· 6 years ago · Nov 01, 2019, 03:26 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname theredelephants.com ISP Google LLC
4Continent North America Flag
5US
6Country United States Country Code US
7Region Virginia Local time 31 Oct 2019 22:11 EDT
8City Unknown Postal Code Unknown
9IP Address 104.196.67.80 Latitude 38.658
10 Longitude -77.248
11=======================================================================================================================================
12######################################################################################################################################
13> theredelephants.com
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: theredelephants.com
19Address: 104.196.67.80
20>
21######################################################################################################################################
22 Domain Name: THEREDELEPHANTS.COM
23 Registry Domain ID: 2073176903_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.godaddy.com
25 Registrar URL: http://www.godaddy.com
26 Updated Date: 2016-11-10T21:43:26Z
27 Creation Date: 2016-11-10T21:43:26Z
28 Registry Expiry Date: 2019-11-10T21:43:26Z
29 Registrar: GoDaddy.com, LLC
30 Registrar IANA ID: 146
31 Registrar Abuse Contact Email: abuse@godaddy.com
32 Registrar Abuse Contact Phone: 480-624-2505
33 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
34 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
35 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
36 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
37 Name Server: NS57.DOMAINCONTROL.COM
38 Name Server: NS58.DOMAINCONTROL.COM
39 DNSSEC: unsigned
40#######################################################################################################################################
41Domain Name: theredelephants.com
42Registry Domain ID: 2073176903_DOMAIN_COM-VRSN
43Registrar WHOIS Server: whois.godaddy.com
44Registrar URL: http://www.godaddy.com
45Updated Date: 2016-11-10T21:43:26Z
46Creation Date: 2016-11-10T21:43:26Z
47Registrar Registration Expiration Date: 2019-11-10T21:43:26Z
48Registrar: GoDaddy.com, LLC
49Registrar IANA ID: 146
50Registrar Abuse Contact Email: abuse@godaddy.com
51Registrar Abuse Contact Phone: +1.4806242505
52Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
53Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
54Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
55Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
56Registry Registrant ID: Not Available From Registry
57Registrant Name: Registration Private
58Registrant Organization: Domains By Proxy, LLC
59Registrant Street: DomainsByProxy.com
60Registrant Street: 14455 N. Hayden Road
61Registrant City: Scottsdale
62Registrant State/Province: Arizona
63Registrant Postal Code: 85260
64Registrant Country: US
65Registrant Phone: +1.4806242599
66Registrant Phone Ext:
67Registrant Fax: +1.4806242598
68Registrant Fax Ext:
69Registrant Email: theredelephants.com@domainsbyproxy.com
70Registry Admin ID: Not Available From Registry
71Admin Name: Registration Private
72Admin Organization: Domains By Proxy, LLC
73Admin Street: DomainsByProxy.com
74Admin Street: 14455 N. Hayden Road
75Admin City: Scottsdale
76Admin State/Province: Arizona
77Admin Postal Code: 85260
78Admin Country: US
79Admin Phone: +1.4806242599
80Admin Phone Ext:
81Admin Fax: +1.4806242598
82Admin Fax Ext:
83Admin Email: theredelephants.com@domainsbyproxy.com
84Registry Tech ID: Not Available From Registry
85Tech Name: Registration Private
86Tech Organization: Domains By Proxy, LLC
87Tech Street: DomainsByProxy.com
88Tech Street: 14455 N. Hayden Road
89Tech City: Scottsdale
90Tech State/Province: Arizona
91Tech Postal Code: 85260
92Tech Country: US
93Tech Phone: +1.4806242599
94Tech Phone Ext:
95Tech Fax: +1.4806242598
96Tech Fax Ext:
97Tech Email: theredelephants.com@domainsbyproxy.com
98Name Server: NS57.DOMAINCONTROL.COM
99Name Server: NS58.DOMAINCONTROL.COM
100DNSSEC: unsigned
101#######################################################################################################################################
102[+] Target : theredelephants.com
103
104[+] IP Address : 104.196.67.80
105
106[+] Headers :
107
108[+] Server : nginx
109[+] Date : Fri, 01 Nov 2019 02:47:44 GMT
110[+] Content-Type : text/html
111[+] Content-Length : 162
112[+] Connection : keep-alive
113[+] Keep-Alive : timeout=20
114
115[+] SSL Certificate Information :
116
117[+] commonName : *.wpengine.com
118[+] countryName : US
119[+] organizationName : DigiCert Inc
120[+] organizationalUnitName : www.digicert.com
121[+] commonName : RapidSSL RSA CA 2018
122[+] Version : 3
123[+] Serial Number : 052786C55573A17A6DFA3E2727AEDD0E
124[+] Not Before : Jul 1 00:00:00 2019 GMT
125[+] Not After : Aug 29 12:00:00 2021 GMT
126[+] OCSP : ('http://status.rapidssl.com',)
127[+] subject Alt Name : (('DNS', '*.wpengine.com'), ('DNS', 'wpengine.com'))
128[+] CA Issuers : ('http://cacerts.rapidssl.com/RapidSSLRSACA2018.crt',)
129[+] CRL Distribution Points : ('http://cdp.rapidssl.com/RapidSSLRSACA2018.crl',)
130
131[+] Whois Lookup :
132
133[+] NIR : None
134[+] ASN Registry : arin
135[+] ASN : 15169
136[+] ASN CIDR : 104.196.64.0/19
137[+] ASN Country Code : US
138[+] ASN Date : 2014-08-27
139[+] ASN Description : GOOGLE - Google LLC, US
140[+] cidr : 104.196.0.0/14
141[+] name : GOOGLE-CLOUD
142[+] handle : NET-104-196-0-0-1
143[+] range : 104.196.0.0 - 104.199.255.255
144[+] description : Google LLC
145[+] country : US
146[+] state : CA
147[+] city : Mountain View
148[+] address : 1600 Amphitheatre Parkway
149[+] postal_code : 94043
150[+] emails : ['google-cloud-compliance@google.com', 'arin-contact@google.com']
151[+] created : 2014-08-27
152[+] updated : 2015-09-21
153
154[+] Crawling Target...
155
156[+] Looking for robots.txt........[ Found ]
157[+] Extracting robots Links.......[ 2 ]
158[+] Looking for sitemap.xml.......[ Found ]
159[+] Extracting sitemap Links......[ 12 ]
160[+] Extracting CSS Links..........[ 15 ]
161[+] Extracting Javascript Links...[ 18 ]
162[+] Extracting Internal Links.....[ 36 ]
163[+] Extracting External Links.....[ 4 ]
164[+] Extracting Images.............[ 17 ]
165
166[+] Total Links Extracted : 104
167
168[+] Dumping Links in /opt/FinalRecon/dumps/theredelephants.com.dump
169[+] Completed!
170#######################################################################################################################################
171[+] Starting At 2019-10-31 22:47:58.633017
172[+] Collecting Information On: http://theredelephants.com/
173[#] Status: 200
174--------------------------------------------------
175[#] Web Server Detected: nginx
176[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
177- Server: nginx
178- Date: Fri, 01 Nov 2019 02:47:58 GMT
179- Content-Type: text/html; charset=UTF-8
180- Transfer-Encoding: chunked
181- Connection: keep-alive
182- Keep-Alive: timeout=20
183- Vary: Accept-Encoding, Accept-Encoding,Cookie
184- Expires: Thu, 19 Nov 1981 08:52:00 GMT
185- Pragma: no-cache
186- Link: <http://theredelephants.com/wp-json/>; rel="https://api.w.org/", <http://theredelephants.com/>; rel=shortlink
187- X-Cacheable: SHORT
188- Cache-Control: max-age=600, must-revalidate
189- X-Cache: HIT: 28
190- X-Pass-Why:
191- X-Cache-Group: normal
192- Content-Encoding: gzip
193--------------------------------------------------
194[#] Finding Location..!
195[#] status: success
196[#] country: United States
197[#] countryCode: US
198[#] region: VA
199[#] regionName: Virginia
200[#] city: Ashburn
201[#] zip: 20149
202[#] lat: 39.0438
203[#] lon: -77.4874
204[#] timezone: America/New_York
205[#] isp: Google LLC
206[#] org: Google LLC
207[#] as: AS15169 Google LLC
208[#] query: 104.196.67.80
209--------------------------------------------------
210[x] Didn't Detect WAF Presence on: http://theredelephants.com/
211--------------------------------------------------
212[#] Starting Reverse DNS
213[-] Failed ! Fail
214--------------------------------------------------
215[!] Scanning Open Port
216[#] 80/tcp open http
217[#] 443/tcp open https
218[#] 2222/tcp open EtherNetIP-1
219--------------------------------------------------
220[+] Collecting Information Disclosure!
221[#] Detecting sitemap.xml file
222[!] sitemap.xml File Found: http://theredelephants.com/sitemap_index.xml
223[#] Detecting robots.txt file
224[!] robots.txt File Found: http://theredelephants.com//robots.txt
225[#] Detecting GNU Mailman
226[-] GNU Mailman App Not Detected!?
227--------------------------------------------------
228[+] Crawling Url Parameter On: http://theredelephants.com/
229--------------------------------------------------
230[#] Searching Html Form !
231[+] Html Form Discovered
232[#] action: None
233[#] class: None
234[#] id: svc_form_load_more_693
235[#] method: None
236--------------------------------------------------
237[!] Found 23 dom parameter
238[#] http://theredelephants.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Ftheredelephants.com%2F&format=xml
239[#] http://theredelephants.com//#
240[#] http://theredelephants.com//#
241[#] http://theredelephants.com//#
242[#] http://theredelephants.com//#
243[#] http://theredelephants.com//#
244[#] http://theredelephants.com/democrats-who-drove-up-price-of-gas-with-gas-tax-are-now-calling-for-investigation-into-why-the-price-is-so-high/#respond
245[#] http://theredelephants.com/the-deadliest-lynching-in-us-history-was-not-against-blacks-it-was-against-italian-americans/#respond
246[#] http://theredelephants.com/sunny-hostin-falsely-claims-police-are-the-leading-cause-of-death-of-black-men-on-the-view/#respond
247[#] http://theredelephants.com/joker-nihilism-despair-fatherlessness-hopelessness-and-the-failure-of-society/#respond
248[#] http://theredelephants.com/blacks-keep-attacking-and-killing-random-white-and-jewish-people-but-the-media-ignores-because-attackers-are-not-white-or-right-wing/#respond
249[#] http://theredelephants.com/why-trump-needs-to-hire-douglas-macgregor-as-national-security-advisor-if-hes-seriously-america-first/#respond
250[#] http://theredelephants.com/black-student-savagely-attacks-white-student-media-silent-in-possible-hate-crime/#respond
251[#] http://theredelephants.com/how-the-left-is-pushing-white-men-further-right/#respond
252[#] http://theredelephants.com/youtube-caves-to-the-adl-removes-prominent-right-wing-channels/#respond
253[#] http://theredelephants.com/green-hawaiian-mountain-seals-and-the-giant-telescope/#respond
254[#] http://theredelephants.com/ben-garrison-banned-from-white-house-social-media-summit-because-a-powerful-jewish-organization-disapproved-of-him/#respond
255[#] http://theredelephants.com/channels-that-have-been-censored-by-youtube/#respond
256[#] http://theredelephants.com/watch-bill-maher-calls-out-ny-times-writer-for-calling-for-blanket-gun-ban/#respond
257[#] http://theredelephants.com/email-leaks-show-journalist-reportedly-emailed-chase-bank-to-get-conservatives-banned-and-it-worked/#respond
258[#] http://theredelephants.com/multiple-conservative-youtube-channels-banned-or-demonetized-after-vox-hist-complains-for-5-days-straight/#respond
259[#] http://theredelephants.com//#
260[#] http://theredelephants.com//#
261--------------------------------------------------
262[!] 3 Internal Dynamic Parameter Discovered
263[+] http://theredelephants.com/xmlrpc.php?rsd
264[+] http://theredelephants.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Ftheredelephants.com%2F
265[+] http://theredelephants.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Ftheredelephants.com%2F&format=xml
266--------------------------------------------------
267[-] No external Dynamic Paramter Found!?
268--------------------------------------------------
269[!] 72 Internal links Discovered
270[+] http://theredelephants.com/xmlrpc.php
271[+] http://theredelephants.com/
272[+] http://theredelephants.com/feed/
273[+] http://theredelephants.com/comments/feed/
274[+] http://theredelephants.com/wp-includes/wlwmanifest.xml
275[+] http://theredelephants.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css
276[+] http://theredelephants.com/wp-content/uploads/2016/11/cropped-500x500-32x32.png
277[+] http://theredelephants.com/wp-content/uploads/2016/11/cropped-500x500-192x192.png
278[+] http://theredelephants.com/wp-content/uploads/2016/11/cropped-500x500-180x180.png
279[+] http://theredelephants.com//mailto:contact@theredelephants.com
280[+] http://theredelephants.com/articles/
281[+] http://theredelephants.com/trumpsupporters/
282[+] https://shop.theredelephants.com/
283[+] http://theredelephants.com/about/
284[+] http://theredelephants.com//mailto:contact@theredelephants.com
285[+] http://theredelephants.com/
286[+] http://theredelephants.com/articles/
287[+] http://theredelephants.com/trumpsupporters/
288[+] https://shop.theredelephants.com/
289[+] http://theredelephants.com/about/
290[+] http://theredelephants.com/democrats-who-drove-up-price-of-gas-with-gas-tax-are-now-calling-for-investigation-into-why-the-price-is-so-high/
291[+] http://theredelephants.com/democrats-who-drove-up-price-of-gas-with-gas-tax-are-now-calling-for-investigation-into-why-the-price-is-so-high/
292[+] http://theredelephants.com//The Red Elephants
293[+] http://theredelephants.com/the-deadliest-lynching-in-us-history-was-not-against-blacks-it-was-against-italian-americans/
294[+] http://theredelephants.com/the-deadliest-lynching-in-us-history-was-not-against-blacks-it-was-against-italian-americans/
295[+] http://theredelephants.com//The Red Elephants
296[+] http://theredelephants.com/sunny-hostin-falsely-claims-police-are-the-leading-cause-of-death-of-black-men-on-the-view/
297[+] http://theredelephants.com/sunny-hostin-falsely-claims-police-are-the-leading-cause-of-death-of-black-men-on-the-view/
298[+] http://theredelephants.com//The Red Elephants
299[+] http://theredelephants.com/joker-nihilism-despair-fatherlessness-hopelessness-and-the-failure-of-society/
300[+] http://theredelephants.com/joker-nihilism-despair-fatherlessness-hopelessness-and-the-failure-of-society/
301[+] http://theredelephants.com//The Red Elephants
302[+] http://theredelephants.com/blacks-keep-attacking-and-killing-random-white-and-jewish-people-but-the-media-ignores-because-attackers-are-not-white-or-right-wing/
303[+] http://theredelephants.com/blacks-keep-attacking-and-killing-random-white-and-jewish-people-but-the-media-ignores-because-attackers-are-not-white-or-right-wing/
304[+] http://theredelephants.com//The Red Elephants
305[+] http://theredelephants.com/why-trump-needs-to-hire-douglas-macgregor-as-national-security-advisor-if-hes-seriously-america-first/
306[+] http://theredelephants.com/why-trump-needs-to-hire-douglas-macgregor-as-national-security-advisor-if-hes-seriously-america-first/
307[+] http://theredelephants.com//The Red Elephants
308[+] http://theredelephants.com/black-student-savagely-attacks-white-student-media-silent-in-possible-hate-crime/
309[+] http://theredelephants.com/black-student-savagely-attacks-white-student-media-silent-in-possible-hate-crime/
310[+] http://theredelephants.com//The Red Elephants
311[+] http://theredelephants.com/how-the-left-is-pushing-white-men-further-right/
312[+] http://theredelephants.com/how-the-left-is-pushing-white-men-further-right/
313[+] http://theredelephants.com//The Red Elephants
314[+] http://theredelephants.com/youtube-caves-to-the-adl-removes-prominent-right-wing-channels/
315[+] http://theredelephants.com/youtube-caves-to-the-adl-removes-prominent-right-wing-channels/
316[+] http://theredelephants.com//The Red Elephants
317[+] http://theredelephants.com/green-hawaiian-mountain-seals-and-the-giant-telescope/
318[+] http://theredelephants.com/green-hawaiian-mountain-seals-and-the-giant-telescope/
319[+] http://theredelephants.com//Austin Rucker
320[+] http://theredelephants.com/ben-garrison-banned-from-white-house-social-media-summit-because-a-powerful-jewish-organization-disapproved-of-him/
321[+] http://theredelephants.com/ben-garrison-banned-from-white-house-social-media-summit-because-a-powerful-jewish-organization-disapproved-of-him/
322[+] http://theredelephants.com//The Red Elephants
323[+] http://theredelephants.com/channels-that-have-been-censored-by-youtube/
324[+] http://theredelephants.com/channels-that-have-been-censored-by-youtube/
325[+] http://theredelephants.com//The Red Elephants
326[+] http://theredelephants.com/watch-bill-maher-calls-out-ny-times-writer-for-calling-for-blanket-gun-ban/
327[+] http://theredelephants.com/watch-bill-maher-calls-out-ny-times-writer-for-calling-for-blanket-gun-ban/
328[+] http://theredelephants.com//The Red Elephants
329[+] http://theredelephants.com/email-leaks-show-journalist-reportedly-emailed-chase-bank-to-get-conservatives-banned-and-it-worked/
330[+] http://theredelephants.com/email-leaks-show-journalist-reportedly-emailed-chase-bank-to-get-conservatives-banned-and-it-worked/
331[+] http://theredelephants.com//The Red Elephants
332[+] http://theredelephants.com/multiple-conservative-youtube-channels-banned-or-demonetized-after-vox-hist-complains-for-5-days-straight/
333[+] http://theredelephants.com/multiple-conservative-youtube-channels-banned-or-demonetized-after-vox-hist-complains-for-5-days-straight/
334[+] http://theredelephants.com//The Red Elephants
335[+] http://theredelephants.com///page/1/
336[+] http://theredelephants.com/
337[+] http://theredelephants.com//mailto:contact@theredelephants.com
338[+] http://theredelephants.com/articles/
339[+] http://theredelephants.com/trumpsupporters/
340[+] https://shop.theredelephants.com/
341[+] http://theredelephants.com/about/
342--------------------------------------------------
343[!] 12 External links Discovered
344[#] https://www.facebook.com/TheRealRedElephants
345[#] https://twitter.com/realredelephant
346[#] https://www.youtube.com/channel/UCNiNWbmPWehjpQohglWsKxw
347[#] https://www.patreon.com/TheRedElephants
348[#] https://www.facebook.com/TheRealRedElephants
349[#] https://twitter.com/realredelephant
350[#] https://www.youtube.com/channel/UCNiNWbmPWehjpQohglWsKxw
351[#] https://www.patreon.com/TheRedElephants
352[#] https://www.facebook.com/TheRealRedElephants
353[#] https://twitter.com/realredelephant
354[#] https://www.youtube.com/channel/UCNiNWbmPWehjpQohglWsKxw
355[#] https://www.patreon.com/TheRedElephants
356--------------------------------------------------
357[#] Mapping Subdomain..
358[!] Found 2 Subdomain
359- theredelephants.com
360- shop.theredelephants.com
361--------------------------------------------------
362[!] Done At 2019-10-31 22:48:11.343671
363######################################################################################################################################
364[i] Scanning Site: http://theredelephants.com
365
366
367
368B A S I C I N F O
369====================
370
371
372[+] Site Title: Home - The Red Elephants
373[+] IP address: 104.196.67.80
374[+] Web Server: nginx
375[+] CMS: WordPress
376[+] Cloudflare: Not Detected
377[+] Robots File: Found
378
379-------------[ contents ]----------------
380User-agent: *
381Disallow: /wp-admin/
382Allow: /wp-admin/admin-ajax.php
383
384-----------[end of contents]-------------
385
386
387
388W H O I S L O O K U P
389========================
390
391 Domain Name: THEREDELEPHANTS.COM
392 Registry Domain ID: 2073176903_DOMAIN_COM-VRSN
393 Registrar WHOIS Server: whois.godaddy.com
394 Registrar URL: http://www.godaddy.com
395 Updated Date: 2016-11-10T21:43:26Z
396 Creation Date: 2016-11-10T21:43:26Z
397 Registry Expiry Date: 2019-11-10T21:43:26Z
398 Registrar: GoDaddy.com, LLC
399 Registrar IANA ID: 146
400 Registrar Abuse Contact Email: abuse@godaddy.com
401 Registrar Abuse Contact Phone: 480-624-2505
402 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
403 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
404 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
405 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
406 Name Server: NS57.DOMAINCONTROL.COM
407 Name Server: NS58.DOMAINCONTROL.COM
408 DNSSEC: unsigned
409 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
410>>> Last update of whois database: 2019-11-01T02:47:47Z <<<
411
412For more information on Whois status codes, please visit https://icann.org/epp
413
414
415
416The Registry database contains ONLY .COM, .NET, .EDU domains and
417Registrars.
418
419
420
421
422G E O I P L O O K U P
423=========================
424
425[i] IP Address: 104.196.67.80
426[i] Country: United States
427[i] State: Virginia
428[i] City:
429[i] Latitude: 38.6583
430[i] Longitude: -77.2481
431
432
433
434
435H T T P H E A D E R S
436=======================
437
438
439[i] HTTP/1.1 200 OK
440[i] Server: nginx
441[i] Date: Fri, 01 Nov 2019 02:47:58 GMT
442[i] Content-Type: text/html; charset=UTF-8
443[i] Content-Length: 160245
444[i] Connection: close
445[i] Vary: Accept-Encoding
446[i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
447[i] Pragma: no-cache
448[i] Link: <http://theredelephants.com/wp-json/>; rel="https://api.w.org/"
449[i] Link: <http://theredelephants.com/>; rel=shortlink
450[i] X-Cacheable: SHORT
451[i] Vary: Accept-Encoding,Cookie
452[i] Cache-Control: max-age=600, must-revalidate
453[i] X-Cache: HIT: 29
454[i] X-Pass-Why:
455[i] X-Cache-Group: normal
456[i] Accept-Ranges: bytes
457
458
459
460
461D N S L O O K U P
462===================
463
464theredelephants.com. 599 IN A 104.196.67.80
465theredelephants.com. 3599 IN NS ns57.domaincontrol.com.
466theredelephants.com. 3599 IN NS ns58.domaincontrol.com.
467theredelephants.com. 599 IN SOA ns57.domaincontrol.com. dns.jomax.net. 2017032701 28800 7200 604800 600
468theredelephants.com. 599 IN MX 0 theredelephants-com.mail.protection.outlook.com.
469theredelephants.com. 599 IN TXT "NETORGFT2476217.onmicrosoft.com"
470theredelephants.com. 599 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
471
472
473
474
475S U B N E T C A L C U L A T I O N
476====================================
477
478Address = 104.196.67.80
479Network = 104.196.67.80 / 32
480Netmask = 255.255.255.255
481Broadcast = not needed on Point-to-Point links
482Wildcard Mask = 0.0.0.0
483Hosts Bits = 0
484Max. Hosts = 1 (2^0 - 0)
485Host Range = { 104.196.67.80 - 104.196.67.80 }
486
487
488
489N M A P P O R T S C A N
490============================
491
492Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-01 02:48 UTC
493Nmap scan report for theredelephants.com (104.196.67.80)
494Host is up (0.020s latency).
495rDNS record for 104.196.67.80: 80.67.196.104.bc.googleusercontent.com
496
497PORT STATE SERVICE
49821/tcp filtered ftp
49922/tcp filtered ssh
50023/tcp filtered telnet
50180/tcp open http
502110/tcp filtered pop3
503143/tcp filtered imap
504443/tcp open https
5053389/tcp filtered ms-wbt-server
506
507Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds
508
509
510
511S U B - D O M A I N F I N D E R
512==================================
513
514
515[i] Total Subdomains Found : 1
516
517[+] Subdomain: shop.theredelephants.com
518[-] IP: 23.227.38.32
519#######################################################################################################################################
520Trying "theredelephants.com"
521;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62744
522;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 2, ADDITIONAL: 4
523
524;; QUESTION SECTION:
525;theredelephants.com. IN ANY
526
527;; ANSWER SECTION:
528theredelephants.com. 600 IN TXT "NETORGFT2476217.onmicrosoft.com"
529theredelephants.com. 600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
530theredelephants.com. 600 IN MX 0 theredelephants-com.mail.protection.outlook.com.
531theredelephants.com. 600 IN SOA ns57.domaincontrol.com. dns.jomax.net. 2017032701 28800 7200 604800 600
532theredelephants.com. 600 IN A 104.196.67.80
533theredelephants.com. 3600 IN NS ns58.domaincontrol.com.
534theredelephants.com. 3600 IN NS ns57.domaincontrol.com.
535
536;; AUTHORITY SECTION:
537theredelephants.com. 3600 IN NS ns58.domaincontrol.com.
538theredelephants.com. 3600 IN NS ns57.domaincontrol.com.
539
540;; ADDITIONAL SECTION:
541ns57.domaincontrol.com. 3621 IN A 97.74.108.29
542ns57.domaincontrol.com. 26845 IN AAAA 2603:5:21c2::1d
543ns58.domaincontrol.com. 3621 IN A 173.201.76.29
544ns58.domaincontrol.com. 3621 IN AAAA 2603:5:22c2::1d
545
546Received 433 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 92 ms
547#######################################################################################################################################
548; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace theredelephants.com
549;; global options: +cmd
550. 79384 IN NS d.root-servers.net.
551. 79384 IN NS k.root-servers.net.
552. 79384 IN NS e.root-servers.net.
553. 79384 IN NS j.root-servers.net.
554. 79384 IN NS m.root-servers.net.
555. 79384 IN NS i.root-servers.net.
556. 79384 IN NS c.root-servers.net.
557. 79384 IN NS l.root-servers.net.
558. 79384 IN NS g.root-servers.net.
559. 79384 IN NS f.root-servers.net.
560. 79384 IN NS a.root-servers.net.
561. 79384 IN NS b.root-servers.net.
562. 79384 IN NS h.root-servers.net.
563. 79384 IN RRSIG NS 8 0 518400 20191113170000 20191031160000 22545 . IfUBOQoUHIRbNm2b3KTGaL5upJQoLwHH4igQyu7kit7b5XsTjuyflhN3 IeAHmFhARZgXRUNOU66o9G0BBCLxAt2YUDPkR67Ezp46h2Oj8LnDX4dx kf9hfydIC0+TeSGKknGXHtcMDCqqq6i4a9EHGsdJzEqczbrv4seI+mPc ima8SZzXdVYHWIIGWkCDyY3nw6lrTlc/jHX9mbBJm92bF+szVMwvblSM 52Yg5kJmrjB9oL6MEqjDMkJG97EhvC036EgM0oxdgDQNorKGDt/K99UU 6m3wqa1A0J1RpCZYFOhZSGiUbrwBEL3bQgfH0t9icmijpRVVKQbwGGhZ LDU8oQ==
564;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 29 ms
565
566com. 172800 IN NS j.gtld-servers.net.
567com. 172800 IN NS f.gtld-servers.net.
568com. 172800 IN NS c.gtld-servers.net.
569com. 172800 IN NS h.gtld-servers.net.
570com. 172800 IN NS e.gtld-servers.net.
571com. 172800 IN NS l.gtld-servers.net.
572com. 172800 IN NS a.gtld-servers.net.
573com. 172800 IN NS g.gtld-servers.net.
574com. 172800 IN NS b.gtld-servers.net.
575com. 172800 IN NS k.gtld-servers.net.
576com. 172800 IN NS i.gtld-servers.net.
577com. 172800 IN NS d.gtld-servers.net.
578com. 172800 IN NS m.gtld-servers.net.
579com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
580com. 86400 IN RRSIG DS 8 1 86400 20191113170000 20191031160000 22545 . UEC85qqrUaAML/8TSKs6971lvQAI0jCFAEamLCV2e5N/wnnY2xsUF3TE WBfBB7VByxpRzzB87NuWNGh9jf6wlx7pQQ/FidKxV+lk3LGDb6aqfM9A CRKlSm6xQb9k4Y21A2aOlDsHXdfJaKsUvw7AHS6WqBDBsh6AKuDCL5zm /E03UP2A8cDhVr1yNnvcY48il3JLAYsSMRviID/Q6lND446za6H3w2Li qaMoXg4s/pVj0uV8Sc9G4csWesgXXthQSy3nBe77DYca7vt89uN2eYFl TwTnCVYTkkNC67L0B95NRqRhMISAMgdoFCcfwAgPpWeWLEcd72EuJ/IW BWBSgA==
581;; Received 1207 bytes from 2001:500:2::c#53(c.root-servers.net) in 33 ms
582
583theredelephants.com. 172800 IN NS ns57.domaincontrol.com.
584theredelephants.com. 172800 IN NS ns58.domaincontrol.com.
585CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
586CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20191107054855 20191031033855 12163 com. cQ5/tMKyC7ucV22HS+QMAPEO3rdLxNCjeNwx/LdXh8tuE1KycSjtxHhG ZD3ee/5g8NQBM+mc8/4eKhjf9NHdj8Zm49SCZiBT534mfPYxihwpdeQ/ UySSyiUzvPZft90gDWgVBKDcMdw85gewP+6K7p7ER4uzgFj4EM1gkHYV DkY57Xzf0i97ltHlshv06YTvsexwbOCYT96bm5G1V+BLJw==
587M97KE90B3M0BFF7NJN4V43ONLA68I88N.com. 86400 IN NSEC3 1 1 0 - M97M99PVUO3IC50E5BMAJ36NQ9DFRAGU NS DS RRSIG
588M97KE90B3M0BFF7NJN4V43ONLA68I88N.com. 86400 IN RRSIG NSEC3 8 2 86400 20191105060009 20191029035009 12163 com. FYKjFMsJr6ckXCs+w1PCY5uwGPO9EfrHhrAqftTeO0Mh/XtKnI9lbGs9 myfBpitfBRzu1U/3jzbyqcUPV9G+X+lXANOzDneQiCKYComn4bRE3EXD wNSjx3svYhEE7fKAGz1a0hpTHjY0UwmeNkXvsiw0SXZjNUuSoOlSCSdD YVYTf4fIZcoGRfbQKFDDh3QgXMKTder5kXEMPXeExX/OEg==
589;; Received 737 bytes from 2001:503:d2d::30#53(k.gtld-servers.net) in 69 ms
590
591theredelephants.com. 600 IN A 104.196.67.80
592theredelephants.com. 3600 IN NS ns57.domaincontrol.com.
593theredelephants.com. 3600 IN NS ns58.domaincontrol.com.
594;; Received 116 bytes from 2603:5:22c2::1d#53(ns58.domaincontrol.com) in 31 ms
595######################################################################################################################################
596[*] Performing General Enumeration of Domain: theredelephants.com
597[-] DNSSEC is not configured for theredelephants.com
598[*] SOA ns57.domaincontrol.com 97.74.108.29
599[*] NS ns57.domaincontrol.com 97.74.108.29
600[*] NS ns57.domaincontrol.com 2603:5:21c2::1d
601[*] NS ns58.domaincontrol.com 173.201.76.29
602[*] NS ns58.domaincontrol.com 2603:5:22c2::1d
603[*] MX theredelephants-com.mail.protection.outlook.com 104.47.66.10
604[*] MX theredelephants-com.mail.protection.outlook.com 104.47.55.138
605[*] A theredelephants.com 104.196.67.80
606[*] TXT theredelephants.com v=spf1 include:spf.protection.outlook.com -all
607[*] TXT theredelephants.com NETORGFT2476217.onmicrosoft.com
608[*] Enumerating SRV Records
609[*] SRV _sip._tls.theredelephants.com sipdir.online.lync.com 52.112.67.51 443 1
610[*] SRV _sip._tls.theredelephants.com sipdir.online.lync.com 2603:1037:0:7::b 443 1
611[*] SRV _sipfederationtls._tcp.theredelephants.com sipfed.online.lync.com 52.112.64.11 5061 1
612[*] SRV _sipfederationtls._tcp.theredelephants.com sipfed.online.lync.com 2603:1037:0:a::b 5061 1
613[+] 4 Records Found
614######################################################################################################################################
615[*] Processing domain theredelephants.com
616[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
617[+] Getting nameservers
61897.74.108.29 - ns57.domaincontrol.com
619173.201.76.29 - ns58.domaincontrol.com
620[-] Zone transfer failed
621
622[+] TXT records found
623"v=spf1 include:spf.protection.outlook.com -all"
624"NETORGFT2476217.onmicrosoft.com"
625
626[+] MX records found, added to target list
6270 theredelephants-com.mail.protection.outlook.com.
628
629[*] Scanning theredelephants.com for A records
630104.196.67.80 - theredelephants.com
63152.96.24.216 - autodiscover.theredelephants.com
63240.97.128.40 - autodiscover.theredelephants.com
63352.96.20.216 - autodiscover.theredelephants.com
63452.96.41.152 - autodiscover.theredelephants.com
63540.97.166.168 - autodiscover.theredelephants.com
63640.97.146.232 - autodiscover.theredelephants.com
63752.96.12.184 - autodiscover.theredelephants.com
63840.97.147.24 - autodiscover.theredelephants.com
63968.178.252.20 - email.theredelephants.com
64072.167.218.45 - email.theredelephants.com
64197.74.135.45 - email.theredelephants.com
64245.40.130.40 - email.theredelephants.com
643173.201.192.148 - email.theredelephants.com
64472.167.218.183 - email.theredelephants.com
645173.201.193.148 - email.theredelephants.com
64668.178.252.148 - email.theredelephants.com
64745.40.140.6 - email.theredelephants.com
648173.201.192.5 - email.theredelephants.com
64945.40.130.41 - email.theredelephants.com
65068.178.252.5 - email.theredelephants.com
651173.201.193.20 - email.theredelephants.com
65272.167.218.173 - email.theredelephants.com
653173.201.192.133 - email.theredelephants.com
65468.178.252.133 - email.theredelephants.com
655173.201.193.5 - email.theredelephants.com
65672.167.218.55 - email.theredelephants.com
65797.74.135.148 - email.theredelephants.com
65897.74.135.133 - email.theredelephants.com
65997.74.135.55 - email.theredelephants.com
660173.201.193.133 - email.theredelephants.com
661173.201.192.20 - email.theredelephants.com
662104.196.67.80 - ftp.theredelephants.com
66352.112.65.206 - lyncdiscover.theredelephants.com
66440.126.3.32 - msoid.theredelephants.com
66540.126.3.33 - msoid.theredelephants.com
66620.190.131.98 - msoid.theredelephants.com
66720.190.131.97 - msoid.theredelephants.com
66840.126.3.34 - msoid.theredelephants.com
66940.126.3.98 - msoid.theredelephants.com
67040.126.3.97 - msoid.theredelephants.com
67140.126.3.35 - msoid.theredelephants.com
67223.227.38.32 - shop.theredelephants.com
67352.112.67.51 - sip.theredelephants.com
674104.196.67.80 - www.theredelephants.com
675######################################################################################################################################
676
677 AVAILABLE PLUGINS
678 -----------------
679
680 OpenSslCipherSuitesPlugin
681 CompressionPlugin
682 RobotPlugin
683 HeartbleedPlugin
684 OpenSslCcsInjectionPlugin
685 SessionRenegotiationPlugin
686 HttpHeadersPlugin
687 SessionResumptionPlugin
688 FallbackScsvPlugin
689 CertificateInfoPlugin
690 EarlyDataPlugin
691
692
693
694 CHECKING HOST(S) AVAILABILITY
695 -----------------------------
696
697 104.196.67.80:443 => 104.196.67.80
698
699
700
701
702 SCAN RESULTS FOR 104.196.67.80:443 - 104.196.67.80
703 --------------------------------------------------
704
705 * TLSV1_1 Cipher Suites:
706 Forward Secrecy OK - Supported
707 RC4 OK - Not Supported
708
709 Preferred:
710 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
711 Accepted:
712 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
713 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
714 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
715 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
716 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
717 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
718
719 * Deflate Compression:
720 OK - Compression disabled
721
722 * Certificate Information:
723 Content
724 SHA1 Fingerprint: c6a00220562bb921d359e1cb2f74e579da6eddd0
725 Common Name: *.wpengine.com
726 Issuer: RapidSSL RSA CA 2018
727 Serial Number: 6851373033688357139444286552416378126
728 Not Before: 2019-07-01 00:00:00
729 Not After: 2021-08-29 12:00:00
730 Signature Algorithm: sha256
731 Public Key Algorithm: RSA
732 Key Size: 2048
733 Exponent: 65537 (0x10001)
734 DNS Subject Alternative Names: ['*.wpengine.com', 'wpengine.com']
735
736 Trust
737 Hostname Validation: FAILED - Certificate does NOT match 104.196.67.80
738 Android CA Store (9.0.0_r9): OK - Certificate is trusted
739 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
740 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
741 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
742 Windows CA Store (2019-05-27): OK - Certificate is trusted
743 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
744 Received Chain: *.wpengine.com --> RapidSSL RSA CA 2018 --> DigiCert Global Root CA
745 Verified Chain: *.wpengine.com --> RapidSSL RSA CA 2018 --> DigiCert Global Root CA
746 Received Chain Contains Anchor: WARNING - Received certificate chain contains the anchor certificate
747 Received Chain Order: OK - Order is valid
748 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
749
750 Extensions
751 OCSP Must-Staple: NOT SUPPORTED - Extension not found
752 Certificate Transparency: OK - 3 SCTs included
753
754 OCSP Stapling
755 NOT SUPPORTED - Server did not send back an OCSP response
756
757 * TLSV1_2 Cipher Suites:
758 Forward Secrecy OK - Supported
759 RC4 OK - Not Supported
760
761 Preferred:
762 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
763 Accepted:
764 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
765 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
766 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
767 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
768 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
769 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
770 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
771 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
772 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
773 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
774 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
775 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
776 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
777 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
778 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
779 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
780 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
781 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
782
783 * TLSV1 Cipher Suites:
784 Server rejected all cipher suites.
785
786 * SSLV3 Cipher Suites:
787 Server rejected all cipher suites.
788
789 * TLS 1.2 Session Resumption Support:
790 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
791 With TLS Tickets: OK - Supported
792
793 * OpenSSL CCS Injection:
794 OK - Not vulnerable to OpenSSL CCS injection
795
796 * SSLV2 Cipher Suites:
797 Server rejected all cipher suites.
798
799 * Downgrade Attacks:
800 TLS_FALLBACK_SCSV: OK - Supported
801
802 * Session Renegotiation:
803 Client-initiated Renegotiation: OK - Rejected
804 Secure Renegotiation: OK - Supported
805
806 * TLSV1_3 Cipher Suites:
807 Server rejected all cipher suites.
808
809 * OpenSSL Heartbleed:
810 OK - Not vulnerable to Heartbleed
811
812 * ROBOT Attack:
813 OK - Not vulnerable
814
815
816 SCAN COMPLETED IN 22.39 S
817 -------------------------
818#######################################################################################################################################
819
820Domains still to check: 1
821 Checking if the hostname theredelephants.com. given is in fact a domain...
822
823Analyzing domain: theredelephants.com.
824 Checking NameServers using system default resolver...
825 IP: 97.74.108.29 (United States)
826 HostName: ns57.domaincontrol.com Type: NS
827 HostName: ns57.domaincontrol.com Type: PTR
828 IP: 173.201.76.29 (United States)
829 HostName: ns58.domaincontrol.com Type: NS
830 HostName: ns58.domaincontrol.com Type: PTR
831
832 Checking MailServers using system default resolver...
833 IP: 104.47.55.138 (United States)
834 HostName: theredelephants-com.mail.protection.outlook.com Type: MX
835 IP: 104.47.59.138 (United States)
836 HostName: theredelephants-com.mail.protection.outlook.com Type: MX
837
838 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
839 No zone transfer found on nameserver 173.201.76.29
840 No zone transfer found on nameserver 97.74.108.29
841
842 Checking SPF record...
843
844 Checking SPF record...
845 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
846 New IP found: 40.92.0.0
847 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
848 New IP found: 40.107.0.0
849 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
850 New IP found: 52.100.0.0
851 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
852 New IP found: 104.47.0.0
853 There are no IPv4 addresses in the SPF. Maybe IPv6.
854 There are no IPv4 addresses in the SPF. Maybe IPv6.
855
856 Checking 192 most common hostnames using system default resolver...
857 IP: 104.196.67.80 (United States)
858 HostName: www.theredelephants.com. Type: A
859 IP: 104.196.67.80 (United States)
860 HostName: www.theredelephants.com. Type: A
861 HostName: ftp.theredelephants.com. Type: A
862 HostName: 80.67.196.104.bc.googleusercontent.com Type: PTR
863
864 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
865 Checking netblock 52.100.0.0
866 Checking netblock 104.196.67.0
867 Checking netblock 104.47.0.0
868 Checking netblock 104.47.59.0
869 Checking netblock 104.47.55.0
870 Checking netblock 173.201.76.0
871 Checking netblock 40.107.0.0
872 Checking netblock 97.74.108.0
873 Checking netblock 40.92.0.0
874
875 Searching for theredelephants.com. emails in Google
876
877 Checking 9 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
878 Host 52.100.0.0 is up (reset ttl 64)
879 Host 104.196.67.80 is up (echo-reply ttl 51)
880 Host 104.47.0.0 is up (reset ttl 64)
881 Host 104.47.59.138 is up (reset ttl 64)
882 Host 104.47.55.138 is up (reset ttl 64)
883 Host 173.201.76.29 is up (reset ttl 64)
884 Host 40.107.0.0 is up (reset ttl 64)
885 Host 97.74.108.29 is up (echo-reply ttl 52)
886 Host 40.92.0.0 is up (reset ttl 64)
887
888 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
889 Scanning ip 52.100.0.0 ():
890 Scanning ip 104.196.67.80 (80.67.196.104.bc.googleusercontent.com (PTR)):
891 80/tcp open http syn-ack ttl 51 nginx
892 | http-methods:
893 |_ Supported Methods: GET HEAD
894 |_http-title: Site Not Configured | 404 Not Found
895 443/tcp open ssl/http syn-ack ttl 54 nginx
896 | http-methods:
897 |_ Supported Methods: GET HEAD
898 |_http-title: Site Not Configured | 404 Not Found
899 | ssl-cert: Subject: commonName=*.wpengine.com
900 | Subject Alternative Name: DNS:*.wpengine.com, DNS:wpengine.com
901 | Issuer: commonName=RapidSSL RSA CA 2018/organizationName=DigiCert Inc/countryName=US
902 | Public Key type: rsa
903 | Public Key bits: 2048
904 | Signature Algorithm: sha256WithRSAEncryption
905 | Not valid before: 2019-07-01T00:00:00
906 | Not valid after: 2021-08-29T12:00:00
907 | MD5: 9fff bbab 2815 9b3f f457 3795 1c89 ee05
908 |_SHA-1: c6a0 0220 562b b921 d359 e1cb 2f74 e579 da6e ddd0
909 |_ssl-date: TLS randomness does not represent time
910 | tls-alpn:
911 | h2
912 |_ http/1.1
913 | tls-nextprotoneg:
914 | h2
915 |_ http/1.1
916 Scanning ip 104.47.0.0 ():
917 Scanning ip 104.47.59.138 (theredelephants-com.mail.protection.outlook.com):
918 80/tcp open http syn-ack ttl 107 Microsoft IIS httpd 10.0
919 |_http-server-header: Microsoft-IIS/10.0
920 |_http-title: 403 - Forbidden: Access is denied.
921 443/tcp open ssl/http syn-ack ttl 107 Microsoft IIS httpd 10.0
922 | http-methods:
923 |_ Supported Methods: GET HEAD POST OPTIONS
924 |_http-server-header: Microsoft-IIS/10.0
925 |_http-title: Did not follow redirect to https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&ct=1572577995&rver=7.0.6737.0&wp=MBI_KEY&wreply=https:%2F%2F104.47.59.138%2Fecp%2F&id=500483
926 | ssl-cert: Subject: commonName=*.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=WA/countryName=US
927 | Subject Alternative Name: DNS:*.protection.outlook.com, DNS:*.admin.protection.outlook.com, DNS:*.dataservice.protection.outlook.com, DNS:*.internal.protection.outlook.com, DNS:quarantine.messaging.microsoft.com, DNS:*.ps.protection.outlook.com, DNS:*.compliance.protection.outlook.com, DNS:*.ps.compliance.protection.outlook.com, DNS:*.syncservice.protection.outlook.com, DNS:*.restapi.compliance.protection.outlook.com
928 | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
929 | Public Key type: rsa
930 | Public Key bits: 2048
931 | Signature Algorithm: sha256WithRSAEncryption
932 | Not valid before: 2018-01-06T14:28:38
933 | Not valid after: 2020-01-06T14:28:38
934 | MD5: 324f 717f 1ef8 de38 df02 ead7 91bc ad00
935 |_SHA-1: 565b fcc3 79fa 5021 d30f 80cb 7ace d382 5c22 1e3e
936 |_ssl-date: 2019-11-01T03:13:19+00:00; 0s from scanner time.
937 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
938 Scanning ip 104.47.55.138 (theredelephants-com.mail.protection.outlook.com):
939 80/tcp open http syn-ack ttl 107 Microsoft IIS httpd 10.0
940 |_http-server-header: Microsoft-IIS/10.0
941 |_http-title: 403 - Forbidden: Access is denied.
942 443/tcp open ssl/http syn-ack ttl 107 Microsoft IIS httpd 10.0
943 | http-methods:
944 |_ Supported Methods: GET HEAD POST OPTIONS
945 |_http-server-header: Microsoft-IIS/10.0
946 |_http-title: Did not follow redirect to https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&ct=1572578019&rver=7.0.6737.0&wp=MBI_KEY&wreply=https:%2F%2F104.47.55.138%2Fecp%2F&id=500483
947 | ssl-cert: Subject: commonName=*.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=WA/countryName=US
948 | Subject Alternative Name: DNS:*.protection.outlook.com, DNS:*.admin.protection.outlook.com, DNS:*.dataservice.protection.outlook.com, DNS:*.internal.protection.outlook.com, DNS:quarantine.messaging.microsoft.com, DNS:*.ps.protection.outlook.com, DNS:*.compliance.protection.outlook.com, DNS:*.ps.compliance.protection.outlook.com, DNS:*.syncservice.protection.outlook.com, DNS:*.restapi.compliance.protection.outlook.com
949 | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
950 | Public Key type: rsa
951 | Public Key bits: 2048
952 | Signature Algorithm: sha256WithRSAEncryption
953 | Not valid before: 2018-01-06T14:28:38
954 | Not valid after: 2020-01-06T14:28:38
955 | MD5: 324f 717f 1ef8 de38 df02 ead7 91bc ad00
956 |_SHA-1: 565b fcc3 79fa 5021 d30f 80cb 7ace d382 5c22 1e3e
957 |_ssl-date: 2019-11-01T03:13:42+00:00; 0s from scanner time.
958 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
959 Scanning ip 173.201.76.29 (ns58.domaincontrol.com (PTR)):
960 53/tcp open tcpwrapped syn-ack ttl 56
961 Scanning ip 40.107.0.0 ():
962 Scanning ip 97.74.108.29 (ns57.domaincontrol.com (PTR)):
963 53/tcp open tcpwrapped syn-ack ttl 56
964 Scanning ip 40.92.0.0 ():
965 WebCrawling domain's web servers... up to 50 max links.
966
967 + URL to crawl: http://www.theredelephants.com.
968 + Date: 2019-10-31
969
970 + Crawling URL: http://www.theredelephants.com.:
971 + Links:
972 + Crawling http://www.theredelephants.com.
973 + Crawling http://www.theredelephants.com./platform-api.sharethis.com (404 Not Found)
974 + Crawling http://www.theredelephants.com./fonts.googleapis.com (404 Not Found)
975 + Crawling http://www.theredelephants.com./s.w.org (404 Not Found)
976 + Crawling http://www.theredelephants.com./load.sumome.com/ (404 Not Found)
977 + Crawling http://www.theredelephants.com./
978 + Crawling http://www.theredelephants.com./The Red Elephants (404 Not Found)
979 + Crawling http://www.theredelephants.com./Austin Rucker (404 Not Found)
980 + Crawling http://www.theredelephants.com./page/1/
981 + Crawling http://www.theredelephants.com./page/1/The Red Elephants (404 Not Found)
982 + Crawling http://www.theredelephants.com./page/1/Austin Rucker (404 Not Found)
983 + Searching for directories...
984 - Found: http://www.theredelephants.com./load.sumome.com/
985 - Found: http://www.theredelephants.com./page/
986 - Found: http://www.theredelephants.com./page/1/
987 - Found: http://www.theredelephants.com./platform-api.sharethis.com/
988 - Found: http://www.theredelephants.com./platform-api.sharethis.com/js/
989 - Found: http://www.theredelephants.com./a.mailmunch.co/
990 - Found: http://www.theredelephants.com./a.mailmunch.co/app/
991 - Found: http://www.theredelephants.com./a.mailmunch.co/app/v1/
992 - Found: http://www.theredelephants.com./cdn.bannersnack.com/
993 - Found: http://www.theredelephants.com./cdn.bannersnack.com/iframe/
994 + Searching open folders...
995 - http://www.theredelephants.com./load.sumome.com/ (403 Forbidden)
996 - http://www.theredelephants.com./page/ (403 Forbidden)
997 - http://www.theredelephants.com./page/1/ (403 Forbidden)
998 - http://www.theredelephants.com./platform-api.sharethis.com/ (403 Forbidden)
999 - http://www.theredelephants.com./platform-api.sharethis.com/js/ (403 Forbidden)
1000 - http://www.theredelephants.com./a.mailmunch.co/ (403 Forbidden)
1001 - http://www.theredelephants.com./a.mailmunch.co/app/ (403 Forbidden)
1002 - http://www.theredelephants.com./a.mailmunch.co/app/v1/ (403 Forbidden)
1003 - http://www.theredelephants.com./cdn.bannersnack.com/ (403 Forbidden)
1004 - http://www.theredelephants.com./cdn.bannersnack.com/iframe/ (403 Forbidden)
1005 + Crawl finished successfully.
1006----------------------------------------------------------------------
1007Summary of http://http://www.theredelephants.com.
1008----------------------------------------------------------------------
1009+ Links crawled:
1010 - http://www.theredelephants.com.
1011 - http://www.theredelephants.com./
1012 - http://www.theredelephants.com./Austin Rucker (404 Not Found)
1013 - http://www.theredelephants.com./The Red Elephants (404 Not Found)
1014 - http://www.theredelephants.com./fonts.googleapis.com (404 Not Found)
1015 - http://www.theredelephants.com./load.sumome.com/ (404 Not Found)
1016 - http://www.theredelephants.com./page/1/
1017 - http://www.theredelephants.com./page/1/Austin Rucker (404 Not Found)
1018 - http://www.theredelephants.com./page/1/The Red Elephants (404 Not Found)
1019 - http://www.theredelephants.com./platform-api.sharethis.com (404 Not Found)
1020 - http://www.theredelephants.com./s.w.org (404 Not Found)
1021 Total links crawled: 11
1022
1023+ Links to files found:
1024 - http://www.theredelephants.com./a.mailmunch.co/app/v1/site.js
1025 - http://www.theredelephants.com./cdn.bannersnack.com/iframe/embed.js
1026 - http://www.theredelephants.com./platform-api.sharethis.com/js/sharethis.js
1027 Total links to files: 3
1028
1029+ Externals links found:
1030 - http://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&
1031 - http://html5shim.googlecode.com/svn/trunk/html5.js
1032 - http://theredelephants.com/
1033 - http://theredelephants.com/about/
1034 - http://theredelephants.com/articles/
1035 - http://theredelephants.com/ben-garrison-banned-from-white-house-social-media-summit-because-a-powerful-jewish-organization-disapproved-of-him/
1036 - http://theredelephants.com/black-student-savagely-attacks-white-student-media-silent-in-possible-hate-crime/
1037 - http://theredelephants.com/blacks-keep-attacking-and-killing-random-white-and-jewish-people-but-the-media-ignores-because-attackers-are-not-white-or-right-wing/
1038 - http://theredelephants.com/channels-that-have-been-censored-by-youtube/
1039 - http://theredelephants.com/comments/feed/
1040 - http://theredelephants.com/democrats-who-drove-up-price-of-gas-with-gas-tax-are-now-calling-for-investigation-into-why-the-price-is-so-high/
1041 - http://theredelephants.com/email-leaks-show-journalist-reportedly-emailed-chase-bank-to-get-conservatives-banned-and-it-worked/
1042 - http://theredelephants.com/feed/
1043 - http://theredelephants.com/green-hawaiian-mountain-seals-and-the-giant-telescope/
1044 - http://theredelephants.com/how-the-left-is-pushing-white-men-further-right/
1045 - http://theredelephants.com/joker-nihilism-despair-fatherlessness-hopelessness-and-the-failure-of-society/
1046 - http://theredelephants.com/multiple-conservative-youtube-channels-banned-or-demonetized-after-vox-hist-complains-for-5-days-straight/
1047 - http://theredelephants.com/sunny-hostin-falsely-claims-police-are-the-leading-cause-of-death-of-black-men-on-the-view/
1048 - http://theredelephants.com/the-deadliest-lynching-in-us-history-was-not-against-blacks-it-was-against-italian-americans/
1049 - http://theredelephants.com/trumpsupporters/
1050 - http://theredelephants.com/watch-bill-maher-calls-out-ny-times-writer-for-calling-for-blanket-gun-ban/
1051 - http://theredelephants.com/why-trump-needs-to-hire-douglas-macgregor-as-national-security-advisor-if-hes-seriously-america-first/
1052 - http://theredelephants.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
1053 - http://theredelephants.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
1054 - http://theredelephants.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.2
1055 - http://theredelephants.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css
1056 - http://theredelephants.com/wp-content/plugins/mashsharer/assets/css/mashsb.min.css?ver=3.6.3
1057 - http://theredelephants.com/wp-content/plugins/mashsharer/assets/js/mashsb.min.js?ver=3.6.3
1058 - http://theredelephants.com/wp-content/plugins/metronet-profile-picture/css/front-end-gutenberg.css?ver=2.1.3
1059 - http://theredelephants.com/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.min.js?ver=2.1.3
1060 - http://theredelephants.com/wp-content/plugins/theia-sticky-sidebar/js/theia-sticky-sidebar.js?ver=1.3.1
1061 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/addons/post-grid/css/css.css?ver=5.1.3
1062 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/assets/css/font-awesome.min.css?ver=5.1.3
1063 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/assets/css/front.css?ver=5.1.3
1064 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/css/animate.css?ver=5.1.3
1065 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/css/bootstrap.css?ver=5.1.3
1066 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/css/magnific-popup.css?ver=5.1.3
1067 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/js/imagesloaded.pkgd.min.js?ver=5.1.3
1068 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/js/isotope.pkgd.min.js?ver=5.1.3
1069 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/js/jquery.ddslick.min.js?ver=5.1.3
1070 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/js/megnific.js?ver=5.1.3
1071 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/js/owl.carousel.min.js?ver=5.1.3
1072 - http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/inc/../assets/js/script.js?ver=5.1.3
1073 - http://theredelephants.com/wp-content/plugins/wp-progression-player/assets/css/progression-player.css?ver=1.0.0
1074 - http://theredelephants.com/wp-content/themes/Newspaper/js/tagdiv_theme.min.js?ver=8.1.2
1075 - http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2
1076 - http://theredelephants.com/wp-content/uploads/2016/11/cropped-500x500-180x180.png
1077 - http://theredelephants.com/wp-content/uploads/2016/11/cropped-500x500-192x192.png
1078 - http://theredelephants.com/wp-content/uploads/2016/11/cropped-500x500-32x32.png
1079 - http://theredelephants.com/wp-content/uploads/2017/11/RE_web.png
1080 - http://theredelephants.com/wp-content/uploads/2017/11/foot.png
1081 - http://theredelephants.com/wp-content/uploads/2019/06/ghjhb.jpg
1082 - http://theredelephants.com/wp-content/uploads/2019/06/jhghjjh.jpg
1083 - http://theredelephants.com/wp-content/uploads/2019/06/kjhvvb.jpg
1084 - http://theredelephants.com/wp-content/uploads/2019/06/youtube-censored.jpg
1085 - http://theredelephants.com/wp-content/uploads/2019/07/jhgfd.jpg
1086 - http://theredelephants.com/wp-content/uploads/2019/08/Green-Hawaiian-Mountain-Seal.png
1087 - http://theredelephants.com/wp-content/uploads/2019/08/bhjhjjbjknjb.jpg
1088 - http://theredelephants.com/wp-content/uploads/2019/08/ghjvgk.jpg
1089 - http://theredelephants.com/wp-content/uploads/2019/09/Minneapolis-Cellphone-Robberies-Suspects-2.jpg
1090 - http://theredelephants.com/wp-content/uploads/2019/09/khkhj.jpg
1091 - http://theredelephants.com/wp-content/uploads/2019/09/kljbvjlb.jpg
1092 - http://theredelephants.com/wp-content/uploads/2019/10/cfhgvj.jpg
1093 - http://theredelephants.com/wp-content/uploads/2019/10/chgjh.jpg
1094 - http://theredelephants.com/wp-content/uploads/2019/10/hcgjvkblnbjnm-.jpg
1095 - http://theredelephants.com/wp-content/uploads/2019/10/jkjhhj.jpg
1096 - http://theredelephants.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.3
1097 - http://theredelephants.com/wp-includes/js/comment-reply.min.js?ver=5.1.3
1098 - http://theredelephants.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
1099 - http://theredelephants.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
1100 - http://theredelephants.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1
1101 - http://theredelephants.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.1.3
1102 - http://theredelephants.com/wp-includes/js/wp-embed.min.js?ver=5.1.3
1103 - http://theredelephants.com/wp-includes/wlwmanifest.xml
1104 - http://theredelephants.com/wp-json/
1105 - http://theredelephants.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Ftheredelephants.com%2F
1106 - http://theredelephants.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Ftheredelephants.com%2F&
1107 - http://theredelephants.com/xmlrpc.php
1108 - http://theredelephants.com/xmlrpc.php?rsd
1109 - http://theredelephants.com/youtube-caves-to-the-adl-removes-prominent-right-wing-channels/
1110 - https://shop.theredelephants.com/
1111 - https://twitter.com/realredelephant
1112 - https://www.facebook.com/TheRealRedElephants
1113 - https://www.patreon.com/TheRedElephants
1114 - https://www.youtube.com/channel/UCNiNWbmPWehjpQohglWsKxw
1115 Total external links: 85
1116
1117+ Email addresses found:
1118 Total email address found: 0
1119
1120+ Directories found:
1121 - http://www.theredelephants.com./a.mailmunch.co/ (403 Forbidden)
1122 - http://www.theredelephants.com./a.mailmunch.co/app/ (403 Forbidden)
1123 - http://www.theredelephants.com./a.mailmunch.co/app/v1/ (403 Forbidden)
1124 - http://www.theredelephants.com./cdn.bannersnack.com/ (403 Forbidden)
1125 - http://www.theredelephants.com./cdn.bannersnack.com/iframe/ (403 Forbidden)
1126 - http://www.theredelephants.com./load.sumome.com/ (403 Forbidden)
1127 - http://www.theredelephants.com./page/ (403 Forbidden)
1128 - http://www.theredelephants.com./page/1/ (403 Forbidden)
1129 - http://www.theredelephants.com./platform-api.sharethis.com/ (403 Forbidden)
1130 - http://www.theredelephants.com./platform-api.sharethis.com/js/ (403 Forbidden)
1131 Total directories: 10
1132
1133+ Directory indexing found:
1134 Total directories with indexing: 0
1135
1136----------------------------------------------------------------------
1137
1138
1139 + URL to crawl: http://ftp.theredelephants.com.
1140 + Date: 2019-10-31
1141
1142 + Crawling URL: http://ftp.theredelephants.com.:
1143 + Links:
1144 + Crawling http://ftp.theredelephants.com. (404 Not Found)
1145 + Searching for directories...
1146 + Searching open folders...
1147
1148
1149 + URL to crawl: https://www.theredelephants.com.
1150 + Date: 2019-10-31
1151
1152 + Crawling URL: https://www.theredelephants.com.:
1153 + Links:
1154 + Crawling https://www.theredelephants.com.
1155 + Searching for directories...
1156 + Searching open folders...
1157
1158
1159 + URL to crawl: https://ftp.theredelephants.com.
1160 + Date: 2019-10-31
1161
1162 + Crawling URL: https://ftp.theredelephants.com.:
1163 + Links:
1164 + Crawling https://ftp.theredelephants.com.
1165 + Searching for directories...
1166 + Searching open folders...
1167
1168
1169 + URL to crawl: http://theredelephants-com.mail.protection.outlook.com
1170 + Date: 2019-10-31
1171
1172 + Crawling URL: http://theredelephants-com.mail.protection.outlook.com:
1173 + Links:
1174 + Crawling http://theredelephants-com.mail.protection.outlook.com (403 Forbidden)
1175 + Searching for directories...
1176 + Searching open folders...
1177
1178
1179 + URL to crawl: https://theredelephants-com.mail.protection.outlook.com
1180 + Date: 2019-10-31
1181
1182 + Crawling URL: https://theredelephants-com.mail.protection.outlook.com:
1183 + Links:
1184 + Crawling https://theredelephants-com.mail.protection.outlook.com
1185 + Searching for directories...
1186 + Searching open folders...
1187
1188
1189 + URL to crawl: http://theredelephants-com.mail.protection.outlook.com
1190 + Date: 2019-10-31
1191
1192 + Crawling URL: http://theredelephants-com.mail.protection.outlook.com:
1193 + Links:
1194 + Crawling http://theredelephants-com.mail.protection.outlook.com (403 Forbidden)
1195 + Searching for directories...
1196 + Searching open folders...
1197
1198
1199 + URL to crawl: https://theredelephants-com.mail.protection.outlook.com
1200 + Date: 2019-10-31
1201
1202 + Crawling URL: https://theredelephants-com.mail.protection.outlook.com:
1203 + Links:
1204 + Crawling https://theredelephants-com.mail.protection.outlook.com
1205 + Searching for directories...
1206 + Searching open folders...
1207
1208--Finished--
1209Summary information for domain theredelephants.com.
1210-----------------------------------------
1211
1212 Domain Ips Information:
1213 IP: 52.100.0.0
1214 Type: SPF
1215 Is Active: True (reset ttl 64)
1216 IP: 104.196.67.80
1217 HostName: www.theredelephants.com. Type: A
1218 HostName: ftp.theredelephants.com. Type: A
1219 HostName: 80.67.196.104.bc.googleusercontent.com Type: PTR
1220 Country: United States
1221 Is Active: True (echo-reply ttl 51)
1222 Port: 80/tcp open http syn-ack ttl 51 nginx
1223 Script Info: | http-methods:
1224 Script Info: |_ Supported Methods: GET HEAD
1225 Script Info: |_http-title: Site Not Configured | 404 Not Found
1226 Port: 443/tcp open ssl/http syn-ack ttl 54 nginx
1227 Script Info: | http-methods:
1228 Script Info: |_ Supported Methods: GET HEAD
1229 Script Info: |_http-title: Site Not Configured | 404 Not Found
1230 Script Info: | ssl-cert: Subject: commonName=*.wpengine.com
1231 Script Info: | Subject Alternative Name: DNS:*.wpengine.com, DNS:wpengine.com
1232 Script Info: | Issuer: commonName=RapidSSL RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1233 Script Info: | Public Key type: rsa
1234 Script Info: | Public Key bits: 2048
1235 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1236 Script Info: | Not valid before: 2019-07-01T00:00:00
1237 Script Info: | Not valid after: 2021-08-29T12:00:00
1238 Script Info: | MD5: 9fff bbab 2815 9b3f f457 3795 1c89 ee05
1239 Script Info: |_SHA-1: c6a0 0220 562b b921 d359 e1cb 2f74 e579 da6e ddd0
1240 Script Info: |_ssl-date: TLS randomness does not represent time
1241 Script Info: | tls-alpn:
1242 Script Info: | h2
1243 Script Info: |_ http/1.1
1244 Script Info: | tls-nextprotoneg:
1245 Script Info: | h2
1246 Script Info: |_ http/1.1
1247 IP: 104.47.0.0
1248 Type: SPF
1249 Is Active: True (reset ttl 64)
1250 IP: 104.47.59.138
1251 HostName: theredelephants-com.mail.protection.outlook.com Type: MX
1252 Country: United States
1253 Is Active: True (reset ttl 64)
1254 Port: 80/tcp open http syn-ack ttl 107 Microsoft IIS httpd 10.0
1255 Script Info: |_http-server-header: Microsoft-IIS/10.0
1256 Script Info: |_http-title: 403 - Forbidden: Access is denied.
1257 Port: 443/tcp open ssl/http syn-ack ttl 107 Microsoft IIS httpd 10.0
1258 Script Info: | http-methods:
1259 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1260 Script Info: |_http-server-header: Microsoft-IIS/10.0
1261 Script Info: |_http-title: Did not follow redirect to https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&ct=1572577995&rver=7.0.6737.0&wp=MBI_KEY&wreply=https:%2F%2F104.47.59.138%2Fecp%2F&id=500483
1262 Script Info: | ssl-cert: Subject: commonName=*.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=WA/countryName=US
1263 Script Info: | Subject Alternative Name: DNS:*.protection.outlook.com, DNS:*.admin.protection.outlook.com, DNS:*.dataservice.protection.outlook.com, DNS:*.internal.protection.outlook.com, DNS:quarantine.messaging.microsoft.com, DNS:*.ps.protection.outlook.com, DNS:*.compliance.protection.outlook.com, DNS:*.ps.compliance.protection.outlook.com, DNS:*.syncservice.protection.outlook.com, DNS:*.restapi.compliance.protection.outlook.com
1264 Script Info: | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1265 Script Info: | Public Key type: rsa
1266 Script Info: | Public Key bits: 2048
1267 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1268 Script Info: | Not valid before: 2018-01-06T14:28:38
1269 Script Info: | Not valid after: 2020-01-06T14:28:38
1270 Script Info: | MD5: 324f 717f 1ef8 de38 df02 ead7 91bc ad00
1271 Script Info: |_SHA-1: 565b fcc3 79fa 5021 d30f 80cb 7ace d382 5c22 1e3e
1272 Script Info: |_ssl-date: 2019-11-01T03:13:19+00:00; 0s from scanner time.
1273 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1274 IP: 104.47.55.138
1275 HostName: theredelephants-com.mail.protection.outlook.com Type: MX
1276 Country: United States
1277 Is Active: True (reset ttl 64)
1278 Port: 80/tcp open http syn-ack ttl 107 Microsoft IIS httpd 10.0
1279 Script Info: |_http-server-header: Microsoft-IIS/10.0
1280 Script Info: |_http-title: 403 - Forbidden: Access is denied.
1281 Port: 443/tcp open ssl/http syn-ack ttl 107 Microsoft IIS httpd 10.0
1282 Script Info: | http-methods:
1283 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1284 Script Info: |_http-server-header: Microsoft-IIS/10.0
1285 Script Info: |_http-title: Did not follow redirect to https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&ct=1572578019&rver=7.0.6737.0&wp=MBI_KEY&wreply=https:%2F%2F104.47.55.138%2Fecp%2F&id=500483
1286 Script Info: | ssl-cert: Subject: commonName=*.protection.outlook.com/organizationName=Microsoft Corporation/stateOrProvinceName=WA/countryName=US
1287 Script Info: | Subject Alternative Name: DNS:*.protection.outlook.com, DNS:*.admin.protection.outlook.com, DNS:*.dataservice.protection.outlook.com, DNS:*.internal.protection.outlook.com, DNS:quarantine.messaging.microsoft.com, DNS:*.ps.protection.outlook.com, DNS:*.compliance.protection.outlook.com, DNS:*.ps.compliance.protection.outlook.com, DNS:*.syncservice.protection.outlook.com, DNS:*.restapi.compliance.protection.outlook.com
1288 Script Info: | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
1289 Script Info: | Public Key type: rsa
1290 Script Info: | Public Key bits: 2048
1291 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1292 Script Info: | Not valid before: 2018-01-06T14:28:38
1293 Script Info: | Not valid after: 2020-01-06T14:28:38
1294 Script Info: | MD5: 324f 717f 1ef8 de38 df02 ead7 91bc ad00
1295 Script Info: |_SHA-1: 565b fcc3 79fa 5021 d30f 80cb 7ace d382 5c22 1e3e
1296 Script Info: |_ssl-date: 2019-11-01T03:13:42+00:00; 0s from scanner time.
1297 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1298 IP: 173.201.76.29
1299 HostName: ns58.domaincontrol.com Type: NS
1300 HostName: ns58.domaincontrol.com Type: PTR
1301 Country: United States
1302 Is Active: True (reset ttl 64)
1303 Port: 53/tcp open tcpwrapped syn-ack ttl 56
1304 IP: 40.107.0.0
1305 Type: SPF
1306 Is Active: True (reset ttl 64)
1307 IP: 97.74.108.29
1308 HostName: ns57.domaincontrol.com Type: NS
1309 HostName: ns57.domaincontrol.com Type: PTR
1310 Country: United States
1311 Is Active: True (echo-reply ttl 52)
1312 Port: 53/tcp open tcpwrapped syn-ack ttl 56
1313 IP: 40.92.0.0
1314 Type: SPF
1315 Is Active: True (reset ttl 64)
1316#######################################################################################################################################
1317Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 22:56 EDT
1318Nmap scan report for 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1319Host is up (0.068s latency).
1320Not shown: 994 filtered ports, 3 closed ports
1321Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1322PORT STATE SERVICE
132380/tcp open http
1324443/tcp open https
13252222/tcp open EtherNetIP-1
1326
1327Nmap done: 1 IP address (1 host up) scanned in 8.62 seconds
1328######################################################################################################################################
1329Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 22:56 EDT
1330Nmap scan report for 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1331Host is up (0.039s latency).
1332Not shown: 2 filtered ports
1333PORT STATE SERVICE
133453/udp open|filtered domain
133567/udp open|filtered dhcps
133668/udp open|filtered dhcpc
133769/udp open|filtered tftp
133888/udp open|filtered kerberos-sec
1339123/udp open|filtered ntp
1340139/udp open|filtered netbios-ssn
1341161/udp open|filtered snmp
1342162/udp open|filtered snmptrap
1343389/udp open|filtered ldap
1344500/udp open|filtered isakmp
1345520/udp open|filtered route
13462049/udp open|filtered nfs
1347
1348Nmap done: 1 IP address (1 host up) scanned in 1.86 seconds
1349######################################################################################################################################
1350https://my.wpengine.com/support
1351http://wpengine.com/support/add-domain-in-user-portal/
1352http://wpengine.com/support/find-ip/
1353http://www.wpengine.com
1354######################################################################################################################################
1355http://104.196.67.80 [404 Not Found] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[104.196.67.80], Title[Site Not Configured | 404 Not Found], probably WordPress, nginx
1356######################################################################################################################################
1357
1358wig - WebApp Information Gatherer
1359
1360
1361Scanning http://104.196.67.80...
1362_________________ SITE INFO __________________
1363IP Title
1364104.196.67.80 Site Not Configured | 404 No
1365
1366__________________ VERSION ___________________
1367Name Versions Type
1368nginx Platform
1369
1370______________________________________________
1371Time: 12.8 sec Urls: 599 Fingerprints: 40401
1372#######################################################################################################################################
1373Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 22:57 EDT
1374NSE: Loaded 163 scripts for scanning.
1375NSE: Script Pre-scanning.
1376Initiating NSE at 22:57
1377Completed NSE at 22:57, 0.00s elapsed
1378Initiating NSE at 22:57
1379Completed NSE at 22:57, 0.00s elapsed
1380Initiating Parallel DNS resolution of 1 host. at 22:57
1381Completed Parallel DNS resolution of 1 host. at 22:57, 0.02s elapsed
1382Initiating SYN Stealth Scan at 22:57
1383Scanning 80.67.196.104.bc.googleusercontent.com (104.196.67.80) [1 port]
1384Discovered open port 80/tcp on 104.196.67.80
1385Completed SYN Stealth Scan at 22:57, 0.08s elapsed (1 total ports)
1386Initiating Service scan at 22:57
1387Scanning 1 service on 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1388Completed Service scan at 22:57, 6.10s elapsed (1 service on 1 host)
1389Initiating OS detection (try #1) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1390Retrying OS detection (try #2) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1391Initiating Traceroute at 22:57
1392Completed Traceroute at 22:57, 3.10s elapsed
1393Initiating Parallel DNS resolution of 12 hosts. at 22:57
1394Completed Parallel DNS resolution of 12 hosts. at 22:57, 5.99s elapsed
1395NSE: Script scanning 104.196.67.80.
1396Initiating NSE at 22:57
1397Completed NSE at 22:58, 24.90s elapsed
1398Initiating NSE at 22:58
1399Completed NSE at 22:58, 0.37s elapsed
1400Nmap scan report for 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1401Host is up (0.083s latency).
1402
1403PORT STATE SERVICE VERSION
140480/tcp open http nginx
1405| http-brute:
1406|_ Path "/" does not require authentication
1407|_http-chrono: Request times for /; avg: 285.64ms; min: 221.08ms; max: 341.52ms
1408|_http-csrf: Couldn't find any CSRF vulnerabilities.
1409|_http-date: Fri, 01 Nov 2019 02:57:56 GMT; 0s from local time.
1410|_http-devframework: Wordpress detected. Found common traces on /
1411|_http-dombased-xss: Couldn't find any DOM based XSS.
1412|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1413| http-errors:
1414| Spidering limited to: maxpagecount=40; withinhost=80.67.196.104.bc.googleusercontent.com
1415| Found the following error pages:
1416|
1417| Error Code: 404
1418|_ http://80.67.196.104.bc.googleusercontent.com:80/
1419|_http-feed: Couldn't find any feeds.
1420|_http-fetch: Please enter the complete path of the directory to save data in.
1421| http-headers:
1422| Server: nginx
1423| Date: Fri, 01 Nov 2019 02:57:57 GMT
1424| Content-Type: text/html
1425| Content-Length: 2082
1426| Connection: close
1427| Vary: Accept-Encoding
1428| ETag: "5db10252-822"
1429|
1430|_ (Request type: GET)
1431|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1432| http-methods:
1433|_ Supported Methods: GET HEAD
1434|_http-mobileversion-checker: No mobile version detected.
1435|_http-security-headers:
1436| http-sitemap-generator:
1437| Directory structure:
1438| Longest directory structure:
1439| Depth: 0
1440| Dir: /
1441| Total files found (by extension):
1442|_
1443|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1444|_http-title: Site Not Configured | 404 Not Found
1445| http-vhosts:
1446|_127 names had status 404
1447|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1448|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1449|_http-xssed: No previously reported XSS vuln.
1450| vulscan: VulDB - https://vuldb.com:
1451| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1452| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1453| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1454| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1455| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1456| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1457| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1458| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1459| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1460| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1461| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1462| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1463| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1464| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1465| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1466| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1467| [67677] nginx up to 1.7.3 SSL weak authentication
1468| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1469| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1470| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1471| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1472| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1473| [8671] nginx up to 1.4 proxy_pass denial of service
1474| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1475| [7247] nginx 1.2.6 Proxy Function spoofing
1476| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1477| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1478| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1479| [59645] nginx up to 0.8.9 Heap-based memory corruption
1480| [53592] nginx 0.8.36 memory corruption
1481| [53590] nginx up to 0.8.9 unknown vulnerability
1482| [51533] nginx 0.7.64 Terminal privilege escalation
1483| [50905] nginx up to 0.8.9 directory traversal
1484| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1485| [50043] nginx up to 0.8.10 memory corruption
1486|
1487| MITRE CVE - https://cve.mitre.org:
1488| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1489| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1490| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1491| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1492| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1493| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1494| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1495| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1496| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1497| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1498| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1499| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1500| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1501|
1502| SecurityFocus - https://www.securityfocus.com/bid/:
1503| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1504| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1505| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1506| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1507| [82230] nginx Multiple Denial of Service Vulnerabilities
1508| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1509| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1510| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1511| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1512| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1513| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1514| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1515| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1516| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1517| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1518| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1519| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1520| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1521| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1522| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1523| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1524| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1525| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1526| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1527| [40420] nginx Directory Traversal Vulnerability
1528| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1529| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1530| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1531| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1532| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1533|
1534| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1535| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1536| [84172] nginx denial of service
1537| [84048] nginx buffer overflow
1538| [83923] nginx ngx_http_close_connection() integer overflow
1539| [83688] nginx null byte code execution
1540| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1541| [82319] nginx access.log information disclosure
1542| [80952] nginx SSL spoofing
1543| [77244] nginx and Microsoft Windows request security bypass
1544| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1545| [74831] nginx ngx_http_mp4_module.c buffer overflow
1546| [74191] nginx ngx_cpystrn() information disclosure
1547| [74045] nginx header response information disclosure
1548| [71355] nginx ngx_resolver_copy() buffer overflow
1549| [59370] nginx characters denial of service
1550| [59369] nginx DATA source code disclosure
1551| [59047] nginx space source code disclosure
1552| [58966] nginx unspecified directory traversal
1553| [54025] nginx ngx_http_parse.c denial of service
1554| [53431] nginx WebDAV component directory traversal
1555| [53328] Nginx CRC-32 cached domain name spoofing
1556| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1557|
1558| Exploit-DB - https://www.exploit-db.com:
1559| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1560| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1561| [25499] nginx 1.3.9-1.4.0 DoS PoC
1562| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1563| [14830] nginx 0.6.38 - Heap Corruption Exploit
1564| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1565| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1566| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1567| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1568| [9829] nginx 0.7.61 WebDAV directory traversal
1569|
1570| OpenVAS (Nessus) - http://www.openvas.org:
1571| [864418] Fedora Update for nginx FEDORA-2012-3846
1572| [864310] Fedora Update for nginx FEDORA-2012-6238
1573| [864209] Fedora Update for nginx FEDORA-2012-6411
1574| [864204] Fedora Update for nginx FEDORA-2012-6371
1575| [864121] Fedora Update for nginx FEDORA-2012-4006
1576| [864115] Fedora Update for nginx FEDORA-2012-3991
1577| [864065] Fedora Update for nginx FEDORA-2011-16075
1578| [863654] Fedora Update for nginx FEDORA-2011-16110
1579| [861232] Fedora Update for nginx FEDORA-2007-1158
1580| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1581| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1582| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1583| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1584| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1585| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1586| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1587| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1588| [100659] nginx Directory Traversal Vulnerability
1589| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1590| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1591| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1592| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1593| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1594| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1595| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1596| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1597| [71297] FreeBSD Ports: nginx
1598| [71276] FreeBSD Ports: nginx
1599| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1600| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1601| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1602| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1603| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1604| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1605| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1606| [64894] FreeBSD Ports: nginx
1607| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1608|
1609| SecurityTracker - https://www.securitytracker.com:
1610| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1611| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1612| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1613| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1614|
1615| OSVDB - http://www.osvdb.org:
1616| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1617| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1618| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1619| [92796] nginx ngx_http_close_connection Function Crafted r->
1620| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1621| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1622| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1623| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1624| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1625| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1626| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1627| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1628| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1629| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1630| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1631| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1632| [62617] nginx Internal DNS Cache Poisoning Weakness
1633| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1634| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1635| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1636| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1637| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1638| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1639| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1640| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1641| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1642| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1643|_
1644Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1645Aggressive OS guesses: Crestron XPanel control system (90%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.16 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
1646No exact OS matches for host (test conditions non-ideal).
1647Network Distance: 21 hops
1648TCP Sequence Prediction: Difficulty=259 (Good luck!)
1649IP ID Sequence Generation: All zeros
1650
1651TRACEROUTE (using port 80/tcp)
1652HOP RTT ADDRESS
16531 63.44 ms 10.253.204.1
16542 84.79 ms vlan102.as04.qc1.ca.m247.com (176.113.74.145)
16553 84.82 ms irb-0.agg2.qc1.ca.m247.com (83.97.21.80)
16564 84.79 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
16575 84.82 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
16586 84.85 ms 209.85.149.230
16597 84.85 ms 108.170.251.5
16608 84.88 ms 108.170.235.210
16619 84.90 ms 108.177.3.53
166210 45.00 ms 209.85.255.244
166311 59.60 ms 216.239.35.181
166412 ... 20
166521 106.69 ms 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1666
1667NSE: Script Post-scanning.
1668Initiating NSE at 22:58
1669Completed NSE at 22:58, 0.00s elapsed
1670Initiating NSE at 22:58
1671Completed NSE at 22:58, 0.00s elapsed
1672######################################################################################################################################
1673https://104.196.67.80 [404 Not Found] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[104.196.67.80], Title[Site Not Configured | 404 Not Found], probably WordPress, nginx
1674######################################################################################################################################
1675Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 22:59 EDT
1676NSE: Loaded 163 scripts for scanning.
1677NSE: Script Pre-scanning.
1678Initiating NSE at 22:59
1679Completed NSE at 22:59, 0.00s elapsed
1680Initiating NSE at 22:59
1681Completed NSE at 22:59, 0.00s elapsed
1682Initiating Parallel DNS resolution of 1 host. at 22:59
1683Completed Parallel DNS resolution of 1 host. at 22:59, 0.03s elapsed
1684Initiating SYN Stealth Scan at 22:59
1685Scanning 80.67.196.104.bc.googleusercontent.com (104.196.67.80) [1 port]
1686Discovered open port 443/tcp on 104.196.67.80
1687Completed SYN Stealth Scan at 22:59, 0.09s elapsed (1 total ports)
1688Initiating Service scan at 22:59
1689Scanning 1 service on 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1690Completed Service scan at 22:59, 12.71s elapsed (1 service on 1 host)
1691Initiating OS detection (try #1) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1692Retrying OS detection (try #2) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1693Initiating Traceroute at 22:59
1694Completed Traceroute at 22:59, 3.08s elapsed
1695Initiating Parallel DNS resolution of 12 hosts. at 22:59
1696Completed Parallel DNS resolution of 12 hosts. at 22:59, 2.70s elapsed
1697NSE: Script scanning 104.196.67.80.
1698Initiating NSE at 22:59
1699Completed NSE at 23:00, 60.87s elapsed
1700Initiating NSE at 23:00
1701Completed NSE at 23:00, 0.88s elapsed
1702Nmap scan report for 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1703Host is up (0.086s latency).
1704
1705PORT STATE SERVICE VERSION
1706443/tcp open ssl/http nginx
1707| http-brute:
1708|_ Path "/" does not require authentication
1709|_http-chrono: Request times for /; avg: 394.65ms; min: 344.33ms; max: 445.33ms
1710|_http-csrf: Couldn't find any CSRF vulnerabilities.
1711|_http-date: Fri, 01 Nov 2019 02:59:41 GMT; -1s from local time.
1712|_http-devframework: Wordpress detected. Found common traces on /
1713|_http-dombased-xss: Couldn't find any DOM based XSS.
1714|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1715| http-errors:
1716| Spidering limited to: maxpagecount=40; withinhost=80.67.196.104.bc.googleusercontent.com
1717| Found the following error pages:
1718|
1719| Error Code: 404
1720|_ https://80.67.196.104.bc.googleusercontent.com:443/
1721|_http-feed: Couldn't find any feeds.
1722|_http-fetch: Please enter the complete path of the directory to save data in.
1723| http-headers:
1724| Server: nginx
1725| Date: Fri, 01 Nov 2019 02:59:42 GMT
1726| Content-Type: text/html
1727| Content-Length: 2082
1728| Connection: close
1729| Vary: Accept-Encoding
1730| Vary: Accept-Encoding
1731| ETag: "5db10252-822"
1732|
1733|_ (Request type: GET)
1734|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1735| http-methods:
1736|_ Supported Methods: GET HEAD
1737|_http-mobileversion-checker: No mobile version detected.
1738| http-security-headers:
1739| Strict_Transport_Security:
1740|_ HSTS not configured in HTTPS Server
1741| http-sitemap-generator:
1742| Directory structure:
1743| Longest directory structure:
1744| Depth: 0
1745| Dir: /
1746| Total files found (by extension):
1747|_
1748|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1749|_http-title: Site Not Configured | 404 Not Found
1750| http-vhosts:
1751|_127 names had status 404
1752|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1753|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1754|_http-xssed: No previously reported XSS vuln.
1755| vulscan: VulDB - https://vuldb.com:
1756| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1757| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1758| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1759| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1760| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1761| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1762| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1763| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1764| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1765| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1766| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1767| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1768| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1769| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1770| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1771| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1772| [67677] nginx up to 1.7.3 SSL weak authentication
1773| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1774| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1775| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1776| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1777| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1778| [8671] nginx up to 1.4 proxy_pass denial of service
1779| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1780| [7247] nginx 1.2.6 Proxy Function spoofing
1781| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1782| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1783| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1784| [59645] nginx up to 0.8.9 Heap-based memory corruption
1785| [53592] nginx 0.8.36 memory corruption
1786| [53590] nginx up to 0.8.9 unknown vulnerability
1787| [51533] nginx 0.7.64 Terminal privilege escalation
1788| [50905] nginx up to 0.8.9 directory traversal
1789| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1790| [50043] nginx up to 0.8.10 memory corruption
1791|
1792| MITRE CVE - https://cve.mitre.org:
1793| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1794| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1795| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1796| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1797| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1798| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1799| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1800| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1801| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1802| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1803| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1804| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1805| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1806|
1807| SecurityFocus - https://www.securityfocus.com/bid/:
1808| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1809| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1810| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1811| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1812| [82230] nginx Multiple Denial of Service Vulnerabilities
1813| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1814| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1815| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1816| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1817| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1818| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1819| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1820| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1821| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1822| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1823| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1824| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1825| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1826| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1827| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1828| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1829| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1830| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1831| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1832| [40420] nginx Directory Traversal Vulnerability
1833| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1834| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1835| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1836| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1837| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1838|
1839| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1840| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1841| [84172] nginx denial of service
1842| [84048] nginx buffer overflow
1843| [83923] nginx ngx_http_close_connection() integer overflow
1844| [83688] nginx null byte code execution
1845| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1846| [82319] nginx access.log information disclosure
1847| [80952] nginx SSL spoofing
1848| [77244] nginx and Microsoft Windows request security bypass
1849| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1850| [74831] nginx ngx_http_mp4_module.c buffer overflow
1851| [74191] nginx ngx_cpystrn() information disclosure
1852| [74045] nginx header response information disclosure
1853| [71355] nginx ngx_resolver_copy() buffer overflow
1854| [59370] nginx characters denial of service
1855| [59369] nginx DATA source code disclosure
1856| [59047] nginx space source code disclosure
1857| [58966] nginx unspecified directory traversal
1858| [54025] nginx ngx_http_parse.c denial of service
1859| [53431] nginx WebDAV component directory traversal
1860| [53328] Nginx CRC-32 cached domain name spoofing
1861| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1862|
1863| Exploit-DB - https://www.exploit-db.com:
1864| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1865| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1866| [25499] nginx 1.3.9-1.4.0 DoS PoC
1867| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1868| [14830] nginx 0.6.38 - Heap Corruption Exploit
1869| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1870| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1871| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1872| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1873| [9829] nginx 0.7.61 WebDAV directory traversal
1874|
1875| OpenVAS (Nessus) - http://www.openvas.org:
1876| [864418] Fedora Update for nginx FEDORA-2012-3846
1877| [864310] Fedora Update for nginx FEDORA-2012-6238
1878| [864209] Fedora Update for nginx FEDORA-2012-6411
1879| [864204] Fedora Update for nginx FEDORA-2012-6371
1880| [864121] Fedora Update for nginx FEDORA-2012-4006
1881| [864115] Fedora Update for nginx FEDORA-2012-3991
1882| [864065] Fedora Update for nginx FEDORA-2011-16075
1883| [863654] Fedora Update for nginx FEDORA-2011-16110
1884| [861232] Fedora Update for nginx FEDORA-2007-1158
1885| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1886| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1887| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1888| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1889| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1890| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1891| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1892| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1893| [100659] nginx Directory Traversal Vulnerability
1894| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1895| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1896| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1897| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1898| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1899| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1900| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1901| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1902| [71297] FreeBSD Ports: nginx
1903| [71276] FreeBSD Ports: nginx
1904| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1905| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1906| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1907| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1908| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1909| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1910| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1911| [64894] FreeBSD Ports: nginx
1912| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1913|
1914| SecurityTracker - https://www.securitytracker.com:
1915| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1916| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1917| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1918| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1919|
1920| OSVDB - http://www.osvdb.org:
1921| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1922| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1923| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1924| [92796] nginx ngx_http_close_connection Function Crafted r->
1925| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1926| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1927| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1928| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1929| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1930| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1931| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1932| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1933| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1934| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1935| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1936| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1937| [62617] nginx Internal DNS Cache Poisoning Weakness
1938| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1939| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1940| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1941| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1942| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1943| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1944| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1945| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1946| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1947| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1948|_
1949Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1950Aggressive OS guesses: Crestron XPanel control system (90%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.16 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
1951No exact OS matches for host (test conditions non-ideal).
1952Network Distance: 21 hops
1953TCP Sequence Prediction: Difficulty=258 (Good luck!)
1954IP ID Sequence Generation: All zeros
1955
1956TRACEROUTE (using port 443/tcp)
1957HOP RTT ADDRESS
19581 24.05 ms 10.253.204.1
19592 47.88 ms vlan102.as04.qc1.ca.m247.com (176.113.74.145)
19603 47.90 ms irb-0.agg2.qc1.ca.m247.com (83.97.21.80)
19614 47.88 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
19625 70.49 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
19636 47.92 ms 209.85.149.230
19647 47.94 ms 108.170.251.18
19658 47.96 ms 74.125.37.198
19669 47.98 ms 216.239.57.249
196710 70.55 ms 216.239.40.20
196811 59.89 ms 72.14.234.121
196912 ... 20
197021 107.47 ms 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
1971
1972NSE: Script Post-scanning.
1973Initiating NSE at 23:00
1974Completed NSE at 23:00, 0.00s elapsed
1975Initiating NSE at 23:00
1976Completed NSE at 23:00, 0.00s elapsed
1977#######################################################################################################################################
1978Version: 1.11.13-static
1979OpenSSL 1.0.2-chacha (1.0.2g-dev)
1980
1981Connected to 104.196.67.80
1982
1983Testing SSL server 104.196.67.80 on port 443 using SNI name 104.196.67.80
1984
1985 TLS Fallback SCSV:
1986Server supports TLS Fallback SCSV
1987
1988 TLS renegotiation:
1989Session renegotiation not supported
1990
1991 TLS Compression:
1992Compression disabled
1993
1994 Heartbleed:
1995TLS 1.2 not vulnerable to heartbleed
1996TLS 1.1 not vulnerable to heartbleed
1997TLS 1.0 not vulnerable to heartbleed
1998
1999 Supported Server Cipher(s):
2000Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2001Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2002Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2003Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2004Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2005Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2006Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2007Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2008Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2009Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2010Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
2011Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2012Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2013Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2014Accepted TLSv1.2 256 bits AES256-SHA256
2015Accepted TLSv1.2 256 bits AES256-SHA
2016Accepted TLSv1.2 128 bits AES128-SHA256
2017Accepted TLSv1.2 128 bits AES128-SHA
2018Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2019Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2020Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2021Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2022Accepted TLSv1.1 256 bits AES256-SHA
2023Accepted TLSv1.1 128 bits AES128-SHA
2024
2025 SSL Certificate:
2026Signature Algorithm: sha256WithRSAEncryption
2027RSA Key Strength: 2048
2028
2029Subject: *.wpengine.com
2030Altnames: DNS:*.wpengine.com, DNS:wpengine.com
2031Issuer: RapidSSL RSA CA 2018
2032
2033Not valid before: Jul 1 00:00:00 2019 GMT
2034Not valid after: Aug 29 12:00:00 2021 GMT
2035######################################################################################################################################
2036Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 23:02 EDT
2037NSE: Loaded 47 scripts for scanning.
2038NSE: Script Pre-scanning.
2039Initiating NSE at 23:02
2040Completed NSE at 23:02, 0.00s elapsed
2041Initiating NSE at 23:02
2042Completed NSE at 23:02, 0.00s elapsed
2043Initiating Ping Scan at 23:02
2044Scanning 104.196.67.80 [4 ports]
2045Completed Ping Scan at 23:02, 0.08s elapsed (1 total hosts)
2046Initiating Parallel DNS resolution of 1 host. at 23:02
2047Completed Parallel DNS resolution of 1 host. at 23:02, 0.03s elapsed
2048Initiating SYN Stealth Scan at 23:02
2049Scanning 80.67.196.104.bc.googleusercontent.com (104.196.67.80) [65535 ports]
2050Discovered open port 443/tcp on 104.196.67.80
2051Discovered open port 80/tcp on 104.196.67.80
2052SYN Stealth Scan Timing: About 18.73% done; ETC: 23:05 (0:02:15 remaining)
2053SYN Stealth Scan Timing: About 46.72% done; ETC: 23:04 (0:01:10 remaining)
2054Discovered open port 2222/tcp on 104.196.67.80
2055Completed SYN Stealth Scan at 23:04, 106.05s elapsed (65535 total ports)
2056Initiating Service scan at 23:04
2057Scanning 3 services on 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2058Completed Service scan at 23:04, 12.59s elapsed (3 services on 1 host)
2059Initiating OS detection (try #1) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2060Retrying OS detection (try #2) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2061Initiating Traceroute at 23:04
2062Completed Traceroute at 23:04, 0.09s elapsed
2063Initiating Parallel DNS resolution of 2 hosts. at 23:04
2064Completed Parallel DNS resolution of 2 hosts. at 23:04, 0.00s elapsed
2065NSE: Script scanning 104.196.67.80.
2066Initiating NSE at 23:04
2067Completed NSE at 23:05, 10.15s elapsed
2068Initiating NSE at 23:05
2069Completed NSE at 23:05, 0.86s elapsed
2070Nmap scan report for 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2071Host is up (0.077s latency).
2072Not shown: 65529 filtered ports
2073PORT STATE SERVICE VERSION
207425/tcp closed smtp
207580/tcp open http nginx
2076| vulscan: VulDB - https://vuldb.com:
2077| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2078| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2079| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2080| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2081| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2082| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2083| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2084| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2085| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2086| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2087| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2088| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2089| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2090| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2091| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2092| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2093| [67677] nginx up to 1.7.3 SSL weak authentication
2094| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2095| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2096| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2097| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2098| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2099| [8671] nginx up to 1.4 proxy_pass denial of service
2100| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2101| [7247] nginx 1.2.6 Proxy Function spoofing
2102| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2103| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2104| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2105| [59645] nginx up to 0.8.9 Heap-based memory corruption
2106| [53592] nginx 0.8.36 memory corruption
2107| [53590] nginx up to 0.8.9 unknown vulnerability
2108| [51533] nginx 0.7.64 Terminal privilege escalation
2109| [50905] nginx up to 0.8.9 directory traversal
2110| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2111| [50043] nginx up to 0.8.10 memory corruption
2112|
2113| MITRE CVE - https://cve.mitre.org:
2114| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2115| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2116| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2117| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2118| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2119| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2120| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2121| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2122| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2123| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2124| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2125| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2126| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2127|
2128| SecurityFocus - https://www.securityfocus.com/bid/:
2129| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2130| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2131| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2132| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2133| [82230] nginx Multiple Denial of Service Vulnerabilities
2134| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2135| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2136| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2137| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2138| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2139| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2140| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2141| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2142| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2143| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2144| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2145| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2146| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2147| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2148| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2149| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2150| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2151| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2152| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2153| [40420] nginx Directory Traversal Vulnerability
2154| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2155| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2156| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2157| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2158| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2159|
2160| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2161| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2162| [84172] nginx denial of service
2163| [84048] nginx buffer overflow
2164| [83923] nginx ngx_http_close_connection() integer overflow
2165| [83688] nginx null byte code execution
2166| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2167| [82319] nginx access.log information disclosure
2168| [80952] nginx SSL spoofing
2169| [77244] nginx and Microsoft Windows request security bypass
2170| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2171| [74831] nginx ngx_http_mp4_module.c buffer overflow
2172| [74191] nginx ngx_cpystrn() information disclosure
2173| [74045] nginx header response information disclosure
2174| [71355] nginx ngx_resolver_copy() buffer overflow
2175| [59370] nginx characters denial of service
2176| [59369] nginx DATA source code disclosure
2177| [59047] nginx space source code disclosure
2178| [58966] nginx unspecified directory traversal
2179| [54025] nginx ngx_http_parse.c denial of service
2180| [53431] nginx WebDAV component directory traversal
2181| [53328] Nginx CRC-32 cached domain name spoofing
2182| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2183|
2184| Exploit-DB - https://www.exploit-db.com:
2185| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2186| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2187| [25499] nginx 1.3.9-1.4.0 DoS PoC
2188| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2189| [14830] nginx 0.6.38 - Heap Corruption Exploit
2190| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2191| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2192| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2193| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2194| [9829] nginx 0.7.61 WebDAV directory traversal
2195|
2196| OpenVAS (Nessus) - http://www.openvas.org:
2197| [864418] Fedora Update for nginx FEDORA-2012-3846
2198| [864310] Fedora Update for nginx FEDORA-2012-6238
2199| [864209] Fedora Update for nginx FEDORA-2012-6411
2200| [864204] Fedora Update for nginx FEDORA-2012-6371
2201| [864121] Fedora Update for nginx FEDORA-2012-4006
2202| [864115] Fedora Update for nginx FEDORA-2012-3991
2203| [864065] Fedora Update for nginx FEDORA-2011-16075
2204| [863654] Fedora Update for nginx FEDORA-2011-16110
2205| [861232] Fedora Update for nginx FEDORA-2007-1158
2206| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2207| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2208| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2209| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2210| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2211| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2212| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2213| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2214| [100659] nginx Directory Traversal Vulnerability
2215| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2216| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2217| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2218| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2219| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2220| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2221| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2222| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2223| [71297] FreeBSD Ports: nginx
2224| [71276] FreeBSD Ports: nginx
2225| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2226| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2227| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2228| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2229| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2230| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2231| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2232| [64894] FreeBSD Ports: nginx
2233| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2234|
2235| SecurityTracker - https://www.securitytracker.com:
2236| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2237| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2238| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2239| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2240|
2241| OSVDB - http://www.osvdb.org:
2242| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2243| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2244| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2245| [92796] nginx ngx_http_close_connection Function Crafted r->
2246| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2247| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2248| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2249| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2250| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2251| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2252| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2253| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2254| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2255| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2256| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2257| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2258| [62617] nginx Internal DNS Cache Poisoning Weakness
2259| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2260| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2261| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2262| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2263| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2264| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2265| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2266| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2267| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2268| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2269|_
2270139/tcp closed netbios-ssn
2271443/tcp open ssl/http nginx
2272| vulscan: VulDB - https://vuldb.com:
2273| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2274| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2275| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2276| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2277| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2278| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2279| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2280| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2281| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2282| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2283| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2284| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2285| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2286| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2287| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2288| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2289| [67677] nginx up to 1.7.3 SSL weak authentication
2290| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2291| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2292| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2293| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2294| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2295| [8671] nginx up to 1.4 proxy_pass denial of service
2296| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2297| [7247] nginx 1.2.6 Proxy Function spoofing
2298| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2299| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2300| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2301| [59645] nginx up to 0.8.9 Heap-based memory corruption
2302| [53592] nginx 0.8.36 memory corruption
2303| [53590] nginx up to 0.8.9 unknown vulnerability
2304| [51533] nginx 0.7.64 Terminal privilege escalation
2305| [50905] nginx up to 0.8.9 directory traversal
2306| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2307| [50043] nginx up to 0.8.10 memory corruption
2308|
2309| MITRE CVE - https://cve.mitre.org:
2310| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2311| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2312| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2313| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2314| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2315| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2316| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2317| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2318| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2319| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2320| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2321| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2322| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2323|
2324| SecurityFocus - https://www.securityfocus.com/bid/:
2325| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2326| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2327| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2328| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2329| [82230] nginx Multiple Denial of Service Vulnerabilities
2330| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2331| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2332| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2333| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2334| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2335| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2336| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2337| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2338| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2339| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2340| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2341| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2342| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2343| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2344| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2345| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2346| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2347| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2348| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2349| [40420] nginx Directory Traversal Vulnerability
2350| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2351| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2352| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2353| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2354| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2355|
2356| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2357| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2358| [84172] nginx denial of service
2359| [84048] nginx buffer overflow
2360| [83923] nginx ngx_http_close_connection() integer overflow
2361| [83688] nginx null byte code execution
2362| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2363| [82319] nginx access.log information disclosure
2364| [80952] nginx SSL spoofing
2365| [77244] nginx and Microsoft Windows request security bypass
2366| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2367| [74831] nginx ngx_http_mp4_module.c buffer overflow
2368| [74191] nginx ngx_cpystrn() information disclosure
2369| [74045] nginx header response information disclosure
2370| [71355] nginx ngx_resolver_copy() buffer overflow
2371| [59370] nginx characters denial of service
2372| [59369] nginx DATA source code disclosure
2373| [59047] nginx space source code disclosure
2374| [58966] nginx unspecified directory traversal
2375| [54025] nginx ngx_http_parse.c denial of service
2376| [53431] nginx WebDAV component directory traversal
2377| [53328] Nginx CRC-32 cached domain name spoofing
2378| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2379|
2380| Exploit-DB - https://www.exploit-db.com:
2381| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2382| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2383| [25499] nginx 1.3.9-1.4.0 DoS PoC
2384| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2385| [14830] nginx 0.6.38 - Heap Corruption Exploit
2386| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2387| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2388| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2389| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2390| [9829] nginx 0.7.61 WebDAV directory traversal
2391|
2392| OpenVAS (Nessus) - http://www.openvas.org:
2393| [864418] Fedora Update for nginx FEDORA-2012-3846
2394| [864310] Fedora Update for nginx FEDORA-2012-6238
2395| [864209] Fedora Update for nginx FEDORA-2012-6411
2396| [864204] Fedora Update for nginx FEDORA-2012-6371
2397| [864121] Fedora Update for nginx FEDORA-2012-4006
2398| [864115] Fedora Update for nginx FEDORA-2012-3991
2399| [864065] Fedora Update for nginx FEDORA-2011-16075
2400| [863654] Fedora Update for nginx FEDORA-2011-16110
2401| [861232] Fedora Update for nginx FEDORA-2007-1158
2402| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2403| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2404| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2405| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2406| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2407| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2408| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2409| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2410| [100659] nginx Directory Traversal Vulnerability
2411| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2412| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2413| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2414| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2415| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2416| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2417| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2418| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2419| [71297] FreeBSD Ports: nginx
2420| [71276] FreeBSD Ports: nginx
2421| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2422| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2423| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2424| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2425| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2426| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2427| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2428| [64894] FreeBSD Ports: nginx
2429| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2430|
2431| SecurityTracker - https://www.securitytracker.com:
2432| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2433| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2434| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2435| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2436|
2437| OSVDB - http://www.osvdb.org:
2438| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2439| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2440| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2441| [92796] nginx ngx_http_close_connection Function Crafted r->
2442| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2443| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2444| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2445| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2446| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2447| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2448| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2449| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2450| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2451| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2452| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2453| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2454| [62617] nginx Internal DNS Cache Poisoning Weakness
2455| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2456| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2457| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2458| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2459| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2460| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2461| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2462| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2463| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2464| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2465|_
2466445/tcp closed microsoft-ds
24672222/tcp open ssh ProFTPD mod_sftp 0.9.9 (protocol 2.0)
2468| vulscan: VulDB - https://vuldb.com:
2469| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
2470| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
2471| [138380] ProFTPD 1.3.5b mod_copy Code Execution
2472| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
2473| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
2474| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
2475| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
2476| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
2477| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
2478| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
2479| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
2480| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
2481| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
2482| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
2483| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
2484| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
2485| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
2486| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
2487| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
2488| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
2489| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
2490| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
2491|
2492| MITRE CVE - https://cve.mitre.org:
2493| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
2494| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
2495| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
2496| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
2497| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
2498| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
2499| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
2500| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
2501| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
2502| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
2503| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
2504| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
2505| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
2506| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
2507| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
2508| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
2509| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
2510| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
2511| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
2512| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
2513| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
2514| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
2515| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
2516| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
2517| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
2518| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
2519| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
2520| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
2521| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
2522| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
2523| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
2524| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
2525| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
2526| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
2527| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
2528| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
2529| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
2530| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
2531| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
2532|
2533| SecurityFocus - https://www.securityfocus.com/bid/:
2534| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
2535| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
2536| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
2537| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
2538| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
2539| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
2540| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
2541| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
2542| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
2543| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
2544| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
2545| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
2546| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
2547| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2548| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
2549| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
2550| [44562] ProFTPD Multiple Remote Vulnerabilities
2551| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2552| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
2553| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
2554| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
2555| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
2556| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
2557| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
2558| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
2559| [14381] ProFTPD Shutdown Message Format String Vulnerability
2560| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
2561| [12588] GProFTPD GProstats Remote Format String Vulnerability
2562| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
2563| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
2564| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
2565| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
2566| [7974] ProFTPD SQL Injection mod_sql Vulnerability
2567| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
2568| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
2569| [3310] ProFTPD Client Hostname Resolving Vulnerability
2570| [2366] ProFTPD USER Remote Denial of Service Vulnerability
2571| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
2572| [812] ProFTPD mod_sqlpw Vulnerability
2573| [650] ProFTPD snprintf Vulnerability
2574| [612] ProFTPD Remote Buffer Overflow
2575|
2576| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2577| [65207] ProFTPD mod_sftp module denial of service
2578| [80980] ProFTPD FTP commands symlink
2579| [71226] ProFTPD pool code execution
2580| [64495] ProFTPD sql_prepare_where() buffer overflow
2581| [63658] ProFTPD FTP server backdoor
2582| [63407] mod_sql module for ProFTPD buffer overflow
2583| [63155] ProFTPD pr_data_xfer denial of service
2584| [62909] ProFTPD mod_site_misc directory traversal
2585| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
2586| [53936] ProFTPD mod_tls SSL certificate security bypass
2587| [48951] ProFTPD mod_sql username percent SQL injection
2588| [48558] ProFTPD NLS support SQL injection protection bypass
2589| [45274] ProFTPD URL cross-site request forgery
2590| [33733] ProFTPD Auth API security bypass
2591| [31461] ProFTPD mod_radius buffer overflow
2592| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
2593| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
2594| [30147] ProFTPD sreplace() buffer overflow
2595| [21530] ProFTPD mod_sql format string attack
2596| [21528] ProFTPD shutdown message format string attack
2597| [19410] GProFTPD file name format string attack
2598| [18453] ProFTPD SITE CHGRP command allows group ownership modification
2599| [17724] ProFTPD could allow an attacker to obtain valid accounts
2600| [16038] ProFTPD CIDR entry ACL bypass
2601| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
2602| [12369] ProFTPD mod_sql SQL injection
2603| [12200] ProFTPD ASCII file newline buffer overflow
2604| [10932] ProFTPD long PASS command buffer overflow
2605| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
2606| [7818] ProFTPD ls "
2607| [7816] ProFTPD file globbing denial of service
2608| [7126] ProFTPD fails to resolve hostnames
2609| [6433] ProFTPD format string
2610| [6209] proFTPD /var symlink
2611| [6208] ProFTPD contains configuration error in postinst script when running as root
2612| [5801] proftpd memory leak when using SIZE or USER commands
2613| [5737] ProFTPD system using mod_sqlpw unauthorized access
2614|
2615| Exploit-DB - https://www.exploit-db.com:
2616| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
2617| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
2618| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
2619| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
2620| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
2621| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
2622| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
2623| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
2624| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
2625| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
2626| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
2627| [16921] ProFTPD-1.3.3c Backdoor Command Execution
2628| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
2629| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
2630| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
2631| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
2632| [15449] ProFTPD IAC Remote Root Exploit
2633| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
2634| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
2635| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
2636| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
2637| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
2638| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
2639| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
2640| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
2641| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
2642| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
2643| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
2644| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
2645| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
2646| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
2647| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
2648| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
2649|
2650| OpenVAS (Nessus) - http://www.openvas.org:
2651| [53791] Debian Security Advisory DSA 029-1 (proftpd)
2652|
2653| SecurityTracker - https://www.securitytracker.com:
2654| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
2655| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
2656| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
2657| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
2658| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
2659| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
2660| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
2661| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
2662| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
2663| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
2664| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
2665| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
2666| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
2667| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
2668|
2669| OSVDB - http://www.osvdb.org:
2670| [70868] ProFTPD mod_sftp Component SSH Payload DoS
2671| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
2672| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
2673| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
2674| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
2675| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
2676| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
2677| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
2678| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
2679| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
2680| [57310] ProFTPD Multiple Unspecified Overflows
2681| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
2682| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
2683| [57307] ProFTPD Multiple Modules Unspecified Overflows
2684| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
2685| [57305] ProFTPD src/main.c Unspecified Overflow
2686| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
2687| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
2688| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
2689| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
2690| [51849] ProFTPD Character Encoding SQL Injection
2691| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
2692| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
2693| [48411] ProFTPD FTP Command Truncation CSRF
2694| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
2695| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
2696| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
2697| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
2698| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
2699| [23063] ProFTPD mod_radius Password Overflow DoS
2700| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
2701| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
2702| [18270] ProFTPD ftpshut Shutdown Message Format String
2703| [14012] GProftpd gprostats Utility Log Parser Remote Format String
2704| [10769] ProFTPD File Transfer Newline Character Overflow
2705| [10768] ProFTPD STAT Command Remote DoS
2706| [10758] ProFTPD Login Timing Account Name Enumeration
2707| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
2708| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
2709| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
2710| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
2711| [7165] ProFTPD USER Command Memory Leak DoS
2712| [5744] ProFTPD CIDR IP Subnet ACL Bypass
2713| [5705] ProFTPD Malformed cwd Command Format String
2714| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
2715| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
2716| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
2717|_
2718Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%), HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), ProVision-ISR security DVR (90%), Linux 3.0 (89%), Linux 2.4.18 (88%), OpenWrt Kamikaze 8.09 (Linux 2.4.35.4) (88%), OpenWrt Kamikaze 8.09 (Linux 2.6.25 - 2.6.26) (88%)
2719No exact OS matches for host (test conditions non-ideal).
2720Network Distance: 2 hops
2721TCP Sequence Prediction: Difficulty=262 (Good luck!)
2722IP ID Sequence Generation: All zeros
2723
2724TRACEROUTE (using port 445/tcp)
2725HOP RTT ADDRESS
27261 81.54 ms 10.253.204.1
27272 81.54 ms 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2728
2729NSE: Script Post-scanning.
2730Initiating NSE at 23:05
2731Completed NSE at 23:05, 0.00s elapsed
2732Initiating NSE at 23:05
2733Completed NSE at 23:05, 0.00s elapsed
2734######################################################################################################################################
2735Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 23:05 EDT
2736NSE: Loaded 47 scripts for scanning.
2737NSE: Script Pre-scanning.
2738Initiating NSE at 23:05
2739Completed NSE at 23:05, 0.00s elapsed
2740Initiating NSE at 23:05
2741Completed NSE at 23:05, 0.00s elapsed
2742Initiating Parallel DNS resolution of 1 host. at 23:05
2743Completed Parallel DNS resolution of 1 host. at 23:05, 0.43s elapsed
2744Initiating UDP Scan at 23:05
2745Scanning 80.67.196.104.bc.googleusercontent.com (104.196.67.80) [15 ports]
2746Completed UDP Scan at 23:05, 2.54s elapsed (15 total ports)
2747Initiating Service scan at 23:05
2748Scanning 13 services on 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2749Service scan Timing: About 7.69% done; ETC: 23:26 (0:19:36 remaining)
2750Completed Service scan at 23:06, 102.59s elapsed (13 services on 1 host)
2751Initiating OS detection (try #1) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2752Retrying OS detection (try #2) against 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2753Initiating Traceroute at 23:06
2754Completed Traceroute at 23:06, 7.05s elapsed
2755Initiating Parallel DNS resolution of 1 host. at 23:06
2756Completed Parallel DNS resolution of 1 host. at 23:06, 0.00s elapsed
2757NSE: Script scanning 104.196.67.80.
2758Initiating NSE at 23:06
2759Completed NSE at 23:07, 7.12s elapsed
2760Initiating NSE at 23:07
2761Completed NSE at 23:07, 1.02s elapsed
2762Nmap scan report for 80.67.196.104.bc.googleusercontent.com (104.196.67.80)
2763Host is up (0.065s latency).
2764
2765PORT STATE SERVICE VERSION
276653/udp open|filtered domain
276767/udp open|filtered dhcps
276868/udp open|filtered dhcpc
276969/udp open|filtered tftp
277088/udp open|filtered kerberos-sec
2771123/udp open|filtered ntp
2772137/udp filtered netbios-ns
2773138/udp filtered netbios-dgm
2774139/udp open|filtered netbios-ssn
2775161/udp open|filtered snmp
2776162/udp open|filtered snmptrap
2777389/udp open|filtered ldap
2778500/udp open|filtered isakmp
2779|_ike-version: ERROR: Script execution failed (use -d to debug)
2780520/udp open|filtered route
27812049/udp open|filtered nfs
2782Too many fingerprints match this host to give specific OS details
2783
2784TRACEROUTE (using port 138/udp)
2785HOP RTT ADDRESS
27861 23.03 ms 10.253.204.1
27872 ... 3
27884 19.92 ms 10.253.204.1
27895 300.58 ms 10.253.204.1
27906 300.58 ms 10.253.204.1
27917 300.58 ms 10.253.204.1
27928 300.55 ms 10.253.204.1
27939 282.14 ms 10.253.204.1
279410 18.53 ms 10.253.204.1
279511 ... 18
279619 20.04 ms 10.253.204.1
279720 21.67 ms 10.253.204.1
279821 19.73 ms 10.253.204.1
279922 ... 29
280030 24.85 ms 10.253.204.1
2801
2802NSE: Script Post-scanning.
2803Initiating NSE at 23:07
2804Completed NSE at 23:07, 0.00s elapsed
2805Initiating NSE at 23:07
2806Completed NSE at 23:07, 0.00s elapsed
2807######################################################################################################################################
2808Hosts
2809=====
2810
2811address mac name os_name os_flavor os_sp purpose info comments
2812------- --- ---- ------- --------- ----- ------- ---- --------
2813104.196.67.80 80.67.196.104.bc.googleusercontent.com Linux 2.4.X server
2814
2815Services
2816========
2817
2818host port proto name state info
2819---- ---- ----- ---- ----- ----
2820104.196.67.80 25 tcp smtp closed
2821104.196.67.80 53 udp domain unknown
2822104.196.67.80 67 udp dhcps unknown
2823104.196.67.80 68 udp dhcpc unknown
2824104.196.67.80 69 udp tftp unknown
2825104.196.67.80 80 tcp http open nginx
2826104.196.67.80 88 udp kerberos-sec unknown
2827104.196.67.80 123 udp ntp unknown
2828104.196.67.80 137 udp netbios-ns filtered
2829104.196.67.80 138 udp netbios-dgm filtered
2830104.196.67.80 139 tcp netbios-ssn closed
2831104.196.67.80 139 udp netbios-ssn unknown
2832104.196.67.80 161 udp snmp unknown
2833104.196.67.80 162 udp snmptrap unknown
2834104.196.67.80 389 udp ldap unknown
2835104.196.67.80 443 tcp ssl/http open nginx
2836104.196.67.80 445 tcp microsoft-ds closed
2837104.196.67.80 500 udp isakmp unknown
2838104.196.67.80 520 udp route unknown
2839104.196.67.80 2049 udp nfs unknown
2840104.196.67.80 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
2841#######################################################################################################################################
2842[+] URL: http://theredelephants.com/
2843[+] Started: Thu Oct 31 22:38:17 2019
2844
2845Interesting Finding(s):
2846
2847[+] http://theredelephants.com/
2848 | Interesting Entries:
2849 | - Server: nginx
2850 | - X-Cacheable: bot
2851 | - X-Pass-Why:
2852 | - X-Cache-Group: bot
2853 | Found By: Headers (Passive Detection)
2854 | Confidence: 100%
2855
2856[+] http://theredelephants.com/robots.txt
2857 | Interesting Entries:
2858 | - /wp-admin/
2859 | - /wp-admin/admin-ajax.php
2860 | Found By: Robots Txt (Aggressive Detection)
2861 | Confidence: 100%
2862
2863[+] http://theredelephants.com/xmlrpc.php
2864 | Found By: Link Tag (Passive Detection)
2865 | Confidence: 100%
2866 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
2867 | References:
2868 | - http://codex.wordpress.org/XML-RPC_Pingback_API
2869 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
2870 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
2871 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
2872 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
2873
2874[+] This site has 'Must Use Plugins': http://theredelephants.com/wp-content/mu-plugins/
2875 | Found By: Direct Access (Aggressive Detection)
2876 | Confidence: 80%
2877 | Reference: http://codex.wordpress.org/Must_Use_Plugins
2878
2879[+] http://theredelephants.com/wp-cron.php
2880 | Found By: Direct Access (Aggressive Detection)
2881 | Confidence: 60%
2882 | References:
2883 | - https://www.iplocation.net/defend-wordpress-from-ddos
2884 | - https://github.com/wpscanteam/wpscan/issues/1299
2885
2886[+] WordPress version 5.1.3 identified (Latest, released on 2019-10-14).
2887 | Detected By: Rss Generator (Passive Detection)
2888 | - http://theredelephants.com/feed/, <generator>https://wordpress.org/?v=5.1.3</generator>
2889 | - http://theredelephants.com/comments/feed/, <generator>https://wordpress.org/?v=5.1.3</generator>
2890
2891[+] WordPress theme in use: Newspaper
2892 | Location: http://theredelephants.com/wp-content/themes/Newspaper/
2893 | Readme: http://theredelephants.com/wp-content/themes/Newspaper/readme.txt
2894 | Style URL: http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2
2895 | Style Name: Newspaper
2896 | Style URI: http://tagdiv.com
2897 | Description: Premium wordpress template, clean and easy to use....
2898 | Author: tagDiv
2899 | Author URI: http://themeforest.net/user/tagDiv/portfolio
2900 |
2901 | Detected By: Css Style (Passive Detection)
2902 |
2903 | Version: 8.1.2 (80% confidence)
2904 | Detected By: Style (Passive Detection)
2905 | - http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2, Match: 'Version: 8.1.2'
2906
2907[+] Enumerating All Plugins (via Passive Methods)
2908[+] Checking Plugin Versions (via Passive and Aggressive Methods)
2909
2910[i] Plugin(s) Identified:
2911
2912[+] contact-form-7
2913 | Location: http://theredelephants.com/wp-content/plugins/contact-form-7/
2914 | Last Updated: 2019-08-04T16:33:00.000Z
2915 | [!] The version is out of date, the latest version is 5.1.4
2916 |
2917 | Detected By: Urls In Homepage (Passive Detection)
2918 |
2919 | Version: 5.1.1 (100% confidence)
2920 | Detected By: Query Parameter (Passive Detection)
2921 | - http://theredelephants.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
2922 | - http://theredelephants.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
2923 | Confirmed By:
2924 | Readme - Stable Tag (Aggressive Detection)
2925 | - http://theredelephants.com/wp-content/plugins/contact-form-7/readme.txt
2926 | Readme - ChangeLog Section (Aggressive Detection)
2927 | - http://theredelephants.com/wp-content/plugins/contact-form-7/readme.txt
2928
2929[+] js_composer
2930 | Location: http://theredelephants.com/wp-content/plugins/js_composer/
2931 |
2932 | Detected By: Urls In Homepage (Passive Detection)
2933 | Confirmed By: Body Tag (Passive Detection)
2934 |
2935 | Version: 5.4.2 (70% confidence)
2936 | Detected By: Body Tag (Passive Detection)
2937 | - http://theredelephants.com/, Match: 'js-comp-ver-5.4.2'
2938 | Confirmed By: Query Parameter (Passive Detection)
2939 | - http://theredelephants.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.2
2940
2941[+] mashsharer
2942 | Location: http://theredelephants.com/wp-content/plugins/mashsharer/
2943 | Last Updated: 2019-08-31T11:54:00.000Z
2944 | [!] The version is out of date, the latest version is 3.6.9
2945 |
2946 | Detected By: Urls In Homepage (Passive Detection)
2947 | Confirmed By:
2948 | Graph Meta Tags Comment (Passive Detection)
2949 | Twitter Card Comment (Passive Detection)
2950 |
2951 | Version: 3.6.3 (100% confidence)
2952 | Detected By: Query Parameter (Passive Detection)
2953 | - http://theredelephants.com/wp-content/plugins/mashsharer/assets/css/mashsb.min.css?ver=3.6.3
2954 | - http://theredelephants.com/wp-content/plugins/mashsharer/assets/js/mashsb.min.js?ver=3.6.3
2955 | Confirmed By:
2956 | Graph Meta Tags Comment (Passive Detection)
2957 | - http://theredelephants.com/, Match: 'Graph Meta Tags generated by MashShare 3.6.3'
2958 | Twitter Card Comment (Passive Detection)
2959 | - http://theredelephants.com/, Match: 'Twitter Card generated by MashShare 3.6.3'
2960
2961[+] metronet-profile-picture
2962 | Location: http://theredelephants.com/wp-content/plugins/metronet-profile-picture/
2963 | Last Updated: 2019-10-09T15:38:00.000Z
2964 | [!] The version is out of date, the latest version is 2.3.6
2965 |
2966 | Detected By: Urls In Homepage (Passive Detection)
2967 |
2968 | Version: 2.1.3 (100% confidence)
2969 | Detected By: Readme - Stable Tag (Aggressive Detection)
2970 | - http://theredelephants.com/wp-content/plugins/metronet-profile-picture/readme.txt
2971 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
2972 | - http://theredelephants.com/wp-content/plugins/metronet-profile-picture/readme.txt
2973
2974[+] theia-sticky-sidebar
2975 | Location: http://theredelephants.com/wp-content/plugins/theia-sticky-sidebar/
2976 |
2977 | Detected By: Urls In Homepage (Passive Detection)
2978 |
2979 | The version could not be determined.
2980
2981[+] vc-post-grid-addon
2982 | Location: http://theredelephants.com/wp-content/plugins/vc-post-grid-addon/
2983 |
2984 | Detected By: Urls In Homepage (Passive Detection)
2985 |
2986 | The version could not be determined.
2987
2988[+] wordpress-seo
2989 | Location: http://theredelephants.com/wp-content/plugins/wordpress-seo/
2990 | Last Updated: 2019-10-15T08:52:00.000Z
2991 | [!] The version is out of date, the latest version is 12.3
2992 |
2993 | Detected By: Comment (Passive Detection)
2994 |
2995 | Version: 11.1 (100% confidence)
2996 | Detected By: Comment (Passive Detection)
2997 | - http://theredelephants.com/, Match: 'optimized with the Yoast SEO plugin v11.1 -'
2998 | Confirmed By:
2999 | Readme - Stable Tag (Aggressive Detection)
3000 | - http://theredelephants.com/wp-content/plugins/wordpress-seo/readme.txt
3001 | Readme - ChangeLog Section (Aggressive Detection)
3002 | - http://theredelephants.com/wp-content/plugins/wordpress-seo/readme.txt
3003
3004[+] wp-progression-player
3005 | Location: http://theredelephants.com/wp-content/plugins/wp-progression-player/
3006 |
3007 | Detected By: Urls In Homepage (Passive Detection)
3008 |
3009 | Version: 1.0.0 (100% confidence)
3010 | Detected By: Readme - Stable Tag (Aggressive Detection)
3011 | - http://theredelephants.com/wp-content/plugins/wp-progression-player/README.txt
3012 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
3013 | - http://theredelephants.com/wp-content/plugins/wp-progression-player/README.txt
3014
3015[+] Enumerating Config Backups (via Passive and Aggressive Methods)
3016 Checking Config Backups - Time: 00:00:04 <=============> (21 / 21) 100.00% Time: 00:00:04
3017
3018[i] No Config Backups Found.
3019
3020[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
3021[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
3022
3023[+] Finished: Thu Oct 31 22:38:56 2019
3024[+] Requests Done: 78
3025[+] Cached Requests: 6
3026[+] Data Sent: 20.645 KB
3027[+] Data Received: 2.815 MB
3028[+] Memory used: 149.18 MB
3029[+] Elapsed time: 00:00:38
3030#######################################################################################################################################
3031[+] URL: http://theredelephants.com/
3032[+] Started: Thu Oct 31 22:38:21 2019
3033
3034Interesting Finding(s):
3035
3036[+] http://theredelephants.com/
3037 | Interesting Entries:
3038 | - Server: nginx
3039 | - X-Cacheable: bot
3040 | - X-Pass-Why:
3041 | - X-Cache-Group: bot
3042 | Found By: Headers (Passive Detection)
3043 | Confidence: 100%
3044
3045[+] http://theredelephants.com/robots.txt
3046 | Interesting Entries:
3047 | - /wp-admin/
3048 | - /wp-admin/admin-ajax.php
3049 | Found By: Robots Txt (Aggressive Detection)
3050 | Confidence: 100%
3051
3052[+] http://theredelephants.com/xmlrpc.php
3053 | Found By: Link Tag (Passive Detection)
3054 | Confidence: 100%
3055 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
3056 | References:
3057 | - http://codex.wordpress.org/XML-RPC_Pingback_API
3058 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
3059 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
3060 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
3061 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
3062
3063[+] This site has 'Must Use Plugins': http://theredelephants.com/wp-content/mu-plugins/
3064 | Found By: Direct Access (Aggressive Detection)
3065 | Confidence: 80%
3066 | Reference: http://codex.wordpress.org/Must_Use_Plugins
3067
3068[+] http://theredelephants.com/wp-cron.php
3069 | Found By: Direct Access (Aggressive Detection)
3070 | Confidence: 60%
3071 | References:
3072 | - https://www.iplocation.net/defend-wordpress-from-ddos
3073 | - https://github.com/wpscanteam/wpscan/issues/1299
3074
3075[+] WordPress version 5.1.3 identified (Latest, released on 2019-10-14).
3076 | Detected By: Rss Generator (Passive Detection)
3077 | - http://theredelephants.com/feed/, <generator>https://wordpress.org/?v=5.1.3</generator>
3078 | - http://theredelephants.com/comments/feed/, <generator>https://wordpress.org/?v=5.1.3</generator>
3079
3080[+] WordPress theme in use: Newspaper
3081 | Location: http://theredelephants.com/wp-content/themes/Newspaper/
3082 | Readme: http://theredelephants.com/wp-content/themes/Newspaper/readme.txt
3083 | Style URL: http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2
3084 | Style Name: Newspaper
3085 | Style URI: http://tagdiv.com
3086 | Description: Premium wordpress template, clean and easy to use....
3087 | Author: tagDiv
3088 | Author URI: http://themeforest.net/user/tagDiv/portfolio
3089 |
3090 | Detected By: Css Style (Passive Detection)
3091 |
3092 | Version: 8.1.2 (80% confidence)
3093 | Detected By: Style (Passive Detection)
3094 | - http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2, Match: 'Version: 8.1.2'
3095
3096[+] Enumerating Users (via Passive and Aggressive Methods)
3097 Brute Forcing Author IDs - Time: 00:00:02 <==> (10 / 10) 100.00% Time: 00:00:02
3098
3099[i] User(s) Identified:
3100
3101[+] The Red Elephants
3102 | Detected By: Rss Generator (Passive Detection)
3103 | Confirmed By: Rss Generator (Aggressive Detection)
3104
3105[+] Austin Rucker
3106 | Detected By: Rss Generator (Passive Detection)
3107 | Confirmed By: Rss Generator (Aggressive Detection)
3108
3109[+] windycityfan
3110 | Detected By: Oembed API - Author URL (Aggressive Detection)
3111 | - http://theredelephants.com/wp-json/oembed/1.0/embed?url=http://theredelephants.com/&format=json
3112 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
3113 | - http://theredelephants.com/author-sitemap.xml
3114
3115[+] vincenttheredelephants-com
3116 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3117 | - http://theredelephants.com/author-sitemap.xml
3118
3119[+] infodynamicdreamz-com
3120 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3121 | - http://theredelephants.com/author-sitemap.xml
3122
3123[+] amandaleighmossgmail-com
3124 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3125 | - http://theredelephants.com/author-sitemap.xml
3126
3127[+] rickwrite2016gmail-com
3128 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3129 | - http://theredelephants.com/author-sitemap.xml
3130
3131[+] sixgunstrattongmail-com
3132 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3133 | - http://theredelephants.com/author-sitemap.xml
3134
3135[+] megfischerlive-com
3136 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3137 | - http://theredelephants.com/author-sitemap.xml
3138
3139[+] johnnymaga1988gmail-com
3140 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3141 | - http://theredelephants.com/author-sitemap.xml
3142
3143[+] chad-corpyahoo-com
3144 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3145 | - http://theredelephants.com/author-sitemap.xml
3146
3147[+] emilyhemingway2gmail-com
3148 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3149 | - http://theredelephants.com/author-sitemap.xml
3150
3151[+] successmonkgmail-com
3152 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3153 | - http://theredelephants.com/author-sitemap.xml
3154
3155[+] abrancato24gmail-com
3156 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3157 | - http://theredelephants.com/author-sitemap.xml
3158
3159[+] austinnealruckergmail-com
3160 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3161 | - http://theredelephants.com/author-sitemap.xml
3162
3163[+] vsb292003gmail-com
3164 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3165 | - http://theredelephants.com/author-sitemap.xml
3166
3167[+] matthew-lee-hendricksgmail-com
3168 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3169 | - http://theredelephants.com/author-sitemap.xml
3170
3171[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
3172[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
3173
3174[+] Finished: Thu Oct 31 22:38:47 2019
3175[+] Requests Done: 38
3176[+] Cached Requests: 18
3177[+] Data Sent: 10.077 KB
3178[+] Data Received: 2.659 MB
3179[+] Memory used: 138.02 MB
3180[+] Elapsed time: 00:00:25
3181######################################################################################################################################
3182[+] URL: http://theredelephants.com/
3183[+] Started: Thu Oct 31 22:44:22 2019
3184
3185Interesting Finding(s):
3186
3187[+] http://theredelephants.com/
3188 | Interesting Entries:
3189 | - Server: nginx
3190 | - X-Cacheable: bot
3191 | - X-Pass-Why:
3192 | - X-Cache-Group: bot
3193 | Found By: Headers (Passive Detection)
3194 | Confidence: 100%
3195
3196[+] http://theredelephants.com/robots.txt
3197 | Interesting Entries:
3198 | - /wp-admin/
3199 | - /wp-admin/admin-ajax.php
3200 | Found By: Robots Txt (Aggressive Detection)
3201 | Confidence: 100%
3202
3203[+] http://theredelephants.com/xmlrpc.php
3204 | Found By: Link Tag (Passive Detection)
3205 | Confidence: 100%
3206 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
3207 | References:
3208 | - http://codex.wordpress.org/XML-RPC_Pingback_API
3209 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
3210 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
3211 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
3212 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
3213
3214[+] This site has 'Must Use Plugins': http://theredelephants.com/wp-content/mu-plugins/
3215 | Found By: Direct Access (Aggressive Detection)
3216 | Confidence: 80%
3217 | Reference: http://codex.wordpress.org/Must_Use_Plugins
3218
3219[+] http://theredelephants.com/wp-cron.php
3220 | Found By: Direct Access (Aggressive Detection)
3221 | Confidence: 60%
3222 | References:
3223 | - https://www.iplocation.net/defend-wordpress-from-ddos
3224 | - https://github.com/wpscanteam/wpscan/issues/1299
3225
3226[+] WordPress version 5.1.3 identified (Latest, released on 2019-10-14).
3227 | Detected By: Rss Generator (Passive Detection)
3228 | - http://theredelephants.com/feed/, <generator>https://wordpress.org/?v=5.1.3</generator>
3229 | - http://theredelephants.com/comments/feed/, <generator>https://wordpress.org/?v=5.1.3</generator>
3230
3231[+] WordPress theme in use: Newspaper
3232 | Location: http://theredelephants.com/wp-content/themes/Newspaper/
3233 | Readme: http://theredelephants.com/wp-content/themes/Newspaper/readme.txt
3234 | Style URL: http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2
3235 | Style Name: Newspaper
3236 | Style URI: http://tagdiv.com
3237 | Description: Premium wordpress template, clean and easy to use....
3238 | Author: tagDiv
3239 | Author URI: http://themeforest.net/user/tagDiv/portfolio
3240 |
3241 | Detected By: Css Style (Passive Detection)
3242 |
3243 | Version: 8.1.2 (80% confidence)
3244 | Detected By: Style (Passive Detection)
3245 | - http://theredelephants.com/wp-content/themes/Newspaper/style.css?ver=8.1.2, Match: 'Version: 8.1.2'
3246
3247[+] Enumerating Users (via Passive and Aggressive Methods)
3248 Brute Forcing Author IDs - Time: 00:00:01 <============> (10 / 10) 100.00% Time: 00:00:01
3249
3250[i] User(s) Identified:
3251
3252[+] The Red Elephants
3253 | Detected By: Rss Generator (Passive Detection)
3254 | Confirmed By: Rss Generator (Aggressive Detection)
3255
3256[+] Austin Rucker
3257 | Detected By: Rss Generator (Passive Detection)
3258 | Confirmed By: Rss Generator (Aggressive Detection)
3259
3260[+] windycityfan
3261 | Detected By: Oembed API - Author URL (Aggressive Detection)
3262 | - http://theredelephants.com/wp-json/oembed/1.0/embed?url=http://theredelephants.com/&format=json
3263 | Confirmed By: Yoast Seo Author Sitemap (Aggressive Detection)
3264 | - http://theredelephants.com/author-sitemap.xml
3265
3266[+] vincenttheredelephants-com
3267 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3268 | - http://theredelephants.com/author-sitemap.xml
3269
3270[+] infodynamicdreamz-com
3271 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3272 | - http://theredelephants.com/author-sitemap.xml
3273
3274[+] amandaleighmossgmail-com
3275 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3276 | - http://theredelephants.com/author-sitemap.xml
3277
3278[+] rickwrite2016gmail-com
3279 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3280 | - http://theredelephants.com/author-sitemap.xml
3281
3282[+] sixgunstrattongmail-com
3283 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3284 | - http://theredelephants.com/author-sitemap.xml
3285
3286[+] megfischerlive-com
3287 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3288 | - http://theredelephants.com/author-sitemap.xml
3289
3290[+] johnnymaga1988gmail-com
3291 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3292 | - http://theredelephants.com/author-sitemap.xml
3293
3294[+] chad-corpyahoo-com
3295 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3296 | - http://theredelephants.com/author-sitemap.xml
3297
3298[+] emilyhemingway2gmail-com
3299 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3300 | - http://theredelephants.com/author-sitemap.xml
3301
3302[+] successmonkgmail-com
3303 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3304 | - http://theredelephants.com/author-sitemap.xml
3305
3306[+] abrancato24gmail-com
3307 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3308 | - http://theredelephants.com/author-sitemap.xml
3309
3310[+] austinnealruckergmail-com
3311 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3312 | - http://theredelephants.com/author-sitemap.xml
3313
3314[+] vsb292003gmail-com
3315 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3316 | - http://theredelephants.com/author-sitemap.xml
3317
3318[+] matthew-lee-hendricksgmail-com
3319 | Detected By: Yoast Seo Author Sitemap (Aggressive Detection)
3320 | - http://theredelephants.com/author-sitemap.xml
3321
3322[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
3323[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
3324
3325[+] Finished: Thu Oct 31 22:44:26 2019
3326[+] Requests Done: 15
3327[+] Cached Requests: 41
3328[+] Data Sent: 4.001 KB
3329[+] Data Received: 5.76 KB
3330[+] Memory used: 123.449 MB
3331[+] Elapsed time: 00:00:04
3332######################################################################################################################################
3333[INFO] ------TARGET info------
3334[*] TARGET: http://theredelephants.com/
3335[*] TARGET IP: 104.196.67.80
3336[INFO] NO load balancer detected for theredelephants.com...
3337[*] DNS servers: ns57.domaincontrol.com.
3338[*] TARGET server: nginx
3339[*] CC: US
3340[*] Country: United States
3341[*] RegionCode: VA
3342[*] RegionName: Virginia
3343[*] City: Ashburn
3344[*] ASN: AS15169
3345[*] BGP_PREFIX: 104.196.0.0/14
3346[*] ISP: GOOGLE - Google LLC, US
3347[INFO] DNS enumeration:
3348[*] ftp.theredelephants.com theredelephants.com. 104.196.67.80
3349[INFO] Possible abuse mails are:
3350[*] abuse@theredelephants.com
3351[*] google-cloud-compliance@google.com
3352[INFO] NO PAC (Proxy Auto Configuration) file FOUND
3353[ALERT] robots.txt file FOUND in http://theredelephants.com/robots.txt
3354[INFO] Checking for HTTP status codes recursively from http://theredelephants.com/robots.txt
3355[INFO] Status code Folders
3356[*] 200 http://theredelephants.com/wp-admin/
3357[INFO] Starting FUZZing in http://theredelephants.com/FUzZzZzZzZz...
3358[INFO] Status code Folders
3359[*] 200 http://theredelephants.com/news
3360[*] 200 http://theredelephants.com/12
3361[ALERT] Look in the source code. It may contain passwords
3362[INFO] Links found from http://theredelephants.com/ http://104.196.67.80/:
3363[*] https://my.wpengine.com/support
3364[*] http://wpengine.com/support/add-domain-in-user-portal/
3365[*] http://wpengine.com/support/cname/
3366[*] http://wpengine.com/support/find-ip/
3367[*] http://www.wpengine.com/
3368[INFO] GOOGLE has 161,000 results (0.21 seconds) about http://theredelephants.com/
3369[INFO] BING shows 104.196.67.80 is shared with 49 hosts/vhosts
3370[INFO] Shodan detected the following opened ports on 104.196.67.80:
3371[*] 2222
3372[*] 443
3373[*] 80
3374[INFO] ------VirusTotal SECTION------
3375[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
3376[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
3377[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
3378[INFO] ------Alexa Rank SECTION------
3379[INFO] Percent of Visitors Rank in Country:
3380[INFO] Percent of Search Traffic:
3381[INFO] Percent of Unique Visits:
3382[INFO] Total Sites Linking In:
3383[*] Total Sites
3384[INFO] Useful links related to theredelephants.com - 104.196.67.80:
3385[*] https://www.virustotal.com/pt/ip-address/104.196.67.80/information/
3386[*] https://www.hybrid-analysis.com/search?host=104.196.67.80
3387[*] https://www.shodan.io/host/104.196.67.80
3388[*] https://www.senderbase.org/lookup/?search_string=104.196.67.80
3389[*] https://www.alienvault.com/open-threat-exchange/ip/104.196.67.80
3390[*] http://pastebin.com/search?q=104.196.67.80
3391[*] http://urlquery.net/search.php?q=104.196.67.80
3392[*] http://www.alexa.com/siteinfo/theredelephants.com
3393[*] http://www.google.com/safebrowsing/diagnostic?site=theredelephants.com
3394[*] https://censys.io/ipv4/104.196.67.80
3395[*] https://www.abuseipdb.com/check/104.196.67.80
3396[*] https://urlscan.io/search/#104.196.67.80
3397[*] https://github.com/search?q=104.196.67.80&type=Code
3398[INFO] Useful links related to AS15169 - 104.196.0.0/14:
3399[*] http://www.google.com/safebrowsing/diagnostic?site=AS:15169
3400[*] https://www.senderbase.org/lookup/?search_string=104.196.0.0/14
3401[*] http://bgp.he.net/AS15169
3402[*] https://stat.ripe.net/AS15169
3403[INFO] Date: 31/10/19 | Time: 22:44:48
3404[INFO] Total time: 0 minute(s) and 33 second(s)
3405#######################################################################################################################################
3406 Anonymous JTSEC #OpDomesticTerrorism Full Recon #15