API tools faq
paste
Advertisement
JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #61

JTSEC1333
Apr 29th, 2019
1,549
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 53.67 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname www.nmsf.gov.sd ISP Paragon Internet Group Limited
  4. Continent Europe Flag
  5. GB
  6. Country United Kingdom Country Code GB
  7. Region Unknown Local time 29 Apr 2019 20:45 BST
  8. City Unknown Postal Code Unknown
  9. IP Address 87.247.241.39 Latitude 51.496
  10. Longitude -0.122
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.nmsf.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. www.nmsf.gov.sd canonical name = nmsf.gov.sd.
  19. Name: nmsf.gov.sd
  20. Address: 87.247.241.39
  21. >
  22. #######################################################################################################################################
  23. HostIP:87.247.241.39
  24. HostName:www.nmsf.gov.sd
  25.  
  26. Gathered Inet-whois information for 87.247.241.39
  27. ---------------------------------------------------------------------------------------------------------------------------------------
  28.  
  29.  
  30. inetnum: 87.247.240.0 - 87.247.247.255
  31. netname: UK-PARAGON-20060203
  32. country: GB
  33. org: ORG-PIGL2-RIPE
  34. admin-c: PAR487-RIPE
  35. tech-c: PAR487-RIPE
  36. status: ALLOCATED PA
  37. mnt-by: RIPE-NCC-HM-MNT
  38. mnt-by: PARAGON-MNT
  39. mnt-lower: PARAGON-MNT
  40. mnt-routes: PARAGON-MNT
  41. created: 2006-02-03T12:53:28Z
  42. last-modified: 2017-07-06T09:37:09Z
  43. source: RIPE
  44.  
  45. organisation: ORG-PIGL2-RIPE
  46. org-name: Paragon Internet Group Limited
  47. org-type: LIR
  48. address: 113 - 114 Buckingham Avenue
  49. address: SL1 4PF
  50. address: Slough
  51. address: UNITED KINGDOM
  52. phone: +441628200161
  53. mnt-ref: RIPE-NCC-HM-MNT
  54. mnt-ref: PARAGON-MNT
  55. mnt-by: RIPE-NCC-HM-MNT
  56. mnt-by: PARAGON-MNT
  57. admin-c: PAR487-RIPE
  58. abuse-c: PA7585-RIPE
  59. created: 2014-03-26T09:42:08Z
  60. last-modified: 2018-06-13T10:27:57Z
  61. source: RIPE # Filtered
  62.  
  63. person: Paragon NOC
  64. address: 113-114 Buckingham Avenue
  65. address: Slough
  66. address: SL1 4PF
  67. phone: +44(0)1628 200 161
  68. nic-hdl: PAR487-RIPE
  69. mnt-by: PARAGON-MNT
  70. created: 2017-07-06T09:33:58Z
  71. last-modified: 2017-07-06T09:33:58Z
  72. source: RIPE
  73.  
  74. % Information related to '87.247.240.0/21AS198047'
  75.  
  76. route: 87.247.240.0/21
  77. origin: AS198047
  78. mnt-by: PARAGON-MNT
  79. created: 2017-07-05T11:24:46Z
  80. last-modified: 2017-07-05T11:24:46Z
  81. source: RIPE
  82.  
  83. % This query was served by the RIPE Database Query Service version 1.93.2 (ANGUS)
  84.  
  85.  
  86.  
  87. Gathered Inic-whois information for nmsf.gov.sd
  88. ---------------------------------------------------------------------------------------------------------------------------------------
  89. Error: Unable to connect - Invalid Host
  90. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  91. close error
  92.  
  93. Gathered Netcraft information for www.nmsf.gov.sd
  94. ---------------------------------------------------------------------------------------------------------------------------------------
  95.  
  96. Retrieving Netcraft.com information for www.nmsf.gov.sd
  97. Netcraft.com Information gathered
  98.  
  99. Gathered Subdomain information for nmsf.gov.sd
  100. ---------------------------------------------------------------------------------------------------------------------------------------
  101. Searching Google.com:80...
  102. HostName:www.nmsf.gov.sd
  103. HostIP:87.247.241.39
  104. HostName:aitc.nmsf.gov.sd
  105. HostIP:87.247.241.39
  106. Searching Altavista.com:80...
  107. Found 2 possible subdomain(s) for host nmsf.gov.sd, Searched 0 pages containing 0 results
  108.  
  109. Gathered E-Mail information for nmsf.gov.sd
  110. ---------------------------------------------------------------------------------------------------------------------------------------
  111. Searching Google.com:80...
  112. Searching Altavista.com:80...
  113. Found 0 E-Mail(s) for host nmsf.gov.sd, Searched 0 pages containing 0 results
  114.  
  115. Gathered TCP Port information for 87.247.241.39
  116. ---------------------------------------------------------------------------------------------------------------------------------------
  117.  
  118. Port State
  119.  
  120. 21/tcp open
  121. 22/tcp open
  122. 53/tcp open
  123. 80/tcp open
  124. 110/tcp open
  125. 143/tcp open
  126.  
  127. Portscan Finished: Scanned 150 ports, 3 ports were in state closed
  128. #######################################################################################################################################
  129. [i] Scanning Site: http://www.nmsf.gov.sd
  130.  
  131.  
  132.  
  133. B A S I C I N F O
  134. =======================================================================================================================================
  135.  
  136.  
  137. [+] Site Title:
  138. الصندوق القومي للإمدادات الطبية
  139.  
  140. [+] IP address: 87.247.241.39
  141. [+] Web Server: Could Not Detect
  142. [+] CMS: Could Not Detect
  143. [+] Cloudflare: Not Detected
  144. [+] Robots File: Found
  145.  
  146. -------------[ contents ]----------------
  147. User-agent: *
  148. Disallow:
  149.  
  150. -----------[end of contents]-------------
  151.  
  152.  
  153.  
  154.  
  155.  
  156.  
  157.  
  158. G E O I P L O O K U P
  159. =======================================================================================================================================
  160.  
  161. [i] IP Address: 87.247.241.39
  162. [i] Country: United Kingdom
  163. [i] State:
  164. [i] City:
  165. [i] Latitude: 51.4964
  166. [i] Longitude: -0.1224
  167.  
  168.  
  169.  
  170.  
  171. H T T P H E A D E R S
  172. =======================================================================================================================================
  173.  
  174.  
  175. [i] HTTP/1.1 200 OK
  176. [i] Date: Mon, 29 Apr 2019 19:51:02 GMT
  177. [i] Cache-Control: no-cache
  178. [i] Set-Cookie: laravel_session=eyJpdiI6IndMaGxGUE9URVdUclY5aEVrYUFWWWc9PSIsInZhbHVlIjoid3pWanRrUlNRS0ttZEd3V2VhejdRNkk5VEk4QkNOSFVDUnFRSUtwcjQ0dUNpY1wvNnlJaHFXSDd0MFI5VFdJclBmQnFcL3RhWncwcTJzVFlkTHRWa0thdz09IiwibWFjIjoiMTFmYmQzY2FkZjJjYzkyYzY3MmU1ZGE5OTM3NDdkNjhkYmM1MTY5NDk2MDM1NjVmZDNmNmM5MDFkZjU3Y2M0NSJ9; expires=Mon, 29-Apr-2019 21:51:02 GMT; Max-Age=7200; path=/; HttpOnly
  179. [i] Content-Type: text/html; charset=UTF-8
  180. [i] Connection: close
  181.  
  182.  
  183.  
  184.  
  185. D N S L O O K U P
  186. =======================================================================================================================================
  187.  
  188. nmsf.gov.sd. 14399 IN TXT "v=spf1 +a +mx +ip4:87.247.241.39 ~all"
  189. nmsf.gov.sd. 21599 IN NS ns2.servers.prgn.misp.co.uk.
  190. nmsf.gov.sd. 14399 IN A 87.247.241.39
  191. nmsf.gov.sd. 21599 IN NS ns1.servers.prgn.misp.co.uk.
  192. nmsf.gov.sd. 14399 IN MX 0 mail2.nmsf.gov.sd.
  193. nmsf.gov.sd. 21599 IN SOA ns1.servers.prgn.misp.co.uk. it.alhost.ae. 2019020601 3600 7200 1209600 86400
  194.  
  195.  
  196.  
  197.  
  198. S U B N E T C A L C U L A T I O N
  199. =======================================================================================================================================
  200.  
  201. Address = 87.247.241.39
  202. Network = 87.247.241.39 / 32
  203. Netmask = 255.255.255.255
  204. Broadcast = not needed on Point-to-Point links
  205. Wildcard Mask = 0.0.0.0
  206. Hosts Bits = 0
  207. Max. Hosts = 1 (2^0 - 0)
  208. Host Range = { 87.247.241.39 - 87.247.241.39 }
  209.  
  210.  
  211.  
  212. N M A P P O R T S C A N
  213. =======================================================================================================================================
  214.  
  215. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 19:51 UTC
  216. Nmap scan report for nmsf.gov.sd (87.247.241.39)
  217. Host is up (0.073s latency).
  218. rDNS record for 87.247.241.39: alhost.servers.prgn.misp.co.uk
  219.  
  220. PORT STATE SERVICE
  221. 21/tcp open ftp
  222. 22/tcp open ssh
  223. 23/tcp filtered telnet
  224. 80/tcp open http
  225. 110/tcp open pop3
  226. 143/tcp open imap
  227. 443/tcp open https
  228. 3389/tcp filtered ms-wbt-server
  229.  
  230. Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds
  231.  
  232.  
  233.  
  234. S U B - D O M A I N F I N D E R
  235. =======================================================================================================================================
  236.  
  237.  
  238. [i] Total Subdomains Found : 1
  239.  
  240. [+] Subdomain: mail2.nmsf.gov.sd
  241. [-] IP: 212.0.140.244
  242. #######################################################################################################################################
  243. [?] Enter the target: example( http://domain.com )
  244. http://www.nmsf.gov.sd/
  245. [!] IP Address : 87.247.241.39
  246. [!] www.nmsf.gov.sd doesn't seem to use a CMS
  247. [+] Honeypot Probabilty: 30%
  248. ---------------------------------------------------------------------------------------------------------------------------------------
  249. [~] Trying to gather whois information for www.nmsf.gov.sd
  250. [+] Whois information found
  251. [-] Unable to build response, visit https://who.is/whois/www.nmsf.gov.sd
  252. ---------------------------------------------------------------------------------------------------------------------------------------
  253. PORT STATE SERVICE
  254. 21/tcp open ftp
  255. 22/tcp open ssh
  256. 23/tcp filtered telnet
  257. 80/tcp open http
  258. 110/tcp open pop3
  259. 143/tcp open imap
  260. 443/tcp open https
  261. 3389/tcp filtered ms-wbt-server
  262. Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds
  263. ---------------------------------------------------------------------------------------------------------------------------------------
  264.  
  265. [+] DNS Records
  266. ns2.servers.prgn.misp.co.uk. (95.142.155.4) AS198047 UK Webhosting Ltd United Kingdom
  267. ns1.servers.prgn.misp.co.uk. (195.62.28.14) AS198047 UK Webhosting Ltd United Kingdom
  268.  
  269. [+] Host Records (A)
  270. www.nmsf.gov.sdHTTP: (alhost.servers.prgn.misp.co.uk) (87.247.241.39) United Kingdom United Kingdom
  271.  
  272. [+] TXT Records
  273.  
  274. [+] DNS Map: https://dnsdumpster.com/static/map/nmsf.gov.sd.png
  275.  
  276. [>] Initiating 3 intel modules
  277. [>] Loading Alpha module (1/3)
  278. [>] Beta module deployed (2/3)
  279. [>] Gamma module initiated (3/3)
  280.  
  281.  
  282. [+] Emails found:
  283. ---------------------------------------------------------------------------------------------------------------------------------------
  284. pixel-1556567466108081-web-@www.nmsf.gov.sd
  285. No hosts found
  286. [+] Virtual hosts:
  287. #######################################################################################################################################
  288. Enter Address Website = nmsf.gov.sd
  289.  
  290. Reversing IP With HackTarget 'nmsf.gov.sd'
  291. ---------------------------------------------------------------------------------------------------------------------------------------
  292.  
  293. [+] 5ive.x.nespocash.sd
  294. [+] a7dental.com
  295. [+] ainainternational.com
  296. [+] alabwa-sd.com
  297. [+] albagair.net
  298. [+] albayaninvestments.com
  299. [+] alhost.ae
  300. [+] alhost.servers.prgn.misp.co.uk
  301. [+] alhostis.com
  302. [+] almalaeib.com
  303. [+] almoftah.net
  304. [+] alnilhost.com
  305. [+] alrahma-sd.org
  306. [+] anghamtv.net
  307. [+] ansar-alsunna.net
  308. [+] arefais.com
  309. [+] asawer-ae.com
  310. [+] aspltra.com
  311. [+] berbercement.com
  312. [+] bioheal-sd.com
  313. [+] career.com.sd
  314. [+] comix-me.com
  315. [+] cpanel.a7dental.com
  316. [+] cpanel.ainainternational.com
  317. [+] cpanel.albagair.net
  318. [+] cpanel.albayaninvestments.com
  319. [+] cpanel.alhostis.com
  320. [+] cpanel.aspltra.com
  321. [+] cpanel.berbercement.com
  322. [+] cpanel.career.com.sd
  323. [+] cpanel.dinarsd.com
  324. [+] cpanel.elhusseingroup.com
  325. [+] cpanel.fibsudan.com
  326. [+] cpanel.ganaltrade.com
  327. [+] cpanel.globalischool.com
  328. [+] cpanel.grundsit.com
  329. [+] cpanel.intercontinentalkrt.com
  330. [+] cpanel.islaher.com
  331. [+] cpanel.jaguaree.com
  332. [+] cpanel.jalelaco.com
  333. [+] cpanel.jasmar.net
  334. [+] cpanel.kanipharma.com
  335. [+] cpanel.katiasd.com
  336. [+] cpanel.kfourigroup.com
  337. [+] cpanel.kiow.net
  338. [+] cpanel.mowafag.com
  339. [+] cpanel.name4.net
  340. [+] cpanel.nilestatequran.net
  341. [+] cpanel.niletechna.com
  342. [+] cpanel.niletechna.net
  343. [+] cpanel.psrefinery.com
  344. [+] cpanel.shakakpharma.com
  345. [+] cpanel.sheikhco.com
  346. [+] cpanel.shihabfinance.com
  347. [+] cpanel.sokarab.com
  348. [+] cpanel.umatia.org
  349. [+] cpanel.alabwa-sd.com
  350. [+] cpanel.alrahma-sd.org
  351. [+] cpanel.ansar-alsunna.net
  352. [+] cpanel.asawer-ae.com
  353. [+] cpanel.comix-me.com
  354. [+] cpanel.devicetech-sd.com
  355. [+] cpanel.firstlink-sd.com
  356. [+] cpanel.gtc-et.com
  357. [+] cpanel.kosc-center.com
  358. [+] cpanel.poly-sudan.com
  359. [+] cpanel.raminternational-fze.com
  360. [+] cpanel.redsea-sd.com
  361. [+] cpanel.tadamonbank-sd.com
  362. [+] dawa-sd.com
  363. [+] dc-02405f90e459.magicinfo.live
  364. [+] devicetech-sd.com
  365. [+] dinarsd.com
  366. [+] elhusseingroup.com
  367. [+] eltayebsalih.sd
  368. [+] firstlink-sd.com
  369. [+] galooan.org
  370. [+] ganaltrade.com
  371. [+] giadaluminum.com
  372. [+] globalischool.com
  373. [+] grundsit.com
  374. [+] gsg-co.com
  375. [+] gtc-et.com
  376. [+] hassidat.com
  377. [+] hotnet.sd
  378. [+] ikhwan.sd
  379. [+] intercontinentalkrt.com
  380. [+] islaher.com
  381. [+] jaguaree.com
  382. [+] jalelaco.com
  383. [+] jasmar.net
  384. [+] kanipharma.com
  385. [+] katiasd.com
  386. [+] kfourigroup.com
  387. [+] kiow.net
  388. [+] kosc-center.com
  389. [+] live.sd
  390. [+] lycos-sd.com
  391. [+] m.islaher.com
  392. [+] mm.tadamonbank-sd.com
  393. [+] mowafag.com
  394. [+] name4.net
  395. [+] neptapetro.com
  396. [+] nespocash.sd
  397. [+] nilestatequran.net
  398. [+] niletechna.com
  399. [+] niletechna.net
  400. [+] nmsf.gov.sd
  401. [+] pacc19sudan.com
  402. [+] parliament.gov.sd
  403. [+] poly-sudan.com
  404. [+] psrefinery.com
  405. [+] raminternational-fze.com
  406. [+] redsea-sd.com
  407. [+] reflections.sd
  408. [+] rspship.com
  409. [+] salihat.org
  410. [+] shakakpharma.com
  411. [+] sheikhco.com
  412. [+] shihabfinance.com
  413. [+] sj.gov.sd
  414. [+] sokarab.com
  415. [+] studentwelfare.sd
  416. [+] sudansport.net
  417. [+] taseti.net
  418. [+] umatia.org
  419. [+] wain-pay.com
  420. [+] webdisk.a7dental.com
  421. [+] webdisk.ainainternational.com
  422. [+] webdisk.albagair.net
  423. [+] webdisk.albayaninvestments.com
  424. [+] webdisk.alhostis.com
  425. [+] webdisk.aspltra.com
  426. [+] webdisk.berbercement.com
  427. [+] webdisk.career.com.sd
  428. [+] webdisk.dinarsd.com
  429. [+] webdisk.elhusseingroup.com
  430. [+] webdisk.fibsudan.com
  431. [+] webdisk.ganaltrade.com
  432. [+] webdisk.globalischool.com
  433. [+] webdisk.grundsit.com
  434. [+] webdisk.intercontinentalkrt.com
  435. [+] webdisk.islaher.com
  436. [+] webdisk.jaguaree.com
  437. [+] webdisk.jalelaco.com
  438. [+] webdisk.jasmar.net
  439. [+] webdisk.kanipharma.com
  440. [+] webdisk.katiasd.com
  441. [+] webdisk.kfourigroup.com
  442. [+] webdisk.kiow.net
  443. [+] webdisk.mowafag.com
  444. [+] webdisk.name4.net
  445. [+] webdisk.nilestatequran.net
  446. [+] webdisk.niletechna.com
  447. [+] webdisk.niletechna.net
  448. [+] webdisk.psrefinery.com
  449. [+] webdisk.shakakpharma.com
  450. [+] webdisk.sheikhco.com
  451. [+] webdisk.shihabfinance.com
  452. [+] webdisk.sokarab.com
  453. [+] webdisk.umatia.org
  454. [+] webdisk.alabwa-sd.com
  455. [+] webdisk.alrahma-sd.org
  456. [+] webdisk.ansar-alsunna.net
  457. [+] webdisk.asawer-ae.com
  458. [+] webdisk.comix-me.com
  459. [+] webdisk.dawa-sd.com
  460. [+] webdisk.devicetech-sd.com
  461. [+] webdisk.firstlink-sd.com
  462. [+] webdisk.gtc-et.com
  463. [+] webdisk.kosc-center.com
  464. [+] webdisk.poly-sudan.com
  465. [+] webdisk.raminternational-fze.com
  466. [+] webdisk.redsea-sd.com
  467. [+] webdisk.tadamonbank-sd.com
  468. [+] webmail.a7dental.com
  469. [+] webmail.ainainternational.com
  470. [+] webmail.albagair.net
  471. [+] webmail.albayaninvestments.com
  472. [+] webmail.alhostis.com
  473. [+] webmail.aspltra.com
  474. [+] webmail.berbercement.com
  475. [+] webmail.career.com.sd
  476. [+] webmail.dinarsd.com
  477. [+] webmail.elhusseingroup.com
  478. [+] webmail.fibsudan.com
  479. [+] webmail.ganaltrade.com
  480. [+] webmail.globalischool.com
  481. [+] webmail.grundsit.com
  482. [+] webmail.intercontinentalkrt.com
  483. [+] webmail.islaher.com
  484. [+] webmail.jaguaree.com
  485. [+] webmail.jalelaco.com
  486. [+] webmail.jasmar.net
  487. [+] webmail.kanipharma.com
  488. [+] webmail.katiasd.com
  489. [+] webmail.kfourigroup.com
  490. [+] webmail.kiow.net
  491. [+] webmail.mowafag.com
  492. [+] webmail.name4.net
  493. [+] webmail.nilestatequran.net
  494. [+] webmail.niletechna.com
  495. [+] webmail.niletechna.net
  496. [+] webmail.psrefinery.com
  497. [+] webmail.shakakpharma.com
  498. [+] webmail.sheikhco.com
  499. [+] webmail.shihabfinance.com
  500. [+] webmail.sj.gov.sd
  501. [+] webmail.sokarab.com
  502. [+] webmail.umatia.org
  503. [+] webmail.alabwa-sd.com
  504. [+] webmail.alrahma-sd.org
  505. [+] webmail.ansar-alsunna.net
  506. [+] webmail.asawer-ae.com
  507. [+] webmail.comix-me.com
  508. [+] webmail.dawa-sd.com
  509. [+] webmail.devicetech-sd.com
  510. [+] webmail.firstlink-sd.com
  511. [+] webmail.gtc-et.com
  512. [+] webmail.kosc-center.com
  513. [+] webmail.poly-sudan.com
  514. [+] webmail.raminternational-fze.com
  515. [+] webmail.redsea-sd.com
  516. [+] webmail.tadamonbank-sd.com
  517. [+] whm.fibsudan.com
  518. [+] wwm-sudan.com
  519. [+] www.m.islaher.com
  520. [+] zain.eltayebsalih.sd
  521. #######################################################################################################################################
  522.  
  523. Reverse IP With YouGetSignal 'nmsf.gov.sd'
  524. ---------------------------------------------------------------------------------------------------------------------------------------
  525.  
  526. [*] IP: 87.247.241.39
  527. [*] Domain: nmsf.gov.sd
  528. [*] Total Domains: 18
  529.  
  530. [+] alhost.servers.prgn.misp.co.uk
  531. [+] autohouse.sd
  532. [+] bluejet.sd
  533. [+] bpi.sd
  534. [+] eltayebsalih.sd
  535. [+] ikhwan.sd
  536. [+] inmaa.sd
  537. [+] islaher.com
  538. [+] katiasd.com
  539. [+] kosc-center.com
  540. [+] nmsf.gov.sd
  541. [+] parliament.gov.sd
  542. [+] rspship.com
  543. [+] salihat.org
  544. [+] sj.gov.sd
  545. [+] www.bpi.sd
  546. [+] www.zain.eltayebsalih.sd
  547. [+] zain.eltayebsalih.sd
  548. #######################################################################################################################################
  549.  
  550. Geo IP Lookup 'nmsf.gov.sd'
  551. ---------------------------------------------------------------------------------------------------------------------------------------
  552.  
  553. [+] IP Address: 87.247.241.39
  554. [+] Country: United Kingdom
  555. [+] State:
  556. [+] City:
  557. [+] Latitude: 51.4964
  558. [+] Longitude: -0.1224
  559. #######################################################################################################################################
  560.  
  561. Bypass Cloudflare 'nmsf.gov.sd'
  562. ---------------------------------------------------------------------------------------------------------------------------------------
  563.  
  564. [!] CloudFlare Bypass 87.247.241.39 | ftp.nmsf.gov.sd
  565. [!] CloudFlare Bypass 87.247.241.39 | cpanel.nmsf.gov.sd
  566. [!] CloudFlare Bypass 87.247.241.39 | webmail.nmsf.gov.sd
  567. [!] CloudFlare Bypass 87.247.241.39 | mail.nmsf.gov.sd
  568. [!] CloudFlare Bypass 87.247.241.39 | www.nmsf.gov.sd
  569. [!] CloudFlare Bypass 212.0.140.244 | mail2.nmsf.gov.sd
  570. #######################################################################################################################################
  571.  
  572. DNS Lookup 'nmsf.gov.sd'
  573. ---------------------------------------------------------------------------------------------------------------------------------------
  574.  
  575. [+] nmsf.gov.sd. 21599 IN NS ns2.servers.prgn.misp.co.uk.
  576. [+] nmsf.gov.sd. 14399 IN TXT "v=spf1 +a +mx +ip4:87.247.241.39 ~all"
  577. [+] nmsf.gov.sd. 14399 IN A 87.247.241.39
  578. [+] nmsf.gov.sd. 14399 IN MX 0 mail2.nmsf.gov.sd.
  579. [+] nmsf.gov.sd. 21599 IN SOA ns1.servers.prgn.misp.co.uk. it.alhost.ae. 2019020601 3600 7200 1209600 86400
  580. [+] nmsf.gov.sd. 21599 IN NS ns1.servers.prgn.misp.co.uk.
  581. #######################################################################################################################################
  582.  
  583. Show HTTP Header 'nmsf.gov.sd'
  584. ---------------------------------------------------------------------------------------------------------------------------------------
  585.  
  586. [+] HTTP/1.1 200 OK
  587. [+] Date: Mon, 29 Apr 2019 19:50:35 GMT
  588. [+] Server: Apache
  589. [+] Cache-Control: no-cache
  590. [+] Set-Cookie: laravel_session=eyJpdiI6IkJQTnVtN1RYSmV1V3c2SVZjc3BuYXc9PSIsInZhbHVlIjoiTGU3RVVKa3U0cHlpRjk3THNkWHBQRXhzSVRnZ3VMTlwvd3BpcTdyRGduRTU1VGE1YUdLQXE0OTBNQXBtcGdCWUh3RzRBZmF3U3hjU25aODlHeE9wR0FBPT0iLCJtYWMiOiIxYWNhNTc2NTMwMGNhY2E4NGU4ZmYwOTA0YTFhNDQ4NTRkM2MyNzUyOTdmMDhkMTdjMzg0MjY1MjEwMTBiOTZhIn03D; expires=Mon, 29-Apr-2019 21:50:35 GMT; Max-Age=7200; path=/; HttpOnly
  591. [+] Content-Type: text/html; charset=UTF-8
  592. ######################################################################################################################################
  593.  
  594. Port Scan 'nmsf.gov.sd'
  595. ---------------------------------------------------------------------------------------------------------------------------------------
  596.  
  597. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 19:50 UTC
  598. Nmap scan report for nmsf.gov.sd (87.247.241.39)
  599. Host is up (0.075s latency).
  600. rDNS record for 87.247.241.39: alhost.servers.prgn.misp.co.uk
  601.  
  602. PORT STATE SERVICE
  603. 21/tcp open ftp
  604. 22/tcp open ssh
  605. 23/tcp filtered telnet
  606. 80/tcp open http
  607. 110/tcp open pop3
  608. 143/tcp open imap
  609. 443/tcp open https
  610. 3389/tcp filtered ms-wbt-server
  611.  
  612. Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds
  613. #######################################################################################################################################
  614.  
  615. Robot.txt 'nmsf.gov.sd'
  616. ---------------------------------------------------------------------------------------------------------------------------------------
  617.  
  618. User-agent: *
  619. Disallow:
  620. #######################################################################################################################################
  621.  
  622. Traceroute 'nmsf.gov.sd'
  623. ---------------------------------------------------------------------------------------------------------------------------------------
  624.  
  625. Start: 2019-04-29T19:50:44+0000
  626. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  627. 1.|-- 45.79.12.202 0.0% 3 0.8 1.5 0.8 2.9 1.2
  628. 2.|-- 45.79.12.6 0.0% 3 1.6 1.1 0.6 1.6 0.5
  629. 3.|-- dls-b22-link.telia.net 0.0% 3 4.8 3.7 1.5 4.8 1.9
  630. 4.|-- atl-b22-link.telia.net 0.0% 3 20.5 19.7 19.3 20.5 0.7
  631. 5.|-- ash-bb3-link.telia.net 33.3% 3 112.9 111.8 110.7 112.9 1.6
  632. 6.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  633. 7.|-- ldn-bb4-link.telia.net 33.3% 3 105.8 105.8 105.8 105.8 0.0
  634. 8.|-- ldn-b5-link.telia.net 0.0% 3 106.3 106.2 106.0 106.4 0.2
  635. 9.|-- ae0.cr-sargas.lon1.core.heg.com 0.0% 3 110.0 110.1 110.0 110.2 0.1
  636. 10.|-- 87.230.114.206 0.0% 3 111.3 111.2 111.1 111.4 0.1
  637. 11.|-- 185.24.99.67 0.0% 3 133.2 132.9 130.8 134.8 2.0
  638. 12.|-- alhost.servers.prgn.misp.co.uk 0.0% 3 107.0 106.9 106.6 107.3 0.3
  639. #######################################################################################################################################
  640.  
  641. Ping 'nmsf.gov.sd'
  642. ---------------------------------------------------------------------------------------------------------------------------------------
  643.  
  644.  
  645. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-04-29 19:51 UTC
  646. SENT (0.4218s) ICMP [104.237.144.6 > 87.247.241.39 Echo request (type=8/code=0) id=23164 seq=1] IP [ttl=64 id=36445 iplen=28 ]
  647. RCVD (0.6230s) ICMP [87.247.241.39 > 104.237.144.6 Echo reply (type=0/code=0) id=23164 seq=1] IP [ttl=55 id=28314 iplen=28 ]
  648. SENT (1.4225s) ICMP [104.237.144.6 > 87.247.241.39 Echo request (type=8/code=0) id=23164 seq=3] IP [ttl=64 id=36445 iplen=28 ]
  649. RCVD (1.6437s) ICMP [87.247.241.39 > 104.237.144.6 Echo reply (type=0/code=0) id=23164 seq=3] IP [ttl=55 id=28840 iplen=28 ]
  650. SENT (2.4238s) ICMP [104.237.144.6 > 87.247.241.39 Echo request (type=8/code=0) id=23164 seq=3] IP [ttl=64 id=36445 iplen=28 ]
  651. RCVD (2.6632s) ICMP [87.247.241.39 > 104.237.144.6 Echo reply (type=0/code=0) id=23164 seq=3] IP [ttl=55 id=29310 iplen=28 ]
  652. SENT (3.4261s) ICMP [104.237.144.6 > 87.247.241.39 Echo request (type=8/code=0) id=23164 seq=4] IP [ttl=64 id=36445 iplen=28 ]
  653. RCVD (3.6832s) ICMP [87.247.241.39 > 104.237.144.6 Echo reply (type=0/code=0) id=23164 seq=4] IP [ttl=55 id=29587 iplen=28 ]
  654.  
  655. Max rtt: 257.031ms | Min rtt: 201.211ms | Avg rtt: 229.653ms
  656. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
  657. Nping done: 1 IP address pinged in 3.68 seconds
  658. #######################################################################################################################################
  659. =======================================================================================================================================
  660. | E-mails:
  661. | [+] E-mail Found: shihab.ali@nmsf.gov.sd
  662. | [+] E-mail Found: medical.equ@nmsf.gov.sd
  663. | [+] E-mail Found: waleed.albager@nmsf.gov.sd
  664. | [+] E-mail Found: nawal.eltahir@nmsf.gov.sd
  665. | [+] E-mail Found: abd.algali@nmsf.gov.sd
  666. | [+] E-mail Found: tenderqueries.cardio@nmsf.gov.sd
  667. | [+] E-mail Found: 20tender@nmsf.gov.sd
  668. | [+] E-mail Found: ohamed@nmsf.gov.sd
  669. | [+] E-mail Found: mailman@www.nmsf.gov.sd
  670. | [+] E-mail Found: osman.awad@nmsf.gov.sd
  671. | [+] E-mail Found: sudanpharm.cpd@nmsf.gov.sd
  672. | [+] E-mail Found: abdoulla.aref@gmail.com
  673. | [+] E-mail Found: font@zakdesign.net
  674. | [+] E-mail Found: nawal.elhadi@nmsf.gov.sd
  675. | [+] E-mail Found: quality@nmsf.gov.sd
  676. | [+] E-mail Found: cust-info@nmsf.gov.sd
  677. | [+] E-mail Found: tender@nmsf.gov.sd
  678. | [+] E-mail Found: tenderqueries@nmsf.gov.sd
  679. | [+] E-mail Found: elrashidm@nmsf.gov,sd
  680. | [+] E-mail Found: bashir.jabbar@nmsf.gov.sd
  681. | [+] E-mail Found: tenderqueries.eqp@nmsf.gov.sd
  682. | [+] E-mail Found: tenderqueries@cms.gov.sd
  683. | [+] E-mail Found: info@nmsf.gov.sd
  684. | [+] E-mail Found: ikhlas.abdelrahman@nmsf.gov.sd
  685. | [+] E-mail Found: national_tender@nmsf.gov.sd
  686. | [+] E-mail Found: sheikh.elddin@nmsf.gov.sd
  687. | [+] E-mail Found: ammar.osman@nmsf.gov.sd
  688. | [+] E-mail Found: queries@nmsf.gov.sd
  689. | [+] E-mail Found: hiba.elhadi@nmsf.gov.sd
  690. | [+] E-mail Found: medical.equ@cms.gov.sd
  691. =======================================================================================================================================
  692. | External hosts:
  693. | [+] External Host Found: http://www.google.ca?iframe=true&width=1000&height=500
  694. | [+] External Host Found: http://nmsf.gov.sd
  695. | [+] External Host Found: http://www.gnu.org
  696. | [+] External Host Found: http://www.sjrum.sd
  697. | [+] External Host Found: http://www.no-margin-for-errors.com
  698. | [+] External Host Found: http://maps.google.com
  699. | [+] External Host Found: http://www.who.int
  700. | [+] External Host Found: http://www.smcreg.gov.sd
  701. | [+] External Host Found: http://www.fmoh.gov.sd
  702. | [+] External Host Found: http://www.khpharmacy.gov.sd
  703. | [+] External Host Found: https://maps.google.com
  704. | [+] External Host Found: http://www.nmpb.gov.sd
  705. =======================================================================================================================================
  706. #######################################################################################################################################
  707. ; <<>> DiG 9.11.5-P4-3-Debian <<>> nmsf.gov.sd
  708. ;; global options: +cmd
  709. ;; Got answer:
  710. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37526
  711. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  712.  
  713. ;; OPT PSEUDOSECTION:
  714. ; EDNS: version: 0, flags:; udp: 4096
  715. ;; QUESTION SECTION:
  716. ;nmsf.gov.sd. IN A
  717.  
  718. ;; ANSWER SECTION:
  719. nmsf.gov.sd. 14400 IN A 87.247.241.39
  720.  
  721. ;; Query time: 323 msec
  722. ;; SERVER: 185.93.180.131#53(185.93.180.131)
  723. ;; WHEN: lun avr 29 18:22:40 EDT 2019
  724. ;; MSG SIZE rcvd: 56
  725. #######################################################################################################################################
  726. ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace nmsf.gov.sd
  727. ;; global options: +cmd
  728. . 83787 IN NS d.root-servers.net.
  729. . 83787 IN NS g.root-servers.net.
  730. . 83787 IN NS k.root-servers.net.
  731. . 83787 IN NS j.root-servers.net.
  732. . 83787 IN NS l.root-servers.net.
  733. . 83787 IN NS h.root-servers.net.
  734. . 83787 IN NS m.root-servers.net.
  735. . 83787 IN NS a.root-servers.net.
  736. . 83787 IN NS c.root-servers.net.
  737. . 83787 IN NS b.root-servers.net.
  738. . 83787 IN NS f.root-servers.net.
  739. . 83787 IN NS e.root-servers.net.
  740. . 83787 IN NS i.root-servers.net.
  741. . 83787 IN RRSIG NS 8 0 518400 20190512170000 20190429160000 25266 . y0YDAK25lovphaX52TQexBmA67CnqvhTlSS8QOV3Rb8BNBaub+jlyD3K rVdfuG+vM3acpcGq8db1jZ5L3FcYGZWyNX3wngka/JiosHkPTdygq9+P YzQYpAlqMtcMUDt3IQnxraSStO+3DtkbW2zw79lsrsEwsjHIop8vWF29 Qgls3IbhcOqauEjP3MU+Mcrmmw9KMjIekdQf1geg71noATpmLkYyeVKr zL+TDL0HVElFetoGQUlEz5zyibzdPtpHeiZchEsxp0rZEoZiyyW9NgAx cdijqLB/+ccP7w/SgTzPXiGdkQicTckFOpmkDorO+TQadSAqQ+5wYNBa VMfRVg==
  742. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 222 ms
  743.  
  744. sd. 172800 IN NS ans1.sis.sd.
  745. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  746. sd. 172800 IN NS ns1.uaenic.ae.
  747. sd. 172800 IN NS ans2.canar.sd.
  748. sd. 172800 IN NS ns-sd.afrinic.net.
  749. sd. 172800 IN NS ns2.uaenic.ae.
  750. sd. 172800 IN NS ans1.canar.sd.
  751. sd. 86400 IN NSEC se. NS RRSIG NSEC
  752. sd. 86400 IN RRSIG NSEC 8 1 86400 20190512170000 20190429160000 25266 . de8bUIfgGggYP5tEhwkEWuiE7GurL+Seuhejtz37CzW1+f4xf8DET2xy LBpW6TsLS3cmPUFsTQOL5PvLGEZFuYjiRQkkz0xI2Yzh43roorjNsBLj GrEDM4uCJbb5Br3ADATASDJWb/hzdUdbpBS3rDbrMA7FZPcNedsXanvu 0ks5T/7fYaUu6WUt3HL5LxkUTALUCvAI/FtDt5qADlkFoTwMRfZh98S1 WYweewjxJ4Vcj5BRVlFgg8FrZ5zuIHz/Rc5qOGelB+HTnBKy7bGnHZIK F5BFzNhQU3KMpZcY8Fz67AaTBD5PKuQE83RYliejwqrsgiMbut3aBh+u TozfJg==
  753. ;; Received 698 bytes from 2001:dc3::35#53(m.root-servers.net) in 88 ms
  754.  
  755. nmsf.gov.sd. 14400 IN NS ns1.vidahost.com.
  756. nmsf.gov.sd. 14400 IN NS ns2.vidahost.com.
  757. ;; Received 88 bytes from 196.29.180.14#53(ans1.canar.sd) in 338 ms
  758.  
  759. nmsf.gov.sd. 14400 IN A 87.247.241.39
  760. ;; Received 56 bytes from 91.198.165.131#53(ns1.vidahost.com) in 240 ms
  761. #######################################################################################################################################
  762. [*] Processing domain nmsf.gov.sd
  763. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  764. [+] Getting nameservers
  765. 91.146.110.188 - ns2.vidahost.com
  766. 91.198.165.131 - ns1.vidahost.com
  767. [-] Zone transfer failed
  768.  
  769. [+] TXT records found
  770. "v=spf1 +a +mx +ip4:87.247.241.39 ~all"
  771.  
  772. [+] MX records found, added to target list
  773. 0 mail2.nmsf.gov.sd.
  774.  
  775. [*] Scanning nmsf.gov.sd for A records
  776. 87.247.241.39 - nmsf.gov.sd
  777. 87.247.241.39 - cpanel.nmsf.gov.sd
  778. 87.247.241.39 - ftp.nmsf.gov.sd
  779. 87.247.241.39 - mail.nmsf.gov.sd
  780. 212.0.140.244 - mail2.nmsf.gov.sd
  781. 87.247.241.39 - webdisk.nmsf.gov.sd
  782. 87.247.241.39 - webmail.nmsf.gov.sd
  783. 87.247.241.39 - whm.nmsf.gov.sd
  784. 87.247.241.39 - www.nmsf.gov.sd
  785. #######################################################################################################################################
  786. Ip Address Status Type Domain Name Server
  787. ---------- ------ ---- ----------- ------
  788. 87.247.241.39 host ftp.nmsf.gov.sd
  789. 87.247.241.39 alias mail.nmsf.gov.sd
  790. 87.247.241.39 host nmsf.gov.sd
  791. 212.0.140.244 host mail2.nmsf.gov.sd
  792. 87.247.241.39 host webmail.nmsf.gov.sd
  793. 87.247.241.39 alias www.nmsf.gov.sd
  794. 87.247.241.39 host nmsf.gov.sd
  795. #######################################################################################################################################
  796. [+] Testing domain
  797. www.nmsf.gov.sd 87.247.241.39
  798. [+] Dns resolving
  799. Domain name Ip address Name server
  800. nmsf.gov.sd 87.247.241.39 alhost.servers.prgn.misp.co.uk
  801. Found 1 host(s) for nmsf.gov.sd
  802. [+] Testing wildcard
  803. Ok, no wildcard found.
  804.  
  805. [+] Scanning for subdomain on nmsf.gov.sd
  806. [!] Wordlist not specified. I scannig with my internal wordlist...
  807. Estimated time about 260.02 seconds
  808.  
  809. Subdomain Ip address Name server
  810.  
  811. ftp.nmsf.gov.sd 87.247.241.39 alhost.servers.prgn.misp.co.uk
  812. mail.nmsf.gov.sd 87.247.241.39 alhost.servers.prgn.misp.co.uk
  813. webmail.nmsf.gov.sd 87.247.241.39 alhost.servers.prgn.misp.co.uk
  814. www.nmsf.gov.sd 87.247.241.39 alhost.servers.prgn.misp.co.uk
  815. #######################################################################################################################################
  816. % This is the RIPE Database query service.
  817. % The objects are in RPSL format.
  818. %
  819. % The RIPE Database is subject to Terms and Conditions.
  820. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
  821.  
  822. % Note: this output has been filtered.
  823. % To receive output for a database update, use the "-B" flag.
  824.  
  825. % Information related to '87.247.240.0 - 87.247.247.255'
  826.  
  827. % Abuse contact for '87.247.240.0 - 87.247.247.255' is 'abuse@paragon.net.uk'
  828.  
  829. inetnum: 87.247.240.0 - 87.247.247.255
  830. netname: UK-PARAGON-20060203
  831. country: GB
  832. org: ORG-PIGL2-RIPE
  833. admin-c: PAR487-RIPE
  834. tech-c: PAR487-RIPE
  835. status: ALLOCATED PA
  836. mnt-by: RIPE-NCC-HM-MNT
  837. mnt-by: PARAGON-MNT
  838. mnt-lower: PARAGON-MNT
  839. mnt-routes: PARAGON-MNT
  840. created: 2006-02-03T12:53:28Z
  841. last-modified: 2017-07-06T09:37:09Z
  842. source: RIPE
  843.  
  844. organisation: ORG-PIGL2-RIPE
  845. org-name: Paragon Internet Group Limited
  846. org-type: LIR
  847. address: 113 - 114 Buckingham Avenue
  848. address: SL1 4PF
  849. address: Slough
  850. address: UNITED KINGDOM
  851. phone: +441628200161
  852. mnt-ref: RIPE-NCC-HM-MNT
  853. mnt-ref: PARAGON-MNT
  854. mnt-by: RIPE-NCC-HM-MNT
  855. mnt-by: PARAGON-MNT
  856. admin-c: PAR487-RIPE
  857. abuse-c: PA7585-RIPE
  858. created: 2014-03-26T09:42:08Z
  859. last-modified: 2018-06-13T10:27:57Z
  860. source: RIPE # Filtered
  861.  
  862. person: Paragon NOC
  863. address: 113-114 Buckingham Avenue
  864. address: Slough
  865. address: SL1 4PF
  866. phone: +44(0)1628 200 161
  867. nic-hdl: PAR487-RIPE
  868. mnt-by: PARAGON-MNT
  869. created: 2017-07-06T09:33:58Z
  870. last-modified: 2017-07-06T09:33:58Z
  871. source: RIPE
  872.  
  873. % Information related to '87.247.240.0/21AS198047'
  874.  
  875. route: 87.247.240.0/21
  876. origin: AS198047
  877. mnt-by: PARAGON-MNT
  878. created: 2017-07-05T11:24:46Z
  879. last-modified: 2017-07-05T11:24:46Z
  880. source: RIPE
  881. #######################################################################################################################################
  882.  
  883. Running Source: Ask
  884. Running Source: Archive.is
  885. Running Source: Baidu
  886. Running Source: Bing
  887. Running Source: CertDB
  888. Running Source: CertificateTransparency
  889. Running Source: Certspotter
  890. Running Source: Commoncrawl
  891. Running Source: Crt.sh
  892. Running Source: Dnsdb
  893. Running Source: DNSDumpster
  894. Running Source: DNSTable
  895. Running Source: Dogpile
  896. Running Source: Exalead
  897. Running Source: Findsubdomains
  898. Running Source: Googleter
  899. Running Source: Hackertarget
  900. Running Source: Ipv4Info
  901. Running Source: PTRArchive
  902. Running Source: Sitedossier
  903. Running Source: Threatcrowd
  904. Running Source: ThreatMiner
  905. Running Source: WaybackArchive
  906. Running Source: Yahoo
  907.  
  908. Running enumeration on 87.247.241.39
  909.  
  910. dnsdb: Unexpected return status 503
  911.  
  912. certspotter: json: cannot unmarshal object into Go value of type []certspotter.certspotterObject
  913.  
  914. ipv4info: <nil>
  915.  
  916. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.87.247.241.39/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
  917.  
  918. dogpile: Get https://www.dogpile.com/search/web?q=87.247.241.39&qsi=1: EOF
  919.  
  920.  
  921. Starting Bruteforcing of 87.247.241.39 with 9985 words
  922.  
  923. Total 1 Unique subdomains found for 87.247.241.39
  924.  
  925. .87.247.241.39
  926. #######################################################################################################################################
  927. [+] 87.247.241.39 has no SPF record!
  928. [*] No DMARC record found. Looking for organizational record
  929. [+] No organizational DMARC record
  930. [+] Spoofing possible for 87.247.241.39!
  931. #######################################################################################################################################
  932. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 17:27 EDT
  933. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  934. Host is up (0.22s latency).
  935. Not shown: 462 filtered ports, 3 closed ports
  936. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  937. PORT STATE SERVICE
  938. 21/tcp open ftp
  939. 22/tcp open ssh
  940. 53/tcp open domain
  941. 80/tcp open http
  942. 110/tcp open pop3
  943. 143/tcp open imap
  944. 443/tcp open https
  945. 465/tcp open smtps
  946. 587/tcp open submission
  947. 993/tcp open imaps
  948. 995/tcp open pop3s
  949. #######################################################################################################################################
  950. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 17:27 EDT
  951. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  952. Host is up (0.18s latency).
  953. Not shown: 2 filtered ports
  954. PORT STATE SERVICE
  955. 53/udp open domain
  956. 67/udp open|filtered dhcps
  957. 68/udp open|filtered dhcpc
  958. 69/udp open|filtered tftp
  959. 88/udp open|filtered kerberos-sec
  960. 123/udp open|filtered ntp
  961. 139/udp open|filtered netbios-ssn
  962. 161/udp open|filtered snmp
  963. 162/udp open|filtered snmptrap
  964. 389/udp open|filtered ldap
  965. 520/udp open|filtered route
  966. 2049/udp open|filtered nfs
  967. #######################################################################################################################################
  968. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 17:28 EDT
  969. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  970. Host is up (0.23s latency).
  971.  
  972. PORT STATE SERVICE VERSION
  973. 21/tcp open ftp Pure-FTPd
  974. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  975. Device type: general purpose
  976. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
  977. OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
  978. Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.18 (85%), Linux 3.2 - 4.9 (85%)
  979. No exact OS matches for host (test conditions non-ideal).
  980. Network Distance: 10 hops
  981.  
  982. TRACEROUTE (using port 21/tcp)
  983. HOP RTT ADDRESS
  984. 1 170.06 ms 10.244.200.1
  985. 2 171.45 ms 213.184.122.97
  986. 3 170.09 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  987. 4 170.48 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
  988. 5 170.72 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
  989. 6 234.76 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
  990. 7 ...
  991. 8 237.92 ms 87.230.114.206
  992. 9 232.33 ms 87.230.114.206
  993. 10 233.60 ms alhost.servers.prgn.misp.co.uk (87.247.241.39)
  994. #######################################################################################################################################
  995. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 17:39 EDT
  996. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  997. Host is up.
  998.  
  999. PORT STATE SERVICE VERSION
  1000. 22/tcp filtered ssh
  1001. Too many fingerprints match this host to give specific OS details
  1002.  
  1003. TRACEROUTE (using proto 1/icmp)
  1004. HOP RTT ADDRESS
  1005. 1 174.18 ms 10.244.200.1
  1006. 2 170.18 ms 213.184.122.97
  1007. 3 169.25 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  1008. 4 169.65 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
  1009. 5 230.47 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
  1010. 6 227.74 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
  1011. 7 227.71 ms bzq-219-189-57.cablep.bezeqint.net (62.219.189.57)
  1012. 8 230.29 ms bzq-179-72-242.cust.bezeqint.net (212.179.72.242)
  1013. 9 ...
  1014. 10 232.38 ms 87.230.114.206
  1015. 11 260.31 ms 185.24.99.67
  1016. 12 ... 30
  1017. #######################################################################################################################################
  1018. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
  1019. RHOSTS => 87.247.241.39
  1020. RHOST => 87.247.241.39
  1021. [*] 87.247.241.39:22 - SSH - Using malformed packet technique
  1022. [*] 87.247.241.39:22 - SSH - Starting scan
  1023. [-] 87.247.241.39:22 - SSH - User 'admin' on could not connect
  1024. [-] 87.247.241.39:22 - SSH - User 'administrator' on could not connect
  1025. [-] 87.247.241.39:22 - SSH - User 'anonymous' on could not connect
  1026. [-] 87.247.241.39:22 - SSH - User 'backup' on could not connect
  1027. [-] 87.247.241.39:22 - SSH - User 'bee' on could not connect
  1028. [-] 87.247.241.39:22 - SSH - User 'ftp' on could not connect
  1029. [-] 87.247.241.39:22 - SSH - User 'guest' on could not connect
  1030. [-] 87.247.241.39:22 - SSH - User 'GUEST' on could not connect
  1031. [-] 87.247.241.39:22 - SSH - User 'info' on could not connect
  1032. [-] 87.247.241.39:22 - SSH - User 'mail' on could not connect
  1033. [-] 87.247.241.39:22 - SSH - User 'mailadmin' on could not connect
  1034. [-] 87.247.241.39:22 - SSH - User 'msfadmin' on could not connect
  1035. [-] 87.247.241.39:22 - SSH - User 'mysql' on could not connect
  1036. [-] 87.247.241.39:22 - SSH - User 'nobody' on could not connect
  1037. [-] 87.247.241.39:22 - SSH - User 'oracle' on could not connect
  1038. [-] 87.247.241.39:22 - SSH - User 'owaspbwa' on could not connect
  1039. [-] 87.247.241.39:22 - SSH - User 'postfix' on could not connect
  1040. [-] 87.247.241.39:22 - SSH - User 'postgres' on could not connect
  1041. [-] 87.247.241.39:22 - SSH - User 'private' on could not connect
  1042. [-] 87.247.241.39:22 - SSH - User 'proftpd' on could not connect
  1043. [-] 87.247.241.39:22 - SSH - User 'public' on could not connect
  1044. [-] 87.247.241.39:22 - SSH - User 'root' on could not connect
  1045. [-] 87.247.241.39:22 - SSH - User 'superadmin' on could not connect
  1046. [-] 87.247.241.39:22 - SSH - User 'support' on could not connect
  1047. [-] 87.247.241.39:22 - SSH - User 'sys' on could not connect
  1048. [-] 87.247.241.39:22 - SSH - User 'system' on could not connect
  1049. [-] 87.247.241.39:22 - SSH - User 'systemadmin' on could not connect
  1050. [-] 87.247.241.39:22 - SSH - User 'systemadministrator' on could not connect
  1051. [-] 87.247.241.39:22 - SSH - User 'test' on could not connect
  1052. [-] 87.247.241.39:22 - SSH - User 'tomcat' on could not connect
  1053. [-] 87.247.241.39:22 - SSH - User 'user' on could not connect
  1054. [-] 87.247.241.39:22 - SSH - User 'webmaster' on could not connect
  1055. [-] 87.247.241.39:22 - SSH - User 'www-data' on could not connect
  1056. [-] 87.247.241.39:22 - SSH - User 'Fortimanager_Access' on could not connect
  1057. [*] Scanned 1 of 1 hosts (100% complete)
  1058. [*] Auxiliary module execution completed
  1059. #######################################################################################################################################
  1060. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 17:59 EDT
  1061. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1062. Host is up.
  1063.  
  1064. PORT STATE SERVICE VERSION
  1065. 53/tcp filtered domain
  1066. Too many fingerprints match this host to give specific OS details
  1067.  
  1068. Host script results:
  1069. | dns-brute:
  1070. | DNS Brute-force hostnames:
  1071. | dmz.servers.prgn.misp.co.uk - 185.52.24.121
  1072. | cms.servers.prgn.misp.co.uk - 185.52.27.219
  1073. | ns1.servers.prgn.misp.co.uk - 195.62.28.14
  1074. | cvs.servers.prgn.misp.co.uk - 91.222.9.120
  1075. | ns2.servers.prgn.misp.co.uk - 95.142.155.4
  1076. | pbx.servers.prgn.misp.co.uk - 185.24.99.53
  1077. |_ ssl.servers.prgn.misp.co.uk - 185.119.174.5
  1078.  
  1079. TRACEROUTE (using proto 1/icmp)
  1080. HOP RTT ADDRESS
  1081. 1 174.25 ms 10.244.200.1
  1082. 2 177.80 ms 213.184.122.97
  1083. 3 175.98 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  1084. 4 178.97 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
  1085. 5 228.65 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
  1086. 6 227.15 ms bzq-219-189-2.cablep.bezeqint.net (62.219.189.2)
  1087. 7 227.20 ms bzq-219-189-57.dsl.bezeqint.net (62.219.189.57)
  1088. 8 228.64 ms bzq-179-72-242.cust.bezeqint.net (212.179.72.242)
  1089. 9 ...
  1090. 10 230.84 ms 87.230.114.206
  1091. 11 250.30 ms 185.24.99.67
  1092. 12 ... 30
  1093. #######################################################################################################################################
  1094. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:31 EDT
  1095. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1096. Host is up (0.022s latency).
  1097. Not shown: 2 filtered ports
  1098. PORT STATE SERVICE
  1099. 53/udp open|filtered domain
  1100. 67/udp open|filtered dhcps
  1101. 68/udp open|filtered dhcpc
  1102. 69/udp open|filtered tftp
  1103. 88/udp open|filtered kerberos-sec
  1104. 123/udp open|filtered ntp
  1105. 139/udp open|filtered netbios-ssn
  1106. 161/udp open|filtered snmp
  1107. 162/udp open|filtered snmptrap
  1108. 389/udp open|filtered ldap
  1109. 520/udp open|filtered route
  1110. 2049/udp open|filtered nfs
  1111. #######################################################################################################################################
  1112. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:31 EDT
  1113. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1114. Host is up.
  1115.  
  1116. PORT STATE SERVICE VERSION
  1117. 67/udp open|filtered dhcps
  1118. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  1119. Too many fingerprints match this host to give specific OS details
  1120.  
  1121. TRACEROUTE (using proto 1/icmp)
  1122. HOP RTT ADDRESS
  1123. 1 26.37 ms 10.245.200.1
  1124. 2 34.76 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1125. 3 36.77 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1126. 4 28.34 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1127. 5 28.30 ms motl-b1-link.telia.net (62.115.162.41)
  1128. 6 108.23 ms nyk-bb4-link.telia.net (62.115.134.52)
  1129. 7 109.66 ms ldn-bb3-link.telia.net (62.115.113.21)
  1130. 8 109.72 ms ldn-b5-link.telia.net (213.155.132.195)
  1131. 9 109.06 ms ae0.cr-sargas.lon1.core.heg.com (213.248.96.78)
  1132. 10 109.82 ms 87.230.114.206
  1133. 11 129.67 ms 185.24.99.67
  1134. 12 ... 30
  1135. #######################################################################################################################################
  1136. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:33 EDT
  1137. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1138. Host is up.
  1139.  
  1140. PORT STATE SERVICE VERSION
  1141. 68/udp open|filtered dhcpc
  1142. Too many fingerprints match this host to give specific OS details
  1143.  
  1144. TRACEROUTE (using proto 1/icmp)
  1145. HOP RTT ADDRESS
  1146. 1 26.42 ms 10.245.200.1
  1147. 2 26.88 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1148. 3 41.19 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1149. 4 26.86 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1150. 5 26.50 ms motl-b1-link.telia.net (62.115.162.41)
  1151. 6 102.11 ms nyk-bb4-link.telia.net (62.115.134.52)
  1152. 7 102.73 ms ldn-bb3-link.telia.net (62.115.113.21)
  1153. 8 102.76 ms ldn-b5-link.telia.net (213.155.132.195)
  1154. 9 102.72 ms ae0.cr-sargas.lon1.core.heg.com (213.248.96.78)
  1155. 10 103.59 ms 87.230.114.206
  1156. 11 120.27 ms 185.24.99.67
  1157. 12 ... 30
  1158. #######################################################################################################################################
  1159. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:34 EDT
  1160. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1161. Host is up.
  1162.  
  1163. PORT STATE SERVICE VERSION
  1164. 69/udp open|filtered tftp
  1165. Too many fingerprints match this host to give specific OS details
  1166.  
  1167. TRACEROUTE (using proto 1/icmp)
  1168. HOP RTT ADDRESS
  1169. 1 26.21 ms 10.245.200.1
  1170. 2 29.96 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1171. 3 38.90 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1172. 4 27.70 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1173. 5 29.74 ms motl-b1-link.telia.net (62.115.162.41)
  1174. 6 106.17 ms nyk-bb4-link.telia.net (62.115.134.52)
  1175. 7 106.94 ms ldn-bb3-link.telia.net (62.115.113.21)
  1176. 8 106.98 ms ldn-b5-link.telia.net (213.155.132.195)
  1177. 9 106.52 ms ae0.cr-sargas.lon1.core.heg.com (213.248.96.78)
  1178. 10 107.60 ms 87.230.114.206
  1179. 11 125.40 ms 185.24.99.67
  1180. 12 ... 30
  1181. #######################################################################################################################################
  1182. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:37 EDT
  1183. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1184. Host is up.
  1185.  
  1186. PORT STATE SERVICE VERSION
  1187. 123/udp open|filtered ntp
  1188. Too many fingerprints match this host to give specific OS details
  1189.  
  1190. TRACEROUTE (using proto 1/icmp)
  1191. HOP RTT ADDRESS
  1192. 1 27.58 ms 10.245.200.1
  1193. 2 27.92 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1194. 3 95.15 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1195. 4 27.69 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1196. 5 27.67 ms motl-b1-link.telia.net (62.115.162.41)
  1197. 6 109.47 ms nyk-bb4-link.telia.net (62.115.134.52)
  1198. 7 110.39 ms ldn-bb3-link.telia.net (62.115.113.21)
  1199. 8 110.06 ms ldn-b5-link.telia.net (213.155.132.195)
  1200. 9 110.03 ms ae0.cr-sargas.lon1.core.heg.com (213.248.96.78)
  1201. 10 104.27 ms 87.230.114.206
  1202. 11 123.75 ms 185.24.99.67
  1203. 12 ... 30
  1204. #######################################################################################################################################
  1205. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:39 EDT
  1206. NSE: Loaded 148 scripts for scanning.
  1207. NSE: Script Pre-scanning.
  1208. NSE: Starting runlevel 1 (of 2) scan.
  1209. Initiating NSE at 16:39
  1210. Completed NSE at 16:39, 0.00s elapsed
  1211. NSE: Starting runlevel 2 (of 2) scan.
  1212. Initiating NSE at 16:39
  1213. Completed NSE at 16:39, 0.00s elapsed
  1214. Initiating Ping Scan at 16:39
  1215. Scanning 87.247.241.39 [4 ports]
  1216. Completed Ping Scan at 16:39, 2.05s elapsed (1 total hosts)
  1217. Nmap scan report for 87.247.241.39 [host down, received no-response]
  1218. NSE: Script Post-scanning.
  1219. NSE: Starting runlevel 1 (of 2) scan.
  1220. Initiating NSE at 16:39
  1221. Completed NSE at 16:39, 0.00s elapsed
  1222. NSE: Starting runlevel 2 (of 2) scan.
  1223. Initiating NSE at 16:39
  1224. Completed NSE at 16:39, 0.00s elapsed
  1225. Read data files from: /usr/bin/../share/nmap
  1226. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
  1227. Nmap done: 1 IP address (0 hosts up) scanned in 2.53 seconds
  1228. Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
  1229. #######################################################################################################################################
  1230. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 16:39 EDT
  1231. NSE: Loaded 148 scripts for scanning.
  1232. NSE: Script Pre-scanning.
  1233. Initiating NSE at 16:39
  1234. Completed NSE at 16:39, 0.00s elapsed
  1235. Initiating NSE at 16:39
  1236. Completed NSE at 16:39, 0.00s elapsed
  1237. Initiating Parallel DNS resolution of 1 host. at 16:39
  1238. Completed Parallel DNS resolution of 1 host. at 16:39, 0.03s elapsed
  1239. Initiating UDP Scan at 16:39
  1240. Scanning alhost.servers.prgn.misp.co.uk (87.247.241.39) [14 ports]
  1241. Completed UDP Scan at 16:39, 1.28s elapsed (14 total ports)
  1242. Initiating Service scan at 16:39
  1243. Scanning 12 services on alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1244. Service scan Timing: About 8.33% done; ETC: 16:59 (0:17:47 remaining)
  1245. Completed Service scan at 16:41, 102.58s elapsed (12 services on 1 host)
  1246. Initiating OS detection (try #1) against alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1247. Retrying OS detection (try #2) against alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1248. Initiating Traceroute at 16:41
  1249. Completed Traceroute at 16:41, 7.10s elapsed
  1250. Initiating Parallel DNS resolution of 1 host. at 16:41
  1251. Completed Parallel DNS resolution of 1 host. at 16:41, 0.01s elapsed
  1252. NSE: Script scanning 87.247.241.39.
  1253. Initiating NSE at 16:41
  1254. Completed NSE at 16:42, 20.30s elapsed
  1255. Initiating NSE at 16:42
  1256. Completed NSE at 16:42, 1.03s elapsed
  1257. Nmap scan report for alhost.servers.prgn.misp.co.uk (87.247.241.39)
  1258. Host is up (0.029s latency).
  1259.  
  1260. PORT STATE SERVICE VERSION
  1261. 53/udp open|filtered domain
  1262. 67/udp open|filtered dhcps
  1263. 68/udp open|filtered dhcpc
  1264. 69/udp open|filtered tftp
  1265. 88/udp open|filtered kerberos-sec
  1266. 123/udp open|filtered ntp
  1267. 137/udp filtered netbios-ns
  1268. 138/udp filtered netbios-dgm
  1269. 139/udp open|filtered netbios-ssn
  1270. 161/udp open|filtered snmp
  1271. 162/udp open|filtered snmptrap
  1272. 389/udp open|filtered ldap
  1273. 520/udp open|filtered route
  1274. 2049/udp open|filtered nfs
  1275. Too many fingerprints match this host to give specific OS details
  1276.  
  1277. TRACEROUTE (using port 138/udp)
  1278. HOP RTT ADDRESS
  1279. 1 ... 2
  1280. 3 24.87 ms 10.245.200.1
  1281. 4 24.89 ms 10.245.200.1
  1282. 5 27.71 ms 10.245.200.1
  1283. 6 27.69 ms 10.245.200.1
  1284. 7 21.81 ms 10.245.200.1
  1285. 8 21.80 ms 10.245.200.1
  1286. 9 21.79 ms 10.245.200.1
  1287. 10 21.80 ms 10.245.200.1
  1288. 11 ... 18
  1289. 19 20.99 ms 10.245.200.1
  1290. 20 20.16 ms 10.245.200.1
  1291. 21 ... 27
  1292. 28 21.24 ms 10.245.200.1
  1293. 29 20.68 ms 10.245.200.1
  1294. 30 19.66 ms 10.245.200.1
  1295.  
  1296. NSE: Script Post-scanning.
  1297. Initiating NSE at 16:42
  1298. Completed NSE at 16:42, 0.00s elapsed
  1299. Initiating NSE at 16:42
  1300. Completed NSE at 16:42, 0.00s elapsed
  1301. Read data files from: /usr/bin/../share/nmap
  1302. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1303. Nmap done: 1 IP address (1 host up) scanned in 135.51 seconds
  1304. Raw packets sent: 147 (9.964KB) | Rcvd: 21 (1.634KB)
  1305. #######################################################################################################################################
  1306. ---------------------------------------------------------------------------------------------------------------------------------------
  1307. + Target IP: 87.247.241.39
  1308. + Target Hostname: www.nmsf.gov.sd
  1309. + Target Port: 80
  1310. + Start Time: 2019-04-29 16:02:47 (GMT-4)
  1311. ---------------------------------------------------------------------------------------------------------------------------------------
  1312. + Server: No banner retrieved
  1313. + The anti-clickjacking X-Frame-Options header is not present.
  1314. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1315. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1316. + Server banner has changed from '' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
  1317. + /nmsf.gov.sd.tar.gz: Potentially interesting archive/cert file found.
  1318. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1319. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1320. + Scan terminated: 21 error(s) and 4 item(s) reported on remote host
  1321. + End Time: 2019-04-29 16:13:01 (GMT-4) (614 seconds)
  1322. ---------------------------------------------------------------------------------------------------------------------------------------
  1323. #######################################################################################################################################
  1324. Anonymous JTSEC #OpSudan Full Recon #61
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!