Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- + Start Time: 2021-04-25 08:54:43 (GMT3)
- ---------------------------------------------------------------------------
- + Server: No banner retrieved
- + Uncommon header 'priority' found, with contents: u=3,i
- + Uncommon header 'x-fb-debug' found, with contents: rvX64FlZz910uBj3ILqL/Kx6/Ev8rFgcR8H2KaFCtgtXbufa1C+IZEMWE/pK/Y/v05zzn2vdGGTtGsaS2LW8yA==
- + Uncommon header 'x-fb-rlafr' found, with contents: 0
- + Uncommon header 'alt-svc' found, with contents: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
- line: /job_application/
- + Entry '/job_application/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /watch/
- + Entry '/watch/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /full_data_use_policy/
- + Entry '/full_data_use_policy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /*/videos/
- line: /sharer/
- + Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /watch/?v=*/
- + Entry '/watch/?v=*/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /p.php
- + Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /about/privacy/
- + Entry '/about/privacy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /album.php
- + Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /sharer.php
- + Entry '/sharer.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /share.php
- + Entry '/share.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /checkpoint/
- + Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /hashtag/
- line: /policy.php
- + Entry '/policy.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /file_download.php
- + Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /dialog/
- + Retrieved access-control-allow-origin header: https://facebook.com
- line: /moments_app/
- + Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /contact_importer/
- + Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /feeds/
- line: /fbml/ajax/dialog/
- + Entry '/fbml/ajax/dialog/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /ajax/bootloader-endpoint/
- line: /share/
- + Entry '/share/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /photo.php
- + Entry '/photo.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /l.php
- line: /safetycheck/
- + Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- line: /photos.php
- + Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
- line: /ajax/
- line: /legal/terms/
- + Entry '/legal/terms/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /static_map.php
- line: /ajax/pagelet/generic.php/PagePostsSectionPagelet
- + Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- line: /map_tile.php
- + "robots.txt" contains 442 entries which should be manually viewed.
- + Server banner changed from '' to 'proxygen-bolt'
- + Uncommon header 'cross-origin-resource-policy' found, with contents: cross-origin
- + Server is using a wildcard certificate: *.facebook.com
- + Multiple index files found: /index.php, /index.aspx, /index.do, /index.php7, /default.aspx, /index.php5, /index.shtml, /index.jhtml, /index.php3, /index.cfm, /index.php4
- + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
- + /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
- + /help/: Help directory should not be accessible
- + OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
- + /getaccess: This may be an indication that the server is running getAccess for SSO
- + OSVDB-23654: /profile.php?u=BSSxluI6: Powerboards is vulnerable to path disclosure.
- + /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
- + /siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
- + /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
- + /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
- + /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
- + /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
- + /ws_ftp.ini: Can contain saved passwords for FTP sites
- + /WS_FTP.ini: Can contain saved passwords for FTP sites
- + /siteminder: This may be an indication that the server is running Siteminder for SSO
- + /_cti_pvt/: FrontPage directory found.
- + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
- + OSVDB-2754: /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
- + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
- + OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
- + OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
- + OSVDB-3092: /_vti_txt/: FrontPage directory found.
- + OSVDB-13405: /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information.
- + OSVDB-10944: /cgi-sys/: CGI Directory found
- + OSVDB-10944: /htbin/: CGI Directory found
- + OSVDB-2695: /photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
- + OSVDB-2695: /photodata/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
- + OSVDB-3092: /access-log: This might be interesting.
- + OSVDB-3092: /access.log: This might be interesting.
- + OSVDB-3092: /access_log: This might be interesting.
- + OSVDB-3092: /admin.htm: This might be interesting.
- + OSVDB-3092: /Admin_files/: This might be interesting.
- + OSVDB-3092: /analog/: This might be interesting.
- + OSVDB-3092: /ccard/: This might be interesting.
- + OSVDB-3092: /dan_o.dat: This might be interesting.
- + OSVDB-3092: /enviamail/: This might be interesting.
- + OSVDB-3092: /error_log: This might be interesting.
- + OSVDB-3092: /fpadmin/: This might be interesting.
- + OSVDB-3092: /hit_tracker/: This might be interesting.
- + OSVDB-3092: /htpasswd: This might be interesting.
- + OSVDB-3092: /login/: This might be interesting.
- + OSVDB-3092: /noticias/: This might be interesting.
- + OSVDB-3092: /outgoing/: This might be interesting.
- + OSVDB-3092: /PDG_Cart/: This might be interesting.
- + OSVDB-3092: /php/: This might be interesting.
- + OSVDB-3092: /prueba/: This might be interesting.
- + OSVDB-3092: /register/: This might be interesting.
- + OSVDB-3092: /retail/: This might be interesting.
- + OSVDB-3092: /ss.cfg: This might be interesting.
- + OSVDB-3092: /stylesheet/: This might be interesting.
- + OSVDB-3092: /stylesheets/: This might be interesting.
- + OSVDB-3092: /system/: This might be interesting.
- + OSVDB-3092: /tools/: This might be interesting.
- + OSVDB-3092: /updates/: This might be interesting.
- + OSVDB-3092: /webadmin/: This might be interesting: probably HostingController, www.hostingcontroller.com
- + OSVDB-3092: /webmaster_logs/: This might be interesting.
- + OSVDB-3092: /Web_store/: This might be interesting.
- + OSVDB-3092: /sam._: This might be interesting.
- + OSVDB-3092: /_mem_bin/: This might be interesting: user login
- + OSVDB-3092: /owa_util%2esignature: This might be interesting.
- + OSVDB-3093: /add_acl: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /aff_news.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /archive_forum.asp: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /bigsam_guestbook.php?displayBegin=9999...9999: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /checkout_payment.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /do_map: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /do_subscribe: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /emml_email_func.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /forum_arc.asp?n=268: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /forum_professionnel.asp?n=100: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-10447: /get_od_toc.pl?Profile=: WebTrends get_od_toc.pl may be vulnerable to a path disclosure error if this file is reloaded multiple times.
- + OSVDB-3093: /ixmail_netattach.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /parse_xml.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /product_info.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /protected/: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /pt_config.inc: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /site_searcher.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /x_stat_admin.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /_head.php: This might be interesting: has been seen in web logs from an unknown scanner.
- + OSVDB-3093: /.www_acl: Contains authorization information
- + OSVDB-3093: /.addressbook: PINE addressbook, may store sensitive e-mail address contact information and notes
- + OSVDB-3093: /.lynx_cookies: User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites.
- + OSVDB-3233: /_private/: FrontPage directory found.
- + OSVDB-3233: /_vti_bin/: FrontPage directory found.
- + OSVDB-3233: /index.html.cz.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
- + OSVDB-3233: /index.html.he.iso8859-8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
- + OSVDB-3233: /index.html.hr.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
- + OSVDB-3233: /index.html.po.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
- + OSVDB-3233: /index.html.ru.cp-1251: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
- + OSVDB-9624: /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.
- + OSVDB-3233: /ptg_upgrade_pkg.log: Oracle log files.
- + OSVDB-3233: /OA_JAVA/: Oracle Applications Portal Page
- + OSVDB-3233: /OA_HTML/: Oracle Applications Portal Page
- + OSVDB-3093: /OA_MEDIA/: Oracle Applications portal pages found.
- + OSVDB-3092: /_archive/: Archive found.
- + OSVDB-3092: /aw/: This might be interesting: potential country code (Aruba)
- + OSVDB-3092: /cx/: This might be interesting: potential country code (Christmas Island)
- + OSVDB-3092: /dj/: This might be interesting: potential country code (Djibouti)
- + OSVDB-3092: /mr/: This might be interesting: potential country code (Mauritania)
- + OSVDB-3092: /pr/: This might be interesting: potential country code (Puerto Rico)
- + OSVDB-3092: /tr/: This might be interesting: potential country code (Turkey)
- + Uncommon header 'x-fb-content-md5' found, with contents: 4e1e97542b4f90213e76c6f6811c3092
- + /wp-app.log: Wordpress' wp-app.log may leak application/system details.
- + /wordpress/wp-app.log: Wordpress' wp-app.log may leak application/system details.
- + /admin4_account/: Admin login page/section found.
- + /admin4_colon/: Admin login page/section found.
- + /administr8/: Admin login page/section found.
- + /adminpro/: Admin login page/section found.
- + /admins.php: Admin login page/section found.
- + /AdminTools/: Admin login page/section found.
- + /cp.asp: Admin login page/section found.
- + /cpanel_file/: Admin login page/section found.
- + /customer_login/: Admin login page/section found.
- + /database_administration/: Admin login page/section found.
- + /Database_Administration/: Admin login page/section found.
- + /globes_admin/: Admin login page/section found.
- + /Indy_admin/: Admin login page/section found.
- + /LiveUser_Admin/: Admin login page/section found.
- + /login_db/: Admin login page/section found.
- + /login.php: Admin login page/section found.
- + /logo_sysadmin/: Admin login page/section found.
- + /Lotus_Domino_Admin/: Admin login page/section found.
- + /macadmin/: Admin login page/section found.
- + /meta_login/: Admin login page/section found.
- + /painel/: Admin login page/section found.
- + /platz_login/: Admin login page/section found.
- + /power_user/: Admin login page/section found.
- + /server_admin_small/: Admin login page/section found.
- + /ss_vms_admin_sm/: Admin login page/section found.
- + /support_login/: Admin login page/section found.
- + /system_administration/: Admin login page/section found.
- + /utility_login/: Admin login page/section found.
- + OSVDB-3092: /messages/: This might be interesting.
- + OSVDB-3092: /test.jsp: This might be interesting.
- + /fantastico_fileslist.txt: fantastico_fileslist.txt file found. This file contains a list of all the files from the current directory.
- + Uncommon header 'x-fb-serverinfo' found, with contents: 1682,0,C3,100,10000,23
- + Uncommon header 'x-fb-svn-revision' found, with contents: 1003681751
- + /id_rsa: Encryption key exposed
- + /id_rsa.old: Encryption key exposed
- + /id_dsa: Encryption key exposed
- + /id_dsa.old: Encryption key exposed
- + /server-manager/: Mitel Audio and Web Conferencing server manager identified.
- + Cookie statecode created without the secure flag
- + Cookie dvr_camcnt created without the secure flag
- + Cookie dvr_usr created without the secure flag
- + Cookie dvr_pwd created without the secure flag
- + Uncommon header 'content-disposition' found, with contents: inline;filename=assetlinks.json
- + /.well-known/assetlinks.json: Google Asset Links Specification file may contain server info, per RFC-5785. See https://github.com/google/digitalassetlinks/blob/master/well-known/details.md
- + /core/modules/config/config.info.yml: Drupal version number revealed in config.info.yml
- + /master.json: This might be interesting.
- + /redis_config.json: Redis config file found. It may contain sensitive information.
- + /credis/tests/redis_config.json: Redis config file found. It may contain sensitive information.
- + /config/redis.json: Redis config file found. It may contain sensitive information.
- + /.well-known/openid-configuration: OpenID Provider Configuration Information.
- + /apple-app-site-association: Apple Universal Links.
- + /.well-known/apple-app-site-association: Apple Universal Links.
- + /.well-known/assetlinks.json: Android App Links.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement