API tools faq
paste
JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #45

JTSEC1333
Mar 21st, 2019
423
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.28 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname www.sudarecboard.gov.sd ISP Server Central Network
  4. Continent North America Flag
  5. US
  6. Country United States Country Code US
  7. Region Illinois Local time 20 Mar 2019 22:56 CDT
  8. City Chicago Postal Code 60604
  9. IP Address 204.93.197.87 Latitude 41.878
  10. Longitude -87.638
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.sudarecboard.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. www.sudarecboard.gov.sd canonical name = sudarecboard.gov.sd.
  19. Name: sudarecboard.gov.sd
  20. Address: 204.93.197.87
  21. >
  22. #######################################################################################################################################
  23.  
  24. HostIP:204.93.197.87
  25. HostName:www.sudarecboard.gov.sd
  26.  
  27. Gathered Inet-whois information for 204.93.197.87
  28. ---------------------------------------------------------------------------------------------------------------------------------------
  29.  
  30.  
  31. inetnum: 204.48.34.0 - 204.225.217.255
  32. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  33. descr: IPv4 address block not managed by the RIPE NCC
  34. remarks: ------------------------------------------------------
  35. remarks:
  36. remarks: For registration information,
  37. remarks: you can consult the following sources:
  38. remarks:
  39. remarks: IANA
  40. remarks: http://www.iana.org/assignments/ipv4-address-space
  41. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  42. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  43. remarks:
  44. remarks: AFRINIC (Africa)
  45. remarks: http://www.afrinic.net/ whois.afrinic.net
  46. remarks:
  47. remarks: APNIC (Asia Pacific)
  48. remarks: http://www.apnic.net/ whois.apnic.net
  49. remarks:
  50. remarks: ARIN (Northern America)
  51. remarks: http://www.arin.net/ whois.arin.net
  52. remarks:
  53. remarks: LACNIC (Latin America and the Carribean)
  54. remarks: http://www.lacnic.net/ whois.lacnic.net
  55. remarks:
  56. remarks: ------------------------------------------------------
  57. country: EU # Country is really world wide
  58. admin-c: IANA1-RIPE
  59. tech-c: IANA1-RIPE
  60. status: ALLOCATED UNSPECIFIED
  61. mnt-by: RIPE-NCC-HM-MNT
  62. created: 2019-01-07T10:44:28Z
  63. last-modified: 2019-01-07T10:44:28Z
  64. source: RIPE
  65.  
  66. role: Internet Assigned Numbers Authority
  67. address: see http://www.iana.org.
  68. admin-c: IANA1-RIPE
  69. tech-c: IANA1-RIPE
  70. nic-hdl: IANA1-RIPE
  71. remarks: For more information on IANA services
  72. remarks: go to IANA web site at http://www.iana.org.
  73. mnt-by: RIPE-NCC-MNT
  74. created: 1970-01-01T00:00:00Z
  75. last-modified: 2001-09-22T09:31:27Z
  76. source: RIPE # Filtered
  77.  
  78. % This query was served by the RIPE Database Query Service version 1.93.2 (WAGYU)
  79.  
  80.  
  81.  
  82. Gathered Inic-whois information for sudarecboard.gov.sd
  83. ---------------------------------------------------------------------------------------------------------------------------------------
  84. Error: Unable to connect - Invalid Host
  85. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  86. close error
  87.  
  88. Gathered Netcraft information for www.sudarecboard.gov.sd
  89. ---------------------------------------------------------------------------------------------------------------------------------------
  90.  
  91. Retrieving Netcraft.com information for www.sudarecboard.gov.sd
  92. Netcraft.com Information gathered
  93.  
  94. Gathered Subdomain information for sudarecboard.gov.sd
  95. ---------------------------------------------------------------------------------------------------------------------------------------
  96. Searching Google.com:80...
  97. Searching Altavista.com:80...
  98. Found 0 possible subdomain(s) for host sudarecboard.gov.sd, Searched 0 pages containing 0 results
  99.  
  100. Gathered E-Mail information for sudarecboard.gov.sd
  101. ---------------------------------------------------------------------------------------------------------------------------------------
  102. Searching Google.com:80...
  103. Searching Altavista.com:80...
  104. Found 0 E-Mail(s) for host sudarecboard.gov.sd, Searched 0 pages containing 0 results
  105.  
  106. Gathered TCP Port information for 204.93.197.87
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Port State
  110.  
  111. 21/tcp open
  112. 53/tcp open
  113. 80/tcp open
  114. 110/tcp open
  115. 143/tcp open
  116.  
  117. Portscan Finished: Scanned 150 ports, 144 ports were in state closed
  118. #######################################################################################################################################
  119. [i] Scanning Site: http://www.sudarecboard.gov.sd
  120.  
  121.  
  122.  
  123. B A S I C I N F O
  124. =======================================================================================================================================
  125.  
  126.  
  127. [+] Site Title:
  128.  
  129.  
  130. مفوضية الإختيار للخدمة المدنية القومية
  131.  
  132.  
  133. [+] IP address: 204.93.197.87
  134. [+] Web Server: Could Not Detect
  135. [+] CMS: Could Not Detect
  136. [+] Cloudflare: Not Detected
  137. [+] Robots File: Could NOT Find robots.txt!
  138.  
  139.  
  140.  
  141.  
  142.  
  143.  
  144. G E O I P L O O K U P
  145. =======================================================================================================================================
  146.  
  147. [i] IP Address: 204.93.197.87
  148. [i] Country: United States
  149. [i] State: Illinois
  150. [i] City: Chicago
  151. [i] Latitude: 41.8785
  152. [i] Longitude: -87.633
  153.  
  154.  
  155.  
  156.  
  157. H T T P H E A D E R S
  158. =======================================================================================================================================
  159.  
  160.  
  161. [i] HTTP/1.1 200 OK
  162. [i] Date: Thu, 21 Mar 2019 04:05:51 GMT
  163. [i] Content-Type: text/html; charset=UTF-8
  164. [i] Connection: close
  165.  
  166.  
  167.  
  168.  
  169. D N S L O O K U P
  170. =======================================================================================================================================
  171.  
  172. sudarecboard.gov.sd. 14399 IN TXT "v=spf1 +a +mx +ip4:50.31.138.74 ~all"
  173. sudarecboard.gov.sd. 14399 IN MX 0 sudarecboard.gov.sd.
  174. sudarecboard.gov.sd. 21599 IN SOA ns1.nile-host.com. info.nile-host.com. 2019030700 86400 7200 3600000 86400
  175. sudarecboard.gov.sd. 21599 IN NS ns2.nile-host.com.
  176. sudarecboard.gov.sd. 21599 IN NS ns1.nile-host.com.
  177. sudarecboard.gov.sd. 14399 IN A 204.93.197.87
  178.  
  179.  
  180.  
  181.  
  182. S U B N E T C A L C U L A T I O N
  183. =======================================================================================================================================
  184.  
  185. Address = 204.93.197.87
  186. Network = 204.93.197.87 / 32
  187. Netmask = 255.255.255.255
  188. Broadcast = not needed on Point-to-Point links
  189. Wildcard Mask = 0.0.0.0
  190. Hosts Bits = 0
  191. Max. Hosts = 1 (2^0 - 0)
  192. Host Range = { 204.93.197.87 - 204.93.197.87 }
  193.  
  194.  
  195.  
  196. N M A P P O R T S C A N
  197. =======================================================================================================================================
  198.  
  199. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 04:05 UTC
  200. Nmap scan report for sudarecboard.gov.sd (204.93.197.87)
  201. Host is up (0.021s latency).
  202. rDNS record for 204.93.197.87: unknown.scnet.net
  203.  
  204. PORT STATE SERVICE
  205. 21/tcp open ftp
  206. 22/tcp closed ssh
  207. 23/tcp closed telnet
  208. 80/tcp open http
  209. 110/tcp open pop3
  210. 143/tcp open imap
  211. 443/tcp open https
  212. 3389/tcp closed ms-wbt-server
  213.  
  214. Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
  215. #######################################################################################################################################
  216. [?] Enter the target: example( http://domain.com )
  217. http://www.sudarecboard.gov.sd/
  218. [!] IP Address : 204.93.197.87
  219. [+] Operating System : cPanel"
  220. [!] www.sudarecboard.gov.sd doesn't seem to use a CMS
  221. [+] Honeypot Probabilty: 30%
  222. ---------------------------------------------------------------------------------------------------------------------------------------
  223. [~] Trying to gather whois information for www.sudarecboard.gov.sd
  224. [+] Whois information found
  225. [-] Unable to build response, visit https://who.is/whois/www.sudarecboard.gov.sd
  226. ---------------------------------------------------------------------------------------------------------------------------------------
  227. PORT STATE SERVICE
  228. 21/tcp open ftp
  229. 22/tcp closed ssh
  230. 23/tcp closed telnet
  231. 80/tcp open http
  232. 110/tcp open pop3
  233. 143/tcp open imap
  234. 443/tcp open https
  235. 3389/tcp closed ms-wbt-server
  236. Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
  237. ---------------------------------------------------------------------------------------------------------------------------------------
  238.  
  239. [+] DNS Records
  240. ns2.nile-host.com. (204.93.197.87) AS23352 Server Central Network United States
  241. ns1.nile-host.com. (204.93.197.87) AS23352 Server Central Network United States
  242.  
  243. [+] MX Records
  244. 0 (204.93.197.87) AS23352 Server Central Network United States
  245.  
  246. [+] Host Records (A)
  247. www.sudarecboard.gov.sd (unknown.scnet.net) (204.93.197.87) AS23352 Server Central Network United States
  248.  
  249. [+] TXT Records
  250. "v=spf1 +a +mx +ip4:50.31.138.74 ~all"
  251.  
  252. [+] DNS Map: https://dnsdumpster.com/static/map/sudarecboard.gov.sd.png
  253.  
  254. [>] Initiating 3 intel modules
  255. [>] Loading Alpha module (1/3)
  256. [>] Beta module deployed (2/3)
  257. [>] Gamma module initiated (3/3)
  258. No emails found
  259. No hosts found
  260. [+] Virtual hosts:
  261. ---------------------------------------------------------------------------------------------------------------------------------------
  262. #######################################################################################################################################
  263. =======================================================================================================================================
  264. | External hosts:
  265. | [+] External Host Found: https://www.youtube.com
  266. | [+] External Host Found: http://www.gnu.org
  267. | [+] External Host Found: http://www.niletech.sd
  268. | [+] External Host Found: https://cdnjs.cloudflare.com
  269. =======================================================================================================================================
  270. | E-mails:
  271. | [+] E-mail Found: mailman@www.sudarecboard.gov.sd
  272. | [+] E-mail Found: info@sudarecboard.gov.sd
  273. =======================================================================================================================================
  274. #######################################################################################################################################
  275. ; <<>> DiG 9.11.5-P4-1-Debian <<>> sudarecboard.gov.sd
  276. ;; global options: +cmd
  277. ;; Got answer:
  278. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50397
  279. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  280.  
  281. ;; OPT PSEUDOSECTION:
  282. ; EDNS: version: 0, flags:; udp: 4096
  283. ;; QUESTION SECTION:
  284. ;sudarecboard.gov.sd. IN A
  285.  
  286. ;; ANSWER SECTION:
  287. sudarecboard.gov.sd. 12896 IN A 204.93.197.87
  288.  
  289. ;; Query time: 31 msec
  290. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  291. ;; WHEN: jeu mar 21 00:52:31 EDT 2019
  292. ;; MSG SIZE rcvd: 64
  293. #######################################################################################################################################
  294. ; <<>> DiG 9.11.5-P4-1-Debian <<>> +trace sudarecboard.gov.sd
  295. ;; global options: +cmd
  296. . 81424 IN NS l.root-servers.net.
  297. . 81424 IN NS h.root-servers.net.
  298. . 81424 IN NS j.root-servers.net.
  299. . 81424 IN NS d.root-servers.net.
  300. . 81424 IN NS b.root-servers.net.
  301. . 81424 IN NS f.root-servers.net.
  302. . 81424 IN NS m.root-servers.net.
  303. . 81424 IN NS g.root-servers.net.
  304. . 81424 IN NS k.root-servers.net.
  305. . 81424 IN NS i.root-servers.net.
  306. . 81424 IN NS e.root-servers.net.
  307. . 81424 IN NS c.root-servers.net.
  308. . 81424 IN NS a.root-servers.net.
  309. . 81424 IN RRSIG NS 8 0 518400 20190402170000 20190320160000 16749 . YiwToY46XJeove752hZu0hNx0/6rk6uBWaKQvr+TOFPG4UJ8N68fyosS 9/ueF0dvtwp/l2ajGfALGwlozx0Emid9GSbEAEx8f/vDcpPkYHixJVD7 Id6SDV9r2ZXGD0664gwnXgCMuH6JQ6HGuUajXcxu1MukV9xsNyqjE8CB K2qn2ZEPwYDkK/2HcwtLtHx0tjI02J8DcP9ytvA0s0Pn/Dq8095OuRgF bsxXfkx1R9eufX8rjZalu69XEinb7mfHGyI4e0dCgrQmD3i+AIBhxuoq u74LhkzZ0jU25c6NsvkAIt1p1VoAazFm9E6CXczwxlzHwThgFpwo3dk0 GWdhTQ==
  310. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 37 ms
  311.  
  312. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  313. sd. 172800 IN NS ns1.uaenic.ae.
  314. sd. 172800 IN NS ns2.uaenic.ae.
  315. sd. 172800 IN NS ans1.sis.sd.
  316. sd. 172800 IN NS ans1.canar.sd.
  317. sd. 172800 IN NS ans2.canar.sd.
  318. sd. 172800 IN NS ns-sd.afrinic.net.
  319. sd. 86400 IN NSEC se. NS RRSIG NSEC
  320. sd. 86400 IN RRSIG NSEC 8 1 86400 20190402170000 20190320160000 16749 . BA2/7RE7tjyNd+ql4jrDDIsWSG3hBXLRATTd+cC9vPvggPrG5m9VzqB3 OCDhOiMGEJtQseTDwJhuIFCbTxLmUDgB8VX32wPlEFj5QCO3uowxnVfJ Q6Z6LbKhNudEo7T2X5SSLh4LjlOiSyRVavEbh01nFQtU8d8KNo7LnwZH AiLrbXhPwFsuevE2q9AGsh911dlxyFlk3s+EFI+dLMDdqCxST+R+HXtk TB4s3bqieLyM5/aucwHDPaxJQD47GslY68lAY/M3wSFb0u/N27fks+5q S0wKBrLOmVvsf6fmOQT475yLqGiyaYzM+undeKZnU0OFWHiw94Rw++o1 rR/DcQ==
  321. ;; Received 706 bytes from 192.203.230.10#53(e.root-servers.net) in 20 ms
  322.  
  323. ;; Received 76 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 222 ms
  324. #######################################################################################################################################
  325. [*] Performing General Enumeration of Domain: sudarecboard.gov.sd
  326. [-] DNSSEC is not configured for sudarecboard.gov.sd
  327. [*] SOA ns1.nile-host.com 204.93.197.87
  328. [*] NS ns1.nile-host.com 204.93.197.87
  329. [*] NS ns2.nile-host.com 198.38.89.166
  330. [*] MX sudarecboard.gov.sd 204.93.197.87
  331. [*] A sudarecboard.gov.sd 204.93.197.87
  332. [*] TXT sudarecboard.gov.sd v=spf1 +a +mx +ip4:50.31.138.74 ~all
  333. [*] Enumerating SRV Records
  334. [-] No SRV Records Found for sudarecboard.gov.sd
  335. [+] 0 Records Found
  336. #######################################################################################################################################
  337. ---------------------------------------------------------------------------------------------------------------------------------------
  338. + Target IP: 204.93.197.87
  339. + Target Hostname: www.sudarecboard.gov.sd
  340. + Target Port: 80
  341. + Start Time: 2019-03-21 00:28:39 (GMT-4)
  342. ---------------------------------------------------------------------------------------------------------------------------------------
  343. + Server: No banner retrieved
  344. + The anti-clickjacking X-Frame-Options header is not present.
  345. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  346. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  347. + Server banner has changed from '' to 'Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4' which may suggest a WAF, load balancer or proxy is in place
  348. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
  349. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  350. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
  351. + Scan terminated: 20 error(s) and 5 item(s) reported on remote host
  352. + End Time: 2019-03-21 00:48:04 (GMT-4) (1165 seconds)
  353. ---------------------------------------------------------------------------------------------------------------------------------------
  354. #######################################################################################################################################
  355. ---------------------------------------------------------------------------------------------------------------------------------------
  356. + Target IP: 204.93.197.87
  357. + Target Hostname: 204.93.197.87
  358. + Target Port: 443
  359. ---------------------------------------------------------------------------------------------------------------------------------------
  360. + SSL Info: Subject: /CN=nile-host.com
  361. Ciphers: ECDHE-RSA-AES256-GCM-SHA384
  362. Issuer: /CN=nile-host.com
  363. + Start Time: 2019-03-21 00:29:27 (GMT-4)
  364. ---------------------------------------------------------------------------------------------------------------------------------------
  365. + Server: Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4
  366. + The anti-clickjacking X-Frame-Options header is not present.
  367. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  368. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  369. + The site uses SSL and Expect-CT header is not present.
  370. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  371. + All CGI directories 'found', use '-C none' to test none
  372. + Apache/2.4.34 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
  373. + OpenSSL/1.0.2o appears to be outdated (current is at least 1.1.1). OpenSSL 1.0.0o and 0.9.8zc are also current.
  374. + Hostname '204.93.197.87' does not match certificate's names: nile-host.com
  375. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  376. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
  377. : Connection timed out
  378. + Scan terminated: 20 error(s) and 9 item(s) reported on remote host
  379. + End Time: 2019-03-21 00:48:04 (GMT-4) (1117 seconds)
  380. ---------------------------------------------------------------------------------------------------------------------------------------
  381. #######################################################################################################################################
  382. [*] Processing domain sudarecboard.gov.sd
  383. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  384. [+] Getting nameservers
  385. 198.38.89.166 - ns1.nile-host.com
  386. 204.93.197.87 - ns2.nile-host.com
  387. [-] Zone transfer failed
  388.  
  389. [+] TXT records found
  390. "v=spf1 +a +mx +ip4:50.31.138.74 ~all"
  391.  
  392. [+] MX records found, added to target list
  393. 0 sudarecboard.gov.sd.
  394.  
  395. [*] Scanning sudarecboard.gov.sd for A records
  396. 204.93.197.87 - sudarecboard.gov.sd
  397. 204.93.197.87 - cpanel.sudarecboard.gov.sd
  398. 204.93.197.87 - ftp.sudarecboard.gov.sd
  399. 127.0.0.1 - localhost.sudarecboard.gov.sd
  400. 204.93.197.87 - mail.sudarecboard.gov.sd
  401. 204.93.197.87 - webdisk.sudarecboard.gov.sd
  402. 204.93.197.87 - webmail.sudarecboard.gov.sd
  403. 204.93.197.87 - whm.sudarecboard.gov.sd
  404. 204.93.197.87 - www.sudarecboard.gov.sd
  405. #######################################################################################################################################
  406. [+] Testing domain
  407. www.sudarecboard.gov.sd 204.93.197.87
  408. [+] Dns resolving
  409. Domain name Ip address Name server
  410. sudarecboard.gov.sd 204.93.197.87 unknown.scnet.net
  411. Found 1 host(s) for sudarecboard.gov.sd
  412. [+] Testing wildcard
  413. Ok, no wildcard found.
  414.  
  415. [+] Scanning for subdomain on sudarecboard.gov.sd
  416. [!] Wordlist not specified. I scannig with my internal wordlist...
  417. Estimated time about 222.18 seconds
  418.  
  419. Subdomain Ip address Name server
  420.  
  421. ftp.sudarecboard.gov.sd 204.93.197.87 unknown.scnet.net
  422. localhost.sudarecboard.gov.sd 127.0.0.1 localhost
  423. mail.sudarecboard.gov.sd 204.93.197.87 unknown.scnet.net
  424. webmail.sudarecboard.gov.sd 204.93.197.87 unknown.scnet.net
  425. www.sudarecboard.gov.sd 204.93.197.87 unknown.scnet.net
  426. #######################################################################################################################################
  427. Ip Address Status Type Domain Name Server
  428. ---------- ------ ---- ----------- ------
  429. 204.93.197.87 200 host ftp.sudarecboard.gov.sd
  430. 127.0.0.1 host localhost.sudarecboard.gov.sd
  431. 204.93.197.87 200 alias mail.sudarecboard.gov.sd
  432. 204.93.197.87 200 host sudarecboard.gov.sd
  433. 204.93.197.87 host webmail.sudarecboard.gov.sd
  434. 204.93.197.87 alias www.sudarecboard.gov.sd
  435. 204.93.197.87 host sudarecboard.gov.sd
  436. #######################################################################################################################################
  437. dnsenum VERSION:1.2.4
  438.  
  439. ----- www.sudarecboard.gov.sd -----
  440.  
  441.  
  442. Host's addresses:
  443. __________________
  444.  
  445. sudarecboard.gov.sd. 14399 IN A 204.93.197.87
  446.  
  447.  
  448. Name Servers:
  449. ______________
  450.  
  451. ns1.nile-host.com. 86399 IN A 198.38.89.166
  452. ns2.nile-host.com. 14400 IN A 204.93.197.87
  453.  
  454.  
  455. Mail (MX) Servers:
  456. ___________________
  457.  
  458. sudarecboard.gov.sd. 14400 IN A 204.93.197.87
  459.  
  460.  
  461. Trying Zone Transfers and getting Bind Versions:
  462. _________________________________________________
  463.  
  464.  
  465. Trying Zone Transfer for www.sudarecboard.gov.sd on ns1.nile-host.com ...
  466.  
  467. Trying Zone Transfer for www.sudarecboard.gov.sd on ns2.nile-host.com ...
  468.  
  469. brute force file not specified, bay.
  470. #######################################################################################################################################
  471. ===============================================
  472. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  473. ===============================================
  474.  
  475.  
  476. Running Source: Ask
  477. Running Source: Archive.is
  478. Running Source: Baidu
  479. Running Source: Bing
  480. Running Source: CertDB
  481. Running Source: CertificateTransparency
  482. Running Source: Certspotter
  483. Running Source: Commoncrawl
  484. Running Source: Crt.sh
  485. Running Source: Dnsdb
  486. Running Source: DNSDumpster
  487. Running Source: DNSTable
  488. Running Source: Dogpile
  489. Running Source: Exalead
  490. Running Source: Findsubdomains
  491. Running Source: Googleter
  492. Running Source: Hackertarget
  493. Running Source: Ipv4Info
  494. Running Source: PTRArchive
  495. Running Source: Sitedossier
  496. Running Source: Threatcrowd
  497. Running Source: ThreatMiner
  498. Running Source: WaybackArchive
  499. Running Source: Yahoo
  500.  
  501. Running enumeration on www.sudarecboard.gov.sd
  502.  
  503. dnsdb: Unexpected return status 503
  504.  
  505. dogpile: Get https://www.dogpile.com/search/web?q=www.sudarecboard.gov.sd&qsi=1: EOF
  506.  
  507. waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.www.sudarecboard.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.www.sudarecboard.gov.sd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
  508.  
  509.  
  510. Starting Bruteforcing of www.sudarecboard.gov.sd with 9985 words
  511.  
  512. Total 1 Unique subdomains found for www.sudarecboard.gov.sd
  513.  
  514. .www.sudarecboard.gov.sd
  515. #######################################################################################################################################
  516. [*] Processing domain www.sudarecboard.gov.sd
  517. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  518. [+] Getting nameservers
  519. 204.93.197.87 - ns2.nile-host.com
  520. 198.38.89.166 - ns1.nile-host.com
  521. [-] Zone transfer failed
  522.  
  523. [+] TXT records found
  524. "v=spf1 +a +mx +ip4:50.31.138.74 ~all"
  525.  
  526. [+] MX records found, added to target list
  527. 0 sudarecboard.gov.sd.
  528.  
  529. [*] Scanning www.sudarecboard.gov.sd for A records
  530. 204.93.197.87 - www.sudarecboard.gov.sd
  531. #######################################################################################################################################
  532. [*] Found SPF record:
  533. [*] v=spf1 +a +mx +ip4:50.31.138.74 ~all
  534. [*] SPF record contains an All item: ~all
  535. [*] No DMARC record found. Looking for organizational record
  536. [+] No organizational DMARC record
  537. [+] Spoofing possible for www.sudarecboard.gov.sd!
  538. #######################################################################################################################################
  539. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 01:02 EDT
  540. Nmap scan report for www.sudarecboard.gov.sd (204.93.197.87)
  541. Host is up (0.25s latency).
  542. rDNS record for 204.93.197.87: unknown.scnet.net
  543. Not shown: 461 closed ports, 1 filtered port
  544. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  545. PORT STATE SERVICE
  546. 21/tcp open ftp
  547. 53/tcp open domain
  548. 80/tcp open http
  549. 110/tcp open pop3
  550. 143/tcp open imap
  551. 443/tcp open https
  552. 465/tcp open smtps
  553. 587/tcp open submission
  554. 993/tcp open imaps
  555. 995/tcp open pop3s
  556. 2000/tcp open cisco-sccp
  557. 2222/tcp open EtherNetIP-1
  558. 3306/tcp open mysql
  559. 5060/tcp open sip
  560. #######################################################################################################################################
  561. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 01:02 EDT
  562. Nmap scan report for www.sudarecboard.gov.sd (204.93.197.87)
  563. Host is up (0.21s latency).
  564. rDNS record for 204.93.197.87: unknown.scnet.net
  565. Not shown: 11 closed ports, 2 filtered ports
  566. PORT STATE SERVICE
  567. 53/udp open domain
  568. #######################################################################################################################################
  569. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 01:02 EDT
  570. Nmap scan report for www.sudarecboard.gov.sd (204.93.197.87)
  571. Host is up (0.24s latency).
  572. rDNS record for 204.93.197.87: unknown.scnet.net
  573.  
  574. PORT STATE SERVICE VERSION
  575. 21/tcp open ftp Pure-FTPd
  576. | ftp-brute:
  577. | Accounts: No valid accounts found
  578. |_ Statistics: Performed 3451 guesses in 185 seconds, average tps: 18.9
  579. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  580. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 3.4 (94%), WatchGuard Fireware 11.8 (94%), Synology DiskStation Manager 5.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.10 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 or 3.10 (93%), Linux 2.6.39 (93%), Linux 2.6.32 - 2.6.39 (92%)
  581. No exact OS matches for host (test conditions non-ideal).
  582. Network Distance: 17 hops
  583.  
  584. TRACEROUTE (using port 21/tcp)
  585. HOP RTT ADDRESS
  586. 1 119.87 ms 10.253.200.1
  587. 2 119.92 ms 185.189.150.49
  588. 3 120.18 ms hu-b69-10gigabit-slx9540.datasource.ch (91.201.56.132)
  589. 4 121.18 ms te0-2-1-3.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.14.212.145)
  590. 5 121.47 ms be3592.ccr52.zrh02.atlas.cogentco.com (154.54.37.150)
  591. 6 129.44 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
  592. 7 134.98 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
  593. 8 131.96 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
  594. 9 131.59 ms tata.fra03.atlas.cogentco.com (130.117.15.150)
  595. 10 236.75 ms xe-7-0-1.cr2-chi1.ip4.gtt.net (89.149.131.161)
  596. 11 236.41 ms as23352.chi12.ip4.gtt.net (199.229.229.214)
  597. 12 236.77 ms 0.ae4.cr1.ord6.scnet.net (204.93.204.85)
  598. 13 239.20 ms 71.ae1.ar1.ord6.scnet.net (204.93.204.153)
  599. 14 236.75 ms 50.31.129.170
  600. 15 236.88 ms 198.38.80.105
  601. 16 236.83 ms ovz297.my-virtual-panel.com (198.38.88.64)
  602. 17 236.88 ms unknown.scnet.net (204.93.197.87)
  603. #######################################################################################################################################
  604. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 01:05 EDT
  605. Nmap scan report for www.sudarecboard.gov.sd (204.93.197.87)
  606. Host is up (0.24s latency).
  607. rDNS record for 204.93.197.87: unknown.scnet.net
  608.  
  609. PORT STATE SERVICE VERSION
  610. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  611. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  612. | dns-nsec-enum:
  613. |_ No NSEC records found
  614. | dns-nsec3-enum:
  615. |_ DNSSEC NSEC3 not supported
  616. | dns-nsid:
  617. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6
  618. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  619. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 or 3.10 (94%), WatchGuard Fireware 11.8 (94%), Synology DiskStation Manager 5.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 2.6.39 (93%), Linux 3.10 (93%), Linux 3.1 - 3.2 (92%), Linux 3.4 (92%), Linux 2.6.32 - 2.6.39 (92%)
  620. No exact OS matches for host (test conditions non-ideal).
  621. Network Distance: 17 hops
  622. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  623.  
  624. Host script results:
  625. | dns-blacklist:
  626. | SPAM
  627. |_ l2.apews.org - SPAM
  628. | dns-brute:
  629. | DNS Brute-force hostnames:
  630. | mail.sudarecboard.gov.sd - 204.93.197.87
  631. | www.sudarecboard.gov.sd - 204.93.197.87
  632. |_ ftp.sudarecboard.gov.sd - 204.93.197.87
  633.  
  634. TRACEROUTE (using port 53/tcp)
  635. HOP RTT ADDRESS
  636. 1 119.26 ms 10.253.200.1
  637. 2 119.31 ms 185.189.150.49
  638. 3 119.64 ms hu-b69-10gigabit-slx9540.datasource.ch (91.201.56.132)
  639. 4 120.84 ms te0-2-1-3.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.14.212.145)
  640. 5 120.92 ms be3592.ccr52.zrh02.atlas.cogentco.com (154.54.37.150)
  641. 6 127.95 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
  642. 7 133.02 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
  643. 8 130.95 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
  644. 9 131.29 ms tata.fra03.atlas.cogentco.com (130.117.15.150)
  645. 10 247.02 ms xe-7-0-1.cr2-chi1.ip4.gtt.net (89.149.131.161)
  646. 11 235.23 ms as23352.chi12.ip4.gtt.net (199.229.229.214)
  647. 12 236.06 ms 0.ae11.cr1.ord6.scnet.net (204.93.204.73)
  648. 13 236.11 ms 71.ae1.ar2.ord6.scnet.net (204.93.204.157)
  649. 14 236.05 ms 50.31.129.170
  650. 15 236.12 ms 198.38.80.105
  651. 16 236.11 ms ovz297.my-virtual-panel.com (198.38.88.64)
  652. 17 236.20 ms unknown.scnet.net (204.93.197.87)
  653. #######################################################################################################################################
  654. wig - WebApp Information Gatherer
  655.  
  656.  
  657. Scanning http://www.sudarecboard.gov.sd...
  658. _________________ SITE INFO _________________
  659. IP Title
  660. 204.93.197.87 مفوضية الإختيار للخدمة المدن
  661.  
  662. __________________ VERSION __________________
  663. Name Versions Type
  664. Apache 2.4.34 Platform
  665. mod_bwlimited 1.4 Platform
  666. openssl 1.0.2o Platform
  667. jQuery 1.10.2 JavaScript
  668.  
  669. ________________ INTERESTING ________________
  670. URL Note Type
  671. /test.php Test file Interesting
  672.  
  673. _____________________________________________
  674. Time: 3.7 sec Urls: 697 Fingerprints: 40401
  675. #######################################################################################################################################
  676. HTTP/1.1 200 OK
  677. Date: Thu, 21 Mar 2019 05:07:04 GMT
  678. Content-Type: text/html; charset=UTF-8
  679. Connection: keep-alive
  680.  
  681. HTTP/1.1 200 OK
  682. Date: Thu, 21 Mar 2019 05:07:05 GMT
  683. Content-Type: text/html; charset=UTF-8
  684. Connection: keep-alive
  685. #######################################################################################################################################
  686. Modernizr
  687. Google Font API
  688. jQuery UI 1
  689. Bootstrap
  690. YouTube
  691. Microsoft ASP.NET
  692. jQuery 1
  693. #######################################################################################################################################
  694. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 01:07 EDT
  695. Nmap scan report for www.sudarecboard.gov.sd (204.93.197.87)
  696. Host is up (0.15s latency).
  697. rDNS record for 204.93.197.87: unknown.scnet.net
  698.  
  699. PORT STATE SERVICE VERSION
  700. 110/tcp open pop3 Dovecot pop3d
  701. | pop3-brute:
  702. | Accounts: No valid accounts found
  703. | Statistics: Performed 185 guesses in 171 seconds, average tps: 1.0
  704. |_ ERROR: Failed to connect.
  705. |_pop3-capabilities: RESP-CODES TOP SASL(PLAIN LOGIN) CAPA USER AUTH-RESP-CODE PIPELINING UIDL STLS
  706. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  707. Device type: general purpose|firewall|storage-misc|VoIP phone|WAP
  708. Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (94%), WatchGuard Fireware 11.X (94%), Synology DiskStation Manager 5.X (94%), Grandstream embedded (89%)
  709. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:linux:linux_kernel:4.4 cpe:/h:grandstream:gxv3275 cpe:/o:linux:linux_kernel:2.4.20
  710. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 or 3.10 (94%), Linux 2.6.39 (94%), WatchGuard Fireware 11.8 (94%), Synology DiskStation Manager 5.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.1 - 3.2 (93%), Linux 3.4 (93%), Linux 3.10 (93%), Linux 2.6.32 - 2.6.39 (92%)
  711. No exact OS matches for host (test conditions non-ideal).
  712. Network Distance: 1 hop
  713.  
  714. TRACEROUTE (using port 80/tcp)
  715. HOP RTT ADDRESS
  716. 1 131.22 ms unknown.scnet.net (204.93.197.87)
  717. #######################################################################################################################################
  718. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 01:17 EDT
  719. Nmap scan report for www.sudarecboard.gov.sd (204.93.197.87)
  720. Host is up.
  721. rDNS record for 204.93.197.87: unknown.scnet.net
  722.  
  723. PORT STATE SERVICE VERSION
  724. 3306/tcp filtered mysql
  725. Too many fingerprints match this host to give specific OS details
  726.  
  727. TRACEROUTE (using proto 1/icmp)
  728. HOP RTT ADDRESS
  729. 1 119.16 ms 10.253.200.1
  730. 2 119.35 ms 185.189.150.49
  731. 3 119.54 ms hu-b69-10gigabit-slx9540.datasource.ch (91.201.56.132)
  732. 4 120.58 ms te0-2-1-3.rcr51.b021037-0.zrh02.atlas.cogentco.com (149.14.212.145)
  733. 5 121.00 ms be3591.ccr51.zrh02.atlas.cogentco.com (130.117.50.182)
  734. 6 126.75 ms be3072.ccr21.muc03.atlas.cogentco.com (130.117.0.18)
  735. 7 131.99 ms be2959.ccr41.fra03.atlas.cogentco.com (154.54.36.53)
  736. 8 131.81 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
  737. 9 132.03 ms tata.fra03.atlas.cogentco.com (130.117.15.150)
  738. 10 237.08 ms xe-7-0-1.cr2-chi1.ip4.gtt.net (89.149.131.161)
  739. 11 234.63 ms as23352.chi12.ip4.gtt.net (199.229.229.214)
  740. 12 235.15 ms 0.ae11.cr1.ord6.scnet.net (204.93.204.73)
  741. 13 241.56 ms 71.ae1.ar2.ord6.scnet.net (204.93.204.157)
  742. 14 241.53 ms 50.31.129.170
  743. 15 ... 30
  744.  
  745. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  746. Nmap done: 1 IP address (1 host up) scanned in 21.14 seconds
  747. #######################################################################################################################################
  748. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 08:34 EDT
  749. Nmap scan report for unknown.scnet.net (204.93.197.87)
  750. Host is up (0.043s latency).
  751. Not shown: 461 closed ports, 1 filtered port
  752. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  753. PORT STATE SERVICE
  754. 21/tcp open ftp
  755. 53/tcp open domain
  756. 80/tcp open http
  757. 110/tcp open pop3
  758. 143/tcp open imap
  759. 443/tcp open https
  760. 465/tcp open smtps
  761. 587/tcp open submission
  762. 993/tcp open imaps
  763. 995/tcp open pop3s
  764. 2000/tcp open cisco-sccp
  765. 2222/tcp open EtherNetIP-1
  766. 3306/tcp open mysql
  767. 5060/tcp open sip
  768. #######################################################################################################################################
  769. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 08:34 EDT
  770. Nmap scan report for unknown.scnet.net (204.93.197.87)
  771. Host is up (0.039s latency).
  772. Not shown: 11 closed ports, 2 filtered ports
  773. PORT STATE SERVICE
  774. 53/udp open domain
  775. #######################################################################################################################################
  776. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 08:34 EDT
  777. Nmap scan report for unknown.scnet.net (204.93.197.87)
  778. Host is up (0.042s latency).
  779.  
  780. PORT STATE SERVICE VERSION
  781. 21/tcp open ftp Pure-FTPd
  782. | ftp-brute:
  783. | Accounts: No valid accounts found
  784. |_ Statistics: Performed 524 guesses in 184 seconds, average tps: 2.6
  785. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  786. Device type: general purpose|storage-misc|firewall|VoIP phone|WAP
  787. Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (94%), Synology DiskStation Manager 5.X (94%), WatchGuard Fireware 11.X (93%), Grandstream embedded (90%)
  788. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/h:grandstream:gxv3275 cpe:/o:linux:linux_kernel:4.2 cpe:/o:linux:linux_kernel:2.4.20
  789. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.39 (94%), Linux 3.4 (94%), Synology DiskStation Manager 5.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.10 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 or 3.10 (93%), WatchGuard Fireware 11.8 (93%), Linux 2.6.32 - 2.6.39 (92%)
  790. No exact OS matches for host (test conditions non-ideal).
  791. Network Distance: 14 hops
  792.  
  793. TRACEROUTE (using port 21/tcp)
  794. HOP RTT ADDRESS
  795. 1 20.72 ms 10.248.200.1
  796. 2 21.07 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  797. 3 25.95 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  798. 4 21.38 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  799. 5 24.94 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  800. 6 24.93 ms ae6.cr0-mtl1.ip4.gtt.net (173.205.62.37)
  801. 7 41.91 ms xe-7-2-2.cr2-chi1.ip4.gtt.net (89.149.187.182)
  802. 8 41.90 ms as23352.chi12.ip4.gtt.net (199.229.229.214)
  803. 9 44.56 ms 0.ae11.cr1.ord6.scnet.net (204.93.204.73)
  804. 10 44.59 ms 71.ae1.ar2.ord6.scnet.net (204.93.204.157)
  805. 11 44.58 ms 50.31.129.142
  806. 12 44.63 ms 198.38.80.105
  807. 13 44.65 ms ovz297.my-virtual-panel.com (198.38.88.64)
  808. 14 44.65 ms unknown.scnet.net (204.93.197.87)
  809. #######################################################################################################################################
  810. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 08:37 EDT
  811. Nmap scan report for unknown.scnet.net (204.93.197.87)
  812. Host is up (0.041s latency).
  813.  
  814. PORT STATE SERVICE VERSION
  815. 53/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
  816. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  817. | dns-nsec-enum:
  818. |_ No NSEC records found
  819. | dns-nsec3-enum:
  820. |_ DNSSEC NSEC3 not supported
  821. | dns-nsid:
  822. |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6
  823. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  824. Device type: general purpose|storage-misc|firewall|VoIP phone|WAP
  825. Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (94%), Synology DiskStation Manager 5.X (94%), WatchGuard Fireware 11.X (93%), Grandstream embedded (90%)
  826. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/h:grandstream:gxv3275 cpe:/o:linux:linux_kernel:4.2 cpe:/o:linux:linux_kernel:2.4.20
  827. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.39 (94%), Linux 3.4 (94%), Synology DiskStation Manager 5.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.10 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 or 3.10 (93%), WatchGuard Fireware 11.8 (93%), Linux 2.6.32 - 2.6.39 (92%)
  828. No exact OS matches for host (test conditions non-ideal).
  829. Network Distance: 14 hops
  830. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
  831.  
  832. Host script results:
  833. | dns-blacklist:
  834. | SPAM
  835. |_ l2.apews.org - SPAM
  836. | dns-brute:
  837. | DNS Brute-force hostnames:
  838. | ns1.scnet.net - 64.202.97.3
  839. | ns2.scnet.net - 64.202.97.4
  840. |_ www.scnet.net - 96.126.123.63
  841.  
  842. TRACEROUTE (using port 53/tcp)
  843. HOP RTT ADDRESS
  844. 1 21.35 ms 10.248.200.1
  845. 2 22.99 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  846. 3 25.33 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  847. 4 20.15 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  848. 5 25.17 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
  849. 6 25.15 ms ae6.cr0-mtl1.ip4.gtt.net (173.205.62.37)
  850. 7 43.57 ms xe-7-2-2.cr2-chi1.ip4.gtt.net (89.149.187.182)
  851. 8 41.74 ms as23352.chi12.ip4.gtt.net (199.229.229.214)
  852. 9 44.22 ms 0.ae11.cr1.ord6.scnet.net (204.93.204.73)
  853. 10 60.40 ms 71.ae1.ar2.ord6.scnet.net (204.93.204.157)
  854. 11 44.00 ms 50.31.129.170
  855. 12 44.29 ms 198.38.80.105
  856. 13 44.29 ms ovz297.my-virtual-panel.com (198.38.88.64)
  857. 14 44.37 ms unknown.scnet.net (204.93.197.87)
  858. #######################################################################################################################################
  859. wig - WebApp Information Gatherer
  860.  
  861.  
  862. Scanning http://204.93.197.87...
  863. _________________ SITE INFO _________________
  864. IP Title
  865. 204.93.197.87
  866.  
  867. __________________ VERSION __________________
  868. Name Versions Type
  869. Apache 2.4.34 Platform
  870. mod_bwlimited 1.4 Platform
  871. openssl 1.0.2o Platform
  872.  
  873. _____________________________________________
  874. Time: 1.9 sec Urls: 599 Fingerprints: 40401
  875. #######################################################################################################################################
  876. HTTP/1.1 200 OK
  877. Date: Thu, 21 Mar 2019 12:38:10 GMT
  878. Last-Modified: Fri, 13 Jul 2018 10:05:47 GMT
  879. ETag: "4b-570de9faef9ca"
  880. Accept-Ranges: bytes
  881. Content-Length: 75
  882. Content-Type: text/html
  883. Connection: keep-alive
  884.  
  885. HTTP/1.1 200 OK
  886. Date: Thu, 21 Mar 2019 12:38:11 GMT
  887. Last-Modified: Fri, 13 Jul 2018 10:05:47 GMT
  888. ETag: "4b-570de9faef9ca"
  889. Accept-Ranges: bytes
  890. Content-Length: 75
  891. Content-Type: text/html
  892. Connection: keep-alive
  893. #######################################################################################################################################
  894. Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-21 08:38 EDT
  895. Nmap scan report for unknown.scnet.net (204.93.197.87)
  896. Host is up (0.025s latency).
  897.  
  898. PORT STATE SERVICE VERSION
  899. 110/tcp open pop3 Dovecot pop3d
  900. | pop3-brute:
  901. | Accounts: No valid accounts found
  902. |_ Statistics: Performed 225 guesses in 189 seconds, average tps: 1.1
  903. |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN) UIDL CAPA USER PIPELINING STLS TOP RESP-CODES
  904. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  905. Device type: general purpose|storage-misc|firewall|VoIP phone|WAP
  906. Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (94%), Synology DiskStation Manager 5.X (94%), WatchGuard Fireware 11.X (93%), Grandstream embedded (90%)
  907. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8 cpe:/h:grandstream:gxv3275 cpe:/o:linux:linux_kernel:4.2 cpe:/o:linux:linux_kernel:2.4.20
  908. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.39 (94%), Linux 3.4 (94%), Synology DiskStation Manager 5.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.10 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 or 3.10 (93%), WatchGuard Fireware 11.8 (93%), Linux 2.6.32 - 2.6.39 (92%)
  909. No exact OS matches for host (test conditions non-ideal).
  910. Network Distance: 1 hop
  911.  
  912. TRACEROUTE (using port 80/tcp)
  913. HOP RTT ADDRESS
  914. 1 21.17 ms unknown.scnet.net (204.93.197.87)
  915. #######################################################################################################################################
  916. Version: 1.11.12-static
  917. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  918.  
  919. Connected to 204.93.197.87
  920.  
  921. Testing SSL server 204.93.197.87 on port 443 using SNI name 204.93.197.87
  922.  
  923. TLS Fallback SCSV:
  924. Server supports TLS Fallback SCSV
  925.  
  926. TLS renegotiation:
  927. Secure session renegotiation supported
  928.  
  929. TLS Compression:
  930. Compression disabled
  931.  
  932. Heartbleed:
  933. TLS 1.2 not vulnerable to heartbleed
  934. TLS 1.1 not vulnerable to heartbleed
  935. TLS 1.0 not vulnerable to heartbleed
  936.  
  937. Supported Server Cipher(s):
  938. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  939. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  940. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  941. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  942. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  943. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  944. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  945. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  946. Accepted TLSv1.2 256 bits AES256-SHA256
  947. Accepted TLSv1.2 256 bits AES256-SHA
  948. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  949. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  950. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  951. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  952. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  953. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  954. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  955. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  956. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  957. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  958. Accepted TLSv1.2 128 bits AES128-SHA256
  959. Accepted TLSv1.2 128 bits AES128-SHA
  960. Accepted TLSv1.2 128 bits SEED-SHA
  961. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  962. Accepted TLSv1.2 128 bits IDEA-CBC-SHA
  963. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  964. Accepted TLSv1.2 128 bits RC4-SHA
  965. Accepted TLSv1.2 128 bits RC4-MD5
  966. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  967. Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  968. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  969. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  970. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  971. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  972. Accepted TLSv1.1 256 bits AES256-SHA
  973. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  974. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  975. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  976. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  977. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  978. Accepted TLSv1.1 128 bits AES128-SHA
  979. Accepted TLSv1.1 128 bits SEED-SHA
  980. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  981. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
  982. Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  983. Accepted TLSv1.1 128 bits RC4-SHA
  984. Accepted TLSv1.1 128 bits RC4-MD5
  985. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  986. Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  987. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  988. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  989. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  990. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  991. Accepted TLSv1.0 256 bits AES256-SHA
  992. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  993. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  994. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  995. Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
  996. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  997. Accepted TLSv1.0 128 bits AES128-SHA
  998. Accepted TLSv1.0 128 bits SEED-SHA
  999. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1000. Accepted TLSv1.0 128 bits IDEA-CBC-SHA
  1001. Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
  1002. Accepted TLSv1.0 128 bits RC4-SHA
  1003. Accepted TLSv1.0 128 bits RC4-MD5
  1004. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1005. Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
  1006. Accepted TLSv1.0 112 bits DES-CBC3-SHA
  1007.  
  1008. SSL Certificate:
  1009. Signature Algorithm: sha256WithRSAEncryption
  1010. RSA Key Strength: 2048
  1011.  
  1012. Subject: nile-host.com
  1013. Altnames: DNS:nile-host.com, DNS:mail.nile-host.com, DNS:www.nile-host.com
  1014. Issuer: nile-host.com
  1015.  
  1016. Not valid before: Jul 13 08:13:49 2018 GMT
  1017. Not valid after: Jul 13 08:13:49 2019 GMT
  1018. #######################################################################################################################################
  1019. Anonymous JTSEC #OpSudan Full Recon #45
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!