Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- + -- ----------------------------=[Running Nslookup]=------------------------ -- +
- Server: 192.168.0.254
- Address: 192.168.0.254#53
- Non-authoritative answer:
- Name: plutonia.fr
- Address: 104.31.83.54
- Name: plutonia.fr
- Address: 104.31.82.54
- plutonia.fr has address 104.31.82.54
- plutonia.fr has address 104.31.83.54
- plutonia.fr has IPv6 address 2400:cb00:2048:1::681f:5236
- plutonia.fr has IPv6 address 2400:cb00:2048:1::681f:5336
- plutonia.fr mail is handled by 5 alt1.aspmx.l.google.com.
- + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
- Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
- [+] Target is plutonia.fr
- [+] Loading modules.
- [+] Following modules are loaded:
- [x] [1] ping:icmp_ping - ICMP echo discovery module
- [x] [2] ping:tcp_ping - TCP-based ping discovery module
- [x] [3] ping:udp_ping - UDP-based ping discovery module
- [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
- [x] [5] infogather:portscan - TCP and UDP PortScanner
- [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
- [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
- [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
- [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
- [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
- [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
- [x] [12] fingerprint:smb - SMB fingerprinting module
- [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
- [+] 13 modules registered
- [+] Initializing scan engine
- [+] Running scan engine
- [-] ping:tcp_ping module: no closed/open TCP ports known on 104.31.83.54. Module test failed
- [-] ping:udp_ping module: no closed/open UDP ports known on 104.31.83.54. Module test failed
- [-] No distance calculation. 104.31.83.54 appears to be dead or no ports known
- [+] Host: 104.31.83.54 is up (Guess probability: 50%)
- [+] Target: 104.31.83.54 is alive. Round-Trip Time: 0.50534 sec
- [+] Selected safe Round-Trip Time value is: 1.01069 sec
- [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
- [-] fingerprint:smb need either TCP port 139 or 445 to run
- [-] fingerprint:snmp: need UDP port 161 open
- [+] Primary guess:
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Other guesses:
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Host 104.31.83.54 Running OS: (Guess probability: 91%)
- [+] Cleaning up scan engine
- [+] Modules deinitialized
- [+] Execution completed.
- + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
- %%
- %% This is the AFNIC Whois server.
- %%
- %% complete date format : DD/MM/YYYY
- %% short date format : DD/MM
- %% version : FRNIC-2.5
- %%
- %% Rights restricted by copyright.
- %% See https://www.afnic.fr/en/products-and-services/services/whois/whois-special-notice/
- %%
- %% Use '-h' option to obtain more information about this service.
- %%
- %% [2a01:0e34:edc9:9380:004c:ac18:48f0:257a REQUEST] >> -V Md5.2 plutonia.fr
- %%
- %% RL Net [##########] - RL IP [#########.]
- %%
- domain: plutonia.fr
- status: ACTIVE
- hold: NO
- holder-c: ANO00-FRNIC
- admin-c: OVH5-FRNIC
- tech-c: OVH5-FRNIC
- zone-c: NFC1-FRNIC
- nsl-id: NSL41520-FRNIC
- registrar: OVH
- Expiry Date: 13/03/2018
- created: 13/03/2017
- last-update: 29/06/2017
- source: FRNIC
- ns-list: NSL41520-FRNIC
- nserver: jeff.ns.cloudflare.com
- nserver: cheryl.ns.cloudflare.com
- source: FRNIC
- registrar: OVH
- type: Isp Option 1
- address: 2 Rue Kellermann
- address: ROUBAIX
- country: FR
- phone: +33 8 99 70 17 61
- fax-no: +33 3 20 20 09 58
- e-mail: support@ovh.net
- website: http://www.ovh.com
- anonymous: NO
- registered: 21/10/1999
- source: FRNIC
- nic-hdl: ANO00-FRNIC
- type: PERSON
- contact: Ano Nymous
- remarks: -------------- WARNING --------------
- remarks: While the registrar knows him/her,
- remarks: this person chose to restrict access
- remarks: to his/her personal data. So PLEASE,
- remarks: don't send emails to Ano Nymous. This
- remarks: address is bogus and there is no hope
- remarks: of a reply.
- remarks: -------------- WARNING --------------
- registrar: OVH
- changed: 13/03/2017 anonymous@anonymous
- anonymous: YES
- obsoleted: NO
- source: FRNIC
- nic-hdl: OVH5-FRNIC
- type: ROLE
- contact: OVH NET
- address: OVH
- address: 140, quai du Sartel
- address: 59100 Roubaix
- country: FR
- phone: +33 8 99 70 17 61
- e-mail: tech@ovh.net
- trouble: Information: http://www.ovh.fr
- trouble: Questions: mailto:tech@ovh.net
- trouble: Spam: mailto:abuse@ovh.net
- admin-c: OK217-FRNIC
- tech-c: OK217-FRNIC
- notify: tech@ovh.net
- registrar: OVH
- changed: 11/10/2006 tech@ovh.net
- anonymous: NO
- obsoleted: NO
- source: FRNIC
- + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
- *******************************************************************
- * *
- * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
- * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
- * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
- * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
- * *
- * TheHarvester Ver. 2.7 *
- * Coded by Christian Martorella *
- * Edge-Security Research *
- * cmartorella@edge-security.com *
- *******************************************************************
- [-] Searching in Bing:
- Searching 50 results...
- Searching 100 results...
- [+] Emails found:
- ------------------
- No emails found
- [+] Hosts found in search engines:
- ------------------------------------
- [-] Resolving hostnames IPs...
- 104.31.82.54:forum.plutonia.fr
- 193.70.80.81:ts.plutonia.fr
- 213.186.33.5:www.plutonia.fr
- + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
- ; <<>> DiG 9.10.3-P4-Debian <<>> -x plutonia.fr
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16819
- ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;fr.plutonia.in-addr.arpa. IN PTR
- ;; AUTHORITY SECTION:
- in-addr.arpa. 1800 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017042793 1800 900 604800 3600
- ;; Query time: 50 msec
- ;; SERVER: 192.168.0.254#53(192.168.0.254)
- ;; WHEN: Thu Jul 13 23:52:15 CEST 2017
- ;; MSG SIZE rcvd: 121
- dnsenum.pl VERSION:1.2.3
- ----- plutonia.fr -----
- Host's addresses:
- __________________
- plutonia.fr. 101 IN A 104.31.82.54
- plutonia.fr. 101 IN A 104.31.83.54
- Name Servers:
- ______________
- cheryl.ns.cloudflare.com. 73234 IN A 173.245.58.83
- jeff.ns.cloudflare.com. 86400 IN A 173.245.59.124
- Mail (MX) Servers:
- ___________________
- alt1.aspmx.l.google.com. 23 IN A 64.233.164.27
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for plutonia.fr on cheryl.ns.cloudflare.com ...
- AXFR record query failed: FORMERR
- Trying Zone Transfer for plutonia.fr on jeff.ns.cloudflare.com ...
- AXFR record query failed: FORMERR
- brute force file not specified, bay.
- + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for plutonia.fr
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- Bing: forum.plutonia.fr
- SSL Certificates: manager.plutonia.fr
- SSL Certificates: auth.plutonia.fr
- SSL Certificates: sandbox.plutonia.fr
- SSL Certificates: mg.plutonia.fr
- SSL Certificates: launcher.plutonia.fr
- SSL Certificates: forum.plutonia.fr
- SSL Certificates: www.mg.plutonia.fr
- Google: forum.plutonia.fr
- Google: ts.plutonia.fr
- Virustotal: mc1.plutonia.fr
- Virustotal: www.plutonia.fr
- Virustotal: forum.plutonia.fr
- Virustotal: launcher.plutonia.fr
- Yahoo: www.plutonia.fr
- ThreatCrowd: launcher.plutonia.fr
- Yahoo: forum.plutonia.fr
- [!] Error: Google probably now is blocking our requests
- [~] Finished now the Google Enumeration ...
- [-] Saving results to file: /usr/share/sniper/loot/domains/domains-plutonia.fr.txt
- [-] Total Unique Subdomains Found: 10
- www.plutonia.fr
- auth.plutonia.fr
- forum.plutonia.fr
- launcher.plutonia.fr
- manager.plutonia.fr
- mc1.plutonia.fr
- mg.plutonia.fr
- www.mg.plutonia.fr
- sandbox.plutonia.fr
- ts.plutonia.fr
- ╔═╗╦═╗╔╦╗╔═╗╦ ╦
- ║ ╠╦╝ ║ ╚═╗╠═╣
- ╚═╝╩╚═ ╩o╚═╝╩ ╩
- + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
- auth.plutonia.fr
- forum.plutonia.fr
- launcher.plutonia.fr
- manager.plutonia.fr
- mg.plutonia.fr
- *.plutonia.fr
- sandbox.plutonia.fr
- www.mg.plutonia.fr
- [+] Domains saved to: /usr/share/sniper/loot/domains/domains-plutonia.fr-full.txt
- + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
- + -- ----------------------------=[Checking Email Security]=----------------- -- +
- + -- ----------------------------=[Pinging host]=---------------------------- -- +
- PING plutonia.fr(2400:cb00:2048:1::681f:5336 (2400:cb00:2048:1::681f:5336)) 56 data bytes
- 64 bytes from 2400:cb00:2048:1::681f:5336 (2400:cb00:2048:1::681f:5336): icmp_seq=1 ttl=57 time=71.3 ms
- --- plutonia.fr ping statistics ---
- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
- rtt min/avg/max/mdev = 71.383/71.383/71.383/0.000 ms
- + -- ----------------------------=[Running TCP port scan]=------------------- -- +
- Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-13 23:52 CEST
- Nmap scan report for plutonia.fr (104.31.82.54)
- Host is up (0.036s latency).
- Other addresses for plutonia.fr (not scanned): 2400:cb00:2048:1::681f:5236 2400:cb00:2048:1::681f:5336 104.31.83.54
- Not shown: 45 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- 8080/tcp open http-proxy
- 8443/tcp open https-alt
- Nmap done: 1 IP address (1 host up) scanned in 21.68 seconds
- + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 closed... skipping.
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 53 closed... skipping.
- + -- --=[Port 79 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- + -- ----------------------------=[Checking for WAF]=------------------------ -- +
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://plutonia.fr
- The site http://plutonia.fr is behind a CloudFlare
- Number of requests: 1
- + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
- http://plutonia.fr [503 Service Unavailable] CloudFlare, Cookies[__cfduid], Country[UNITED STATES][US], HTML5, HTTPServer[cloudflare-nginx], HttpOnly[__cfduid], IP[104.31.83.54], Script[text/javascript], Title[Just a moment...], UncommonHeaders[cf-ray], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=Edge]
- __ ______ _____
- \ \/ / ___|_ _|
- \ /\___ \ | |
- / \ ___) || |
- /_/\_|____/ |_|
- + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
- + -- --=[Target: plutonia.fr:80
- + -- --=[Site not vulnerable to Cross-Site Tracing!
- + -- --=[Site not vulnerable to Host Header Injection!
- + -- --=[Site not vulnerable to Cross-Frame Scripting!
- + -- --=[Site not vulnerable to Clickjacking!
- HTTP/1.1 405 Not Allowed
- Date: Thu, 13 Jul 2017 21:53:00 GMT
- Content-Type: text/html
- Content-Length: 177
- Connection: close
- Server: -nginx
- CF-RAY: -
- <html>
- <head><title>405 Not Allowed</title></head>
- <body bgcolor="white">
- <center><h1>405 Not Allowed</h1></center>
- <hr><center>cloudflare-nginx</center>
- </body>
- </html>
- HTTP/1.1 503 Service Temporarily Unavailable
- Date: Thu, 13 Jul 2017 21:53:00 GMT
- Content-Type: text/html; charset=UTF-8
- Transfer-Encoding: chunked
- Connection: close
- Set-Cookie: __cfduid=d90ff31d1ed791e2efd7151c77edece371499982780; expires=Fri, 13-Jul-18 21:53:00 GMT; path=/; domain=.plutonia.fr; HttpOnly
- X-Frame-Options: SAMEORIGIN
- Refresh: 8;URL=/cdn-cgi/l/chk_jschl?pass=1499982784.818-g5hi0Sw/Sn
- Cache-Control: no-cache
- Server: cloudflare-nginx
- CF-RAY: 37df78fbc47314e5-CDG
- 111b
- <!DOCTYPE HTML>
- <html lang="en-US">
- <head>
- <meta charset="UTF-8" />
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
- <meta name="robots" content="noindex, nofollow" />
- <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
- <title>Just a moment...</title>
- <style type="text/css">
- html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
- body {background-color: #ffffff; font-famil
- + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
- + -- --=[Checking if X-Content options are enabled on plutonia.fr...
- + -- --=[Checking if X-Frame options are enabled on plutonia.fr...
- X-Frame-Options: SAMEORIGIN
- + -- --=[Checking if X-XSS-Protection header is enabled on plutonia.fr...
- + -- --=[Checking HTTP methods on plutonia.fr...
- + -- --=[Checking if TRACE method is enabled on plutonia.fr...
- + -- --=[Checking for META tags on plutonia.fr...
- <meta charset="UTF-8" />
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
- <meta name="robots" content="noindex, nofollow" />
- <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
- + -- --=[Checking for open proxy on plutonia.fr...
- + -- --=[Enumerating software on plutonia.fr...
- Server: cloudflare-nginx
- + -- --=[Checking if Strict-Transport-Security is enabled on plutonia.fr...
- + -- --=[Checking for Flash cross-domain policy on plutonia.fr...
- <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
- <br>
- Ray ID: 37df7907746569ca
- </div>
- </td>
- </tr>
- </table>
- </body>
- </html>
- + -- --=[Checking for Silverlight cross-domain policy on plutonia.fr...
- <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
- <br>
- Ray ID: 37df7908925b68ba
- </div>
- </td>
- </tr>
- </table>
- </body>
- </html>
- + -- --=[Checking for HTML5 cross-origin resource sharing on plutonia.fr...
- + -- --=[Retrieving robots.txt on plutonia.fr...
- <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
- <br>
- Ray ID: 37df790ad3613c3b
- </div>
- </td>
- </tr>
- </table>
- </body>
- </html>
- + -- --=[Retrieving sitemap.xml on plutonia.fr...
- <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
- <br>
- Ray ID: 37df790c059668d8
- </div>
- </td>
- </tr>
- </table>
- </body>
- </html>
- + -- --=[Checking cookie attributes on plutonia.fr...
- Set-Cookie: __cfduid=d8e6e04e8e1bc4a17e091fc50e29c79161499982783; expires=Fri, 13-Jul-18 21:53:03 GMT; path=/; domain=.plutonia.fr; HttpOnly
- + -- --=[Checking for ASP.NET Detailed Errors on plutonia.fr...
- <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
- <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=iuam" target="_blank" style="font-size: 12px;">DDoS protection by Cloudflare</a>
- + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 104.31.82.54
- + Target Hostname: plutonia.fr
- + Target Port: 80
- + Start Time: 2017-07-13 23:53:01 (GMT2)
- ---------------------------------------------------------------------------
- + Server: cloudflare-nginx
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'cf-ray' found, with contents: 37df7912c1af69ca-CDG
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + All CGI directories 'found', use '-C none' to test none
- + Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement