Web Services

Bug in http-security-headers: no string output.
PORT   STATE SERVICE REASON         VERSION
80/tcp open  http    syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-chrono: Request times for /; avg: 194.25ms; min: 95.16ms; max: 438.39ms
|_http-fetch: Please enter the complete path of the directory to save data in.
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
| http-malware-host: 
|   Host appears to be infected (/ts/in.cgi?open2 redirects to http://exfiltrated.offsec/ts/in.cgi?open2)
|_  See: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/
| http-headers: 
|   Date: Mon, 08 Aug 2022 19:02:33 GMT
|   Server: Apache/2.4.41 (Ubuntu)
|   Set-Cookie: INTELLI_06c8042c3d=homt31uijnpo7bbme6sbkhtffv; path=/
|   Expires: Thu, 19 Nov 1981 08:52:00 GMT
|   Cache-Control: no-store, no-cache, must-revalidate
|   Pragma: no-cache
|   Set-Cookie: INTELLI_06c8042c3d=homt31uijnpo7bbme6sbkhtffv; expires=Mon, 08-Aug-2022 19:32:33 GMT; Max-Age=1800; path=/
|   Location: http://exfiltrated.offsec/
|   Content-Length: 0
|   Connection: close
|   Content-Type: text/html; charset=UTF-8
|   
|_  (Request type: GET)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-errors: Couldn't find any error pages.
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-vhosts: 
|_128 names had status 302
|_http-date: Mon, 08 Aug 2022 19:02:29 GMT; -1s from local time.
| http-robots.txt: 7 disallowed entries 
| /backup/ /cron/? /front/ /install/ /panel/ /tmp/ 
|_/updates/
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-useragent-tester: 
|   Status for browser useragent: false
|   Redirected To: http://exfiltrated.offsec/
|   Allowed User Agents: 
|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     Python-urllib/2.5
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     Wget/1.13.4 (linux-gnu)
|_    WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
|_http-title: Did not follow redirect to http://exfiltrated.offsec/
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-sitemap-generator: 
|   Directory structure:
|   Longest directory structure:
|     Depth: 0
|     Dir: /
|   Total files found (by extension):
|_    
| http-enum: 
|   /robots.txt: Robots file
|   /.gitignore: Revision control ignore file
|_  /changelog.txt: Version field
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-comments-displayer: Couldn't find any comments.
|_http-passwd: ERROR: Script execution failed (use -d to debug)
|_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
|_http-feed: Couldn't find any feeds.
|_http-favicon: Unknown favicon MD5: 09BDDB30D6AE11E854BFF82ED638542B
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-wordpress-enum: 
| Search limited to top 100 themes/plugins
|   plugins
|     akismet
|     contact-form-7
|     wordpress-seo
|     jetpack
|     all-in-one-seo-pack
|     wordfence
|     woocommerce
|     google-sitemap-generator
|     wordpress-importer
|     nextgen-gallery
|     google-analytics-for-wordpress
|     wp-super-cache
|     tinymce-advanced
|     wptouch
|     better-wp-security
|     siteorigin-panels
|     updraftplus
|     w3-total-cache
|     google-analytics-dashboard-for-wp
|     wp-pagenavi
|     si-contact-form
|     advanced-custom-fields
|     mailchimp-for-wp
|     the-events-calendar
|     add-to-any
|     duplicator
|     wysija-newsletters
|     ninja-forms
|     wp-smushit
|     buddypress
|     ewww-image-optimizer
|     so-widgets-bundle
|     really-simple-captcha
|     ml-slider
|     black-studio-tinymce-widget
|     photo-gallery
|     broken-link-checker
|     regenerate-thumbnails
|     google-analyticator
|     redirection
|     captcha
|     duplicate-post
|     breadcrumb-navxt
|     backwpup
|     user-role-editor
|     yet-another-related-posts-plugin
|     contact-form-plugin
|     newsletter
|     bbpress
|     all-in-one-wp-security-and-firewall
|     disable-comments
|     social-networks-auto-poster-facebook-twitter-g
|     wp-optimize
|     addthis
|     wp-statistics
|     wp-e-commerce
|     all-in-one-wp-migration
|     backupwordpress
|     si-captcha-for-wordpress
|     wp-slimstat
|     wp-google-maps
|     wp-spamshield
|     wp-maintenance-mode
|     googleanalytics
|     worker
|     yith-woocommerce-wishlist
|     wp-multibyte-patch
|     wp-to-twitter
|     image-widget
|     wp-db-backup
|     shortcodes-ultimate
|     ultimate-tinymce
|     share-this
|     disqus-comment-system
|     gallery-bank
|     types
|     wp-polls
|     custom-post-type-ui
|     shareaholic
|     polylang
|     post-types-order
|     gtranslate
|     bulletproof-security
|     wp-fastest-cache
|     facebook
|     sociable
|     iwp-client
|     nextgen-facebook
|     seo-ultimate
|     wp-postviews
|     formidable
|     squirrly-seo
|     wp-mail-smtp
|     tablepress
|     redux-framework
|     page-links-to
|     youtube-embed-plus
|     contact-bank
|     maintenance
|     wp-retina-2x
|   themes
|     twentyeleven
|     twentytwelve
|     twentyten
|     twentythirteen
|     twentyfourteen
|     twentyfifteen
|     responsive
|     customizr
|     zerif-lite
|     virtue
|     storefront
|     atahualpa
|     twentysixteen
|     vantage
|     hueman
|     spacious
|     evolve
|     colorway
|     graphene
|     sydney
|     ifeature
|     mh-magazine-lite
|     generatepress
|     mantra
|     omega
|     onetone
|     coraline
|     pinboard
|     thematic
|     sparkling
|     catch-box
|     make
|     colormag
|     enigma
|     custom-community
|     mystique
|     alexandria
|     delicate
|     lightword
|     attitude
|     inove
|     magazine-basic
|     raindrops
|     minamaze
|     zbench
|     point
|     eclipse
|     portfolio-press
|     twentyseventeen
|     travelify
|     swift-basic
|     iconic-one
|     arcade-basic
|     bouquet
|     pixel
|     sliding-door
|     pilcrow
|     simple-catch
|     tempera
|     destro
|     p2
|     sunspot
|     sundance
|     dusk-to-dawn
|     onepress
|     moesia
|     dynamic-news-lite
|     parabola
|     parament
|     dazzling
|     accesspress-lite
|     optimizer
|     one-page
|     chaostheory
|     business-lite
|     duster
|     constructor
|     nirvana
|     sixteen
|     esquire
|     beach
|     next-saturday
|     flat
|     hatch
|     minimatica
|     radiate
|     accelerate
|     oxygen
|     accesspress-parallax
|     swift
|     spun
|     wp-creativix
|     suevafree
|     hemingway
|     pink-touch-2
|     motion
|     fruitful
|     steira
|     news
|_    llorix-one-lite
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.