTube
- Google Font API
- WordPress
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:36 EDT
- Nmap scan report for 196.223.159.7
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 20.89 ms 10.243.200.1
- 2 21.09 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 33.11 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 21.08 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 21.54 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 21.53 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 26.71 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
- 8 29.57 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
- 9 29.93 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
- 10 30.00 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
- 11 152.29 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
- 12 185.41 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
- 13 219.49 ms 212.0.131.109
- 14 212.06 ms 196.202.137.249
- 15 209.66 ms 196.202.137.250
- 16 ...
- 17 216.29 ms 196.223.156.10
- 18 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:38 EDT
- Nmap scan report for 196.223.159.7
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 20.29 ms 10.243.200.1
- 2 20.75 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 35.36 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 20.73 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 20.80 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 20.79 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 26.36 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
- 8 29.33 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
- 9 29.56 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
- 10 30.76 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
- 11 153.69 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
- 12 186.38 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
- 13 220.36 ms 212.0.131.109
- 14 213.35 ms 196.202.137.249
- 15 210.96 ms 196.202.137.250
- 16 ...
- 17 223.93 ms 196.223.156.10
- 18 ... 30
- #######################################################################################################################################
- jQuery Migrate
- prettyPhoto
- Apache
- jQuery 1.12.4
- WordPress 5.1
- Slick
- YouTube
- Google Font API
- WordPress
- #######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 196.223.159.7
- Testing SSL server 196.223.159.7 on port 443 using SNI name 196.223.159.7
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: localhost.localdomain
- Issuer: localhost.localdomain
- Not valid before: Mar 4 10:48:37 2019 GMT
- Not valid after: Mar 3 10:48:37 2020 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------+---------------------------------+----------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------+---------------------------------+----------------------------------------------+----------+----------+
- | SVN | https://196.223.159.7:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
- +----------+---------------------------------+----------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:48 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 13:48
- Completed NSE at 13:48, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 13:48
- Completed NSE at 13:48, 0.00s elapsed
- Initiating Ping Scan at 13:48
- Scanning 196.223.159.7 [4 ports]
- Completed Ping Scan at 13:48, 0.25s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 13:48
- Completed Parallel DNS resolution of 1 host. at 13:48, 0.02s elapsed
- Initiating Connect Scan at 13:48
- Scanning 196.223.159.7 [65535 ports]
- Discovered open port 443/tcp on 196.223.159.7
- Discovered open port 80/tcp on 196.223.159.7
- Connect Scan Timing: About 6.58% done; ETC: 13:55 (0:07:20 remaining)
- Connect Scan Timing: About 19.31% done; ETC: 13:53 (0:04:15 remaining)
- Connect Scan Timing: About 33.45% done; ETC: 13:52 (0:03:01 remaining)
- Discovered open port 55555/tcp on 196.223.159.7
- Connect Scan Timing: About 47.78% done; ETC: 13:52 (0:02:12 remaining)
- Connect Scan Timing: About 60.63% done; ETC: 13:52 (0:01:38 remaining)
- Connect Scan Timing: About 78.07% done; ETC: 13:51 (0:00:51 remaining)
- Completed Connect Scan at 13:51, 229.09s elapsed (65535 total ports)
- Initiating Service scan at 13:51
- Scanning 3 services on 196.223.159.7
- Completed Service scan at 13:52, 54.35s elapsed (3 services on 1 host)
- Initiating OS detection (try #1) against 196.223.159.7
- Retrying OS detection (try #2) against 196.223.159.7
- Initiating Traceroute at 13:52
- Completed Traceroute at 13:52, 6.08s elapsed
- Initiating Parallel DNS resolution of 16 hosts. at 13:52
- Completed Parallel DNS resolution of 16 hosts. at 13:53, 2.54s elapsed
- NSE: Script scanning 196.223.159.7.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 13:53
- Completed NSE at 13:53, 13.68s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 13:53
- Completed NSE at 13:53, 0.43s elapsed
- Nmap scan report for 196.223.159.7
- Host is up, received syn-ack ttl 44 (0.16s latency).
- Scanned at 2019-04-29 13:48:02 EDT for 313s
- Not shown: 65528 filtered ports
- Reason: 65528 no-responses
- PORT STATE SERVICE REASON VERSION
- 25/tcp closed smtp conn-refused
- 80/tcp open http syn-ack Apache httpd
- |_http-server-header: Apache
- 113/tcp closed ident conn-refused
- 139/tcp closed netbios-ssn conn-refused
- 443/tcp open ssl/http syn-ack Apache httpd
- |_http-server-header: Apache
- |_http-title: 403 Forbidden
- | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--/organizationalUnitName=SomeOrganizationalUnit/localityName=SomeCity/emailAddress=root@localhost.localdomain
- | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--/organizationalUnitName=SomeOrganizationalUnit/localityName=SomeCity/emailAddress=root@localhost.localdomain
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2019-03-04T10:48:37
- | Not valid after: 2020-03-03T10:48:37
- | MD5: f0a4 68ed bf02 8b9c 3d57 ab8c 95d4 0db4
- | SHA-1: 0f54 2301 b567 052f 2b60 9b96 830c 747b 28bd 1ca2
- | -----BEGIN CERTIFICATE-----
- | MIIEDjCCAvagAwIBAgICXzMwDQYJKoZIhvcNAQELBQAwgbsxCzAJBgNVBAYTAi0t
- | MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
- | DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
- | bml0MR4wHAYDVQQDDBVsb2NhbGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0B
- | CQEWGnJvb3RAbG9jYWxob3N0LmxvY2FsZG9tYWluMB4XDTE5MDMwNDEwNDgzN1oX
- | DTIwMDMwMzEwNDgzN1owgbsxCzAJBgNVBAYTAi0tMRIwEAYDVQQIDAlTb21lU3Rh
- | dGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQKDBBTb21lT3JnYW5pemF0aW9u
- | MR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxVbml0MR4wHAYDVQQDDBVsb2Nh
- | bGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0BCQEWGnJvb3RAbG9jYWxob3N0
- | LmxvY2FsZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwG1
- | x7bk9JOxI2Ah0JXVcEXE/dctQwwSjfM3Rr4PjZ3zRXak7trJuj7VdCu9sGn+B2MX
- | eKhBRx9jPDSirlryLpv4rCEomOMkGOSunsTswJMfaiCC5qNEu5PXKRuWa9BJLj3n
- | uwNGhLbGY5ZlAZMKysYj6AHhH2ASLX8SphAGTiaRTyX0R/nDeQIEBwJXRa/326WW
- | T6EbODaKj6Db7w40Yf+ISXbs+GoRQq0RNwMvg9i/AdGhvT9RiBMMlhTj65QG29Ym
- | AJEqQLCS5BiaiH2k/dZV9ytAcjF2Qd9JeI3mat7twkNI3nJ2xToSSluPpOUeJN9g
- | Ga3VZ0h/yOu5loAGbwIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAN
- | BgkqhkiG9w0BAQsFAAOCAQEAPR1wyeSlX0cJ8Fu7NUCNDJFY1YGM+NsHRIhwYCgy
- | jgKARTiJEyAWFr2xNhFdPinE5pQEuV05TG4N7PoQLi8gSji4dTg+o8JFqMer3AxE
- | ghNFCwIwsG/splefluQyMZA4avwlC4Vi2HOV3tL3k4u4JCMSlqU10/btpIWWx7H1
- | elkXMSV8v+kCFJz069JzUtTCQXtYW4s2617aa37fIWQs1sBDJhkGDYUMDvxY66YE
- | C0XPc0ecjzBxrO7qCeDmdXAQCKPmEv3QLWC20AGHxC+QikgBgx551DlNblgjBAip
- | hEIpxtagkIy+g/hPi3zeVsHJuUNIL82F116rRiIwvTnb7A==
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- 445/tcp closed microsoft-ds conn-refused
- 55555/tcp open ssl/unknown syn-ack
- | ssl-cert: Subject: commonName=SN2KXA16C0776A7/organizationName=NETASQ - Secure Internet Connectivity/stateOrProvinceName=Nord/countryName=FR/localityName=Villeneuve d'Ascq/organizationalUnitName=SN2000-A
- | Issuer: organizationName=NETASQ - Secure Internet Connectivity/stateOrProvinceName=Nord/countryName=FR/localityName=Villeneuve d'Ascq/organizationalUnitName=NETASQ Firewall Certification Authority
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2016-03-15T05:32:57
- | Not valid after: 2026-03-15T05:32:57
- | MD5: 682f b959 b4e1 72e9 90a9 ca84 bf3c 48ed
- | SHA-1: d7ae 82f8 9ede 6bdc 9d5e 2f0a e77d 1870 1b15 7ebf
- | -----BEGIN CERTIFICATE-----
- | MIIEyDCCA7CgAwIBAgIDAppUMA0GCSqGSIb3DQEBBQUAMIGaMQswCQYDVQQGEwJG
- | UjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAs
- | BgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxMDAu
- | BgNVBAsTJ05FVEFTUSBGaXJld2FsbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
- | Fw0xNjAzMTUwNTMyNTdaFw0yNjAzMTUwNTMyNTdaMIGVMQswCQYDVQQGEwJGUjEN
- | MAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
- | BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxETAPBgNV
- | BAsTCFNOMjAwMC1BMRgwFgYDVQQDEw9TTjJLWEExNkMwNzc2QTcwggEiMA0GCSqG
- | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz9ykvEkvmKbJg8J9LI/bE1Q7WIp3kU96+
- | XAXQl7Wcjjn8QfXr/kuJrn5mDfJA9Dhpd+80rh/8VN2t9431RqL2BoO2i8DsgFwO
- | hWVGHqiPH+OUq7Cos1Gw8qBBIkA05Kyc+vhj33eC4gEcsWQbUfWzFW5NlSs1WzF7
- | gTM1H2XIQxkg1J6jNUBXggLREfVE+HzbLUTXjHTB7kG5A5RpLhhAwMki61oAAmGZ
- | rlOElYV8kcHhw/B9RzJYiqeMFPd8NZN+OhMjSEkn/KR5i2+ute7MaYq1MQkytqR0
- | dAKKFxenOAa2ML7Jc2Pas/19t9Tyz/DSBIQOK7HSGOtGiXYVUo0LAgMBAAGjggEY
- | MIIBFDAdBgNVHQ4EFgQUwZH7ZQXFbXnQaS4zLbdyw6hXE9owgccGA1UdIwSBvzCB
- | vIAUzXQlIDavu8lTfZi4VukOpt8n7m2hgaCkgZ0wgZoxCzAJBgNVBAYTAkZSMQ0w
- | CwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UE
- | ChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEwMC4GA1UE
- | CxMnTkVUQVNRIEZpcmV3YWxsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAkG
- | A1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgVgMAsGA1UdDwQEAwIF4DANBgkqhkiG
- | 9w0BAQUFAAOCAQEAey/0czwaTCnqbRaT9oxjtR9cSXVhHLwKN6J9kew6hiWuAFhO
- | TARS4+Zu0neXcTjpQiV2eAfXo0NxWWYMXhfJwBxrjIlneqPgrY5vC84xn7FjzMRI
- | 4j20W4BQ/JdPabsWtouu4uNI2ifTCcryufKcztHN4jmTTgKPPu3mcmND15mFYOvQ
- | 3/MvLKDe1xlaY5oD5VsOmRW7/1Wx4j2TgXBROLkroE9yIoxyvy6DwBh32BYjN7B6
- | q8IHUK2c/WU6eo3GZTtJ4uKCmHmwpnk3i67YGSXmLVXye/d8w745vTA+yEdzx+Bc
- | XXwiRsj0uUmBPTU8Kh9sPBE7yzU9+TX2f/RWeA==
- |_-----END CERTIFICATE-----
- Device type: general purpose|firewall|storage-misc
- Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (86%), Synology DiskStation Manager 5.X (85%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
- OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
- Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 2.6.32 (88%), Linux 2.6.32 - 3.1 (88%), Linux 2.6.32 - 3.13 (87%), Linux 2.6.32 or 3.10 (86%), Linux 3.4 (86%), WatchGuard Fireware 11.8 (86%), Linux 2.6.39 (86%), Linux 2.6.32 - 2.6.39 (85%), Linux 3.10 (85%)
- No exact OS matches for host (test conditions non-ideal).
- TCP/IP fingerprint:
- SCAN(V=7.70%E=4%D=4/29%OT=80%CT=25%CU=%PV=N%G=N%TM=5CC73A0B%P=x86_64-pc-linux-gnu)
- SEQ(SP=104%GCD=1%ISR=109%TI=Z%CI=Z%TS=A)
- OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
- WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)
- ECN(R=Y%DF=Y%TG=40%W=3908%O=M44FNNSNW7%CC=Y%Q=)
- T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
- T2(R=N)
- T3(R=N)
- T4(R=N)
- T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
- T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
- T7(R=N)
- U1(R=N)
- IE(R=N)
- Uptime guess: 11.600 days (since Wed Apr 17 23:29:09 2019)
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.98 ms 10.243.200.1
- 2 23.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 38.72 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 23.05 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 24.45 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.08 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
- 7 29.16 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
- 8 30.96 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
- 9 30.99 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
- 10 31.03 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
- 11 153.46 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
- 12 209.44 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
- 13 220.20 ms 212.0.131.109
- 14 213.12 ms 196.202.137.249
- 15 210.58 ms 196.202.137.250
- 16 ...
- 17 217.07 ms 196.223.156.10
- 18 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 13:53
- Completed NSE at 13:53, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 13:53
- Completed NSE at 13:53, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 314.01 seconds
- Raw packets sent: 136 (9.976KB) | Rcvd: 564 (76.424KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:53 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 13:53
- Completed NSE at 13:53, 0.00s elapsed
- Initiating NSE at 13:53
- Completed NSE at 13:53, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 13:53
- Completed Parallel DNS resolution of 1 host. at 13:53, 0.03s elapsed
- Initiating UDP Scan at 13:53
- Scanning 196.223.159.7 [14 ports]
- Completed UDP Scan at 13:53, 1.48s elapsed (14 total ports)
- Initiating Service scan at 13:53
- Scanning 12 services on 196.223.159.7
- Service scan Timing: About 8.33% done; ETC: 14:12 (0:17:58 remaining)
- Completed Service scan at 13:55, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against 196.223.159.7
- Retrying OS detection (try #2) against 196.223.159.7
- Initiating Traceroute at 13:55
- Completed Traceroute at 13:55, 7.11s elapsed
- Initiating Parallel DNS resolution of 1 host. at 13:55
- Completed Parallel DNS resolution of 1 host. at 13:55, 0.01s elapsed
- NSE: Script scanning 196.223.159.7.
- Initiating NSE at 13:55
- Completed NSE at 13:55, 20.32s elapsed
- Initiating NSE at 13:55
- Completed NSE at 13:55, 1.02s elapsed
- Nmap scan report for 196.223.159.7
- Host is up (0.022s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 138/udp)
- HOP RTT ADDRESS
- 1 22.61 ms 10.243.200.1
- 2 ... 3
- 4 20.64 ms 10.243.200.1
- 5 23.77 ms 10.243.200.1
- 6 23.76 ms 10.243.200.1
- 7 23.75 ms 10.243.200.1
- 8 23.75 ms 10.243.200.1
- 9 23.74 ms 10.243.200.1
- 10 23.76 ms 10.243.200.1
- 11 ... 18
- 19 25.32 ms 10.243.200.1
- 20 21.98 ms 10.243.200.1
- 21 21.74 ms 10.243.200.1
- 22 ... 27
- 28 21.60 ms 10.243.200.1
- 29 ...
- 30 28.45 ms 10.243.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 13:55
- Completed NSE at 13:55, 0.00s elapsed
- Initiating NSE at 13:55
- Completed NSE at 13:55, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 135.71 seconds
- Raw packets sent: 148 (9.992KB) | Rcvd: 131 (22.794KB)
- #######################################################################################################################################
- [+] URL: https://mga.gov.sd/
- [+] Started: Mon Apr 29 12:12:57 2019
- Interesting Finding(s):
- [+] https://mga.gov.sd/
- | Interesting Entry: Server: Apache
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://mga.gov.sd/robots.txt
- | Interesting Entries:
- | - /wp-admin/
- | - /wp-admin/admin-ajax.php
- | Found By: Robots Txt (Aggressive Detection)
- | Confidence: 100%
- [+] https://mga.gov.sd/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] This site seems to be a multisite
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- | Reference: http://codex.wordpress.org/Glossary#Multisite
- [+] This site has 'Must Use Plugins': https://mga.gov.sd/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://mga.gov.sd/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 5.1 identified (Insecure, released on 2019-02-21).
- | Detected By: Rss Generator (Passive Detection)
- | - https://mga.gov.sd/feed, <generator>https://wordpress.org/?v=5.1</generator>
- | Confirmed By: Emoji Settings (Passive Detection)
- | - https://mga.gov.sd/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.1'
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 5.1.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [+] WordPress theme in use: microbankpro
- | Location: https://mga.gov.sd/wp-content/themes/microbankpro/
- | Readme: https://mga.gov.sd/wp-content/themes/microbankpro/readme.txt
- | Style URL: https://mga.gov.sd/wp-content/themes/microbankpro/style.css?ver=5.1
- | Style Name: MicroBank Pro
- | Style URI: https://inkthemes.com/microbankpro-wordpress-theme
- | Description: MicroBank Pro for WordPress is one of the easiest themes to build your Web Presence in 10 Minutes. J...
- | Author: InkThemes.com
- | Author URI: http://www.inkthemes.com
- |
- | Detected By: Css Style (Passive Detection)
- |
- | Version: 2.2.1 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - https://mga.gov.sd/wp-content/themes/microbankpro/style.css?ver=5.1, Match: 'Version: 2.2.1'
- [+] Enumerating All Plugins (via Passive Methods)
- [+] Checking Plugin Versions (via Passive and Aggressive Methods)
- [i] Plugin(s) Identified:
- [+] archives-calendar-widget
- | Location: https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/
- | Latest Version: 1.0.12 (up to date)
- | Last Updated: 2016-11-13T11:55:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.0.12 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/themes/calendrier.css?ver=1.0.12
- | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/admin/js/jquery.arcw-init.js?ver=1.0.12
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/readme.txt
- [+] contact-form-7
- | Location: https://mga.gov.sd/wp-content/plugins/contact-form-7/
- | Latest Version: 5.1.1 (up to date)
- | Last Updated: 2018-12-18T18:05:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 5.1.1 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
- | - https://mga.gov.sd/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/contact-form-7/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/contact-form-7/readme.txt
- [+] dk-new-medias-image-rotator-widget
- | Location: https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/
- | Latest Version: 1.2.1 (up to date)
- | Last Updated: 2016-05-06T17:30:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.2.1 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/readme.txt
- [+] multi-rating
- | Location: https://mga.gov.sd/wp-content/plugins/multi-rating/
- | Latest Version: 4.3 (up to date)
- | Last Updated: 2018-05-18T12:15:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 4.3 (60% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/multi-rating/assets/js/frontend-min.js?ver=4.3
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/multi-rating/readme.txt
- [+] newsletter
- | Location: https://mga.gov.sd/wp-content/plugins/newsletter/
- | Last Updated: 2019-04-18T06:55:00.000Z
- | [!] The version is out of date, the latest version is 5.9.3
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 5.8.9 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/newsletter/subscription/validate.js?ver=5.8.9
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/newsletter/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/newsletter/readme.txt
- [+] popups
- | Location: https://mga.gov.sd/wp-content/plugins/popups/
- | Last Updated: 2019-04-09T15:37:00.000Z
- | [!] The version is out of date, the latest version is 1.9.3.6
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.9.3.4 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/popups/public/assets/css/public.css?ver=1.9.3.4
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/popups/README.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/popups/README.txt
- [+] searchwp-live-ajax-search
- | Location: https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/
- | Latest Version: 1.3.1 (up to date)
- | Last Updated: 2018-02-19T01:47:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.3.1 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.css?ver=1.3.1
- | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/build/searchwp-live-search.min.js?ver=1.3.1
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/readme.txt
- [+] siteorigin-panels
- | Location: https://mga.gov.sd/wp-content/plugins/siteorigin-panels/
- | Last Updated: 2019-04-06T00:55:00.000Z
- | [!] The version is out of date, the latest version is 2.10.5
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.10.2 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/siteorigin-panels/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/siteorigin-panels/readme.txt
- [+] smart-slider-3
- | Location: https://mga.gov.sd/wp-content/plugins/smart-slider-3/
- | Last Updated: 2019-04-05T08:59:00.000Z
- | [!] The version is out of date, the latest version is 3.3.18
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 3.3.15 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/smart-slider-3/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/smart-slider-3/readme.txt
- [+] stop-user-enumeration
- | Location: https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/
- | Latest Version: 1.3.20 (up to date)
- | Last Updated: 2019-02-27T08:57:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.3.20 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.20
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/readme.txt
- [+] tablepress
- | Location: https://mga.gov.sd/wp-content/plugins/tablepress/
- | Latest Version: 1.9.2 (up to date)
- | Last Updated: 2019-02-22T15:10:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.9.2 (90% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/tablepress/css/default.min.css?ver=1.9.2
- | Confirmed By: Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/tablepress/readme.txt
- [+] widget-countdown
- | Location: https://mga.gov.sd/wp-content/plugins/widget-countdown/
- | Last Updated: 2019-03-18T18:09:00.000Z
- | [!] The version is out of date, the latest version is 2.0.4
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.0.3 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/widget-countdown/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/widget-countdown/readme.txt
- [+] wp-google-map-plugin
- | Location: https://mga.gov.sd/wp-content/plugins/wp-google-map-plugin/
- | Latest Version: 4.0.8 (up to date)
- | Last Updated: 2019-03-18T04:32:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 4.0.8 (50% confidence)
- | Detected By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://mga.gov.sd/wp-content/plugins/wp-google-map-plugin/readme.txt
- [+] wp-logo-showcase-responsive-slider-slider
- | Location: https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/
- | Last Updated: 2019-04-12T08:50:00.000Z
- | [!] The version is out of date, the latest version is 2.2.3
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.2.2 (20% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/slick.css?ver=2.2.2
- | - https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/logo-showcase.css?ver=2.2.2
- [+] wp-statistics
- | Location: https://mga.gov.sd/wp-content/plugins/wp-statistics/
- | Last Updated: 2019-04-24T06:57:00.000Z
- | [!] The version is out of date, the latest version is 12.6.4
- |
- | Detected By: Comment (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: WP Statistics <= 12.6.3 - Cross-Site Scripting (XSS)
- | Fixed in: 12.6.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/9261
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10864
- | - https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c
- |
- | Version: 12.6 (60% confidence)
- | Detected By: Comment (Passive Detection)
- | - https://mga.gov.sd/, Match: 'Analytics by WP-Statistics v12.6'
- [+] Enumerating Config Backups (via Passive and Aggressive Methods)
- Checking Config Backups - Time: 00:00:02 <===> (21 / 21) 100.00% Time: 00:00:02
- [i] No Config Backups Found.
- [+] Finished: Mon Apr 29 12:13:35 2019
- [+] Requests Done: 91
- [+] Cached Requests: 6
- [+] Data Sent: 20.692 KB
- [+] Data Received: 944.714 KB
- [+] Memory used: 177.352 MB
- [+] Elapsed time: 00:00:37
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #60
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement