80 - Web Services
Bug in http-security-headers: no string output.
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.46 ((Unix) PHP/7.4.10)
|_http-userdir-enum: Potential Users: root
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.105
| Found the following possible CSRF vulnerabilities:
|
| Path: http://192.168.135.105:80/
| Form id:
| Form action: /
|
| Path: http://192.168.135.105:80/
| Form id:
|_ Form action: /
|_http-malware-host: Host appears to be clean
|_http-devframework: Wordpress detected. Found common traces on /
| http-php-version: Logo query returned unknown hash 2a029d707f7d7fcb3c850ff67d87d9cc
| Credits query returned unknown hash 2a029d707f7d7fcb3c850ff67d87d9cc
|_Version from header x-powered-by: PHP/7.4.10
| http-headers:
| Date: Thu, 04 Aug 2022 21:54:35 GMT
| Server: Apache/2.4.46 (Unix) PHP/7.4.10
| X-Powered-By: PHP/7.4.10
| Link: <http://192.168.120.55/index.php/wp-json/>; rel="https://api.w.org/"
| Connection: close
| Content-Type: text/html; charset=UTF-8
|
|_ (Request type: HEAD)
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-wordpress-enum:
| Search limited to top 100 themes/plugins
| themes
| twentyseventeen 2.4
| plugins
|_ akismet 4.1.6
|_http-title: Retro Gamming – Just another WordPress site
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-errors: Couldn't find any error pages.
| http-trace: TRACE is enabled
| Headers:
| Date: Thu, 04 Aug 2022 21:54:14 GMT
| Server: Apache/2.4.46 (Unix) PHP/7.4.10
| Connection: close
| Transfer-Encoding: chunked
|_Content-Type: message/http
| http-feed:
| Spidering limited to: maxpagecount=40; withinhost=192.168.135.105
| Found the following feeds:
| RSS (version 2.0): /index.php/category/uncategorized/feed/
| RSS (version 2.0): /index.php/sample-page/feed/
| RSS (version 2.0): /index.php/comments/feed/
|_ RSS (version 2.0): /index.php/feed/
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-generator: WordPress 5.5.1
| http-wordpress-users:
| Username found: admin
|_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-users.limit'
|_http-fetch: Please enter the complete path of the directory to save data in.
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.105
|
| Path: http://192.168.135.105:80/
| Line number: 145
| Comment:
| <!-- .entry-content -->
|
| Path: http://192.168.135.105:80/
| Line number: 209
| Comment:
| /* <![CDATA[ */
|
| Path: http://192.168.135.105:80/
| Line number: 119
| Comment:
| <!-- .nv-header-menu-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 205
| Comment:
| <!-- #page -->
|
| Path: http://192.168.135.105:80/
| Line number: 81
| Comment:
| <!-- .cv-container -->
|
| Path: http://192.168.135.105:80/
| Line number: 148
| Comment:
| <!-- .entry-footer -->
|
| Path: http://192.168.135.105:80/
| Line number: 196
| Comment:
| <!-- #content -->
|
| Path: http://192.168.135.105:80/
| Line number: 154
| Comment:
| <!-- #primary -->
|
| Path: http://192.168.135.105:80/
| Line number: 95
| Comment:
| <!-- .nv-home-icon -->
|
| Path: http://192.168.135.105:80/
| Line number: 205
| Comment:
| <!-- #colophon -->
|
| Path: http://192.168.135.105:80/
| Line number: 81
| Comment:
| <!-- .nv-top-header-wrap -->
|
| Path: http://192.168.135.105:80/
| Line number: 120
| Comment:
| <!-- .site-header -->
|
| Path: http://192.168.135.105:80/
| Line number: 80
| Comment:
| <!-- .nv-top-right-section-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 205
| Comment:
| <!-- bottom-footer -->
|
| Path: http://192.168.135.105:80/
| Line number: 104
| Comment:
| <!-- #site-navigation -->
|
| Path: http://192.168.135.105:80/
| Line number: 152
| Comment:
| <!-- #post-1 -->
|
| Path: http://192.168.135.105:80/
| Line number: 193
| Comment:
| <!-- #secondary -->
|
| Path: http://192.168.135.105:80/
| Line number: 202
| Comment:
| <!-- .site-info -->
|
| Path: http://192.168.135.105:80/
| Line number: 90
| Comment:
| <!-- .nv-logo-section-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 150
| Comment:
| <!-- nv-archive-post-content-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 211
| Comment:
| /* ]]> */
|
| Path: http://192.168.135.105:80/
| Line number: 89
| Comment:
| <!-- .nv-header-ads-area -->
|
| Path: http://192.168.135.105:80/
| Line number: 124
| Comment:
| <!-- .ticker-content-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 139
| Comment:
| <!-- .entry-meta -->
|
| Path: http://192.168.135.105:80/
| Line number: 116
| Comment:
| <!-- .nv-header-search-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 125
| Comment:
| <!-- .nv-ticker-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 153
| Comment:
| <!-- #main -->
|
| Path: http://192.168.135.105:80/
| Line number: 87
| Comment:
| <!-- .site-branding -->
|
| Path: http://192.168.135.105:80/
| Line number: 78
| Comment:
| <!-- .nv-top-left-section-wrapper -->
|
| Path: http://192.168.135.105:80/
| Line number: 125
| Comment:
| <!-- .nv-ticker-block -->
|
| Path: http://192.168.135.105:80/
| Line number: 140
| Comment:
|_ <!-- .entry-header -->
| http-grep:
| (2) http://192.168.135.105:80/:
| (1) ip:
| + 192.168.120.55
| (1) email:
|_ + admin@local.host
|_http-chrono: Request times for /; avg: 1154.39ms; min: 795.83ms; max: 1663.98ms
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
| http-enum:
| /wordpress/: Blog
| /wp-login.php: Possible admin folder
| /readme.html: Wordpress version: 2
| /: WordPress version: 5.5.1
| /wp-includes/images/rss.png: Wordpress version 2.2 found.
| /wp-includes/js/jquery/suggest.js: Wordpress version 2.5 found.
| /wp-includes/images/blank.gif: Wordpress version 2.6 found.
| /wp-includes/js/comment-reply.js: Wordpress version 2.7 found.
| /wp-login.php: Wordpress login page.
| /wp-admin/upgrade.php: Wordpress login page.
| /readme.html: Interesting, a readme.
|_ /icons/: Potentially interesting folder w/ directory listing
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-date: Thu, 04 Aug 2022 21:53:58 GMT; -2s from local time.
| http-vhosts:
|_128 names had status 200
|_http-mobileversion-checker: No mobile version detected.
|_http-server-header: Apache/2.4.46 (Unix) PHP/7.4.10
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| Longest directory structure:
| Depth: 0
| Dir: /
| Total files found (by extension):
|_ Other: 1Last updated