· 6 years ago · Jan 17, 2020, 09:24 AM
1######################################################################################################################################
2======================================================================================================================================
3Hostname amjad.media ISP Hetzner Online GmbH
4Continent Europe Flag
5DE
6Country Germany Country Code DE
7Region Unknown Local time 17 Jan 2020 09:32 CET
8City Unknown Postal Code Unknown
9IP Address 116.203.74.141 Latitude 51.299
10 Longitude 9.491
11======================================================================================================================================
12######################################################################################################################################
13> amjad.media
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: amjad.media
19Address: 116.203.74.141
20>
21#####################################################################################################################################
22[+] Target : amjad.media
23
24[+] IP Address : 116.203.74.141
25
26[+] Headers :
27
28[+] Server : nginx
29[+] Date : Fri, 17 Jan 2020 08:49:23 GMT
30[+] Content-Type : text/html; charset=UTF-8
31[+] Transfer-Encoding : chunked
32[+] Connection : keep-alive
33[+] Pragma : no-cache
34[+] Cache-Control : no-cache, must-revalidate, private
35[+] Expires : Sat, 26 Jul 1997 05:00:00 GMT
36[+] Retry-After : 3600
37
38[+] SSL Certificate Information :
39
40[+] commonName : amjad.media
41[+] countryName : US
42[+] organizationName : Let's Encrypt
43[+] commonName : Let's Encrypt Authority X3
44[+] Version : 3
45[+] Serial Number : 0349EDC13878B5B3EDDEA279F7D3EC14FF8F
46[+] Not Before : Dec 21 14:39:16 2019 GMT
47[+] Not After : Mar 20 14:39:16 2020 GMT
48[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
49[+] subject Alt Name : (('DNS', 'amjad.media'), ('DNS', 'www.amjad.media'))
50[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
51
52[+] Whois Lookup :
53
54[+] NIR : None
55[+] ASN Registry : ripencc
56[+] ASN : 24940
57[+] ASN CIDR : 116.203.0.0/16
58[+] ASN Country Code : DE
59[+] ASN Date : 2011-01-17
60[+] ASN Description : HETZNER-AS, DE
61[+] cidr : 116.202.0.0/15
62[+] name : DE-HETZNER-2010117
63[+] handle : HOAC1-RIPE
64[+] range : 116.202.0.0 - 116.203.255.255
65[+] description : None
66[+] country : DE
67[+] state : None
68[+] city : None
69[+] address : Industriestrasse 25
70D-91710
71Gunzenhausen
72GERMANY
73[+] postal_code : None
74[+] emails : ['abuse@hetzner.de', 'peering@hetzner.de']
75[+] created : 2018-08-27T15:05:26Z
76[+] updated : 2018-08-27T15:05:26Z
77
78[+] Crawling Target...
79######################################################################################################################################
80[i] Scanning Site: https://amjad.media
81
82
83
84B A S I C I N F O
85====================
86
87
88[+] Site Title:
89[+] IP address: 116.203.74.141
90[+] Web Server: nginx
91[+] CMS: Could Not Detect
92[+] Cloudflare: Not Detected
93[+] Robots File: Could NOT Find robots.txt!
94
95
96
97
98W H O I S L O O K U P
99========================
100
101 Domain Name: amjad.media
102Registry Domain ID: f2bfad7dc8cb492e9f526ea3e34adf4c-DONUTS
103Registrar WHOIS Server: dynadot.com/whois
104Registrar URL: http://dynadot.com
105Updated Date: 2019-10-22T21:21:18Z
106Creation Date: 2017-10-20T22:17:18Z
107Registry Expiry Date: 2020-10-20T22:17:18Z
108Registrar: Dynadot, LLC
109Registrar IANA ID: 472
110Registrar Abuse Contact Email: abuse@dynadot.com
111Registrar Abuse Contact Phone: +1.6502620100
112Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
113Registry Registrant ID: REDACTED FOR PRIVACY
114Registrant Name: REDACTED FOR PRIVACY
115Registrant Organization:
116Registrant Street: REDACTED FOR PRIVACY
117Registrant City: REDACTED FOR PRIVACY
118Registrant State/Province: California
119Registrant Postal Code: REDACTED FOR PRIVACY
120Registrant Country: US
121Registrant Phone: REDACTED FOR PRIVACY
122Registrant Phone Ext: REDACTED FOR PRIVACY
123Registrant Fax: REDACTED FOR PRIVACY
124Registrant Fax Ext: REDACTED FOR PRIVACY
125Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
126Registry Admin ID: REDACTED FOR PRIVACY
127Admin Name: REDACTED FOR PRIVACY
128Admin Organization: REDACTED FOR PRIVACY
129Admin Street: REDACTED FOR PRIVACY
130Admin City: REDACTED FOR PRIVACY
131Admin State/Province: REDACTED FOR PRIVACY
132Admin Postal Code: REDACTED FOR PRIVACY
133Admin Country: REDACTED FOR PRIVACY
134Admin Phone: REDACTED FOR PRIVACY
135Admin Phone Ext: REDACTED FOR PRIVACY
136Admin Fax: REDACTED FOR PRIVACY
137Admin Fax Ext: REDACTED FOR PRIVACY
138Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
139Registry Tech ID: REDACTED FOR PRIVACY
140Tech Name: REDACTED FOR PRIVACY
141Tech Organization: REDACTED FOR PRIVACY
142Tech Street: REDACTED FOR PRIVACY
143Tech City: REDACTED FOR PRIVACY
144Tech State/Province: REDACTED FOR PRIVACY
145Tech Postal Code: REDACTED FOR PRIVACY
146Tech Country: REDACTED FOR PRIVACY
147Tech Phone: REDACTED FOR PRIVACY
148Tech Phone Ext: REDACTED FOR PRIVACY
149Tech Fax: REDACTED FOR PRIVACY
150Tech Fax Ext: REDACTED FOR PRIVACY
151Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
152Name Server: ns1.dynadot.com
153Name Server: ns2.dynadot.com
154DNSSEC: unsigned
155URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
156>>> Last update of WHOIS database: 2020-01-17T08:49:34Z <<<
157
158For more information on Whois status codes, please visit https://icann.org/epp
159
160Terms of Use: Donuts Inc. provides this Whois service for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Donuts does not guarantee its accuracy. Users accessing the Donuts Whois service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar’s own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Donuts or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. When using the Donuts Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld da
161ta. Access to this data can be requested by submitting a request via the form found at https://donuts.domains/about/policies/whois-layered-access/ Donuts Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
162
163
164
165
166G E O I P L O O K U P
167=========================
168
169[i] IP Address: 116.203.74.141
170[i] Country: Germany
171[i] State:
172[i] City:
173[i] Latitude: 51.2993
174[i] Longitude: 9.491
175
176
177
178
179H T T P H E A D E R S
180=======================
181
182
183[i] HTTP/1.1 503 Service Unavailable
184[i] Server: nginx
185[i] Date: Fri, 17 Jan 2020 08:49:36 GMT
186[i] Content-Type: text/html; charset=UTF-8
187[i] Connection: close
188[i] Pragma: no-cache
189[i] Cache-Control: no-cache, must-revalidate, private
190[i] Expires: Sat, 26 Jul 1997 05:00:00 GMT
191[i] Retry-After: 3600
192
193
194
195
196D N S L O O K U P
197===================
198
199amjad.media. 2559 IN SOA ns1.dynadot.com. hostmaster.amjad.media. 1579250693 16384 2048 1048576 2560
200amjad.media. 299 IN NS ns1.dynadot.com.
201amjad.media. 299 IN NS ns2.dynadot.com.
202amjad.media. 299 IN TXT "amjad.media TXT v=spf1 a ~all"
203amjad.media. 299 IN A 116.203.74.141
204
205
206
207
208S U B N E T C A L C U L A T I O N
209====================================
210
211Address = 116.203.74.141
212Network = 116.203.74.141 / 32
213Netmask = 255.255.255.255
214Broadcast = not needed on Point-to-Point links
215Wildcard Mask = 0.0.0.0
216Hosts Bits = 0
217Max. Hosts = 1 (2^0 - 0)
218Host Range = { 116.203.74.141 - 116.203.74.141 }
219
220
221
222N M A P P O R T S C A N
223============================
224
225Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-17 08:49 UTC
226Nmap scan report for amjad.media (116.203.74.141)
227Host is up (0.079s latency).
228rDNS record for 116.203.74.141: static.141.74.203.116.clients.your-server.de
229
230PORT STATE SERVICE
23121/tcp filtered ftp
23222/tcp filtered ssh
23323/tcp filtered telnet
23480/tcp open http
235110/tcp closed pop3
236143/tcp closed imap
237443/tcp open https
2383389/tcp filtered ms-wbt-server
239
240Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
241######################################################################################################################################
242[+] Starting At 2020-01-17 03:50:29.253464
243[+] Collecting Information On: https://amjad.media/
244[#] Status: 503
245--------------------------------------------------
246[#] Web Server Detected: nginx
247[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
248- Server: nginx
249- Date: Fri, 17 Jan 2020 08:50:23 GMT
250- Content-Type: text/html; charset=UTF-8
251- Transfer-Encoding: chunked
252- Connection: keep-alive
253- Pragma: no-cache
254- Cache-Control: no-cache, must-revalidate, private
255- Expires: Sat, 26 Jul 1997 05:00:00 GMT
256- Retry-After: 3600
257--------------------------------------------------
258[#] Finding Location..!
259[#] status: success
260[#] country: Germany
261[#] countryCode: DE
262[#] region: BY
263[#] regionName: Bavaria
264[#] city: Nuremberg
265[#] zip: 90403
266[#] lat: 49.452
267[#] lon: 11.0767
268[#] timezone: Europe/Berlin
269[#] isp: Hetzner
270[#] org: Hetzner Online GmbH
271[#] as: AS24940 Hetzner Online GmbH
272[#] query: 116.203.74.141
273--------------------------------------------------
274[x] Didn't Detect WAF Presence on: https://amjad.media/
275--------------------------------------------------
276[#] Starting Reverse DNS
277[!] Found 1 any Domain
278- amjad.media
279--------------------------------------------------
280[!] Scanning Open Port
281[#] 80/tcp open http
282[#] 443/tcp open https
283[#] 1011/tcp open unknown
284--------------------------------------------------
285[+] Getting SSL Info
286{'OCSP': ('http://ocsp.int-x3.letsencrypt.org',),
287 'caIssuers': ('http://cert.int-x3.letsencrypt.org/',),
288 'issuer': ((('countryName', 'US'),),
289 (('organizationName', "Let's Encrypt"),),
290 (('commonName', "Let's Encrypt Authority X3"),)),
291 'notAfter': 'Mar 20 14:39:16 2020 GMT',
292 'notBefore': 'Dec 21 14:39:16 2019 GMT',
293 'serialNumber': '0349EDC13878B5B3EDDEA279F7D3EC14FF8F',
294 'subject': ((('commonName', 'amjad.media'),),),
295 'subjectAltName': (('DNS', 'amjad.media'), ('DNS', 'www.amjad.media')),
296 'version': 3}
297-----BEGIN CERTIFICATE-----
298MIIFXTCCBEWgAwIBAgISA0ntwTh4tbPt3qJ599PsFP+PMA0GCSqGSIb3DQEBCwUA
299MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
300ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMjExNDM5MTZaFw0y
301MDAzMjAxNDM5MTZaMBYxFDASBgNVBAMTC2FtamFkLm1lZGlhMIIBIjANBgkqhkiG
3029w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ijLhy4ydcbvxjXrNXQmWOGtpwRnsAS2nXd8
303+WM9sV9ttGNsKOkdXBwVSK57J46f9xfIP4+LBVxPpCAIQcBd3IZGFoHaRNcheNhY
304uW+6xRMAFGCuzvOa/y1/26GPcB+R7XGxXaH3x/hCUEv7c3sYgkpkbERFi0djV0ib
305XDdhVtVcnZl3zQhorqsMfqToXh1ZZonhrrqK7yyCWSehsuzCpONGX6XqlN2epeOz
306rWogqg8/CBzs5uGoNNNuyRM46C7rrpENzkthSERIr6rHTmYKhDZtpvRpj/gzyb17
307Voj4IpV6ZX4PTv8TqwFS4PDfhUDWNZMuK/4/DFdQ9Wx4FlAcLQIDAQABo4ICbzCC
308AmswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
309AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTNzEJ2AH6YGd9qRW9FlNBtAFPthjAf
310BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw
311LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw
312LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
313MCcGA1UdEQQgMB6CC2FtamFkLm1lZGlhgg93d3cuYW1qYWQubWVkaWEwTAYDVR0g
314BEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0
315cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4A
316dQBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAW8pHOMRAAAEAwBG
317MEQCIBFVTxNL5dVrnUAJm+wv87/tNCZIguvSW4q/jk550mXqAiAGZq+Qak9klbsH
3186dUHPHPekLtvXYayKAIStoCBldMsGwB1ALIeBcyLos2KIE6HZvkruYolIGdr2vpw
31957JJUy3vi5BeAAABbykc4v0AAAQDAEYwRAIgWLY/al8Yqz7z/yg9KLADSvm+7LbK
320khalifnsUUAeBa4CIBV/alWHrmYpdJqleDS6+R01mYDkQaam49KOdveJb9G0MA0G
321CSqGSIb3DQEBCwUAA4IBAQBP+NtqETDpA0Jw2VtPSyNav/c+Dr755cDYDM69tFwp
3226j1ChTlXJAJarmoClTC5MMtz6yxUPC8j8PA0iBiKiDSo3x1jWKIiUoXguj/SUolJ
323hnxUDgsf7csKny6nnnVRpIEySuQ/Ml03pb27mzh52ps3/d3qb3QqtX1MMkqXl68O
324osb2z8rum+VNfcvT/ALhx9DNxoEFrFiOQXStEfK5PAxZRSTD4/vUiPpMxinTU2Zm
32512KRzU79Cry7T2EJX/e1bL5EBnncGzMOlNhBeBeU6o3JuxnDHsnzFcXoyiZbkRcD
326L+8T01tkV8JjpPAXj1LbL9PcY6XGyXMdZA25mNtk6xR/
327-----END CERTIFICATE-----
328
329--------------------------------------------------
330[+] Collecting Information Disclosure!
331[#] Detecting sitemap.xml file
332[-] sitemap.xml file not Found!?
333[#] Detecting robots.txt file
334[-] robots.txt file not Found!?
335[#] Detecting GNU Mailman
336[-] GNU Mailman App Not Detected!?
337--------------------------------------------------
338[+] Crawling Url Parameter On: https://amjad.media/
339--------------------------------------------------
340[#] Searching Html Form !
341[-] No Html Form Found!?
342--------------------------------------------------
343[-] No DOM Paramter Found!?
344--------------------------------------------------
345[-] No internal Dynamic Parameter Found!?
346--------------------------------------------------
347[!] 1 External Dynamic Parameter Discovered
348[#] https://www.wordfence.com/help/?query=locked-out
349--------------------------------------------------
350[-] No Internal Link Found!?
351--------------------------------------------------
352[-] No External Link Found!?
353--------------------------------------------------
354[#] Mapping Subdomain..
355[!] Found 1 Subdomain
356- amjad.media
357--------------------------------------------------
358[!] Done At 2020-01-17 03:50:50.894453
359#####################################################################################################################################
360Trying "amjad.media"
361;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9044
362;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 8
363
364;; QUESTION SECTION:
365;amjad.media. IN ANY
366
367;; ANSWER SECTION:
368amjad.media. 300 IN A 116.203.74.141
369amjad.media. 300 IN TXT "amjad.media TXT v=spf1 a ~all"
370amjad.media. 2560 IN SOA ns1.dynadot.com. hostmaster.amjad.media. 1579250992 16384 2048 1048576 2560
371amjad.media. 300 IN NS ns1.dynadot.com.
372amjad.media. 300 IN NS ns2.dynadot.com.
373
374;; ADDITIONAL SECTION:
375ns1.dynadot.com. 24706 IN A 54.68.4.223
376ns1.dynadot.com. 24706 IN A 54.69.45.191
377ns1.dynadot.com. 24706 IN A 35.160.240.86
378ns1.dynadot.com. 24706 IN A 52.25.56.204
379ns2.dynadot.com. 24706 IN A 3.214.135.194
380ns2.dynadot.com. 24706 IN A 3.218.93.94
381ns2.dynadot.com. 24706 IN A 3.223.22.200
382ns2.dynadot.com. 24706 IN A 3.224.5.165
383
384Received 315 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 81 ms
385#####################################################################################################################################
386[*] Performing General Enumeration of Domain: amjad.media
387[-] DNSSEC is not configured for amjad.media
388[*] SOA ns1.dynadot.com 54.69.45.191
389[*] SOA ns1.dynadot.com 54.68.4.223
390[*] SOA ns1.dynadot.com 52.25.56.204
391[*] SOA ns1.dynadot.com 35.160.240.86
392[*] NS ns1.dynadot.com 54.69.45.191
393[*] NS ns1.dynadot.com 54.68.4.223
394[*] NS ns1.dynadot.com 52.25.56.204
395[*] NS ns1.dynadot.com 35.160.240.86
396[*] NS ns2.dynadot.com 3.223.22.200
397[*] NS ns2.dynadot.com 3.214.135.194
398[*] NS ns2.dynadot.com 3.218.93.94
399[*] NS ns2.dynadot.com 3.224.5.165
400[-] Could not Resolve MX Records for amjad.media
401[*] A amjad.media 116.203.74.141
402[*] TXT amjad.media amjad.media TXT v=spf1 a ~all
403[*] Enumerating SRV Records
404[-] No SRV Records Found for amjad.media
405[+] 0 Records Found
406######################################################################################################################################
407[*] Processing domain amjad.media
408[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
409[+] Getting nameservers
41054.69.45.191 - ns1.dynadot.com
41154.68.4.223 - ns1.dynadot.com
41252.25.56.204 - ns1.dynadot.com
41335.160.240.86 - ns1.dynadot.com
4143.223.22.200 - ns2.dynadot.com
4153.214.135.194 - ns2.dynadot.com
4163.218.93.94 - ns2.dynadot.com
4173.224.5.165 - ns2.dynadot.com
418[-] Zone transfer failed
419
420[+] TXT records found
421"amjad.media TXT v=spf1 a ~all"
422
423[*] Scanning amjad.media for A records
424116.203.74.141 - amjad.media
425195.181.168.28 - f.amjad.media
42688.198.195.147 - files.amjad.media
427116.203.74.141 - www.amjad.media
428#####################################################################################################################################
429 AVAILABLE PLUGINS
430 -----------------
431
432 SessionResumptionPlugin
433 CertificateInfoPlugin
434 SessionRenegotiationPlugin
435 HeartbleedPlugin
436 OpenSslCipherSuitesPlugin
437 CompressionPlugin
438 FallbackScsvPlugin
439 HttpHeadersPlugin
440 RobotPlugin
441 EarlyDataPlugin
442 OpenSslCcsInjectionPlugin
443
444
445
446 CHECKING HOST(S) AVAILABILITY
447 -----------------------------
448
449 116.203.74.141:443 => 116.203.74.141
450
451
452
453
454 SCAN RESULTS FOR 116.203.74.141:443 - 116.203.74.141
455 ----------------------------------------------------
456
457 * SSLV2 Cipher Suites:
458 Server rejected all cipher suites.
459
460 * OpenSSL CCS Injection:
461 OK - Not vulnerable to OpenSSL CCS injection
462
463 * Session Renegotiation:
464 Client-initiated Renegotiation: OK - Rejected
465 Secure Renegotiation: OK - Supported
466
467 * TLS 1.2 Session Resumption Support:
468 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
469 With TLS Tickets: OK - Supported
470
471 * OpenSSL Heartbleed:
472 OK - Not vulnerable to Heartbleed
473
474 * TLSV1_3 Cipher Suites:
475 Server rejected all cipher suites.
476
477 * SSLV3 Cipher Suites:
478 Server rejected all cipher suites.
479
480 * Deflate Compression:
481 OK - Compression disabled
482
483 * Certificate Information:
484 Content
485 SHA1 Fingerprint: e4b5b1d33c7575a647a8f81b4025ec022da0098c
486 Common Name: amjad.media
487 Issuer: Let's Encrypt Authority X3
488 Serial Number: 286493500874182521670320933523193184190351
489 Not Before: 2019-12-21 14:39:16
490 Not After: 2020-03-20 14:39:16
491 Signature Algorithm: sha256
492 Public Key Algorithm: RSA
493 Key Size: 2048
494 Exponent: 65537 (0x10001)
495 DNS Subject Alternative Names: ['amjad.media', 'www.amjad.media']
496
497 Trust
498 Hostname Validation: FAILED - Certificate does NOT match 116.203.74.141
499 Android CA Store (9.0.0_r9): OK - Certificate is trusted
500 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
501 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
502 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
503 Windows CA Store (2019-05-27): OK - Certificate is trusted
504 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
505 Received Chain: amjad.media --> Let's Encrypt Authority X3
506 Verified Chain: amjad.media --> Let's Encrypt Authority X3 --> DST Root CA X3
507 Received Chain Contains Anchor: OK - Anchor certificate not sent
508 Received Chain Order: OK - Order is valid
509 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
510
511 Extensions
512 OCSP Must-Staple: NOT SUPPORTED - Extension not found
513 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
514
515 OCSP Stapling
516 NOT SUPPORTED - Server did not send back an OCSP response
517
518 * TLSV1_1 Cipher Suites:
519 Forward Secrecy OK - Supported
520 RC4 OK - Not Supported
521
522 Preferred:
523 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
524 Accepted:
525 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
526 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
527 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
528 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
529 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
530 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
531
532 * Downgrade Attacks:
533 TLS_FALLBACK_SCSV: OK - Supported
534
535 * TLSV1_2 Cipher Suites:
536 Forward Secrecy OK - Supported
537 RC4 OK - Not Supported
538
539 Preferred:
540 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 503 Service Unavailable
541 Accepted:
542 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 503 Service Unavailable
543 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 503 Service Unavailable
544 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
545 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 503 Service Unavailable
546 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 503 Service Unavailable
547 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
548 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 503 Service Unavailable
549 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 503 Service Unavailable
550 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 503 Service Unavailable
551 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
552 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 503 Service Unavailable
553 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 503 Service Unavailable
554 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
555 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 503 Service Unavailable
556 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 503 Service Unavailable
557 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
558 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 503 Service Unavailable
559 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 503 Service Unavailable
560 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
561
562 * TLSV1 Cipher Suites:
563 Forward Secrecy OK - Supported
564 RC4 OK - Not Supported
565
566 Preferred:
567 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
568 Accepted:
569 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
570 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
571 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
572 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
573 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 503 Service Unavailable
574 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 503 Service Unavailable
575
576 * ROBOT Attack:
577 OK - Not vulnerable
578
579
580 SCAN COMPLETED IN 22.95 S
581 -------------------------
582#####################################################################################################################################
583Domains still to check: 1
584 Checking if the hostname amjad.media. given is in fact a domain...
585
586Analyzing domain: amjad.media.
587 Checking NameServers using system default resolver...
588 IP: 3.223.22.200 (United States)
589 HostName: ns2.dynadot.com Type: NS
590 HostName: ec2-3-223-22-200.compute-1.amazonaws.com Type: PTR
591 IP: 3.214.135.194 (United States)
592 HostName: ns2.dynadot.com Type: NS
593 HostName: ec2-3-214-135-194.compute-1.amazonaws.com Type: PTR
594 IP: 3.218.93.94 (United States)
595 HostName: ns2.dynadot.com Type: NS
596 HostName: ec2-3-218-93-94.compute-1.amazonaws.com Type: PTR
597 IP: 3.224.5.165 (United States)
598 HostName: ns2.dynadot.com Type: NS
599 HostName: ec2-3-224-5-165.compute-1.amazonaws.com Type: PTR
600 IP: 54.69.45.191 (United States)
601 HostName: ns1.dynadot.com Type: NS
602 HostName: parkmail.dynadot.com Type: PTR
603 IP: 54.68.4.223 (United States)
604 HostName: ns1.dynadot.com Type: NS
605 HostName: parkmail.dynadot.com Type: PTR
606 IP: 52.25.56.204 (United States)
607 HostName: ns1.dynadot.com Type: NS
608 HostName: ec2-52-25-56-204.us-west-2.compute.amazonaws.com Type: PTR
609 IP: 35.160.240.86 (United States)
610 HostName: ns1.dynadot.com Type: NS
611 HostName: ec2-35-160-240-86.us-west-2.compute.amazonaws.com Type: PTR
612
613 Checking MailServers using system default resolver...
614 WARNING!! There are no MX records for this domain
615
616 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
617 No zone transfer found on nameserver 3.218.93.94
618 No zone transfer found on nameserver 3.223.22.200
619 No zone transfer found on nameserver 54.69.45.191
620 No zone transfer found on nameserver 52.25.56.204
621 No zone transfer found on nameserver 54.68.4.223
622 No zone transfer found on nameserver 35.160.240.86
623 No zone transfer found on nameserver 3.224.5.165
624 No zone transfer found on nameserver 3.214.135.194
625
626 Checking SPF record...
627
628 Checking 192 most common hostnames using system default resolver...
629 IP: 116.203.74.141 (Germany)
630 HostName: www.amjad.media. Type: A
631
632 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
633 Checking netblock 3.218.93.0
634 Checking netblock 3.223.22.0
635 Checking netblock 54.69.45.0
636 Checking netblock 52.25.56.0
637 Checking netblock 116.203.74.0
638 Checking netblock 54.68.4.0
639 Checking netblock 35.160.240.0
640 Checking netblock 3.224.5.0
641 Checking netblock 3.214.135.0
642
643 Searching for amjad.media. emails in Google
644 hostmaster@amjad.media,
645
646 Checking 9 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
647 Host 3.218.93.94 is up (echo-reply ttl 50)
648 Host 3.223.22.200 is up (reset ttl 64)
649 Host 54.69.45.191 is up (reset ttl 64)
650 Host 52.25.56.204 is up (reset ttl 64)
651 Host 116.203.74.141 is up (reset ttl 64)
652 Host 54.68.4.223 is up (reset ttl 64)
653 Host 35.160.240.86 is up (reset ttl 64)
654 Host 3.224.5.165 is up (echo-reply ttl 50)
655 Host 3.214.135.194 is up (echo-reply ttl 49)
656
657 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
658 Scanning ip 3.218.93.94 (ec2-3-218-93-94.compute-1.amazonaws.com (PTR)):
659 Scanning ip 3.223.22.200 (ec2-3-223-22-200.compute-1.amazonaws.com (PTR)):
660 Scanning ip 54.69.45.191 (parkmail.dynadot.com (PTR)):
661 Scanning ip 52.25.56.204 (ec2-52-25-56-204.us-west-2.compute.amazonaws.com (PTR)):
662 Scanning ip 116.203.74.141 (www.amjad.media.):
663 80/tcp open http syn-ack ttl 47 nginx
664 | http-methods:
665 |_ Supported Methods: GET HEAD
666 |_http-title: Welcome to nginx!
667 443/tcp open ssl/http syn-ack ttl 47 nginx
668 |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
669 | http-methods:
670 |_ Supported Methods: GET HEAD POST
671 |_http-title: Your access to this site has been limited
672 | ssl-cert: Subject: commonName=amjad.media
673 | Subject Alternative Name: DNS:amjad.media, DNS:www.amjad.media
674 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
675 | Public Key type: rsa
676 | Public Key bits: 2048
677 | Signature Algorithm: sha256WithRSAEncryption
678 | Not valid before: 2019-12-21T14:39:16
679 | Not valid after: 2020-03-20T14:39:16
680 | MD5: 99f8 cf95 5804 40d1 47c7 c74f 7b0b ec6d
681 |_SHA-1: e4b5 b1d3 3c75 75a6 47a8 f81b 4025 ec02 2da0 098c
682 |_ssl-date: TLS randomness does not represent time
683 | tls-alpn:
684 |_ http/1.1
685 | tls-nextprotoneg:
686 |_ http/1.1
687 Device type: general purpose|storage-misc|WAP
688 Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (92%), HP embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
689 Scanning ip 54.68.4.223 (parkmail.dynadot.com (PTR)):
690 Scanning ip 35.160.240.86 (ec2-35-160-240-86.us-west-2.compute.amazonaws.com (PTR)):
691 Scanning ip 3.224.5.165 (ec2-3-224-5-165.compute-1.amazonaws.com (PTR)):
692 Scanning ip 3.214.135.194 (ec2-3-214-135-194.compute-1.amazonaws.com (PTR)):
693 WebCrawling domain's web servers... up to 50 max links.
694
695 + URL to crawl: http://www.amjad.media.
696 + Date: 2020-01-17
697
698 + Crawling URL: http://www.amjad.media.:
699 + Links:
700 + Crawling http://www.amjad.media. (503 Service Unavailable)
701 + Searching for directories...
702 + Searching open folders...
703
704
705 + URL to crawl: https://www.amjad.media.
706 + Date: 2020-01-17
707
708 + Crawling URL: https://www.amjad.media.:
709 + Links:
710 + Crawling https://www.amjad.media.
711 + Searching for directories...
712 + Searching open folders...
713
714--Finished--
715Summary information for domain amjad.media.
716-----------------------------------------
717 Domain Specific Information:
718 Email: hostmaster@amjad.media,
719
720 Domain Ips Information:
721 IP: 3.218.93.94
722 HostName: ns2.dynadot.com Type: NS
723 HostName: ec2-3-218-93-94.compute-1.amazonaws.com Type: PTR
724 Country: United States
725 Is Active: True (echo-reply ttl 50)
726 IP: 3.223.22.200
727 HostName: ns2.dynadot.com Type: NS
728 HostName: ec2-3-223-22-200.compute-1.amazonaws.com Type: PTR
729 Country: United States
730 Is Active: True (reset ttl 64)
731 IP: 54.69.45.191
732 HostName: ns1.dynadot.com Type: NS
733 HostName: parkmail.dynadot.com Type: PTR
734 Country: United States
735 Is Active: True (reset ttl 64)
736 IP: 52.25.56.204
737 HostName: ns1.dynadot.com Type: NS
738 HostName: ec2-52-25-56-204.us-west-2.compute.amazonaws.com Type: PTR
739 Country: United States
740 Is Active: True (reset ttl 64)
741 IP: 116.203.74.141
742 HostName: www.amjad.media. Type: A
743 Country: Germany
744 Is Active: True (reset ttl 64)
745 Port: 80/tcp open http syn-ack ttl 47 nginx
746 Script Info: | http-methods:
747 Script Info: |_ Supported Methods: GET HEAD
748 Script Info: |_http-title: Welcome to nginx!
749 Port: 443/tcp open ssl/http syn-ack ttl 47 nginx
750 Script Info: |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
751 Script Info: | http-methods:
752 Script Info: |_ Supported Methods: GET HEAD POST
753 Script Info: |_http-title: Your access to this site has been limited
754 Script Info: | ssl-cert: Subject: commonName=amjad.media
755 Script Info: | Subject Alternative Name: DNS:amjad.media, DNS:www.amjad.media
756 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
757 Script Info: | Public Key type: rsa
758 Script Info: | Public Key bits: 2048
759 Script Info: | Signature Algorithm: sha256WithRSAEncryption
760 Script Info: | Not valid before: 2019-12-21T14:39:16
761 Script Info: | Not valid after: 2020-03-20T14:39:16
762 Script Info: | MD5: 99f8 cf95 5804 40d1 47c7 c74f 7b0b ec6d
763 Script Info: |_SHA-1: e4b5 b1d3 3c75 75a6 47a8 f81b 4025 ec02 2da0 098c
764 Script Info: |_ssl-date: TLS randomness does not represent time
765 Script Info: | tls-alpn:
766 Script Info: |_ http/1.1
767 Script Info: | tls-nextprotoneg:
768 Script Info: |_ http/1.1
769 Script Info: Device type: general purpose|storage-misc|WAP
770 Script Info: Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (92%), HP embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
771 IP: 54.68.4.223
772 HostName: ns1.dynadot.com Type: NS
773 HostName: parkmail.dynadot.com Type: PTR
774 Country: United States
775 Is Active: True (reset ttl 64)
776 IP: 35.160.240.86
777 HostName: ns1.dynadot.com Type: NS
778 HostName: ec2-35-160-240-86.us-west-2.compute.amazonaws.com Type: PTR
779 Country: United States
780 Is Active: True (reset ttl 64)
781 IP: 3.224.5.165
782 HostName: ns2.dynadot.com Type: NS
783 HostName: ec2-3-224-5-165.compute-1.amazonaws.com Type: PTR
784 Country: United States
785 Is Active: True (echo-reply ttl 50)
786 IP: 3.214.135.194
787 HostName: ns2.dynadot.com Type: NS
788 HostName: ec2-3-214-135-194.compute-1.amazonaws.com Type: PTR
789 Country: United States
790 Is Active: True (echo-reply ttl 49)
791
792--------------End Summary --------------
793-----------------------------------------
794#####################################################################################################################################
795traceroute to amjad.media (116.203.74.141), 30 hops max, 60 byte packets
796 1 10.252.204.1 (10.252.204.1) 33.991 ms 38.248 ms 38.234 ms
797 2 104.245.145.177 (104.245.145.177) 38.216 ms 38.192 ms 38.169 ms
798 3 te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 38.169 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 38.159 ms 38.141 ms
799 4 toro-b1-link.telia.net (62.115.168.48) 38.038 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37) 38.035 ms toro-b1-link.telia.net (62.115.168.48) 37.980 ms
800 5 toro-b3-link.telia.net (62.115.116.180) 62.998 ms 63.003 ms 37.923 ms
801 6 nyk-bb2-link.telia.net (62.115.113.86) 175.662 ms * ix-ae-16-0.tcore1.tnk-toronto.as6453.net (64.86.33.98) 61.838 ms
802 7 ldn-bb3-link.telia.net (62.115.113.21) 168.053 ms 168.024 ms 167.964 ms
803 8 prs-bb3-link.telia.net (62.115.134.92) 167.906 ms 167.851 ms if-ae-8-2.tcore1.ct8-chicago.as6453.net (66.110.48.2) 168.904 ms
804 9 if-ae-26-2.tcore2.nto-new-york.as6453.net (216.6.81.28) 199.080 ms 199.049 ms 199.020 ms
80510 if-ae-32-3.tcore2.ldn-london.as6453.net (80.231.20.106) 198.912 ms ffm-b5-link.telia.net (62.115.114.89) 167.587 ms 167.596 ms
80611 if-ae-26-2.tcore1.ldn-london.as6453.net (80.231.62.58) 167.597 ms hetzner-ic-326013-ffm-b4.c.telia.net (213.248.70.3) 200.503 ms 230.012 ms
80712 core11.nbg1.hetzner.com (213.239.224.233) 132.223 ms core11.nbg1.hetzner.com (213.239.224.237) 214.731 ms core11.nbg1.hetzner.com (213.239.224.233) 214.663 ms
80813 if-ae-6-3.tcore1.fnm-frankfurt.as6453.net (195.219.194.78) 214.639 ms static.85-10-228-86.clients.your-server.de (85.10.228.86) 214.624 ms spine2.cloud1.nbg1.hetzner.com (85.10.250.214) 214.598 ms
80914 * * *
81015 10251.your-cloud.host (88.99.159.16) 214.369 ms 166.594 ms if-ae-9-2.tcore2.fr0-frankfurt.as6453.net (5.23.30.17) 214.377 ms
81116 * * if-ae-59-2.tcore1.fr0-frankfurt.as6453.net (195.219.87.195) 136.397 ms
81217 * 195.219.219.10 (195.219.219.10) 166.214 ms *
81318 * * *
81419 * static.85-10-228-86.clients.your-server.de (85.10.228.86) 195.361 ms *
815######################################################################################################################################
816----- amjad.media -----
817
818
819Host's addresses:
820__________________
821
822amjad.media. 210 IN A 116.203.74.141
823
824
825Name Servers:
826______________
827
828ns2.dynadot.com. 86046 IN A 3.223.22.200
829ns2.dynadot.com. 86046 IN A 3.214.135.194
830ns2.dynadot.com. 86046 IN A 3.218.93.94
831ns2.dynadot.com. 86046 IN A 3.224.5.165
832ns1.dynadot.com. 86046 IN A 54.69.45.191
833ns1.dynadot.com. 86046 IN A 54.68.4.223
834ns1.dynadot.com. 86046 IN A 52.25.56.204
835ns1.dynadot.com. 86046 IN A 35.160.240.86
836
837
838Brute forcing with /usr/share/dnsenum/dns.txt:
839_______________________________________________
840
841f.amjad.media. 300 IN CNAME amjad.b-cdn.net.
842amjad.b-cdn.net. 35 IN A 195.181.168.28
843www.amjad.media. 300 IN CNAME amjad.media.
844amjad.media. 300 IN A 116.203.74.141
845
846
847Launching Whois Queries:
848_________________________
849
850 whois ip result: 116.203.74.0 -> 116.202.0.0/15
851
852
853amjad.media___________
854
855 116.202.0.0/15
856######################################################################################################################################
857WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
858Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 03:51 EST
859Nmap scan report for static.141.74.203.116.clients.your-server.de (116.203.74.141)
860Host is up (0.14s latency).
861Not shown: 484 filtered ports, 10 closed ports
862Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
863PORT STATE SERVICE
86480/tcp open http
865443/tcp open https
866
867Nmap done: 1 IP address (1 host up) scanned in 6.97 seconds
868#######################################################################################################################################
869Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 03:51 EST
870Nmap scan report for static.141.74.203.116.clients.your-server.de (116.203.74.141)
871Host is up (0.096s latency).
872Not shown: 2 filtered ports, 1 closed port
873PORT STATE SERVICE
87467/udp open|filtered dhcps
87568/udp open|filtered dhcpc
87669/udp open|filtered tftp
87788/udp open|filtered kerberos-sec
878123/udp open|filtered ntp
879139/udp open|filtered netbios-ssn
880161/udp open|filtered snmp
881162/udp open|filtered snmptrap
882389/udp open|filtered ldap
883500/udp open|filtered isakmp
884520/udp open|filtered route
8852049/udp open|filtered nfs
886
887Nmap done: 1 IP address (1 host up) scanned in 2.14 seconds
888######################################################################################################################################
889HTTP/1.1 200 OK
890Server: nginx
891Date: Fri, 17 Jan 2020 08:51:53 GMT
892Content-Type: text/html
893Content-Length: 612
894Last-Modified: Sat, 23 Feb 2019 22:18:01 GMT
895Connection: keep-alive
896ETag: "5c71c699-264"
897Strict-Transport-Security: max-age=31536000; includeSubdomains
898Accept-Ranges: bytes
899#####################################################################################################################################
900http://116.203.74.141 [200 OK] Country[INDIA][IN], HTML5, HTTPServer[nginx], IP[116.203.74.141], Strict-Transport-Security[max-age=31536000; includeSubdomains], Title[Welcome to nginx!], nginx
901#####################################################################################################################################
902
903wig - WebApp Information Gatherer
904
905
906Scanning http://116.203.74.141...
907_________________ SITE INFO __________________
908IP Title
909116.203.74.141 Welcome to nginx!
910
911__________________ VERSION ___________________
912Name Versions Type
913nginx Platform
914
915______________________________________________
916Time: 26.4 sec Urls: 599 Fingerprints: 40401
917######################################################################################################################################
918Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 03:52 EST
919NSE: Loaded 162 scripts for scanning.
920NSE: Script Pre-scanning.
921Initiating NSE at 03:52
922Completed NSE at 03:52, 0.00s elapsed
923Initiating NSE at 03:52
924Completed NSE at 03:52, 0.00s elapsed
925Initiating Parallel DNS resolution of 1 host. at 03:52
926Completed Parallel DNS resolution of 1 host. at 03:52, 0.02s elapsed
927Initiating SYN Stealth Scan at 03:52
928Scanning static.141.74.203.116.clients.your-server.de (116.203.74.141) [1 port]
929Discovered open port 80/tcp on 116.203.74.141
930Completed SYN Stealth Scan at 03:52, 0.17s elapsed (1 total ports)
931Initiating Service scan at 03:52
932Scanning 1 service on static.141.74.203.116.clients.your-server.de (116.203.74.141)
933Completed Service scan at 03:52, 6.31s elapsed (1 service on 1 host)
934Initiating OS detection (try #1) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
935Retrying OS detection (try #2) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
936Initiating Traceroute at 03:52
937Completed Traceroute at 03:52, 3.14s elapsed
938Initiating Parallel DNS resolution of 16 hosts. at 03:52
939Completed Parallel DNS resolution of 16 hosts. at 03:52, 0.23s elapsed
940NSE: Script scanning 116.203.74.141.
941Initiating NSE at 03:52
942Completed NSE at 03:53, 43.46s elapsed
943Initiating NSE at 03:53
944Completed NSE at 03:53, 0.86s elapsed
945Nmap scan report for static.141.74.203.116.clients.your-server.de (116.203.74.141)
946Host is up (0.16s latency).
947
948PORT STATE SERVICE VERSION
94980/tcp open http nginx
950| http-brute:
951|_ Path "/" does not require authentication
952|_http-chrono: Request times for /; avg: 492.55ms; min: 427.20ms; max: 552.33ms
953|_http-csrf: Couldn't find any CSRF vulnerabilities.
954|_http-date: Fri, 17 Jan 2020 08:52:54 GMT; -7s from local time.
955|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
956|_http-dombased-xss: Couldn't find any DOM based XSS.
957|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
958|_http-errors: Couldn't find any error pages.
959|_http-feed: Couldn't find any feeds.
960|_http-fetch: Please enter the complete path of the directory to save data in.
961| http-headers:
962| Server: nginx
963| Date: Fri, 17 Jan 2020 08:52:51 GMT
964| Content-Type: text/html
965| Content-Length: 612
966| Last-Modified: Sat, 23 Feb 2019 22:18:01 GMT
967| Connection: close
968| ETag: "5c71c699-264"
969| Strict-Transport-Security: max-age=31536000; includeSubdomains
970| Accept-Ranges: bytes
971|
972|_ (Request type: HEAD)
973|_http-jsonp-detection: Couldn't find any JSONP endpoints.
974| http-methods:
975|_ Supported Methods: GET HEAD
976|_http-mobileversion-checker: No mobile version detected.
977| http-php-version: Logo query returned unknown hash e3eb0a1df437f3f97a64aca5952c8ea0
978|_Credits query returned unknown hash e3eb0a1df437f3f97a64aca5952c8ea0
979| http-security-headers:
980| Strict_Transport_Security:
981|_ Header: Strict-Transport-Security: max-age=31536000; includeSubdomains
982| http-sitemap-generator:
983| Directory structure:
984| /
985| Other: 1
986| Longest directory structure:
987| Depth: 0
988| Dir: /
989| Total files found (by extension):
990|_ Other: 1
991|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
992|_http-title: Welcome to nginx!
993| http-vhosts:
994|_127 names had status 200
995| http-vuln-cve2011-3192:
996| VULNERABLE:
997| Apache byterange filter DoS
998| State: VULNERABLE
999| IDs: BID:49303 CVE:CVE-2011-3192
1000| The Apache web server is vulnerable to a denial of service attack when numerous
1001| overlapping byte ranges are requested.
1002| Disclosure date: 2011-08-19
1003| References:
1004| https://seclists.org/fulldisclosure/2011/Aug/175
1005| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
1006| https://www.securityfocus.com/bid/49303
1007|_ https://www.tenable.com/plugins/nessus/55976
1008|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1009|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1010|_http-xssed: No previously reported XSS vuln.
1011| vulscan: VulDB - https://vuldb.com:
1012| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1013| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1014| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1015| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1016| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1017| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1018| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1019| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1020| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1021| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1022| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1023| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1024| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1025| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1026| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1027| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1028| [67677] nginx up to 1.7.3 SSL weak authentication
1029| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1030| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1031| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1032| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1033| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1034| [8671] nginx up to 1.4 proxy_pass denial of service
1035| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1036| [7247] nginx 1.2.6 Proxy Function spoofing
1037| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1038| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1039| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1040| [59645] nginx up to 0.8.9 Heap-based memory corruption
1041| [53592] nginx 0.8.36 memory corruption
1042| [53590] nginx up to 0.8.9 unknown vulnerability
1043| [51533] nginx 0.7.64 Terminal privilege escalation
1044| [50905] nginx up to 0.8.9 directory traversal
1045| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1046| [50043] nginx up to 0.8.10 memory corruption
1047|
1048| MITRE CVE - https://cve.mitre.org:
1049| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1050| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1051| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1052| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1053| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1054| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1055| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1056| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1057| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1058| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1059| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1060| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1061| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1062|
1063| SecurityFocus - https://www.securityfocus.com/bid/:
1064| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1065| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1066| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1067| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1068| [82230] nginx Multiple Denial of Service Vulnerabilities
1069| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1070| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1071| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1072| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1073| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1074| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1075| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1076| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1077| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1078| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1079| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1080| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1081| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1082| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1083| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1084| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1085| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1086| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1087| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1088| [40420] nginx Directory Traversal Vulnerability
1089| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1090| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1091| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1092| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1093| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1094|
1095| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1096| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1097| [84172] nginx denial of service
1098| [84048] nginx buffer overflow
1099| [83923] nginx ngx_http_close_connection() integer overflow
1100| [83688] nginx null byte code execution
1101| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1102| [82319] nginx access.log information disclosure
1103| [80952] nginx SSL spoofing
1104| [77244] nginx and Microsoft Windows request security bypass
1105| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1106| [74831] nginx ngx_http_mp4_module.c buffer overflow
1107| [74191] nginx ngx_cpystrn() information disclosure
1108| [74045] nginx header response information disclosure
1109| [71355] nginx ngx_resolver_copy() buffer overflow
1110| [59370] nginx characters denial of service
1111| [59369] nginx DATA source code disclosure
1112| [59047] nginx space source code disclosure
1113| [58966] nginx unspecified directory traversal
1114| [54025] nginx ngx_http_parse.c denial of service
1115| [53431] nginx WebDAV component directory traversal
1116| [53328] Nginx CRC-32 cached domain name spoofing
1117| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1118|
1119| Exploit-DB - https://www.exploit-db.com:
1120| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1121| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1122| [25499] nginx 1.3.9-1.4.0 DoS PoC
1123| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1124| [14830] nginx 0.6.38 - Heap Corruption Exploit
1125| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1126| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1127| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1128| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1129| [9829] nginx 0.7.61 WebDAV directory traversal
1130|
1131| OpenVAS (Nessus) - http://www.openvas.org:
1132| [864418] Fedora Update for nginx FEDORA-2012-3846
1133| [864310] Fedora Update for nginx FEDORA-2012-6238
1134| [864209] Fedora Update for nginx FEDORA-2012-6411
1135| [864204] Fedora Update for nginx FEDORA-2012-6371
1136| [864121] Fedora Update for nginx FEDORA-2012-4006
1137| [864115] Fedora Update for nginx FEDORA-2012-3991
1138| [864065] Fedora Update for nginx FEDORA-2011-16075
1139| [863654] Fedora Update for nginx FEDORA-2011-16110
1140| [861232] Fedora Update for nginx FEDORA-2007-1158
1141| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1142| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1143| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1144| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1145| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1146| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1147| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1148| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1149| [100659] nginx Directory Traversal Vulnerability
1150| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1151| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1152| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1153| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1154| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1155| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1156| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1157| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1158| [71297] FreeBSD Ports: nginx
1159| [71276] FreeBSD Ports: nginx
1160| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1161| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1162| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1163| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1164| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1165| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1166| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1167| [64894] FreeBSD Ports: nginx
1168| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1169|
1170| SecurityTracker - https://www.securitytracker.com:
1171| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1172| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1173| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1174| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1175|
1176| OSVDB - http://www.osvdb.org:
1177| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1178| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1179| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1180| [92796] nginx ngx_http_close_connection Function Crafted r->
1181| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1182| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1183| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1184| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1185| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1186| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1187| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1188| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1189| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1190| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1191| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1192| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1193| [62617] nginx Internal DNS Cache Poisoning Weakness
1194| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1195| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1196| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1197| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1198| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1199| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1200| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1201| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1202| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1203| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1204|_
1205Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1206Device type: general purpose
1207Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (89%)
1208OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
1209Aggressive OS guesses: Linux 3.10 - 3.12 (89%), Linux 4.4 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
1210No exact OS matches for host (test conditions non-ideal).
1211Uptime guess: 18.714 days (since Sun Dec 29 10:45:21 2019)
1212Network Distance: 17 hops
1213TCP Sequence Prediction: Difficulty=265 (Good luck!)
1214IP ID Sequence Generation: All zeros
1215
1216TRACEROUTE (using port 80/tcp)
1217HOP RTT ADDRESS
12181 60.19 ms 10.252.204.1
12192 89.63 ms 104.245.145.177
12203 89.68 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
12214 89.67 ms toro-b1-link.telia.net (62.115.168.48)
12225 89.70 ms toro-b3-link.telia.net (62.115.116.180)
12236 162.01 ms nyk-bb2-link.telia.net (62.115.113.86)
12247 157.77 ms ldn-bb3-link.telia.net (62.115.113.21)
12258 157.72 ms prs-bb3-link.telia.net (62.115.134.92)
12269 157.77 ms ffm-bb3-link.telia.net (62.115.123.12)
122710 126.86 ms ffm-b5-link.telia.net (62.115.114.89)
122811 129.41 ms hetzner-ic-326013-ffm-b4.c.telia.net (213.248.70.3)
122912 198.57 ms core11.nbg1.hetzner.com (213.239.224.237)
123013 198.48 ms if-ae-6-3.tcore1.fnm-frankfurt.as6453.net (195.219.194.78)
123114 198.51 ms if-ae-59-2.tcore1.fr0-frankfurt.as6453.net (195.219.87.195)
123215 169.57 ms if-ae-45-2.tcore1.fr0-frankfurt.as6453.net (195.219.50.20)
123316 ...
123417 157.45 ms static.141.74.203.116.clients.your-server.de (116.203.74.141)
1235
1236NSE: Script Post-scanning.
1237Initiating NSE at 03:53
1238Completed NSE at 03:53, 0.00s elapsed
1239Initiating NSE at 03:53
1240Completed NSE at 03:53, 0.00s elapsed
1241#####################################################################################################################################
1242https://116.203.74.141 [503 Service Unavailable] Country[INDIA][IN], Email[email@example.com], HTML5, HTTPServer[nginx], IP[116.203.74.141], Script[application/javascript], Title[Your access to this site has been limited], UncommonHeaders[retry-after], nginx
1243######################################################################################################################################
1244Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 03:53 EST
1245NSE: Loaded 162 scripts for scanning.
1246NSE: Script Pre-scanning.
1247Initiating NSE at 03:53
1248Completed NSE at 03:53, 0.00s elapsed
1249Initiating NSE at 03:53
1250Completed NSE at 03:53, 0.00s elapsed
1251Initiating Parallel DNS resolution of 1 host. at 03:53
1252Completed Parallel DNS resolution of 1 host. at 03:53, 0.02s elapsed
1253Initiating SYN Stealth Scan at 03:53
1254Scanning static.141.74.203.116.clients.your-server.de (116.203.74.141) [1 port]
1255Discovered open port 443/tcp on 116.203.74.141
1256Completed SYN Stealth Scan at 03:53, 0.19s elapsed (1 total ports)
1257Initiating Service scan at 03:53
1258Scanning 1 service on static.141.74.203.116.clients.your-server.de (116.203.74.141)
1259Completed Service scan at 03:54, 13.21s elapsed (1 service on 1 host)
1260Initiating OS detection (try #1) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
1261Retrying OS detection (try #2) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
1262Initiating Traceroute at 03:54
1263Completed Traceroute at 03:54, 3.19s elapsed
1264Initiating Parallel DNS resolution of 15 hosts. at 03:54
1265Completed Parallel DNS resolution of 15 hosts. at 03:54, 0.27s elapsed
1266NSE: Script scanning 116.203.74.141.
1267Initiating NSE at 03:54
1268Completed NSE at 03:55, 91.09s elapsed
1269Initiating NSE at 03:55
1270Completed NSE at 03:55, 2.15s elapsed
1271Nmap scan report for static.141.74.203.116.clients.your-server.de (116.203.74.141)
1272Host is up (0.17s latency).
1273
1274PORT STATE SERVICE VERSION
1275443/tcp open ssl/http nginx
1276| http-brute:
1277|_ Path "/" does not require authentication
1278|_http-chrono: Request times for /; avg: 1083.59ms; min: 1023.83ms; max: 1134.32ms
1279| http-csrf:
1280| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=static.141.74.203.116.clients.your-server.de
1281| Found the following possible CSRF vulnerabilities:
1282|
1283| Path: https://static.141.74.203.116.clients.your-server.de:443/
1284| Form id: unlock-form
1285|_ Form action: #
1286|_http-date: Fri, 17 Jan 2020 08:54:20 GMT; -6s from local time.
1287| http-default-accounts:
1288| [Arris 2307] at /logo_t.gif
1289|_ <blank>:<blank>
1290|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1291|_http-dombased-xss: Couldn't find any DOM based XSS.
1292|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1293| http-errors:
1294| Spidering limited to: maxpagecount=40; withinhost=static.141.74.203.116.clients.your-server.de
1295| Found the following error pages:
1296|
1297| Error Code: 503
1298|_ https://static.141.74.203.116.clients.your-server.de:443/
1299|_http-feed: Couldn't find any feeds.
1300|_http-fetch: Please enter the complete path of the directory to save data in.
1301| http-grep:
1302| (1) https://static.141.74.203.116.clients.your-server.de:443/:
1303| (1) email:
1304|_ + email@example.com
1305| http-headers:
1306| Server: nginx
1307| Date: Fri, 17 Jan 2020 08:54:28 GMT
1308| Content-Type: text/html; charset=UTF-8
1309| Transfer-Encoding: chunked
1310| Connection: close
1311| Pragma: no-cache
1312| Cache-Control: no-cache, must-revalidate, private
1313| Expires: Sat, 26 Jul 1997 05:00:00 GMT
1314| Retry-After: 3600
1315|
1316|_ (Request type: GET)
1317|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1318| http-methods:
1319|_ Supported Methods: GET HEAD POST
1320|_http-mobileversion-checker: No mobile version detected.
1321| http-security-headers:
1322| Strict_Transport_Security:
1323| HSTS not configured in HTTPS Server
1324| Cache_Control:
1325| Header: Cache-Control: no-cache, must-revalidate, private
1326| Pragma:
1327| Header: Pragma: no-cache
1328| Expires:
1329|_ Header: Expires: Sat, 26 Jul 1997 05:00:00 GMT
1330| http-sitemap-generator:
1331| Directory structure:
1332| Longest directory structure:
1333| Depth: 0
1334| Dir: /
1335| Total files found (by extension):
1336|_
1337|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1338|_http-title: Your access to this site has been limited
1339| http-traceroute:
1340| HTML title
1341| Hop #1: 400 The plain HTTP request was sent to HTTPS port
1342| Hop #2: Your access to this site has been limited
1343| Hop #3: Your access to this site has been limited
1344| Status Code
1345| Hop #1: 400
1346| Hop #2: 503
1347| Hop #3: 503
1348| content-type
1349| Hop #1: text/html
1350| Hop #2: text/html; charset=UTF-8
1351| Hop #3: text/html; charset=UTF-8
1352| content-length
1353| Hop #1: 248
1354| Hop #2
1355|_ Hop #3
1356|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
1357| http-vhosts:
1358| mail.141.74.203.116.clients.your-server.de : 400
1359| mx0.141.74.203.116.clients.your-server.de : 400
1360|_125 names had status 503
1361| http-waf-detect: IDS/IPS/WAF detected:
1362|_static.141.74.203.116.clients.your-server.de:443/?p4yl04d3=<script>alert(document.cookie)</script>
1363|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1364|_http-xssed: No previously reported XSS vuln.
1365| vulscan: VulDB - https://vuldb.com:
1366| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1367| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1368| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1369| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1370| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1371| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1372| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1373| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1374| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1375| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1376| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1377| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1378| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1379| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1380| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1381| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1382| [67677] nginx up to 1.7.3 SSL weak authentication
1383| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1384| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1385| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1386| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1387| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1388| [8671] nginx up to 1.4 proxy_pass denial of service
1389| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1390| [7247] nginx 1.2.6 Proxy Function spoofing
1391| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1392| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1393| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1394| [59645] nginx up to 0.8.9 Heap-based memory corruption
1395| [53592] nginx 0.8.36 memory corruption
1396| [53590] nginx up to 0.8.9 unknown vulnerability
1397| [51533] nginx 0.7.64 Terminal privilege escalation
1398| [50905] nginx up to 0.8.9 directory traversal
1399| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1400| [50043] nginx up to 0.8.10 memory corruption
1401|
1402| MITRE CVE - https://cve.mitre.org:
1403| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1404| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1405| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1406| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1407| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1408| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1409| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1410| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1411| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1412| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1413| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1414| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1415| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1416|
1417| SecurityFocus - https://www.securityfocus.com/bid/:
1418| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1419| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1420| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1421| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1422| [82230] nginx Multiple Denial of Service Vulnerabilities
1423| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1424| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1425| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1426| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1427| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1428| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1429| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1430| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1431| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1432| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1433| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1434| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1435| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1436| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1437| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1438| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1439| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1440| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1441| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1442| [40420] nginx Directory Traversal Vulnerability
1443| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1444| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1445| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1446| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1447| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1448|
1449| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1450| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1451| [84172] nginx denial of service
1452| [84048] nginx buffer overflow
1453| [83923] nginx ngx_http_close_connection() integer overflow
1454| [83688] nginx null byte code execution
1455| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1456| [82319] nginx access.log information disclosure
1457| [80952] nginx SSL spoofing
1458| [77244] nginx and Microsoft Windows request security bypass
1459| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1460| [74831] nginx ngx_http_mp4_module.c buffer overflow
1461| [74191] nginx ngx_cpystrn() information disclosure
1462| [74045] nginx header response information disclosure
1463| [71355] nginx ngx_resolver_copy() buffer overflow
1464| [59370] nginx characters denial of service
1465| [59369] nginx DATA source code disclosure
1466| [59047] nginx space source code disclosure
1467| [58966] nginx unspecified directory traversal
1468| [54025] nginx ngx_http_parse.c denial of service
1469| [53431] nginx WebDAV component directory traversal
1470| [53328] Nginx CRC-32 cached domain name spoofing
1471| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1472|
1473| Exploit-DB - https://www.exploit-db.com:
1474| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1475| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1476| [25499] nginx 1.3.9-1.4.0 DoS PoC
1477| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1478| [14830] nginx 0.6.38 - Heap Corruption Exploit
1479| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1480| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1481| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1482| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1483| [9829] nginx 0.7.61 WebDAV directory traversal
1484|
1485| OpenVAS (Nessus) - http://www.openvas.org:
1486| [864418] Fedora Update for nginx FEDORA-2012-3846
1487| [864310] Fedora Update for nginx FEDORA-2012-6238
1488| [864209] Fedora Update for nginx FEDORA-2012-6411
1489| [864204] Fedora Update for nginx FEDORA-2012-6371
1490| [864121] Fedora Update for nginx FEDORA-2012-4006
1491| [864115] Fedora Update for nginx FEDORA-2012-3991
1492| [864065] Fedora Update for nginx FEDORA-2011-16075
1493| [863654] Fedora Update for nginx FEDORA-2011-16110
1494| [861232] Fedora Update for nginx FEDORA-2007-1158
1495| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1496| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1497| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1498| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1499| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1500| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1501| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1502| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1503| [100659] nginx Directory Traversal Vulnerability
1504| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1505| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1506| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1507| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1508| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1509| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1510| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1511| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1512| [71297] FreeBSD Ports: nginx
1513| [71276] FreeBSD Ports: nginx
1514| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1515| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1516| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1517| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1518| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1519| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1520| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1521| [64894] FreeBSD Ports: nginx
1522| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1523|
1524| SecurityTracker - https://www.securitytracker.com:
1525| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1526| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1527| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1528| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1529|
1530| OSVDB - http://www.osvdb.org:
1531| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1532| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1533| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1534| [92796] nginx ngx_http_close_connection Function Crafted r->
1535| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1536| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1537| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1538| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1539| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1540| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1541| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1542| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1543| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1544| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1545| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1546| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1547| [62617] nginx Internal DNS Cache Poisoning Weakness
1548| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1549| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1550| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1551| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1552| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1553| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1554| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1555| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1556| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1557| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1558|_
1559Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1560Device type: general purpose
1561Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
1562OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
1563Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.18 (85%), Linux 3.2 - 4.9 (85%)
1564No exact OS matches for host (test conditions non-ideal).
1565Uptime guess: 18.716 days (since Sun Dec 29 10:45:20 2019)
1566Network Distance: 19 hops
1567TCP Sequence Prediction: Difficulty=255 (Good luck!)
1568IP ID Sequence Generation: All zeros
1569
1570TRACEROUTE (using port 443/tcp)
1571HOP RTT ADDRESS
15721 63.43 ms 10.252.204.1
15732 63.47 ms 104.245.145.177
15743 63.49 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
15754 63.49 ms toro-b1-link.telia.net (62.115.168.48)
15765 63.51 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
15776 ...
15787 153.50 ms ldn-bb3-link.telia.net (62.115.113.21)
15798 153.54 ms prs-bb3-link.telia.net (62.115.134.92)
15809 153.51 ms ffm-bb3-link.telia.net (62.115.123.12)
158110 153.56 ms ffm-b5-link.telia.net (62.115.114.89)
158211 172.77 ms hetzner-ic-326013-ffm-b4.c.telia.net (213.248.70.3)
158312 172.77 ms core11.nbg1.hetzner.com (213.239.224.237)
158413 172.76 ms if-ae-6-2.tcore1.fnm-frankfurt.as6453.net (195.219.194.150)
158514 ...
158615 172.75 ms 10251.your-cloud.host (88.99.159.16)
158716 ...
158817 171.99 ms 195.219.219.10
158918 ...
159019 171.94 ms static.141.74.203.116.clients.your-server.de (116.203.74.141)
1591
1592NSE: Script Post-scanning.
1593Initiating NSE at 03:55
1594Completed NSE at 03:55, 0.00s elapsed
1595Initiating NSE at 03:55
1596Completed NSE at 03:55, 0.00s elapsed
1597#####################################################################################################################################
1598Version: 1.11.13-static
1599OpenSSL 1.0.2-chacha (1.0.2g-dev)
1600
1601Connected to 116.203.74.141
1602
1603Testing SSL server 116.203.74.141 on port 443 using SNI name 116.203.74.141
1604
1605 TLS Fallback SCSV:
1606Server supports TLS Fallback SCSV
1607
1608 TLS renegotiation:
1609Secure session renegotiation supported
1610
1611 TLS Compression:
1612Compression disabled
1613
1614 Heartbleed:
1615TLS 1.2 not vulnerable to heartbleed
1616TLS 1.1 not vulnerable to heartbleed
1617TLS 1.0 not vulnerable to heartbleed
1618
1619 Supported Server Cipher(s):
1620Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1621Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1622Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1623Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1624Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1625Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1626Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1627Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1628Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1629Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1630Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1631Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1632Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1633Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1634Accepted TLSv1.2 128 bits AES128-SHA256
1635Accepted TLSv1.2 256 bits AES256-SHA256
1636Accepted TLSv1.2 128 bits AES128-SHA
1637Accepted TLSv1.2 256 bits AES256-SHA
1638Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1639Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1640Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1641Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1642Accepted TLSv1.1 128 bits AES128-SHA
1643Accepted TLSv1.1 256 bits AES256-SHA
1644Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1645Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1646Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1647Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1648Accepted TLSv1.0 128 bits AES128-SHA
1649Accepted TLSv1.0 256 bits AES256-SHA
1650
1651 SSL Certificate:
1652Signature Algorithm: sha256WithRSAEncryption
1653RSA Key Strength: 2048
1654
1655Subject: amjad.media
1656Altnames: DNS:amjad.media, DNS:www.amjad.media
1657Issuer: Let's Encrypt Authority X3
1658
1659Not valid before: Dec 21 14:39:16 2019 GMT
1660Not valid after: Mar 20 14:39:16 2020 GMT
1661#####################################################################################################################################
1662Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 03:59 EST
1663NSE: Loaded 47 scripts for scanning.
1664NSE: Script Pre-scanning.
1665Initiating NSE at 03:59
1666Completed NSE at 03:59, 0.00s elapsed
1667Initiating NSE at 03:59
1668Completed NSE at 03:59, 0.00s elapsed
1669Initiating Parallel DNS resolution of 1 host. at 03:59
1670Completed Parallel DNS resolution of 1 host. at 03:59, 0.02s elapsed
1671Initiating SYN Stealth Scan at 03:59
1672Scanning static.141.74.203.116.clients.your-server.de (116.203.74.141) [65535 ports]
1673Discovered open port 80/tcp on 116.203.74.141
1674Discovered open port 443/tcp on 116.203.74.141
1675SYN Stealth Scan Timing: About 9.04% done; ETC: 04:05 (0:05:12 remaining)
1676SYN Stealth Scan Timing: About 23.62% done; ETC: 04:04 (0:03:17 remaining)
1677Discovered open port 1011/tcp on 116.203.74.141
1678SYN Stealth Scan Timing: About 41.32% done; ETC: 04:03 (0:02:09 remaining)
1679SYN Stealth Scan Timing: About 57.22% done; ETC: 04:03 (0:01:30 remaining)
1680SYN Stealth Scan Timing: About 69.36% done; ETC: 04:03 (0:01:07 remaining)
1681SYN Stealth Scan Timing: About 78.79% done; ETC: 04:03 (0:00:49 remaining)
1682Completed SYN Stealth Scan at 04:03, 243.68s elapsed (65535 total ports)
1683Initiating Service scan at 04:03
1684Scanning 3 services on static.141.74.203.116.clients.your-server.de (116.203.74.141)
1685Completed Service scan at 04:04, 13.27s elapsed (3 services on 1 host)
1686Initiating OS detection (try #1) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
1687Retrying OS detection (try #2) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
1688Initiating Traceroute at 04:04
1689Completed Traceroute at 04:04, 0.33s elapsed
1690Initiating Parallel DNS resolution of 17 hosts. at 04:04
1691Completed Parallel DNS resolution of 17 hosts. at 04:04, 0.48s elapsed
1692NSE: Script scanning 116.203.74.141.
1693Initiating NSE at 04:04
1694Completed NSE at 04:04, 9.58s elapsed
1695Initiating NSE at 04:04
1696Completed NSE at 04:04, 2.34s elapsed
1697Nmap scan report for static.141.74.203.116.clients.your-server.de (116.203.74.141)
1698Host is up (0.15s latency).
1699Not shown: 65522 filtered ports
1700PORT STATE SERVICE VERSION
170125/tcp closed smtp
170253/tcp closed domain
170380/tcp open http nginx
1704| vulscan: VulDB - https://vuldb.com:
1705| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1706| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1707| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1708| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1709| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1710| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1711| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1712| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1713| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1714| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1715| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1716| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1717| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1718| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1719| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1720| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1721| [67677] nginx up to 1.7.3 SSL weak authentication
1722| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1723| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1724| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1725| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1726| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1727| [8671] nginx up to 1.4 proxy_pass denial of service
1728| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1729| [7247] nginx 1.2.6 Proxy Function spoofing
1730| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1731| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1732| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1733| [59645] nginx up to 0.8.9 Heap-based memory corruption
1734| [53592] nginx 0.8.36 memory corruption
1735| [53590] nginx up to 0.8.9 unknown vulnerability
1736| [51533] nginx 0.7.64 Terminal privilege escalation
1737| [50905] nginx up to 0.8.9 directory traversal
1738| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1739| [50043] nginx up to 0.8.10 memory corruption
1740|
1741| MITRE CVE - https://cve.mitre.org:
1742| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1743| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1744| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1745| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1746| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1747| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1748| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1749| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1750| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1751| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1752| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1753| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1754| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1755|
1756| SecurityFocus - https://www.securityfocus.com/bid/:
1757| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1758| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1759| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1760| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1761| [82230] nginx Multiple Denial of Service Vulnerabilities
1762| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1763| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1764| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1765| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1766| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1767| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1768| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1769| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1770| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1771| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1772| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1773| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1774| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1775| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1776| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1777| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1778| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1779| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1780| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1781| [40420] nginx Directory Traversal Vulnerability
1782| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1783| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1784| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1785| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1786| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1787|
1788| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1789| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1790| [84172] nginx denial of service
1791| [84048] nginx buffer overflow
1792| [83923] nginx ngx_http_close_connection() integer overflow
1793| [83688] nginx null byte code execution
1794| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1795| [82319] nginx access.log information disclosure
1796| [80952] nginx SSL spoofing
1797| [77244] nginx and Microsoft Windows request security bypass
1798| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1799| [74831] nginx ngx_http_mp4_module.c buffer overflow
1800| [74191] nginx ngx_cpystrn() information disclosure
1801| [74045] nginx header response information disclosure
1802| [71355] nginx ngx_resolver_copy() buffer overflow
1803| [59370] nginx characters denial of service
1804| [59369] nginx DATA source code disclosure
1805| [59047] nginx space source code disclosure
1806| [58966] nginx unspecified directory traversal
1807| [54025] nginx ngx_http_parse.c denial of service
1808| [53431] nginx WebDAV component directory traversal
1809| [53328] Nginx CRC-32 cached domain name spoofing
1810| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1811|
1812| Exploit-DB - https://www.exploit-db.com:
1813| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1814| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1815| [25499] nginx 1.3.9-1.4.0 DoS PoC
1816| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1817| [14830] nginx 0.6.38 - Heap Corruption Exploit
1818| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1819| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1820| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1821| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1822| [9829] nginx 0.7.61 WebDAV directory traversal
1823|
1824| OpenVAS (Nessus) - http://www.openvas.org:
1825| [864418] Fedora Update for nginx FEDORA-2012-3846
1826| [864310] Fedora Update for nginx FEDORA-2012-6238
1827| [864209] Fedora Update for nginx FEDORA-2012-6411
1828| [864204] Fedora Update for nginx FEDORA-2012-6371
1829| [864121] Fedora Update for nginx FEDORA-2012-4006
1830| [864115] Fedora Update for nginx FEDORA-2012-3991
1831| [864065] Fedora Update for nginx FEDORA-2011-16075
1832| [863654] Fedora Update for nginx FEDORA-2011-16110
1833| [861232] Fedora Update for nginx FEDORA-2007-1158
1834| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1835| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1836| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1837| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1838| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1839| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1840| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1841| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1842| [100659] nginx Directory Traversal Vulnerability
1843| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1844| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1845| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1846| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1847| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1848| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1849| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1850| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1851| [71297] FreeBSD Ports: nginx
1852| [71276] FreeBSD Ports: nginx
1853| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1854| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1855| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1856| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1857| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1858| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1859| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1860| [64894] FreeBSD Ports: nginx
1861| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1862|
1863| SecurityTracker - https://www.securitytracker.com:
1864| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1865| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1866| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1867| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1868|
1869| OSVDB - http://www.osvdb.org:
1870| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1871| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1872| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1873| [92796] nginx ngx_http_close_connection Function Crafted r->
1874| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1875| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1876| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1877| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1878| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1879| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1880| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1881| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1882| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1883| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1884| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1885| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1886| [62617] nginx Internal DNS Cache Poisoning Weakness
1887| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1888| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1889| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1890| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1891| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1892| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1893| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1894| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1895| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1896| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1897|_
1898110/tcp closed pop3
1899139/tcp closed netbios-ssn
1900143/tcp closed imap
1901443/tcp open ssl/http nginx
1902| vulscan: VulDB - https://vuldb.com:
1903| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1904| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1905| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1906| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1907| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1908| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1909| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1910| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1911| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1912| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1913| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1914| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1915| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1916| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1917| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1918| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1919| [67677] nginx up to 1.7.3 SSL weak authentication
1920| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1921| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1922| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1923| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1924| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1925| [8671] nginx up to 1.4 proxy_pass denial of service
1926| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1927| [7247] nginx 1.2.6 Proxy Function spoofing
1928| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1929| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1930| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1931| [59645] nginx up to 0.8.9 Heap-based memory corruption
1932| [53592] nginx 0.8.36 memory corruption
1933| [53590] nginx up to 0.8.9 unknown vulnerability
1934| [51533] nginx 0.7.64 Terminal privilege escalation
1935| [50905] nginx up to 0.8.9 directory traversal
1936| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1937| [50043] nginx up to 0.8.10 memory corruption
1938|
1939| MITRE CVE - https://cve.mitre.org:
1940| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1941| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1942| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1943| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1944| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1945| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1946| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1947| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1948| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1949| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1950| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1951| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1952| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1953|
1954| SecurityFocus - https://www.securityfocus.com/bid/:
1955| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1956| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1957| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1958| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1959| [82230] nginx Multiple Denial of Service Vulnerabilities
1960| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1961| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1962| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1963| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1964| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1965| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1966| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1967| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1968| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1969| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1970| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1971| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1972| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1973| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1974| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1975| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1976| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1977| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1978| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1979| [40420] nginx Directory Traversal Vulnerability
1980| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1981| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1982| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1983| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1984| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1985|
1986| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1987| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1988| [84172] nginx denial of service
1989| [84048] nginx buffer overflow
1990| [83923] nginx ngx_http_close_connection() integer overflow
1991| [83688] nginx null byte code execution
1992| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1993| [82319] nginx access.log information disclosure
1994| [80952] nginx SSL spoofing
1995| [77244] nginx and Microsoft Windows request security bypass
1996| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1997| [74831] nginx ngx_http_mp4_module.c buffer overflow
1998| [74191] nginx ngx_cpystrn() information disclosure
1999| [74045] nginx header response information disclosure
2000| [71355] nginx ngx_resolver_copy() buffer overflow
2001| [59370] nginx characters denial of service
2002| [59369] nginx DATA source code disclosure
2003| [59047] nginx space source code disclosure
2004| [58966] nginx unspecified directory traversal
2005| [54025] nginx ngx_http_parse.c denial of service
2006| [53431] nginx WebDAV component directory traversal
2007| [53328] Nginx CRC-32 cached domain name spoofing
2008| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2009|
2010| Exploit-DB - https://www.exploit-db.com:
2011| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2012| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2013| [25499] nginx 1.3.9-1.4.0 DoS PoC
2014| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2015| [14830] nginx 0.6.38 - Heap Corruption Exploit
2016| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2017| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2018| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2019| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2020| [9829] nginx 0.7.61 WebDAV directory traversal
2021|
2022| OpenVAS (Nessus) - http://www.openvas.org:
2023| [864418] Fedora Update for nginx FEDORA-2012-3846
2024| [864310] Fedora Update for nginx FEDORA-2012-6238
2025| [864209] Fedora Update for nginx FEDORA-2012-6411
2026| [864204] Fedora Update for nginx FEDORA-2012-6371
2027| [864121] Fedora Update for nginx FEDORA-2012-4006
2028| [864115] Fedora Update for nginx FEDORA-2012-3991
2029| [864065] Fedora Update for nginx FEDORA-2011-16075
2030| [863654] Fedora Update for nginx FEDORA-2011-16110
2031| [861232] Fedora Update for nginx FEDORA-2007-1158
2032| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2033| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2034| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2035| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2036| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2037| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2038| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2039| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2040| [100659] nginx Directory Traversal Vulnerability
2041| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2042| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2043| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2044| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2045| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2046| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2047| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2048| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2049| [71297] FreeBSD Ports: nginx
2050| [71276] FreeBSD Ports: nginx
2051| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2052| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2053| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2054| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2055| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2056| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2057| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2058| [64894] FreeBSD Ports: nginx
2059| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2060|
2061| SecurityTracker - https://www.securitytracker.com:
2062| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2063| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2064| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2065| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2066|
2067| OSVDB - http://www.osvdb.org:
2068| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2069| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2070| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2071| [92796] nginx ngx_http_close_connection Function Crafted r->
2072| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2073| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2074| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2075| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2076| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2077| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2078| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2079| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2080| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2081| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2082| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2083| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2084| [62617] nginx Internal DNS Cache Poisoning Weakness
2085| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2086| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2087| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2088| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2089| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2090| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2091| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2092| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2093| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2094| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2095|_
2096445/tcp closed microsoft-ds
2097465/tcp closed smtps
2098587/tcp closed submission
2099993/tcp closed imaps
2100995/tcp closed pop3s
21011011/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
2102| vulscan: VulDB - https://vuldb.com:
2103| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
2104| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
2105| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
2106| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
2107| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
2108| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
2109| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
2110| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
2111| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
2112| [94611] OpenSSH up to 7.3 Access Control privilege escalation
2113| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
2114| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
2115| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
2116| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
2117| [90405] OpenSSH up to 7.2p2 sshd information disclosure
2118| [90404] OpenSSH up to 7.2p2 sshd information disclosure
2119| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
2120| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
2121| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
2122| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
2123| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
2124|
2125| MITRE CVE - https://cve.mitre.org:
2126| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
2127| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
2128|
2129| SecurityFocus - https://www.securityfocus.com/bid/:
2130| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
2131| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2132| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
2133| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
2134| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
2135| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
2136| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
2137| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2138| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
2139| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
2140| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2141| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
2142| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
2143| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
2144| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
2145| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
2146| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
2147| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
2148| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
2149| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
2150| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2151| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2152| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
2153| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
2154| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
2155| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
2156| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2157| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2158| [75990] OpenSSH Login Handling Security Bypass Weakness
2159| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2160| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
2161| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
2162| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
2163| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2164| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
2165| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
2166| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
2167| [61286] OpenSSH Remote Denial of Service Vulnerability
2168| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
2169| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
2170| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
2171| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
2172| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
2173| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2174| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
2175| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
2176| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2177| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
2178| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
2179| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
2180| [30794] Red Hat OpenSSH Backdoor Vulnerability
2181| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
2182| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
2183| [28531] OpenSSH ForceCommand Command Execution Weakness
2184| [28444] OpenSSH X Connections Session Hijacking Vulnerability
2185| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
2186| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
2187| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
2188| [20956] OpenSSH Privilege Separation Key Signature Weakness
2189| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
2190| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
2191| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
2192| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
2193| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
2194| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
2195| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
2196| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
2197| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
2198| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
2199| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
2200| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
2201| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
2202| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
2203| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
2204| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
2205| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
2206| [6168] OpenSSH Visible Password Vulnerability
2207| [5374] OpenSSH Trojan Horse Vulnerability
2208| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
2209| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2210| [4241] OpenSSH Channel Code Off-By-One Vulnerability
2211| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
2212| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
2213| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
2214| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
2215| [2917] OpenSSH PAM Session Evasion Vulnerability
2216| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
2217| [2356] OpenSSH Private Key Authentication Check Vulnerability
2218| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
2219| [1334] OpenSSH UseLogin Vulnerability
2220|
2221| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2222| [83258] GSI-OpenSSH auth-pam.c security bypass
2223| [82781] OpenSSH time limit denial of service
2224| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
2225| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
2226| [72756] Debian openssh-server commands information disclosure
2227| [68339] OpenSSH pam_thread buffer overflow
2228| [67264] OpenSSH ssh-keysign unauthorized access
2229| [65910] OpenSSH remote_glob function denial of service
2230| [65163] OpenSSH certificate information disclosure
2231| [64387] OpenSSH J-PAKE security bypass
2232| [63337] Cisco Unified Videoconferencing OpenSSH weak security
2233| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
2234| [45202] OpenSSH signal handler denial of service
2235| [44747] RHEL OpenSSH backdoor
2236| [44280] OpenSSH PermitRootLogin information disclosure
2237| [44279] OpenSSH sshd weak security
2238| [44037] OpenSSH sshd SELinux role unauthorized access
2239| [43940] OpenSSH X11 forwarding information disclosure
2240| [41549] OpenSSH ForceCommand directive security bypass
2241| [41438] OpenSSH sshd session hijacking
2242| [40897] OpenSSH known_hosts weak security
2243| [40587] OpenSSH username weak security
2244| [37371] OpenSSH username data manipulation
2245| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
2246| [37112] RHSA update for OpenSSH signal handler race condition not installed
2247| [37107] RHSA update for OpenSSH identical block denial of service not installed
2248| [36637] OpenSSH X11 cookie privilege escalation
2249| [35167] OpenSSH packet.c newkeys[mode] denial of service
2250| [34490] OpenSSH OPIE information disclosure
2251| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
2252| [32975] Apple Mac OS X OpenSSH denial of service
2253| [32387] RHSA-2006:0738 updates for openssh not installed
2254| [32359] RHSA-2006:0697 updates for openssh not installed
2255| [32230] RHSA-2006:0298 updates for openssh not installed
2256| [32132] RHSA-2006:0044 updates for openssh not installed
2257| [30120] OpenSSH privilege separation monitor authentication verification weakness
2258| [29255] OpenSSH GSSAPI user enumeration
2259| [29254] OpenSSH signal handler race condition
2260| [29158] OpenSSH identical block denial of service
2261| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
2262| [25116] OpenSSH OpenPAM denial of service
2263| [24305] OpenSSH SCP shell expansion command execution
2264| [22665] RHSA-2005:106 updates for openssh not installed
2265| [22117] OpenSSH GSSAPI allows elevated privileges
2266| [22115] OpenSSH GatewayPorts security bypass
2267| [20930] OpenSSH sshd.c LoginGraceTime denial of service
2268| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
2269| [17213] OpenSSH allows port bouncing attacks
2270| [16323] OpenSSH scp file overwrite
2271| [13797] OpenSSH PAM information leak
2272| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
2273| [13264] OpenSSH PAM code could allow an attacker to gain access
2274| [13215] OpenSSH buffer management errors could allow an attacker to execute code
2275| [13214] OpenSSH memory vulnerabilities
2276| [13191] OpenSSH large packet buffer overflow
2277| [12196] OpenSSH could allow an attacker to bypass login restrictions
2278| [11970] OpenSSH could allow an attacker to obtain valid administrative account
2279| [11902] OpenSSH PAM support enabled information leak
2280| [9803] OpenSSH "
2281| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
2282| [9307] OpenSSH is running on the system
2283| [9169] OpenSSH "
2284| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
2285| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
2286| [8383] OpenSSH off-by-one error in channel code
2287| [7647] OpenSSH UseLogin option arbitrary code execution
2288| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
2289| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
2290| [7179] OpenSSH source IP access control bypass
2291| [6757] OpenSSH "
2292| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
2293| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
2294| [5517] OpenSSH allows unauthorized access to resources
2295| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
2296|
2297| Exploit-DB - https://www.exploit-db.com:
2298| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
2299| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
2300| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2301| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
2302| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
2303| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
2304| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
2305| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
2306| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
2307| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
2308| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
2309| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
2310| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
2311| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
2312|
2313| OpenVAS (Nessus) - http://www.openvas.org:
2314| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
2315| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
2316| [881183] CentOS Update for openssh CESA-2012:0884 centos6
2317| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
2318| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
2319| [870763] RedHat Update for openssh RHSA-2012:0884-04
2320| [870129] RedHat Update for openssh RHSA-2008:0855-01
2321| [861813] Fedora Update for openssh FEDORA-2010-5429
2322| [861319] Fedora Update for openssh FEDORA-2007-395
2323| [861170] Fedora Update for openssh FEDORA-2007-394
2324| [861012] Fedora Update for openssh FEDORA-2007-715
2325| [840345] Ubuntu Update for openssh vulnerability USN-597-1
2326| [840300] Ubuntu Update for openssh update USN-612-5
2327| [840271] Ubuntu Update for openssh vulnerability USN-612-2
2328| [840268] Ubuntu Update for openssh update USN-612-7
2329| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
2330| [840214] Ubuntu Update for openssh vulnerability USN-566-1
2331| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
2332| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
2333| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
2334| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
2335| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
2336| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
2337| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
2338| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
2339| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2340| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2341| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2342| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2343| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2344| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2345| [65987] SLES10: Security update for OpenSSH
2346| [65819] SLES10: Security update for OpenSSH
2347| [65514] SLES9: Security update for OpenSSH
2348| [65513] SLES9: Security update for OpenSSH
2349| [65334] SLES9: Security update for OpenSSH
2350| [65248] SLES9: Security update for OpenSSH
2351| [65218] SLES9: Security update for OpenSSH
2352| [65169] SLES9: Security update for openssh,openssh-askpass
2353| [65126] SLES9: Security update for OpenSSH
2354| [65019] SLES9: Security update for OpenSSH
2355| [65015] SLES9: Security update for OpenSSH
2356| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
2357| [61639] Debian Security Advisory DSA 1638-1 (openssh)
2358| [61030] Debian Security Advisory DSA 1576-2 (openssh)
2359| [61029] Debian Security Advisory DSA 1576-1 (openssh)
2360| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2361| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
2362| [60667] Slackware Advisory SSA:2008-095-01 openssh
2363| [59014] Slackware Advisory SSA:2007-255-01 openssh
2364| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
2365| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
2366| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
2367| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
2368| [57492] Slackware Advisory SSA:2006-272-02 openssh
2369| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
2370| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
2371| [57470] FreeBSD Ports: openssh
2372| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
2373| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2374| [56294] Slackware Advisory SSA:2006-045-06 openssh
2375| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
2376| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
2377| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
2378| [53788] Debian Security Advisory DSA 025-1 (openssh)
2379| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
2380| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
2381| [11343] OpenSSH Client Unauthorized Remote Forwarding
2382| [10954] OpenSSH AFS/Kerberos ticket/token passing
2383| [10883] OpenSSH Channel Code Off by 1
2384| [10823] OpenSSH UseLogin Environment Variables
2385|
2386| SecurityTracker - https://www.securitytracker.com:
2387| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
2388| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
2389| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
2390| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
2391| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
2392| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
2393| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
2394| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
2395| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
2396| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
2397| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
2398| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
2399| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
2400| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
2401| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
2402| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
2403| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
2404| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
2405| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
2406| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
2407| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
2408| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
2409| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
2410| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
2411| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
2412| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
2413| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
2414| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
2415| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
2416| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
2417| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
2418| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
2419| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
2420| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
2421| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
2422| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
2423| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
2424| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
2425|
2426| OSVDB - http://www.osvdb.org:
2427| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
2428| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
2429| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
2430| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
2431| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
2432| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
2433| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
2434| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
2435| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
2436| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
2437| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
2438| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
2439| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
2440| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
2441| [56921] OpenSSH Unspecified Remote Compromise
2442| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
2443| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
2444| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
2445| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
2446| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
2447| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
2448| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
2449| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
2450| [43745] OpenSSH X11 Forwarding Local Session Hijacking
2451| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
2452| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
2453| [37315] pam_usb OpenSSH Authentication Unspecified Issue
2454| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
2455| [34601] OPIE w/ OpenSSH Account Enumeration
2456| [34600] OpenSSH S/KEY Authentication Account Enumeration
2457| [32721] OpenSSH Username Password Complexity Account Enumeration
2458| [30232] OpenSSH Privilege Separation Monitor Weakness
2459| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
2460| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
2461| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
2462| [29152] OpenSSH Identical Block Packet DoS
2463| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
2464| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
2465| [22692] OpenSSH scp Command Line Filename Processing Command Injection
2466| [20216] OpenSSH with KerberosV Remote Authentication Bypass
2467| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
2468| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
2469| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
2470| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
2471| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
2472| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
2473| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
2474| [6601] OpenSSH *realloc() Unspecified Memory Errors
2475| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
2476| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
2477| [6072] OpenSSH PAM Conversation Function Stack Modification
2478| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
2479| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
2480| [5408] OpenSSH echo simulation Information Disclosure
2481| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
2482| [4536] OpenSSH Portable AIX linker Privilege Escalation
2483| [3938] OpenSSL and OpenSSH /dev/random Check Failure
2484| [3456] OpenSSH buffer_append_space() Heap Corruption
2485| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
2486| [2140] OpenSSH w/ PAM Username Validity Timing Attack
2487| [2112] OpenSSH Reverse DNS Lookup Bypass
2488| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
2489| [1853] OpenSSH Symbolic Link 'cookies' File Removal
2490| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
2491| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
2492| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
2493| [688] OpenSSH UseLogin Environment Variable Local Command Execution
2494| [642] OpenSSH Multiple Key Type ACL Bypass
2495| [504] OpenSSH SSHv2 Public Key Authentication Bypass
2496| [341] OpenSSH UseLogin Local Privilege Escalation
2497|_
2498Device type: general purpose
2499Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
2500OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4
2501Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 3.10 - 3.12 (87%), Linux 4.4 (87%), Linux 3.10 - 4.11 (86%), Linux 4.9 (86%), Linux 3.2 - 4.9 (85%), Linux 2.6.18 (85%), Linux 3.7 (85%)
2502No exact OS matches for host (test conditions non-ideal).
2503Uptime guess: 18.722 days (since Sun Dec 29 10:45:20 2019)
2504Network Distance: 17 hops
2505TCP Sequence Prediction: Difficulty=261 (Good luck!)
2506IP ID Sequence Generation: All zeros
2507Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2508
2509TRACEROUTE (using port 53/tcp)
2510HOP RTT ADDRESS
25111 59.29 ms 10.252.204.1
25122 88.84 ms 104.245.145.177
25133 88.87 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
25144 88.87 ms toro-b1-link.telia.net (62.115.168.48)
25155 88.89 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
25166 165.14 ms nyk-bb2-link.telia.net (62.115.113.86)
25177 195.19 ms if-ae-2-2.tcore2.tnk-toronto.as6453.net (64.86.33.90)
25188 195.18 ms if-ae-8-2.tcore1.ct8-chicago.as6453.net (66.110.48.2)
25199 165.15 ms ffm-bb3-link.telia.net (62.115.123.12)
252010 135.19 ms if-ae-66-2.tcore1.l78-london.as6453.net (80.231.130.105)
252111 134.34 ms hetzner-ic-326013-ffm-b4.c.telia.net (213.248.70.3)
252212 203.88 ms core11.nbg1.hetzner.com (213.239.224.237)
252313 203.84 ms if-ae-30-2.tcore2.fnm-frankfurt.as6453.net (80.231.153.90)
252414 203.79 ms if-ae-11-2.tcore1.pvu-paris.as6453.net (80.231.153.49)
252515 173.30 ms 10251.your-cloud.host (88.99.159.16)
252616 183.08 ms if-ae-4-2.tcore1.fr0-frankfurt.as6453.net (195.219.87.18)
252717 152.78 ms static.141.74.203.116.clients.your-server.de (116.203.74.141)
2528
2529NSE: Script Post-scanning.
2530Initiating NSE at 04:04
2531Completed NSE at 04:04, 0.00s elapsed
2532Initiating NSE at 04:04
2533Completed NSE at 04:04, 0.00s elapsed
2534######################################################################################################################################
2535Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 04:04 EST
2536NSE: Loaded 47 scripts for scanning.
2537NSE: Script Pre-scanning.
2538Initiating NSE at 04:04
2539Completed NSE at 04:04, 0.00s elapsed
2540Initiating NSE at 04:04
2541Completed NSE at 04:04, 0.00s elapsed
2542Initiating Parallel DNS resolution of 1 host. at 04:04
2543Completed Parallel DNS resolution of 1 host. at 04:04, 0.02s elapsed
2544Initiating UDP Scan at 04:04
2545Scanning static.141.74.203.116.clients.your-server.de (116.203.74.141) [15 ports]
2546Completed UDP Scan at 04:04, 1.76s elapsed (15 total ports)
2547Initiating Service scan at 04:04
2548Scanning 12 services on static.141.74.203.116.clients.your-server.de (116.203.74.141)
2549Service scan Timing: About 8.33% done; ETC: 04:23 (0:17:47 remaining)
2550Completed Service scan at 04:06, 102.59s elapsed (12 services on 1 host)
2551Initiating OS detection (try #1) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
2552Retrying OS detection (try #2) against static.141.74.203.116.clients.your-server.de (116.203.74.141)
2553Initiating Traceroute at 04:06
2554Completed Traceroute at 04:06, 7.13s elapsed
2555Initiating Parallel DNS resolution of 1 host. at 04:06
2556Completed Parallel DNS resolution of 1 host. at 04:06, 0.00s elapsed
2557NSE: Script scanning 116.203.74.141.
2558Initiating NSE at 04:06
2559Completed NSE at 04:06, 7.12s elapsed
2560Initiating NSE at 04:06
2561Completed NSE at 04:06, 1.01s elapsed
2562Nmap scan report for static.141.74.203.116.clients.your-server.de (116.203.74.141)
2563Host is up (0.12s latency).
2564
2565PORT STATE SERVICE VERSION
256653/udp closed domain
256767/udp open|filtered dhcps
256868/udp open|filtered dhcpc
256969/udp open|filtered tftp
257088/udp open|filtered kerberos-sec
2571123/udp open|filtered ntp
2572137/udp filtered netbios-ns
2573138/udp filtered netbios-dgm
2574139/udp open|filtered netbios-ssn
2575161/udp open|filtered snmp
2576162/udp open|filtered snmptrap
2577389/udp open|filtered ldap
2578500/udp open|filtered isakmp
2579|_ike-version: ERROR: Script execution failed (use -d to debug)
2580520/udp open|filtered route
25812049/udp open|filtered nfs
2582Too many fingerprints match this host to give specific OS details
2583Network Distance: 23 hops
2584
2585TRACEROUTE (using port 137/udp)
2586HOP RTT ADDRESS
25871 ... 3
25884 100.25 ms 10.252.204.1
25895 47.17 ms 10.252.204.1
25906 ... 14
259115 102.10 ms 10.252.204.1
259216 ...
259317 51.24 ms 10.252.204.1
259418 90.64 ms 10.252.204.1
259519 90.64 ms 10.252.204.1
259620 90.64 ms 10.252.204.1
259721 90.63 ms 10.252.204.1
259822 90.61 ms 10.252.204.1
259923 56.89 ms 10.252.204.1
260024 ... 27
260128 29.37 ms 10.252.204.1
260229 ...
260330 125.80 ms 10.252.204.1
2604
2605NSE: Script Post-scanning.
2606Initiating NSE at 04:06
2607Completed NSE at 04:06, 0.00s elapsed
2608Initiating NSE at 04:06
2609Completed NSE at 04:06, 0.00s elapsed
2610#####################################################################################################################################
2611[+] URL: https://amjad.media/
2612[+] Started: Fri Jan 17 03:41:35 2020
2613
2614Interesting Finding(s):
2615
2616[+] https://amjad.media/
2617 | Interesting Entry: Server: nginx
2618 | Found By: Headers (Passive Detection)
2619 | Confidence: 100%
2620
2621[+] https://amjad.media/robots.txt
2622 | Interesting Entries:
2623 | - /wp-admin/
2624 | - /wp-admin/admin-ajax.php
2625 | Found By: Robots Txt (Aggressive Detection)
2626 | Confidence: 100%
2627
2628[+] https://amjad.media/xmlrpc.php
2629 | Found By: Direct Access (Aggressive Detection)
2630 | Confidence: 100%
2631 | References:
2632 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2633 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2634 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2635 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2636 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2637
2638[+] https://amjad.media/wp-cron.php
2639 | Found By: Direct Access (Aggressive Detection)
2640 | Confidence: 60%
2641 | References:
2642 | - https://www.iplocation.net/defend-wordpress-from-ddos
2643 | - https://github.com/wpscanteam/wpscan/issues/1299
2644
2645Fingerprinting the version - Time: 00:01:09 <=========> (406 / 406) 100.00% Time: 00:01:09
2646[i] The WordPress version could not be detected.
2647
2648[i] The main theme could not be detected.
2649
2650[+] Enumerating All Plugins (via Passive Methods)
2651[+] Checking Plugin Versions (via Passive and Aggressive Methods)
2652
2653[i] Plugin(s) Identified:
2654
2655[+] js_composer
2656 | Location: https://amjad.media/wp-content/plugins/js_composer/
2657 |
2658 | Found By: Body Tag (Passive Detection)
2659 |
2660 | Version: 6.1 (60% confidence)
2661 | Found By: Body Tag (Passive Detection)
2662 | - https://amjad.media/, Match: 'js-comp-ver-6.1'
2663
2664[+] wordfence
2665 | Location: https://amjad.media/wp-content/plugins/wordfence/
2666 | Latest Version: 7.4.3 (up to date)
2667 | Last Updated: 2020-01-13T19:11:00.000Z
2668 |
2669 | Found By: Javascript Var (Passive Detection)
2670 |
2671 | Version: 7.4.4 (80% confidence)
2672 | Found By: Readme - Stable Tag (Aggressive Detection)
2673 | - https://amjad.media/wp-content/plugins/wordfence/readme.txt
2674
2675[+] Enumerating Config Backups (via Passive and Aggressive Methods)
2676 Checking Config Backups - Time: 00:00:01 <=============> (21 / 21) 100.00% Time: 00:00:01
2677
2678[i] No Config Backups Found.
2679
2680[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
2681[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
2682
2683[+] Finished: Fri Jan 17 03:43:04 2020
2684[+] Requests Done: 674
2685[+] Cached Requests: 73
2686[+] Data Sent: 129.072 KB
2687[+] Data Received: 12.385 MB
2688[+] Memory used: 157.148 MB
2689[+] Elapsed time: 00:01:29
2690######################################################################################################################################
2691[+] URL: https://amjad.media/
2692[+] Started: Fri Jan 17 03:41:41 2020
2693
2694Interesting Finding(s):
2695
2696[+] https://amjad.media/
2697 | Interesting Entry: Server: nginx
2698 | Found By: Headers (Passive Detection)
2699 | Confidence: 100%
2700
2701[+] https://amjad.media/robots.txt
2702 | Interesting Entries:
2703 | - /wp-admin/
2704 | - /wp-admin/admin-ajax.php
2705 | Found By: Robots Txt (Aggressive Detection)
2706 | Confidence: 100%
2707
2708[+] https://amjad.media/xmlrpc.php
2709 | Found By: Direct Access (Aggressive Detection)
2710 | Confidence: 100%
2711 | References:
2712 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2713 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2714 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2715 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2716 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2717
2718[+] https://amjad.media/wp-cron.php
2719 | Found By: Direct Access (Aggressive Detection)
2720 | Confidence: 60%
2721 | References:
2722 | - https://www.iplocation.net/defend-wordpress-from-ddos
2723 | - https://github.com/wpscanteam/wpscan/issues/1299
2724
2725Fingerprinting the version - Time: 00:01:10 <> (406 / 406) 100.00% Time: 00:01:10
2726[i] The WordPress version could not be detected.
2727
2728[i] The main theme could not be detected.
2729
2730[+] Enumerating Users (via Passive and Aggressive Methods)
2731 Brute Forcing Author IDs - Time: 00:00:00 <==> (10 / 10) 100.00% Time: 00:00:00
2732
2733[i] No Users Found.
2734
2735[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
2736[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
2737
2738[+] Finished: Fri Jan 17 03:43:01 2020
2739[+] Requests Done: 701
2740[+] Cached Requests: 35
2741[+] Data Sent: 134.14 KB
2742[+] Data Received: 13.207 MB
2743[+] Memory used: 104.664 MB
2744[+] Elapsed time: 00:01:19
2745#######################################################################################################################################
2746[+] URL: https://amjad.media/
2747[+] Started: Fri Jan 17 03:45:24 2020
2748
2749Interesting Finding(s):
2750
2751[+] https://amjad.media/
2752 | Interesting Entry: Server: nginx
2753 | Found By: Headers (Passive Detection)
2754 | Confidence: 100%
2755
2756[+] https://amjad.media/robots.txt
2757 | Interesting Entries:
2758 | - /wp-admin/
2759 | - /wp-admin/admin-ajax.php
2760 | Found By: Robots Txt (Aggressive Detection)
2761 | Confidence: 100%
2762
2763[+] https://amjad.media/wp-cron.php
2764 | Found By: Direct Access (Aggressive Detection)
2765 | Confidence: 60%
2766 | References:
2767 | - https://www.iplocation.net/defend-wordpress-from-ddos
2768 | - https://github.com/wpscanteam/wpscan/issues/1299
2769
2770Fingerprinting the version - Time: 00:00:16 <=========> (406 / 406) 100.00% Time: 00:00:16
2771[i] The WordPress version could not be detected.
2772
2773[i] The main theme could not be detected.
2774
2775[+] Enumerating Users (via Passive and Aggressive Methods)
2776 Brute Forcing Author IDs - Time: 00:00:00 <============> (10 / 10) 100.00% Time: 00:00:00
2777
2778[i] No Users Found.
2779
2780[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
2781[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
2782
2783[+] Finished: Fri Jan 17 03:45:44 2020
2784[+] Requests Done: 419
2785[+] Cached Requests: 317
2786[+] Data Sent: 80.439 KB
2787[+] Data Received: 191.438 KB
2788[+] Memory used: 101.191 MB
2789[+] Elapsed time: 00:00:20
2790#######################################################################################################################################
2791[INFO] ------TARGET info------
2792[*] TARGET: https://amjad.media/
2793[*] TARGET IP: 116.203.74.141
2794[INFO] NO load balancer detected for amjad.media...
2795[*] DNS servers: ns1.dynadot.com.
2796[*] TARGET server: nginx
2797[*] CC: DE
2798[*] Country: Germany
2799[*] RegionCode: BY
2800[*] RegionName: Bavaria
2801[*] City: Nuremberg
2802[*] ASN: AS24940
2803[*] BGP_PREFIX: 116.203.0.0/16
2804[*] ISP: HETZNER-AS Hetzner Online GmbH, DE
2805[INFO] SSL/HTTPS certificate detected
2806[*] Issuer: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
2807[*] Subject: subject=CN = amjad.media
2808[ALERT] Let's Encrypt is commonly used for Phishing
2809[INFO] DNS enumeration:
2810[*] files.amjad.media 88.198.195.147
2811[INFO] Possible abuse mails are:
2812[*] abuse@amjad.media
2813[*] abuse@mtsindia.in
2814[INFO] NO PAC (Proxy Auto Configuration) file FOUND
2815[INFO] Starting FUZZing in http://amjad.media/FUzZzZzZzZz...
2816[INFO] Status code Folders
2817[ALERT] Look in the source code. It may contain passwords
2818[ALERT] Content in http://amjad.media/ AND http://www.amjad.media/ is different
2819[INFO] MD5 for http://amjad.media/ is: a872b184c2fb1632713a5c63422d0275
2820[INFO] MD5 for http://www.amjad.media/ is: 6da5c0cb98689c650e031b96af32bf2d
2821[INFO] http://amjad.media/ redirects to https://amjad.media/
2822[INFO] http://www.amjad.media/ redirects to https://www.amjad.media/
2823[INFO] Links found from https://amjad.media/ http://116.203.74.141/:
2824[*] http://nginx.com/
2825[*] http://nginx.org/
2826[*] https://www.wordfence.com/help/?query=locked-out
2827[INFO] GOOGLE has Tribulations": Multimedia: Created: 03 about http://amjad.media/
2828[INFO] Shodan detected the following opened ports on 116.203.74.141:
2829[*] 443
2830[*] 80
2831[INFO] ------VirusTotal SECTION------
2832[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
2833[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
2834[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
2835[INFO] ------Alexa Rank SECTION------
2836[INFO] Percent of Visitors Rank in Country:
2837[INFO] Percent of Search Traffic:
2838[INFO] Percent of Unique Visits:
2839[INFO] Total Sites Linking In:
2840[*] Total Sites
2841[INFO] Useful links related to amjad.media - 116.203.74.141:
2842[*] https://www.virustotal.com/pt/ip-address/116.203.74.141/information/
2843[*] https://www.hybrid-analysis.com/search?host=116.203.74.141
2844[*] https://www.shodan.io/host/116.203.74.141
2845[*] https://www.senderbase.org/lookup/?search_string=116.203.74.141
2846[*] https://www.alienvault.com/open-threat-exchange/ip/116.203.74.141
2847[*] http://pastebin.com/search?q=116.203.74.141
2848[*] http://urlquery.net/search.php?q=116.203.74.141
2849[*] http://www.alexa.com/siteinfo/amjad.media
2850[*] http://www.google.com/safebrowsing/diagnostic?site=amjad.media
2851[*] https://censys.io/ipv4/116.203.74.141
2852[*] https://www.abuseipdb.com/check/116.203.74.141
2853[*] https://urlscan.io/search/#116.203.74.141
2854[*] https://github.com/search?q=116.203.74.141&type=Code
2855[INFO] Useful links related to AS24940 - 116.203.0.0/16:
2856[*] http://www.google.com/safebrowsing/diagnostic?site=AS:24940
2857[*] https://www.senderbase.org/lookup/?search_string=116.203.0.0/16
2858[*] http://bgp.he.net/AS24940
2859[*] https://stat.ripe.net/AS24940
2860[INFO] Date: 17/01/20 | Time: 03:46:24
2861[INFO] Total time: 1 minute(s) and 0 second(s)
2862#######################################################################################################################################
2863[-] Target: https://amjad.media (116.203.74.141)
2864[I] Server: nginx
2865[L] X-Frame-Options: Not Enforced
2866[I] Strict-Transport-Security: Not Enforced
2867[I] X-Content-Security-Policy: Not Enforced
2868[I] X-Content-Type-Options: Not Enforced
2869[L] No Robots.txt Found
2870[I] CMS Detection: WordPress
2871[M] XML-RPC services are enabled
2872[I] Autocomplete Off Not Found: https://amjad.media/wp-login.php
2873[-] Default WordPress Files:
2874[I] https://amjad.media/license.txt
2875[I] https://amjad.media/wp-includes/ID3/license.commercial.txt
2876[I] https://amjad.media/wp-includes/ID3/license.txt
2877[I] https://amjad.media/wp-includes/ID3/readme.txt
2878[I] https://amjad.media/wp-includes/images/crystal/license.txt
2879[I] https://amjad.media/wp-includes/js/plupload/license.txt
2880[I] https://amjad.media/wp-includes/js/swfupload/license.txt
2881[I] https://amjad.media/wp-includes/js/tinymce/license.txt
2882[-] Searching Wordpress Plugins ...
2883[I] akismet v4.1.3
2884[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
2885[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
2886[I] duplicator v1.3.24
2887[M] EDB-ID: 38676 "WordPress Plugin Duplicator - Cross-Site Scripting"
2888[M] EDB-ID: 44288 "WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting"
2889[I] jetpack v8.0
2890[M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
2891[I] Checking for Directory Listing Enabled ...
2892[-] Date & Time: 17/01/2020 03:46:35
2893[-] Completed in: 0:04:52
2894######################################################################################################################################
2895 Anonymous JTSEC #OpISIS Full Recon #40