JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #60

Apr 29th, 2019
788
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 76.51 KB | None | 0 0
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname mga.gov.sd ISP MAX-NET-FOR-INTERNET-SERVICES
  4. Continent Africa Flag
  5. SD
  6. Country Sudan Country Code SD
  7. Region Unknown Local time 29 Apr 2019 17:54 CAT
  8. City Unknown Postal Code Unknown
  9. IP Address 196.223.159.7 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > mga.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: mga.gov.sd
  19. Address: 196.223.159.7
  20. >
  21. #######################################################################################################################################
  22. HostIP:196.223.159.7
  23. HostName:mga.gov.sd
  24.  
  25. Gathered Inet-whois information for 196.223.159.7
  26. --------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 196.15.64.0 - 198.10.255.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:49:04Z
  61. last-modified: 2019-01-07T10:49:04Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % Information related to '196.223.152.0/21AS37211'
  77.  
  78. route: 196.223.152.0/21
  79. origin: AS37211
  80. mnt-by: RIPE-MAXNET-MNT
  81. created: 2016-07-24T12:11:55Z
  82. last-modified: 2018-09-04T18:30:00Z
  83. source: RIPE-NONAUTH
  84.  
  85. % This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)
  86.  
  87.  
  88.  
  89. Gathered Inic-whois information for mga.gov.sd
  90. ---------------------------------------------------------------------------------------------------------------------------------------
  91. Error: Unable to connect - Invalid Host
  92. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  93. close error
  94.  
  95. Gathered Netcraft information for mga.gov.sd
  96. ---------------------------------------------------------------------------------------------------------------------------------------
  97.  
  98. Retrieving Netcraft.com information for mga.gov.sd
  99. Netcraft.com Information gathered
  100.  
  101. Gathered Subdomain information for mga.gov.sd
  102. ---------------------------------------------------------------------------------------------------------------------------------------
  103. Searching Google.com:80...
  104. HostName:webmail.mga.gov.sd
  105. HostIP:62.12.101.2
  106. HostName:mail.mga.gov.sd
  107. HostIP:62.12.101.2
  108. Searching Altavista.com:80...
  109. Found 2 possible subdomain(s) for host mga.gov.sd, Searched 0 pages containing 0 results
  110.  
  111. Gathered E-Mail information for mga.gov.sd
  112. ---------------------------------------------------------------------------------------------------------------------------------------
  113. Searching Google.com:80...
  114. Searching Altavista.com:80...
  115. Found 0 E-Mail(s) for host mga.gov.sd, Searched 0 pages containing 0 results
  116.  
  117. Gathered TCP Port information for 196.223.159.7
  118. ---------------------------------------------------------------------------------------------------------------------------------------
  119.  
  120. Port State
  121.  
  122. 80/tcp open
  123.  
  124. Portscan Finished: Scanned 150 ports, 3 ports were in state closed
  125. #######################################################################################################################################
  126. [i] Scanning Site: https://mga.gov.sd
  127.  
  128.  
  129.  
  130. B A S I C I N F O
  131. =======================================================================================================================================
  132.  
  133.  
  134. [+] Site Title: وكالة ضمان التمويل الأصغر – تيسير
  135. [+] IP address: 196.223.159.7
  136. [+] Web Server: Apache
  137. [+] CMS: WordPress
  138. [+] Cloudflare: Not Detected
  139. [+] Robots File: Found
  140.  
  141. -------------[ contents ]----------------
  142. User-agent: *
  143. Disallow: /wp-admin/
  144. Allow: /wp-admin/admin-ajax.php
  145.  
  146. -----------[end of contents]-------------
  147.  
  148.  
  149.  
  150.  
  151.  
  152.  
  153.  
  154. G E O I P L O O K U P
  155. =======================================================================================================================================
  156.  
  157. [i] IP Address: 196.223.159.7
  158. [i] Country: Sudan
  159. [i] State:
  160. [i] City:
  161. [i] Latitude: 15.0
  162. [i] Longitude: 30.0
  163.  
  164.  
  165.  
  166.  
  167. H T T P H E A D E R S
  168. =======================================================================================================================================
  169.  
  170.  
  171. [i] HTTP/1.0 200 OK
  172. [i] Date: Mon, 29 Apr 2019 15:57:04 GMT
  173. [i] Server: Apache
  174. [i] X-Frame-Options: SAMEORIGIN
  175. [i] Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
  176. [i] Link: <https://mga.gov.sd/>; rel=shortlink
  177. [i] Content-Length: 124980
  178. [i] Connection: close
  179. [i] Content-Type: text/html; charset=UTF-8
  180.  
  181.  
  182.  
  183.  
  184. D N S L O O K U P
  185. =======================================================================================================================================
  186.  
  187. mga.gov.sd. 21599 IN A 196.223.159.7
  188. mga.gov.sd. 21599 IN MX 10 mail.mga.gov.sd.
  189.  
  190.  
  191.  
  192.  
  193. S U B N E T C A L C U L A T I O N
  194. =======================================================================================================================================
  195.  
  196. Address = 196.223.159.7
  197. Network = 196.223.159.7 / 32
  198. Netmask = 255.255.255.255
  199. Broadcast = not needed on Point-to-Point links
  200. Wildcard Mask = 0.0.0.0
  201. Hosts Bits = 0
  202. Max. Hosts = 1 (2^0 - 0)
  203. Host Range = { 196.223.159.7 - 196.223.159.7 }
  204.  
  205.  
  206.  
  207. N M A P P O R T S C A N
  208. =======================================================================================================================================
  209.  
  210. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:20 UTC
  211. Nmap scan report for mga.gov.sd (196.223.159.7)
  212. Host is up (0.18s latency).
  213.  
  214. PORT STATE SERVICE
  215. 21/tcp filtered ftp
  216. 22/tcp filtered ssh
  217. 23/tcp filtered telnet
  218. 80/tcp open http
  219. 110/tcp filtered pop3
  220. 143/tcp filtered imap
  221. 443/tcp open https
  222. 3389/tcp filtered ms-wbt-server
  223.  
  224. Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds
  225.  
  226.  
  227.  
  228. S U B - D O M A I N F I N D E R
  229. =======================================================================================================================================
  230.  
  231.  
  232. [i] Total Subdomains Found : 1
  233.  
  234. [+] Subdomain: mail.mga.gov.sd
  235. [-] IP: 62.12.101.2
  236. #######################################################################################################################################
  237. [?] Enter the target: example( http://domain.com )
  238. https://mga.gov.sd/
  239. [!] IP Address : 196.223.159.7
  240. [!] CMS Detected : WordPress
  241. [?] Would you like to use WPScan? [Y/n] Y
  242. Scan Aborted: invalid option: --random-agent
  243. ---------------------------------------------------------------------------------------------------------------------------------------
  244. [~] Trying to gather whois information for mga.gov.sd
  245. [+] Whois information found
  246. [-] Unable to build response, visit https://who.is/whois/mga.gov.sd
  247. ---------------------------------------------------------------------------------------------------------------------------------------
  248. PORT STATE SERVICE
  249. 21/tcp filtered ftp
  250. 22/tcp filtered ssh
  251. 23/tcp filtered telnet
  252. 80/tcp open http
  253. 110/tcp filtered pop3
  254. 143/tcp filtered imap
  255. 443/tcp open https
  256. 3389/tcp filtered ms-wbt-server
  257. Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
  258. ---------------------------------------------------------------------------------------------------------------------------------------
  259. There was an error getting results
  260.  
  261. [-] DNS Records
  262. [>] Initiating 3 intel modules
  263. [>] Loading Alpha module (1/3)
  264. [>] Beta module deployed (2/3)
  265. [>] Gamma module initiated (3/3)
  266.  
  267.  
  268. [+] Emails found:
  269. ---------------------------------------------------------------------------------------------------------------------------------------
  270.  
  271. [+] Hosts found in search engines:
  272. ---------------------------------------------------------------------------------------------------------------------------------------
  273. [-] Resolving hostnames IPs...
  274. 62.12.101.2:webmail.mga.gov.sd
  275. [+] Virtual hosts:
  276. ---------------------------------------------------------------------------------------------------------------------------------------
  277. #######################################################################################################################################
  278. Enter : 16
  279. Enter Address Website = mga.gov.sd
  280.  
  281. Reverse IP With YouGetSignal 'mga.gov.sd'
  282. ---------------------------------------------------------------------------------------------------------------------------------------
  283.  
  284. [*] IP: 196.223.159.7
  285. [*] Domain: mga.gov.sd
  286. [*] Total Domains: 1
  287.  
  288. [+] mga.gov.sd
  289. #######################################################################################################################################
  290.  
  291. Geo IP Lookup 'mga.gov.sd'
  292. ---------------------------------------------------------------------------------------------------------------------------------------
  293.  
  294. [+] IP Address: 196.223.159.7
  295. [+] Country: Sudan
  296. [+] State:
  297. [+] City:
  298. [+] Latitude: 15.0
  299. [+] Longitude: 30.0
  300. #######################################################################################################################################
  301.  
  302. Bypass Cloudflare 'mga.gov.sd'
  303. ---------------------------------------------------------------------------------------------------------------------------------------
  304.  
  305. [!] CloudFlare Bypass 62.12.101.2 | webmail.mga.gov.sd
  306. [!] CloudFlare Bypass 62.12.101.2 | mail.mga.gov.sd
  307. #######################################################################################################################################
  308.  
  309. DNS Lookup 'mga.gov.sd'
  310. ---------------------------------------------------------------------------------------------------------------------------------------
  311.  
  312. [+] mga.gov.sd. 21599 IN A 196.223.159.7
  313. [+] mga.gov.sd. 21599 IN MX 10 mail.mga.gov.sd.
  314. #######################################################################################################################################
  315.  
  316. Show HTTP Header 'mga.gov.sd'
  317. ---------------------------------------------------------------------------------------------------------------------------------------
  318.  
  319. [+] HTTP/1.1 301 Moved Permanently
  320. [+] Date: Mon, 29 Apr 2019 15:56:28 GMT
  321. [+] Server: Apache
  322. [+] Location: https://mga.gov.sd/
  323. [+] Content-Type: text/html; charset=iso-8859-1
  324. #######################################################################################################################################
  325.  
  326. Port Scan 'mga.gov.sd'
  327. ---------------------------------------------------------------------------------------------------------------------------------------
  328.  
  329. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:19 UTC
  330. Nmap scan report for mga.gov.sd (196.223.159.7)
  331. Host is up (0.18s latency).
  332.  
  333. PORT STATE SERVICE
  334. 21/tcp filtered ftp
  335. 22/tcp filtered ssh
  336. 23/tcp filtered telnet
  337. 80/tcp open http
  338. 110/tcp filtered pop3
  339. 143/tcp filtered imap
  340. 443/tcp open https
  341. 3389/tcp filtered ms-wbt-server
  342.  
  343. Nmap done: 1 IP address (1 host up) scanned in 7.26 seconds
  344. #######################################################################################################################################
  345.  
  346. Cms Scan 'mga.gov.sd'
  347. ---------------------------------------------------------------------------------------------------------------------------------------
  348.  
  349. [+] Cms : WordPress
  350. [+] Web Servers : Apache
  351. [+] Programming Languages : PHP
  352. #######################################################################################################################################
  353.  
  354. Robot.txt 'mga.gov.sd'
  355. ---------------------------------------------------------------------------------------------------------------------------------------
  356.  
  357. User-agent: *
  358. Disallow: /wp-admin/
  359. Allow: /wp-admin/admin-ajax.php
  360. #######################################################################################################################################
  361.  
  362. Traceroute 'mga.gov.sd'
  363. ---------------------------------------------------------------------------------------------------------------------------------------
  364.  
  365. Start: 2019-04-29T16:19:59+0000
  366. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  367. 1.|-- 45.79.12.202 0.0% 3 0.9 0.9 0.9 0.9 0.0
  368. 2.|-- 45.79.12.2 0.0% 3 0.7 0.9 0.7 1.3 0.3
  369. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.4 1.6 1.4 2.0 0.3
  370. 4.|-- tisparkle.dfw03.atlas.cogentco.com 0.0% 3 1.3 1.4 1.3 1.6 0.1
  371. 5.|-- ae1.palermo3.pal.seabone.net 0.0% 3 182.7 184.5 182.6 188.1 3.1
  372. 6.|-- sudatel.palermo3.pal.seabone.net 0.0% 3 194.7 195.1 194.7 195.6 0.5
  373. 7.|-- 212.0.131.109 0.0% 3 223.2 223.3 223.1 223.6 0.3
  374. 8.|-- 196.202.137.249 0.0% 3 211.3 211.3 211.2 211.4 0.1
  375. 9.|-- 196.202.137.250 0.0% 3 211.4 211.9 211.4 212.6 0.6
  376. 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  377. 11.|-- 196.223.156.10 0.0% 3 214.8 221.1 214.8 228.0 6.6
  378. 12.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  379. #######################################################################################################################################
  380.  
  381. Ping 'mga.gov.sd'
  382. ---------------------------------------------------------------------------------------------------------------------------------------
  383.  
  384.  
  385. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-04-29 16:20 UTC
  386. SENT (0.8467s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=1] IP [ttl=64 id=40352 iplen=28 ]
  387. SENT (1.8469s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=2] IP [ttl=64 id=40352 iplen=28 ]
  388. SENT (2.8483s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=3] IP [ttl=64 id=40352 iplen=28 ]
  389. SENT (3.8500s) ICMP [104.237.144.6 > 196.223.159.7 Echo request (type=8/code=0) id=34610 seq=4] IP [ttl=64 id=40352 iplen=28 ]
  390.  
  391. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  392. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  393. Nping done: 1 IP address pinged in 4.85 seconds
  394. #######################################################################################################################################
  395. ; <<>> DiG 9.11.5-P4-3-Debian <<>> mga.gov.sd
  396. ;; global options: +cmd
  397. ;; Got answer:
  398. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47881
  399. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  400.  
  401. ;; OPT PSEUDOSECTION:
  402. ; EDNS: version: 0, flags:; udp: 4096
  403. ;; QUESTION SECTION:
  404. ;mga.gov.sd. IN A
  405.  
  406. ;; ANSWER SECTION:
  407. mga.gov.sd. 79221 IN A 196.223.159.7
  408.  
  409. ;; Query time: 36 msec
  410. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  411. ;; WHEN: lun avr 29 13:51:48 EDT 2019
  412. ;; MSG SIZE rcvd: 55
  413. #######################################################################################################################################
  414. ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace mga.gov.sd
  415. ;; global options: +cmd
  416. . 85526 IN NS i.root-servers.net.
  417. . 85526 IN NS a.root-servers.net.
  418. . 85526 IN NS l.root-servers.net.
  419. . 85526 IN NS d.root-servers.net.
  420. . 85526 IN NS k.root-servers.net.
  421. . 85526 IN NS e.root-servers.net.
  422. . 85526 IN NS g.root-servers.net.
  423. . 85526 IN NS m.root-servers.net.
  424. . 85526 IN NS h.root-servers.net.
  425. . 85526 IN NS j.root-servers.net.
  426. . 85526 IN NS f.root-servers.net.
  427. . 85526 IN NS c.root-servers.net.
  428. . 85526 IN NS b.root-servers.net.
  429. . 85526 IN RRSIG NS 8 0 518400 20190512170000 20190429160000 25266 . y0YDAK25lovphaX52TQexBmA67CnqvhTlSS8QOV3Rb8BNBaub+jlyD3K rVdfuG+vM3acpcGq8db1jZ5L3FcYGZWyNX3wngka/JiosHkPTdygq9+P YzQYpAlqMtcMUDt3IQnxraSStO+3DtkbW2zw79lsrsEwsjHIop8vWF29 Qgls3IbhcOqauEjP3MU+Mcrmmw9KMjIekdQf1geg71noATpmLkYyeVKr zL+TDL0HVElFetoGQUlEz5zyibzdPtpHeiZchEsxp0rZEoZiyyW9NgAx cdijqLB/+ccP7w/SgTzPXiGdkQicTckFOpmkDorO+TQadSAqQ+5wYNBa VMfRVg==
  430. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
  431.  
  432. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  433. sd. 172800 IN NS ns-sd.afrinic.net.
  434. sd. 172800 IN NS ns1.uaenic.ae.
  435. sd. 172800 IN NS ns2.uaenic.ae.
  436. sd. 172800 IN NS ans1.sis.sd.
  437. sd. 172800 IN NS ans1.canar.sd.
  438. sd. 172800 IN NS ans2.canar.sd.
  439. sd. 86400 IN NSEC se. NS RRSIG NSEC
  440. sd. 86400 IN RRSIG NSEC 8 1 86400 20190512170000 20190429160000 25266 . de8bUIfgGggYP5tEhwkEWuiE7GurL+Seuhejtz37CzW1+f4xf8DET2xy LBpW6TsLS3cmPUFsTQOL5PvLGEZFuYjiRQkkz0xI2Yzh43roorjNsBLj GrEDM4uCJbb5Br3ADATASDJWb/hzdUdbpBS3rDbrMA7FZPcNedsXanvu 0ks5T/7fYaUu6WUt3HL5LxkUTALUCvAI/FtDt5qADlkFoTwMRfZh98S1 WYweewjxJ4Vcj5BRVlFgg8FrZ5zuIHz/Rc5qOGelB+HTnBKy7bGnHZIK F5BFzNhQU3KMpZcY8Fz67AaTBD5PKuQE83RYliejwqrsgiMbut3aBh+u TozfJg==
  441. ;; Received 697 bytes from 2001:7fd::1#53(k.root-servers.net) in 69 ms
  442.  
  443. ;; Received 67 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 222 ms
  444. #######################################################################################################################################
  445. [*] Performing General Enumeration of Domain: mga.gov.sd
  446. [-] DNSSEC is not configured for mga.gov.sd
  447. [*] SOA ns.nctr.sd 196.223.159.8
  448. [*] NS ns.nctr.sd 196.223.159.8
  449. [*] Bind Version for 196.223.159.8 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2
  450. [*] MX mail.mga.gov.sd 62.12.101.2
  451. [*] A mga.gov.sd 196.223.159.7
  452. [*] Enumerating SRV Records
  453. [-] No SRV Records Found for mga.gov.sd
  454. [+] 0 Records Found
  455. #######################################################################################################################################
  456. [*] Processing domain mga.gov.sd
  457. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  458. [+] Getting nameservers
  459. 196.223.159.8 - ns.nctr.sd
  460. [-] Zone transfer failed
  461.  
  462. [+] MX records found, added to target list
  463. 10 mail.mga.gov.sd.
  464.  
  465. [*] Scanning mga.gov.sd for A records
  466. 196.223.159.7 - mga.gov.sd
  467. 62.12.101.2 - mail.mga.gov.sd
  468. 62.12.101.2 - webmail.mga.gov.sd
  469. #######################################################################################################################################
  470.  
  471. Ip Address Status Type Domain Name Server
  472. ---------- ------ ---- ----------- ------
  473. 62.12.101.2 302 host mail.mga.gov.sd nginx
  474. 62.12.101.2 302 alias webmail.mga.gov.sd nginx
  475. 62.12.101.2 302 host mail.mga.gov.sd nginx
  476. #######################################################################################################################################
  477. dnsenum VERSION:1.2.4
  478.  
  479. ----- mga.gov.sd -----
  480.  
  481.  
  482. Host's addresses:
  483. __________________
  484.  
  485. mga.gov.sd. 82016 IN A 196.223.159.7
  486.  
  487.  
  488. Name Servers:
  489. ______________
  490.  
  491. ns.nctr.sd. 82524 IN A 196.223.159.8
  492.  
  493.  
  494. Mail (MX) Servers:
  495. ___________________
  496.  
  497. mail.mga.gov.sd. 86400 IN A 62.12.101.2
  498.  
  499.  
  500. Trying Zone Transfers and getting Bind Versions:
  501. _________________________________________________
  502.  
  503.  
  504. Trying Zone Transfer for mga.gov.sd on ns.nctr.sd ...
  505.  
  506. brute force file not specified, bay.
  507. #######################################################################################################################################
  508.  
  509. ____ _ _ _ _ _____
  510. / ___| _ _| |__ | (_)___| |_|___ / _ __
  511. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  512. ___) | |_| | |_) | | \__ \ |_ ___) | |
  513. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  514.  
  515. # Coded By Ahmed Aboul-Ela - @aboul3la
  516.  
  517. [-] Enumerating subdomains now for mga.gov.sd
  518. [-] verbosity is enabled, will show the subdomains results in realtime
  519. [-] Searching now in Baidu..
  520. [-] Searching now in Yahoo..
  521. [-] Searching now in Google..
  522. [-] Searching now in Bing..
  523. [-] Searching now in Ask..
  524. [-] Searching now in Netcraft..
  525. [-] Searching now in DNSdumpster..
  526. [-] Searching now in Virustotal..
  527. [-] Searching now in ThreatCrowd..
  528. [-] Searching now in SSL Certificates..
  529. [-] Searching now in PassiveDNS..
  530. SSL Certificates: mail.mga.gov.sd
  531. DNSdumpster: mail.mga.gov.sd
  532. Google: webmail.mga.gov.sd
  533. Google: mail.mga.gov.sd
  534. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-mga.gov.sd.txt
  535. [-] Total Unique Subdomains Found: 2
  536. mail.mga.gov.sd
  537. webmail.mga.gov.sd
  538. #######################################################################################################################################
  539. mga.gov.sd 196.223.159.7
  540. mail.mga.gov.sd 62.12.101.2
  541. webmail.mga.gov.sd 62.12.101.2
  542. #######################################################################################################################################
  543. ===============================================
  544. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  545. ===============================================
  546.  
  547.  
  548. Running Source: Ask
  549. Running Source: Archive.is
  550. Running Source: Baidu
  551. Running Source: Bing
  552. Running Source: CertDB
  553. Running Source: CertificateTransparency
  554. Running Source: Certspotter
  555. Running Source: Commoncrawl
  556. Running Source: Crt.sh
  557. Running Source: Dnsdb
  558. Running Source: DNSDumpster
  559. Running Source: DNSTable
  560. Running Source: Dogpile
  561. Running Source: Exalead
  562. Running Source: Findsubdomains
  563. Running Source: Googleter
  564. Running Source: Hackertarget
  565. Running Source: Ipv4Info
  566. Running Source: PTRArchive
  567. Running Source: Sitedossier
  568. Running Source: Threatcrowd
  569. Running Source: ThreatMiner
  570. Running Source: WaybackArchive
  571. Running Source: Yahoo
  572.  
  573. Running enumeration on mga.gov.sd
  574.  
  575. dnsdb: Unexpected return status 503
  576.  
  577. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.mga.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
  578.  
  579. dogpile: Get https://www.dogpile.com/search/web?q=mga.gov.sd&qsi=1: EOF
  580.  
  581. archiveis: Get http://archive.is/*.mga.gov.sd: dial tcp 51.38.113.224:80: connect: connection timed out
  582.  
  583.  
  584. Starting Bruteforcing of mga.gov.sd with 9985 words
  585.  
  586. Total 5 Unique subdomains found for mga.gov.sd
  587.  
  588. .mga.gov.sd
  589. mail.mga.gov.sd
  590. mail.mga.gov.sd
  591. webmail.mga.gov.sd
  592. webmail.mga.gov.sd
  593. #######################################################################################################################################
  594. [*] Processing domain mga.gov.sd
  595. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  596. [+] Getting nameservers
  597. 196.223.159.8 - ns.nctr.sd
  598. [-] Zone transfer failed
  599.  
  600. [+] MX records found, added to target list
  601. 10 mail.mga.gov.sd.
  602.  
  603. [*] Scanning mga.gov.sd for A records
  604. 196.223.159.7 - mga.gov.sd
  605. 62.12.101.2 - mail.mga.gov.sd
  606. 62.12.101.2 - webmail.mga.gov.sd
  607. #######################################################################################################################################
  608. [+] mga.gov.sd has no SPF record!
  609. [*] No DMARC record found. Looking for organizational record
  610. [+] No organizational DMARC record
  611. [+] Spoofing possible for mga.gov.sd!
  612. #######################################################################################################################################
  613. INFO[0000] Starting to process queue....
  614. INFO[0000] Starting to process permutations....
  615. INFO[0000] FORBIDDEN http://mga.s3.amazonaws.com (http://mga.gov.sd)
  616. INFO[0000] FORBIDDEN http://mga-uploads.s3.amazonaws.com (http://mga.gov.sd)
  617. INFO[0000] FORBIDDEN http://mga-media.s3.amazonaws.com (http://mga.gov.sd)
  618. INFO[0000] FORBIDDEN http://mga-public.s3.amazonaws.com (http://mga.gov.sd)
  619. INFO[0000] FORBIDDEN http://mga-backup.s3.amazonaws.com (http://mga.gov.sd)
  620. INFO[0000] FORBIDDEN http://mga-billing.s3.amazonaws.com (http://mga.gov.sd)
  621. INFO[0000] FORBIDDEN http://mga-logs.s3.amazonaws.com (http://mga.gov.sd)
  622. INFO[0000] FORBIDDEN http://mga-training.s3.amazonaws.com (http://mga.gov.sd)
  623. INFO[0000] FORBIDDEN http://mga-temp.s3.amazonaws.com (http://mga.gov.sd)
  624. #######################################################################################################################################
  625. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:18 EDT
  626. Nmap scan report for mga.gov.sd (196.223.159.7)
  627. Host is up (0.13s latency).
  628. Not shown: 470 filtered ports, 4 closed ports
  629. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  630. PORT STATE SERVICE
  631. 80/tcp open http
  632. 443/tcp open https
  633. #######################################################################################################################################
  634. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:18 EDT
  635. Nmap scan report for mga.gov.sd (196.223.159.7)
  636. Host is up (0.021s latency).
  637. Not shown: 2 filtered ports
  638. PORT STATE SERVICE
  639. 53/udp open|filtered domain
  640. 67/udp open|filtered dhcps
  641. 68/udp open|filtered dhcpc
  642. 69/udp open|filtered tftp
  643. 88/udp open|filtered kerberos-sec
  644. 123/udp open|filtered ntp
  645. 139/udp open|filtered netbios-ssn
  646. 161/udp open|filtered snmp
  647. 162/udp open|filtered snmptrap
  648. 389/udp open|filtered ldap
  649. 520/udp open|filtered route
  650. 2049/udp open|filtered nfs
  651. #######################################################################################################################################
  652.  
  653. wig - WebApp Information Gatherer
  654.  
  655.  
  656. Scanning https://mga.gov.sd...
  657. _________________________________________ SITE INFO __________________________________________
  658. IP Title
  659. 196.223.159.7 وكالة ضمان التمويل الأصغر &#8211; تيسير
  660.  
  661. __________________________________________ VERSION ___________________________________________
  662. Name Versions Type
  663. WordPress 5.1 CMS
  664. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  665. 2.4.9
  666.  
  667. ________________________________________ INTERESTING _________________________________________
  668. URL Note Type
  669. /robots.txt robots.txt index Interesting
  670. /test.html Test file Interesting
  671.  
  672. ___________________________________________ TOOLS ____________________________________________
  673. Name Link Software
  674. wpscan https://github.com/wpscanteam/wpscan WordPress
  675. CMSmap https://github.com/Dionach/CMSmap WordPress
  676.  
  677. ______________________________________________________________________________________________
  678. Time: 103.9 sec Urls: 229 Fingerprints: 40401
  679. #######################################################################################################################################
  680. HTTP/1.1 301 Moved Permanently
  681. Date: Mon, 29 Apr 2019 16:57:09 GMT
  682. Server: Apache
  683. Location: https://mga.gov.sd/
  684. Content-Type: text/html; charset=iso-8859-1
  685.  
  686. HTTP/1.1 301 Moved Permanently
  687. Date: Mon, 29 Apr 2019 16:57:10 GMT
  688. Server: Apache
  689. Location: https://mga.gov.sd/
  690. Content-Type: text/html; charset=iso-8859-1
  691.  
  692. HTTP/1.1 200 OK
  693. Date: Mon, 29 Apr 2019 16:57:11 GMT
  694. Server: Apache
  695. X-Frame-Options: SAMEORIGIN
  696. Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
  697. Link: <https://mga.gov.sd/>; rel=shortlink
  698. Content-Type: text/html; charset=UTF-8
  699. #######################################################################################################################################
  700. jQuery Migrate
  701. Google Font API
  702. prettyPhoto
  703. Apache
  704. jQuery 1.12.4
  705. WordPress 5.1
  706. Slick
  707. YouTube
  708. WordPress
  709. #######################################################################################################################################
  710. HTTP/1.1 200 OK
  711. Date: Mon, 29 Apr 2019 16:58:05 GMT
  712. Server: Apache
  713. X-Frame-Options: SAMEORIGIN
  714. Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
  715. Link: <https://mga.gov.sd/>; rel=shortlink
  716. Content-Type: text/html; charset=UTF-8
  717.  
  718. HTTP/1.1 200 OK
  719. Date: Mon, 29 Apr 2019 16:58:06 GMT
  720. Server: Apache
  721. X-Frame-Options: SAMEORIGIN
  722. Link: <https://mga.gov.sd/wp-json/>; rel="https://api.w.org/"
  723. Link: <https://mga.gov.sd/>; rel=shortlink
  724. Content-Type: text/html; charset=UTF-8
  725. #######################################################################################################################################
  726. jQuery Migrate
  727. prettyPhoto
  728. Apache
  729. Google Font API
  730. jQuery 1.12.4
  731. WordPress 5.1
  732. Slick
  733. YouTube
  734. WordPress
  735. #######################################################################################################################################
  736. Version: 1.11.13-static
  737. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  738.  
  739. Connected to 196.223.159.7
  740.  
  741. Testing SSL server mga.gov.sd on port 443 using SNI name mga.gov.sd
  742.  
  743. TLS Fallback SCSV:
  744. Server supports TLS Fallback SCSV
  745.  
  746. TLS renegotiation:
  747. Secure session renegotiation supported
  748.  
  749. TLS Compression:
  750. Compression disabled
  751.  
  752. Heartbleed:
  753. TLS 1.2 not vulnerable to heartbleed
  754. TLS 1.1 not vulnerable to heartbleed
  755. TLS 1.0 not vulnerable to heartbleed
  756.  
  757. Supported Server Cipher(s):
  758. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  759. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  760. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  761. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  762. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  763. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  764. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  765. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  766. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  767. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  768. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  769. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  770. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  771. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  772. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  773. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  774. Accepted TLSv1.2 128 bits AES128-SHA256
  775. Accepted TLSv1.2 256 bits AES256-SHA256
  776. Accepted TLSv1.2 128 bits AES128-SHA
  777. Accepted TLSv1.2 256 bits AES256-SHA
  778. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  779. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  780. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  781. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  782. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  783. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  784. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  785. Accepted TLSv1.1 128 bits AES128-SHA
  786. Accepted TLSv1.1 256 bits AES256-SHA
  787. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  788. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  789. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  790. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  791. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  792. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  793. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  794. Accepted TLSv1.0 128 bits AES128-SHA
  795. Accepted TLSv1.0 256 bits AES256-SHA
  796. Accepted TLSv1.0 112 bits DES-CBC3-SHA
  797.  
  798. SSL Certificate:
  799. Signature Algorithm: sha256WithRSAEncryption
  800. RSA Key Strength: 2048
  801.  
  802. Subject: mga.gov.sd
  803. Altnames: DNS:mga.gov.sd
  804. Issuer: Let's Encrypt Authority X3
  805.  
  806. Not valid before: Mar 7 05:21:22 2019 GMT
  807. Not valid after: Jun 5 05:21:22 2019 GMT
  808. #######################################################################################################################################
  809. --------------------------------------------------------
  810. <<<Yasuo discovered following vulnerable applications>>>
  811. --------------------------------------------------------
  812. +----------+---------------------------------+----------------------------------------------+----------+----------+
  813. | App Name | URL to Application | Potential Exploit | Username | Password |
  814. +----------+---------------------------------+----------------------------------------------+----------+----------+
  815. | SVN | https://196.223.159.7:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
  816. +----------+---------------------------------+----------------------------------------------+----------+----------+
  817. #######################################################################################################################################
  818. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
  819. Nmap scan report for 196.223.159.7
  820. Host is up (0.12s latency).
  821. Not shown: 470 filtered ports, 4 closed ports
  822. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  823. PORT STATE SERVICE
  824. 80/tcp open http
  825. 443/tcp open https
  826. #######################################################################################################################################
  827. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
  828. Nmap scan report for 196.223.159.7
  829. Host is up (0.021s latency).
  830. Not shown: 2 filtered ports
  831. PORT STATE SERVICE
  832. 53/udp open|filtered domain
  833. 67/udp open|filtered dhcps
  834. 68/udp open|filtered dhcpc
  835. 69/udp open|filtered tftp
  836. 88/udp open|filtered kerberos-sec
  837. 123/udp open|filtered ntp
  838. 139/udp open|filtered netbios-ssn
  839. 161/udp open|filtered snmp
  840. 162/udp open|filtered snmptrap
  841. 389/udp open|filtered ldap
  842. 520/udp open|filtered route
  843. 2049/udp open|filtered nfs
  844. #######################################################################################################################################
  845. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:29 EDT
  846. Nmap scan report for 196.223.159.7
  847. Host is up.
  848.  
  849. PORT STATE SERVICE VERSION
  850. 67/udp open|filtered dhcps
  851. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  852. Too many fingerprints match this host to give specific OS details
  853.  
  854. TRACEROUTE (using proto 1/icmp)
  855. HOP RTT ADDRESS
  856. 1 22.57 ms 10.243.200.1
  857. 2 23.15 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  858. 3 43.56 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  859. 4 22.64 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  860. 5 23.42 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  861. 6 23.39 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
  862. 7 28.79 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
  863. 8 31.66 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
  864. 9 31.63 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
  865. 10 31.26 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
  866. 11 153.43 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
  867. 12 188.35 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
  868. 13 220.45 ms 212.0.131.109
  869. 14 213.02 ms 196.202.137.249
  870. 15 210.64 ms 196.202.137.250
  871. 16 ...
  872. 17 216.94 ms 196.223.156.10
  873. 18 ... 30
  874. #######################################################################################################################################
  875. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:31 EDT
  876. Nmap scan report for 196.223.159.7
  877. Host is up.
  878.  
  879. PORT STATE SERVICE VERSION
  880. 68/udp open|filtered dhcpc
  881. Too many fingerprints match this host to give specific OS details
  882.  
  883. TRACEROUTE (using proto 1/icmp)
  884. HOP RTT ADDRESS
  885. 1 22.05 ms 10.243.200.1
  886. 2 22.45 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  887. 3 38.09 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  888. 4 22.44 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  889. 5 22.87 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  890. 6 22.56 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
  891. 7 28.15 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
  892. 8 30.86 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
  893. 9 30.93 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
  894. 10 30.95 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
  895. 11 153.47 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
  896. 12 189.62 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
  897. 13 220.81 ms 212.0.131.109
  898. 14 213.41 ms 196.202.137.249
  899. 15 216.19 ms 196.202.137.250
  900. 16 ...
  901. 17 219.45 ms 196.223.156.10
  902. 18 ... 30
  903. #######################################################################################################################################
  904. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:33 EDT
  905. Nmap scan report for 196.223.159.7
  906. Host is up.
  907.  
  908. PORT STATE SERVICE VERSION
  909. 69/udp open|filtered tftp
  910. Too many fingerprints match this host to give specific OS details
  911.  
  912. TRACEROUTE (using proto 1/icmp)
  913. HOP RTT ADDRESS
  914. 1 20.25 ms 10.243.200.1
  915. 2 20.65 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  916. 3 38.83 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  917. 4 20.42 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  918. 5 21.02 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  919. 6 20.84 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
  920. 7 26.46 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
  921. 8 28.89 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
  922. 9 29.13 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
  923. 10 29.17 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
  924. 11 153.63 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
  925. 12 201.26 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
  926. 13 221.23 ms 212.0.131.109
  927. 14 213.81 ms 196.202.137.249
  928. 15 211.22 ms 196.202.137.250
  929. 16 ...
  930. 17 217.99 ms 196.223.156.10
  931. 18 ... 30
  932. #######################################################################################################################################
  933. HTTP/1.1 301 Moved Permanently
  934. Date: Mon, 29 Apr 2019 17:13:09 GMT
  935. Server: Apache
  936. Location: https://196.223.159.7/
  937. Content-Type: text/html; charset=iso-8859-1
  938.  
  939. HTTP/1.1 301 Moved Permanently
  940. Date: Mon, 29 Apr 2019 17:13:09 GMT
  941. Server: Apache
  942. Location: https://196.223.159.7/
  943. Content-Type: text/html; charset=iso-8859-1
  944. #######################################################################################################################################
  945. jQuery Migrate
  946. prettyPhoto
  947. Apache
  948. jQuery 1.12.4
  949. WordPress 5.1
  950. Slick
  951. YouTube
  952. Google Font API
  953. WordPress
  954. #######################################################################################################################################
  955. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:36 EDT
  956. Nmap scan report for 196.223.159.7
  957. Host is up.
  958.  
  959. PORT STATE SERVICE VERSION
  960. 123/udp open|filtered ntp
  961. Too many fingerprints match this host to give specific OS details
  962.  
  963. TRACEROUTE (using proto 1/icmp)
  964. HOP RTT ADDRESS
  965. 1 20.89 ms 10.243.200.1
  966. 2 21.09 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  967. 3 33.11 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  968. 4 21.08 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  969. 5 21.54 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  970. 6 21.53 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
  971. 7 26.71 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
  972. 8 29.57 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
  973. 9 29.93 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
  974. 10 30.00 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
  975. 11 152.29 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
  976. 12 185.41 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
  977. 13 219.49 ms 212.0.131.109
  978. 14 212.06 ms 196.202.137.249
  979. 15 209.66 ms 196.202.137.250
  980. 16 ...
  981. 17 216.29 ms 196.223.156.10
  982. 18 ... 30
  983. #######################################################################################################################################
  984. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:38 EDT
  985. Nmap scan report for 196.223.159.7
  986. Host is up (0.22s latency).
  987.  
  988. PORT STATE SERVICE VERSION
  989. 161/tcp filtered snmp
  990. 161/udp open|filtered snmp
  991. Too many fingerprints match this host to give specific OS details
  992.  
  993. TRACEROUTE (using proto 1/icmp)
  994. HOP RTT ADDRESS
  995. 1 20.29 ms 10.243.200.1
  996. 2 20.75 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  997. 3 35.36 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  998. 4 20.73 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  999. 5 20.80 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1000. 6 20.79 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
  1001. 7 26.36 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
  1002. 8 29.33 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
  1003. 9 29.56 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
  1004. 10 30.76 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
  1005. 11 153.69 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
  1006. 12 186.38 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
  1007. 13 220.36 ms 212.0.131.109
  1008. 14 213.35 ms 196.202.137.249
  1009. 15 210.96 ms 196.202.137.250
  1010. 16 ...
  1011. 17 223.93 ms 196.223.156.10
  1012. 18 ... 30
  1013. #######################################################################################################################################
  1014. jQuery Migrate
  1015. prettyPhoto
  1016. Apache
  1017. jQuery 1.12.4
  1018. WordPress 5.1
  1019. Slick
  1020. YouTube
  1021. Google Font API
  1022. WordPress
  1023. #######################################################################################################################################
  1024. Version: 1.11.13-static
  1025. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1026.  
  1027. Connected to 196.223.159.7
  1028.  
  1029. Testing SSL server 196.223.159.7 on port 443 using SNI name 196.223.159.7
  1030.  
  1031. TLS Fallback SCSV:
  1032. Server supports TLS Fallback SCSV
  1033.  
  1034. TLS renegotiation:
  1035. Secure session renegotiation supported
  1036.  
  1037. TLS Compression:
  1038. Compression disabled
  1039.  
  1040. Heartbleed:
  1041. TLS 1.2 not vulnerable to heartbleed
  1042. TLS 1.1 not vulnerable to heartbleed
  1043. TLS 1.0 not vulnerable to heartbleed
  1044.  
  1045. Supported Server Cipher(s):
  1046. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1047. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1048. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1049. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  1050. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  1051. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  1052. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  1053. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1054. Accepted TLSv1.2 256 bits AES256-SHA256
  1055. Accepted TLSv1.2 256 bits AES256-SHA
  1056. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1057. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1058. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1059. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1060. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  1061. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  1062. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  1063. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  1064. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1065. Accepted TLSv1.2 128 bits AES128-SHA256
  1066. Accepted TLSv1.2 128 bits AES128-SHA
  1067. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1068. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1069. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  1070. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  1071. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1072. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  1073. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  1074. Accepted TLSv1.1 256 bits AES256-SHA
  1075. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1076. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1077. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  1078. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  1079. Accepted TLSv1.1 128 bits AES128-SHA
  1080. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1081. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1082. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  1083. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  1084. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1085. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  1086. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  1087. Accepted TLSv1.0 256 bits AES256-SHA
  1088. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1089. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1090. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  1091. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  1092. Accepted TLSv1.0 128 bits AES128-SHA
  1093. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1094. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1095. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  1096. Accepted TLSv1.0 112 bits DES-CBC3-SHA
  1097.  
  1098. SSL Certificate:
  1099. Signature Algorithm: sha256WithRSAEncryption
  1100. RSA Key Strength: 2048
  1101.  
  1102. Subject: localhost.localdomain
  1103. Issuer: localhost.localdomain
  1104.  
  1105. Not valid before: Mar 4 10:48:37 2019 GMT
  1106. Not valid after: Mar 3 10:48:37 2020 GMT
  1107. #######################################################################################################################################
  1108. --------------------------------------------------------
  1109. <<<Yasuo discovered following vulnerable applications>>>
  1110. --------------------------------------------------------
  1111. +----------+---------------------------------+----------------------------------------------+----------+----------+
  1112. | App Name | URL to Application | Potential Exploit | Username | Password |
  1113. +----------+---------------------------------+----------------------------------------------+----------+----------+
  1114. | SVN | https://196.223.159.7:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
  1115. +----------+---------------------------------+----------------------------------------------+----------+----------+
  1116. #######################################################################################################################################
  1117. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:48 EDT
  1118. NSE: Loaded 148 scripts for scanning.
  1119. NSE: Script Pre-scanning.
  1120. NSE: Starting runlevel 1 (of 2) scan.
  1121. Initiating NSE at 13:48
  1122. Completed NSE at 13:48, 0.00s elapsed
  1123. NSE: Starting runlevel 2 (of 2) scan.
  1124. Initiating NSE at 13:48
  1125. Completed NSE at 13:48, 0.00s elapsed
  1126. Initiating Ping Scan at 13:48
  1127. Scanning 196.223.159.7 [4 ports]
  1128. Completed Ping Scan at 13:48, 0.25s elapsed (1 total hosts)
  1129. Initiating Parallel DNS resolution of 1 host. at 13:48
  1130. Completed Parallel DNS resolution of 1 host. at 13:48, 0.02s elapsed
  1131. Initiating Connect Scan at 13:48
  1132. Scanning 196.223.159.7 [65535 ports]
  1133. Discovered open port 443/tcp on 196.223.159.7
  1134. Discovered open port 80/tcp on 196.223.159.7
  1135. Connect Scan Timing: About 6.58% done; ETC: 13:55 (0:07:20 remaining)
  1136. Connect Scan Timing: About 19.31% done; ETC: 13:53 (0:04:15 remaining)
  1137. Connect Scan Timing: About 33.45% done; ETC: 13:52 (0:03:01 remaining)
  1138. Discovered open port 55555/tcp on 196.223.159.7
  1139. Connect Scan Timing: About 47.78% done; ETC: 13:52 (0:02:12 remaining)
  1140. Connect Scan Timing: About 60.63% done; ETC: 13:52 (0:01:38 remaining)
  1141. Connect Scan Timing: About 78.07% done; ETC: 13:51 (0:00:51 remaining)
  1142. Completed Connect Scan at 13:51, 229.09s elapsed (65535 total ports)
  1143. Initiating Service scan at 13:51
  1144. Scanning 3 services on 196.223.159.7
  1145. Completed Service scan at 13:52, 54.35s elapsed (3 services on 1 host)
  1146. Initiating OS detection (try #1) against 196.223.159.7
  1147. Retrying OS detection (try #2) against 196.223.159.7
  1148. Initiating Traceroute at 13:52
  1149. Completed Traceroute at 13:52, 6.08s elapsed
  1150. Initiating Parallel DNS resolution of 16 hosts. at 13:52
  1151. Completed Parallel DNS resolution of 16 hosts. at 13:53, 2.54s elapsed
  1152. NSE: Script scanning 196.223.159.7.
  1153. NSE: Starting runlevel 1 (of 2) scan.
  1154. Initiating NSE at 13:53
  1155. Completed NSE at 13:53, 13.68s elapsed
  1156. NSE: Starting runlevel 2 (of 2) scan.
  1157. Initiating NSE at 13:53
  1158. Completed NSE at 13:53, 0.43s elapsed
  1159. Nmap scan report for 196.223.159.7
  1160. Host is up, received syn-ack ttl 44 (0.16s latency).
  1161. Scanned at 2019-04-29 13:48:02 EDT for 313s
  1162. Not shown: 65528 filtered ports
  1163. Reason: 65528 no-responses
  1164. PORT STATE SERVICE REASON VERSION
  1165. 25/tcp closed smtp conn-refused
  1166. 80/tcp open http syn-ack Apache httpd
  1167. |_http-server-header: Apache
  1168. 113/tcp closed ident conn-refused
  1169. 139/tcp closed netbios-ssn conn-refused
  1170. 443/tcp open ssl/http syn-ack Apache httpd
  1171. |_http-server-header: Apache
  1172. |_http-title: 403 Forbidden
  1173. | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--/organizationalUnitName=SomeOrganizationalUnit/localityName=SomeCity/[email protected]
  1174. | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--/organizationalUnitName=SomeOrganizationalUnit/localityName=SomeCity/[email protected]
  1175. | Public Key type: rsa
  1176. | Public Key bits: 2048
  1177. | Signature Algorithm: sha256WithRSAEncryption
  1178. | Not valid before: 2019-03-04T10:48:37
  1179. | Not valid after: 2020-03-03T10:48:37
  1180. | MD5: f0a4 68ed bf02 8b9c 3d57 ab8c 95d4 0db4
  1181. | SHA-1: 0f54 2301 b567 052f 2b60 9b96 830c 747b 28bd 1ca2
  1182. | -----BEGIN CERTIFICATE-----
  1183. | MIIEDjCCAvagAwIBAgICXzMwDQYJKoZIhvcNAQELBQAwgbsxCzAJBgNVBAYTAi0t
  1184. | MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
  1185. | DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
  1186. | bml0MR4wHAYDVQQDDBVsb2NhbGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0B
  1187. | CQEWGnJvb3RAbG9jYWxob3N0LmxvY2FsZG9tYWluMB4XDTE5MDMwNDEwNDgzN1oX
  1188. | DTIwMDMwMzEwNDgzN1owgbsxCzAJBgNVBAYTAi0tMRIwEAYDVQQIDAlTb21lU3Rh
  1189. | dGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQKDBBTb21lT3JnYW5pemF0aW9u
  1190. | MR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxVbml0MR4wHAYDVQQDDBVsb2Nh
  1191. | bGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0BCQEWGnJvb3RAbG9jYWxob3N0
  1192. | LmxvY2FsZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwG1
  1193. | x7bk9JOxI2Ah0JXVcEXE/dctQwwSjfM3Rr4PjZ3zRXak7trJuj7VdCu9sGn+B2MX
  1194. | eKhBRx9jPDSirlryLpv4rCEomOMkGOSunsTswJMfaiCC5qNEu5PXKRuWa9BJLj3n
  1195. | uwNGhLbGY5ZlAZMKysYj6AHhH2ASLX8SphAGTiaRTyX0R/nDeQIEBwJXRa/326WW
  1196. | T6EbODaKj6Db7w40Yf+ISXbs+GoRQq0RNwMvg9i/AdGhvT9RiBMMlhTj65QG29Ym
  1197. | AJEqQLCS5BiaiH2k/dZV9ytAcjF2Qd9JeI3mat7twkNI3nJ2xToSSluPpOUeJN9g
  1198. | Ga3VZ0h/yOu5loAGbwIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAN
  1199. | BgkqhkiG9w0BAQsFAAOCAQEAPR1wyeSlX0cJ8Fu7NUCNDJFY1YGM+NsHRIhwYCgy
  1200. | jgKARTiJEyAWFr2xNhFdPinE5pQEuV05TG4N7PoQLi8gSji4dTg+o8JFqMer3AxE
  1201. | ghNFCwIwsG/splefluQyMZA4avwlC4Vi2HOV3tL3k4u4JCMSlqU10/btpIWWx7H1
  1202. | elkXMSV8v+kCFJz069JzUtTCQXtYW4s2617aa37fIWQs1sBDJhkGDYUMDvxY66YE
  1203. | C0XPc0ecjzBxrO7qCeDmdXAQCKPmEv3QLWC20AGHxC+QikgBgx551DlNblgjBAip
  1204. | hEIpxtagkIy+g/hPi3zeVsHJuUNIL82F116rRiIwvTnb7A==
  1205. |_-----END CERTIFICATE-----
  1206. |_ssl-date: TLS randomness does not represent time
  1207. 445/tcp closed microsoft-ds conn-refused
  1208. 55555/tcp open ssl/unknown syn-ack
  1209. | ssl-cert: Subject: commonName=SN2KXA16C0776A7/organizationName=NETASQ - Secure Internet Connectivity/stateOrProvinceName=Nord/countryName=FR/localityName=Villeneuve d'Ascq/organizationalUnitName=SN2000-A
  1210. | Issuer: organizationName=NETASQ - Secure Internet Connectivity/stateOrProvinceName=Nord/countryName=FR/localityName=Villeneuve d'Ascq/organizationalUnitName=NETASQ Firewall Certification Authority
  1211. | Public Key type: rsa
  1212. | Public Key bits: 2048
  1213. | Signature Algorithm: sha1WithRSAEncryption
  1214. | Not valid before: 2016-03-15T05:32:57
  1215. | Not valid after: 2026-03-15T05:32:57
  1216. | MD5: 682f b959 b4e1 72e9 90a9 ca84 bf3c 48ed
  1217. | SHA-1: d7ae 82f8 9ede 6bdc 9d5e 2f0a e77d 1870 1b15 7ebf
  1218. | -----BEGIN CERTIFICATE-----
  1219. | MIIEyDCCA7CgAwIBAgIDAppUMA0GCSqGSIb3DQEBBQUAMIGaMQswCQYDVQQGEwJG
  1220. | UjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAs
  1221. | BgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxMDAu
  1222. | BgNVBAsTJ05FVEFTUSBGaXJld2FsbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
  1223. | Fw0xNjAzMTUwNTMyNTdaFw0yNjAzMTUwNTMyNTdaMIGVMQswCQYDVQQGEwJGUjEN
  1224. | MAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
  1225. | BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxETAPBgNV
  1226. | BAsTCFNOMjAwMC1BMRgwFgYDVQQDEw9TTjJLWEExNkMwNzc2QTcwggEiMA0GCSqG
  1227. | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz9ykvEkvmKbJg8J9LI/bE1Q7WIp3kU96+
  1228. | XAXQl7Wcjjn8QfXr/kuJrn5mDfJA9Dhpd+80rh/8VN2t9431RqL2BoO2i8DsgFwO
  1229. | hWVGHqiPH+OUq7Cos1Gw8qBBIkA05Kyc+vhj33eC4gEcsWQbUfWzFW5NlSs1WzF7
  1230. | gTM1H2XIQxkg1J6jNUBXggLREfVE+HzbLUTXjHTB7kG5A5RpLhhAwMki61oAAmGZ
  1231. | rlOElYV8kcHhw/B9RzJYiqeMFPd8NZN+OhMjSEkn/KR5i2+ute7MaYq1MQkytqR0
  1232. | dAKKFxenOAa2ML7Jc2Pas/19t9Tyz/DSBIQOK7HSGOtGiXYVUo0LAgMBAAGjggEY
  1233. | MIIBFDAdBgNVHQ4EFgQUwZH7ZQXFbXnQaS4zLbdyw6hXE9owgccGA1UdIwSBvzCB
  1234. | vIAUzXQlIDavu8lTfZi4VukOpt8n7m2hgaCkgZ0wgZoxCzAJBgNVBAYTAkZSMQ0w
  1235. | CwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UE
  1236. | ChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEwMC4GA1UE
  1237. | CxMnTkVUQVNRIEZpcmV3YWxsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAkG
  1238. | A1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgVgMAsGA1UdDwQEAwIF4DANBgkqhkiG
  1239. | 9w0BAQUFAAOCAQEAey/0czwaTCnqbRaT9oxjtR9cSXVhHLwKN6J9kew6hiWuAFhO
  1240. | TARS4+Zu0neXcTjpQiV2eAfXo0NxWWYMXhfJwBxrjIlneqPgrY5vC84xn7FjzMRI
  1241. | 4j20W4BQ/JdPabsWtouu4uNI2ifTCcryufKcztHN4jmTTgKPPu3mcmND15mFYOvQ
  1242. | 3/MvLKDe1xlaY5oD5VsOmRW7/1Wx4j2TgXBROLkroE9yIoxyvy6DwBh32BYjN7B6
  1243. | q8IHUK2c/WU6eo3GZTtJ4uKCmHmwpnk3i67YGSXmLVXye/d8w745vTA+yEdzx+Bc
  1244. | XXwiRsj0uUmBPTU8Kh9sPBE7yzU9+TX2f/RWeA==
  1245. |_-----END CERTIFICATE-----
  1246. Device type: general purpose|firewall|storage-misc
  1247. Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (86%), Synology DiskStation Manager 5.X (85%)
  1248. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
  1249. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1250. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 2.6.32 (88%), Linux 2.6.32 - 3.1 (88%), Linux 2.6.32 - 3.13 (87%), Linux 2.6.32 or 3.10 (86%), Linux 3.4 (86%), WatchGuard Fireware 11.8 (86%), Linux 2.6.39 (86%), Linux 2.6.32 - 2.6.39 (85%), Linux 3.10 (85%)
  1251. No exact OS matches for host (test conditions non-ideal).
  1252. TCP/IP fingerprint:
  1253. SCAN(V=7.70%E=4%D=4/29%OT=80%CT=25%CU=%PV=N%G=N%TM=5CC73A0B%P=x86_64-pc-linux-gnu)
  1254. SEQ(SP=104%GCD=1%ISR=109%TI=Z%CI=Z%TS=A)
  1255. OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
  1256. WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)
  1257. ECN(R=Y%DF=Y%TG=40%W=3908%O=M44FNNSNW7%CC=Y%Q=)
  1258. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1259. T2(R=N)
  1260. T3(R=N)
  1261. T4(R=N)
  1262. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  1263. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1264. T7(R=N)
  1265. U1(R=N)
  1266. IE(R=N)
  1267.  
  1268. Uptime guess: 11.600 days (since Wed Apr 17 23:29:09 2019)
  1269. TCP Sequence Prediction: Difficulty=260 (Good luck!)
  1270. IP ID Sequence Generation: All zeros
  1271.  
  1272. TRACEROUTE (using proto 1/icmp)
  1273. HOP RTT ADDRESS
  1274. 1 22.98 ms 10.243.200.1
  1275. 2 23.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1276. 3 38.72 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1277. 4 23.05 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1278. 5 24.45 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1279. 6 23.08 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
  1280. 7 29.16 ms be2104.ccr22.alb02.atlas.cogentco.com (154.54.43.22)
  1281. 8 30.96 ms be2916.ccr42.jfk02.atlas.cogentco.com (154.54.41.62)
  1282. 9 30.99 ms be3295.ccr31.jfk05.atlas.cogentco.com (154.54.80.2)
  1283. 10 31.03 ms telecomitalia.jfk05.atlas.coentco.com (154.54.11.142)
  1284. 11 153.46 ms ae1.palermo3.pal.seabone.net (195.22.218.213)
  1285. 12 209.44 ms sudatel.palermo3.pal.seabone.net (195.22.197.201)
  1286. 13 220.20 ms 212.0.131.109
  1287. 14 213.12 ms 196.202.137.249
  1288. 15 210.58 ms 196.202.137.250
  1289. 16 ...
  1290. 17 217.07 ms 196.223.156.10
  1291. 18 ... 30
  1292.  
  1293. NSE: Script Post-scanning.
  1294. NSE: Starting runlevel 1 (of 2) scan.
  1295. Initiating NSE at 13:53
  1296. Completed NSE at 13:53, 0.00s elapsed
  1297. NSE: Starting runlevel 2 (of 2) scan.
  1298. Initiating NSE at 13:53
  1299. Completed NSE at 13:53, 0.00s elapsed
  1300. Read data files from: /usr/bin/../share/nmap
  1301. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1302. Nmap done: 1 IP address (1 host up) scanned in 314.01 seconds
  1303. Raw packets sent: 136 (9.976KB) | Rcvd: 564 (76.424KB)
  1304. #######################################################################################################################################
  1305. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 13:53 EDT
  1306. NSE: Loaded 148 scripts for scanning.
  1307. NSE: Script Pre-scanning.
  1308. Initiating NSE at 13:53
  1309. Completed NSE at 13:53, 0.00s elapsed
  1310. Initiating NSE at 13:53
  1311. Completed NSE at 13:53, 0.00s elapsed
  1312. Initiating Parallel DNS resolution of 1 host. at 13:53
  1313. Completed Parallel DNS resolution of 1 host. at 13:53, 0.03s elapsed
  1314. Initiating UDP Scan at 13:53
  1315. Scanning 196.223.159.7 [14 ports]
  1316. Completed UDP Scan at 13:53, 1.48s elapsed (14 total ports)
  1317. Initiating Service scan at 13:53
  1318. Scanning 12 services on 196.223.159.7
  1319. Service scan Timing: About 8.33% done; ETC: 14:12 (0:17:58 remaining)
  1320. Completed Service scan at 13:55, 102.58s elapsed (12 services on 1 host)
  1321. Initiating OS detection (try #1) against 196.223.159.7
  1322. Retrying OS detection (try #2) against 196.223.159.7
  1323. Initiating Traceroute at 13:55
  1324. Completed Traceroute at 13:55, 7.11s elapsed
  1325. Initiating Parallel DNS resolution of 1 host. at 13:55
  1326. Completed Parallel DNS resolution of 1 host. at 13:55, 0.01s elapsed
  1327. NSE: Script scanning 196.223.159.7.
  1328. Initiating NSE at 13:55
  1329. Completed NSE at 13:55, 20.32s elapsed
  1330. Initiating NSE at 13:55
  1331. Completed NSE at 13:55, 1.02s elapsed
  1332. Nmap scan report for 196.223.159.7
  1333. Host is up (0.022s latency).
  1334.  
  1335. PORT STATE SERVICE VERSION
  1336. 53/udp open|filtered domain
  1337. 67/udp open|filtered dhcps
  1338. 68/udp open|filtered dhcpc
  1339. 69/udp open|filtered tftp
  1340. 88/udp open|filtered kerberos-sec
  1341. 123/udp open|filtered ntp
  1342. 137/udp filtered netbios-ns
  1343. 138/udp filtered netbios-dgm
  1344. 139/udp open|filtered netbios-ssn
  1345. 161/udp open|filtered snmp
  1346. 162/udp open|filtered snmptrap
  1347. 389/udp open|filtered ldap
  1348. 520/udp open|filtered route
  1349. 2049/udp open|filtered nfs
  1350. Too many fingerprints match this host to give specific OS details
  1351.  
  1352. TRACEROUTE (using port 138/udp)
  1353. HOP RTT ADDRESS
  1354. 1 22.61 ms 10.243.200.1
  1355. 2 ... 3
  1356. 4 20.64 ms 10.243.200.1
  1357. 5 23.77 ms 10.243.200.1
  1358. 6 23.76 ms 10.243.200.1
  1359. 7 23.75 ms 10.243.200.1
  1360. 8 23.75 ms 10.243.200.1
  1361. 9 23.74 ms 10.243.200.1
  1362. 10 23.76 ms 10.243.200.1
  1363. 11 ... 18
  1364. 19 25.32 ms 10.243.200.1
  1365. 20 21.98 ms 10.243.200.1
  1366. 21 21.74 ms 10.243.200.1
  1367. 22 ... 27
  1368. 28 21.60 ms 10.243.200.1
  1369. 29 ...
  1370. 30 28.45 ms 10.243.200.1
  1371.  
  1372. NSE: Script Post-scanning.
  1373. Initiating NSE at 13:55
  1374. Completed NSE at 13:55, 0.00s elapsed
  1375. Initiating NSE at 13:55
  1376. Completed NSE at 13:55, 0.00s elapsed
  1377. Read data files from: /usr/bin/../share/nmap
  1378. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1379. Nmap done: 1 IP address (1 host up) scanned in 135.71 seconds
  1380. Raw packets sent: 148 (9.992KB) | Rcvd: 131 (22.794KB)
  1381. #######################################################################################################################################
  1382. [+] URL: https://mga.gov.sd/
  1383. [+] Started: Mon Apr 29 12:12:57 2019
  1384.  
  1385. Interesting Finding(s):
  1386.  
  1387. [+] https://mga.gov.sd/
  1388. | Interesting Entry: Server: Apache
  1389. | Found By: Headers (Passive Detection)
  1390. | Confidence: 100%
  1391.  
  1392. [+] https://mga.gov.sd/robots.txt
  1393. | Interesting Entries:
  1394. | - /wp-admin/
  1395. | - /wp-admin/admin-ajax.php
  1396. | Found By: Robots Txt (Aggressive Detection)
  1397. | Confidence: 100%
  1398.  
  1399. [+] https://mga.gov.sd/xmlrpc.php
  1400. | Found By: Link Tag (Passive Detection)
  1401. | Confidence: 100%
  1402. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
  1403. | References:
  1404. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  1405. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  1406. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  1407. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  1408. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  1409.  
  1410. [+] This site seems to be a multisite
  1411. | Found By: Direct Access (Aggressive Detection)
  1412. | Confidence: 100%
  1413. | Reference: http://codex.wordpress.org/Glossary#Multisite
  1414.  
  1415. [+] This site has 'Must Use Plugins': https://mga.gov.sd/wp-content/mu-plugins/
  1416. | Found By: Direct Access (Aggressive Detection)
  1417. | Confidence: 80%
  1418. | Reference: http://codex.wordpress.org/Must_Use_Plugins
  1419.  
  1420. [+] https://mga.gov.sd/wp-cron.php
  1421. | Found By: Direct Access (Aggressive Detection)
  1422. | Confidence: 60%
  1423. | References:
  1424. | - https://www.iplocation.net/defend-wordpress-from-ddos
  1425. | - https://github.com/wpscanteam/wpscan/issues/1299
  1426.  
  1427. [+] WordPress version 5.1 identified (Insecure, released on 2019-02-21).
  1428. | Detected By: Rss Generator (Passive Detection)
  1429. | - https://mga.gov.sd/feed, <generator>https://wordpress.org/?v=5.1</generator>
  1430. | Confirmed By: Emoji Settings (Passive Detection)
  1431. | - https://mga.gov.sd/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.1'
  1432. |
  1433. | [!] 1 vulnerability identified:
  1434. |
  1435. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
  1436. | Fixed in: 5.1.1
  1437. | References:
  1438. | - https://wpvulndb.com/vulnerabilities/9230
  1439. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
  1440. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
  1441. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
  1442. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
  1443.  
  1444. [+] WordPress theme in use: microbankpro
  1445. | Location: https://mga.gov.sd/wp-content/themes/microbankpro/
  1446. | Readme: https://mga.gov.sd/wp-content/themes/microbankpro/readme.txt
  1447. | Style URL: https://mga.gov.sd/wp-content/themes/microbankpro/style.css?ver=5.1
  1448. | Style Name: MicroBank Pro
  1449. | Style URI: https://inkthemes.com/microbankpro-wordpress-theme
  1450. | Description: MicroBank Pro for WordPress is one of the easiest themes to build your Web Presence in 10 Minutes. J...
  1451. | Author: InkThemes.com
  1452. | Author URI: http://www.inkthemes.com
  1453. |
  1454. | Detected By: Css Style (Passive Detection)
  1455. |
  1456. | Version: 2.2.1 (80% confidence)
  1457. | Detected By: Style (Passive Detection)
  1458. | - https://mga.gov.sd/wp-content/themes/microbankpro/style.css?ver=5.1, Match: 'Version: 2.2.1'
  1459.  
  1460. [+] Enumerating All Plugins (via Passive Methods)
  1461. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
  1462.  
  1463. [i] Plugin(s) Identified:
  1464.  
  1465. [+] archives-calendar-widget
  1466. | Location: https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/
  1467. | Latest Version: 1.0.12 (up to date)
  1468. | Last Updated: 2016-11-13T11:55:00.000Z
  1469. |
  1470. | Detected By: Urls In Homepage (Passive Detection)
  1471. |
  1472. | Version: 1.0.12 (100% confidence)
  1473. | Detected By: Query Parameter (Passive Detection)
  1474. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/themes/calendrier.css?ver=1.0.12
  1475. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/admin/js/jquery.arcw-init.js?ver=1.0.12
  1476. | Confirmed By:
  1477. | Readme - Stable Tag (Aggressive Detection)
  1478. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/readme.txt
  1479. | Readme - ChangeLog Section (Aggressive Detection)
  1480. | - https://mga.gov.sd/wp-content/plugins/archives-calendar-widget/readme.txt
  1481.  
  1482. [+] contact-form-7
  1483. | Location: https://mga.gov.sd/wp-content/plugins/contact-form-7/
  1484. | Latest Version: 5.1.1 (up to date)
  1485. | Last Updated: 2018-12-18T18:05:00.000Z
  1486. |
  1487. | Detected By: Urls In Homepage (Passive Detection)
  1488. |
  1489. | Version: 5.1.1 (100% confidence)
  1490. | Detected By: Query Parameter (Passive Detection)
  1491. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
  1492. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
  1493. | Confirmed By:
  1494. | Readme - Stable Tag (Aggressive Detection)
  1495. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/readme.txt
  1496. | Readme - ChangeLog Section (Aggressive Detection)
  1497. | - https://mga.gov.sd/wp-content/plugins/contact-form-7/readme.txt
  1498.  
  1499. [+] dk-new-medias-image-rotator-widget
  1500. | Location: https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/
  1501. | Latest Version: 1.2.1 (up to date)
  1502. | Last Updated: 2016-05-06T17:30:00.000Z
  1503. |
  1504. | Detected By: Urls In Homepage (Passive Detection)
  1505. |
  1506. | Version: 1.2.1 (100% confidence)
  1507. | Detected By: Readme - Stable Tag (Aggressive Detection)
  1508. | - https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/readme.txt
  1509. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
  1510. | - https://mga.gov.sd/wp-content/plugins/dk-new-medias-image-rotator-widget/readme.txt
  1511.  
  1512. [+] multi-rating
  1513. | Location: https://mga.gov.sd/wp-content/plugins/multi-rating/
  1514. | Latest Version: 4.3 (up to date)
  1515. | Last Updated: 2018-05-18T12:15:00.000Z
  1516. |
  1517. | Detected By: Urls In Homepage (Passive Detection)
  1518. |
  1519. | Version: 4.3 (60% confidence)
  1520. | Detected By: Query Parameter (Passive Detection)
  1521. | - https://mga.gov.sd/wp-content/plugins/multi-rating/assets/js/frontend-min.js?ver=4.3
  1522. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
  1523. | - https://mga.gov.sd/wp-content/plugins/multi-rating/readme.txt
  1524.  
  1525. [+] newsletter
  1526. | Location: https://mga.gov.sd/wp-content/plugins/newsletter/
  1527. | Last Updated: 2019-04-18T06:55:00.000Z
  1528. | [!] The version is out of date, the latest version is 5.9.3
  1529. |
  1530. | Detected By: Urls In Homepage (Passive Detection)
  1531. |
  1532. | Version: 5.8.9 (100% confidence)
  1533. | Detected By: Query Parameter (Passive Detection)
  1534. | - https://mga.gov.sd/wp-content/plugins/newsletter/subscription/validate.js?ver=5.8.9
  1535. | Confirmed By:
  1536. | Readme - Stable Tag (Aggressive Detection)
  1537. | - https://mga.gov.sd/wp-content/plugins/newsletter/readme.txt
  1538. | Readme - ChangeLog Section (Aggressive Detection)
  1539. | - https://mga.gov.sd/wp-content/plugins/newsletter/readme.txt
  1540.  
  1541. [+] popups
  1542. | Location: https://mga.gov.sd/wp-content/plugins/popups/
  1543. | Last Updated: 2019-04-09T15:37:00.000Z
  1544. | [!] The version is out of date, the latest version is 1.9.3.6
  1545. |
  1546. | Detected By: Urls In Homepage (Passive Detection)
  1547. |
  1548. | Version: 1.9.3.4 (100% confidence)
  1549. | Detected By: Query Parameter (Passive Detection)
  1550. | - https://mga.gov.sd/wp-content/plugins/popups/public/assets/css/public.css?ver=1.9.3.4
  1551. | Confirmed By:
  1552. | Readme - Stable Tag (Aggressive Detection)
  1553. | - https://mga.gov.sd/wp-content/plugins/popups/README.txt
  1554. | Readme - ChangeLog Section (Aggressive Detection)
  1555. | - https://mga.gov.sd/wp-content/plugins/popups/README.txt
  1556.  
  1557. [+] searchwp-live-ajax-search
  1558. | Location: https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/
  1559. | Latest Version: 1.3.1 (up to date)
  1560. | Last Updated: 2018-02-19T01:47:00.000Z
  1561. |
  1562. | Detected By: Urls In Homepage (Passive Detection)
  1563. |
  1564. | Version: 1.3.1 (100% confidence)
  1565. | Detected By: Query Parameter (Passive Detection)
  1566. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.css?ver=1.3.1
  1567. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/build/searchwp-live-search.min.js?ver=1.3.1
  1568. | Confirmed By:
  1569. | Readme - Stable Tag (Aggressive Detection)
  1570. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/readme.txt
  1571. | Readme - ChangeLog Section (Aggressive Detection)
  1572. | - https://mga.gov.sd/wp-content/plugins/searchwp-live-ajax-search/readme.txt
  1573.  
  1574. [+] siteorigin-panels
  1575. | Location: https://mga.gov.sd/wp-content/plugins/siteorigin-panels/
  1576. | Last Updated: 2019-04-06T00:55:00.000Z
  1577. | [!] The version is out of date, the latest version is 2.10.5
  1578. |
  1579. | Detected By: Urls In Homepage (Passive Detection)
  1580. |
  1581. | Version: 2.10.2 (100% confidence)
  1582. | Detected By: Readme - Stable Tag (Aggressive Detection)
  1583. | - https://mga.gov.sd/wp-content/plugins/siteorigin-panels/readme.txt
  1584. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
  1585. | - https://mga.gov.sd/wp-content/plugins/siteorigin-panels/readme.txt
  1586.  
  1587. [+] smart-slider-3
  1588. | Location: https://mga.gov.sd/wp-content/plugins/smart-slider-3/
  1589. | Last Updated: 2019-04-05T08:59:00.000Z
  1590. | [!] The version is out of date, the latest version is 3.3.18
  1591. |
  1592. | Detected By: Urls In Homepage (Passive Detection)
  1593. |
  1594. | Version: 3.3.15 (100% confidence)
  1595. | Detected By: Readme - Stable Tag (Aggressive Detection)
  1596. | - https://mga.gov.sd/wp-content/plugins/smart-slider-3/readme.txt
  1597. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
  1598. | - https://mga.gov.sd/wp-content/plugins/smart-slider-3/readme.txt
  1599.  
  1600. [+] stop-user-enumeration
  1601. | Location: https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/
  1602. | Latest Version: 1.3.20 (up to date)
  1603. | Last Updated: 2019-02-27T08:57:00.000Z
  1604. |
  1605. | Detected By: Urls In Homepage (Passive Detection)
  1606. |
  1607. | Version: 1.3.20 (100% confidence)
  1608. | Detected By: Query Parameter (Passive Detection)
  1609. | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.20
  1610. | Confirmed By:
  1611. | Readme - Stable Tag (Aggressive Detection)
  1612. | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/readme.txt
  1613. | Readme - ChangeLog Section (Aggressive Detection)
  1614. | - https://mga.gov.sd/wp-content/plugins/stop-user-enumeration/readme.txt
  1615.  
  1616. [+] tablepress
  1617. | Location: https://mga.gov.sd/wp-content/plugins/tablepress/
  1618. | Latest Version: 1.9.2 (up to date)
  1619. | Last Updated: 2019-02-22T15:10:00.000Z
  1620. |
  1621. | Detected By: Urls In Homepage (Passive Detection)
  1622. |
  1623. | Version: 1.9.2 (90% confidence)
  1624. | Detected By: Query Parameter (Passive Detection)
  1625. | - https://mga.gov.sd/wp-content/plugins/tablepress/css/default.min.css?ver=1.9.2
  1626. | Confirmed By: Readme - Stable Tag (Aggressive Detection)
  1627. | - https://mga.gov.sd/wp-content/plugins/tablepress/readme.txt
  1628.  
  1629. [+] widget-countdown
  1630. | Location: https://mga.gov.sd/wp-content/plugins/widget-countdown/
  1631. | Last Updated: 2019-03-18T18:09:00.000Z
  1632. | [!] The version is out of date, the latest version is 2.0.4
  1633. |
  1634. | Detected By: Urls In Homepage (Passive Detection)
  1635. |
  1636. | Version: 2.0.3 (100% confidence)
  1637. | Detected By: Readme - Stable Tag (Aggressive Detection)
  1638. | - https://mga.gov.sd/wp-content/plugins/widget-countdown/readme.txt
  1639. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
  1640. | - https://mga.gov.sd/wp-content/plugins/widget-countdown/readme.txt
  1641.  
  1642. [+] wp-google-map-plugin
  1643. | Location: https://mga.gov.sd/wp-content/plugins/wp-google-map-plugin/
  1644. | Latest Version: 4.0.8 (up to date)
  1645. | Last Updated: 2019-03-18T04:32:00.000Z
  1646. |
  1647. | Detected By: Urls In Homepage (Passive Detection)
  1648. |
  1649. | Version: 4.0.8 (50% confidence)
  1650. | Detected By: Readme - ChangeLog Section (Aggressive Detection)
  1651. | - https://mga.gov.sd/wp-content/plugins/wp-google-map-plugin/readme.txt
  1652.  
  1653. [+] wp-logo-showcase-responsive-slider-slider
  1654. | Location: https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/
  1655. | Last Updated: 2019-04-12T08:50:00.000Z
  1656. | [!] The version is out of date, the latest version is 2.2.3
  1657. |
  1658. | Detected By: Urls In Homepage (Passive Detection)
  1659. |
  1660. | Version: 2.2.2 (20% confidence)
  1661. | Detected By: Query Parameter (Passive Detection)
  1662. | - https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/slick.css?ver=2.2.2
  1663. | - https://mga.gov.sd/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/logo-showcase.css?ver=2.2.2
  1664.  
  1665. [+] wp-statistics
  1666. | Location: https://mga.gov.sd/wp-content/plugins/wp-statistics/
  1667. | Last Updated: 2019-04-24T06:57:00.000Z
  1668. | [!] The version is out of date, the latest version is 12.6.4
  1669. |
  1670. | Detected By: Comment (Passive Detection)
  1671. |
  1672. | [!] 1 vulnerability identified:
  1673. |
  1674. | [!] Title: WP Statistics <= 12.6.3 - Cross-Site Scripting (XSS)
  1675. | Fixed in: 12.6.4
  1676. | References:
  1677. | - https://wpvulndb.com/vulnerabilities/9261
  1678. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10864
  1679. | - https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c
  1680. |
  1681. | Version: 12.6 (60% confidence)
  1682. | Detected By: Comment (Passive Detection)
  1683. | - https://mga.gov.sd/, Match: 'Analytics by WP-Statistics v12.6'
  1684.  
  1685. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
  1686. Checking Config Backups - Time: 00:00:02 <===> (21 / 21) 100.00% Time: 00:00:02
  1687.  
  1688. [i] No Config Backups Found.
  1689.  
  1690.  
  1691. [+] Finished: Mon Apr 29 12:13:35 2019
  1692. [+] Requests Done: 91
  1693. [+] Cached Requests: 6
  1694. [+] Data Sent: 20.692 KB
  1695. [+] Data Received: 944.714 KB
  1696. [+] Memory used: 177.352 MB
  1697. [+] Elapsed time: 00:00:37
  1698. #######################################################################################################################################
  1699. Anonymous JTSEC #OpSudan Full Recon #60
Advertisement
Add Comment
Please, Sign In to add comment