Web Services

PORT   STATE SERVICE REASON         VERSION
80/tcp open  http    syn-ack ttl 63 Apache httpd 2.4.38 ((Debian))
|_http-malware-host: Host appears to be clean
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
| http-comments-displayer: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.166
|     
|     Path: http://192.168.135.166:80/
|     Line number: 126
|     Comment: 
|         <!-- #main -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 91
|     Comment: 
|         <!-- .entry-content -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 155
|     Comment: 
|         <!-- .powered-by -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 190
|     Comment: 
|         <!-- Thanks for stopping by. Have an amazing day! -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 127
|     Comment: 
|         <!-- #primary -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 67
|     Comment: 
|         <!-- #masthead -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 95
|     Comment: 
|         <!-- #post-${ID} -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 157
|     Comment: 
|         <!-- .site-info -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 153
|     Comment: 
|         <!-- .site-name -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 94
|     Comment: 
|         <!-- .entry-footer -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 87
|     Comment: 
|         <!-- .entry-header -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 4
|     Comment: 
|         <!-- Built With SiteEditor | http://www.siteeditor.org -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 64
|     Comment: 
|         <!-- .site-branding -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 160
|     Comment: 
|         <!-- #page -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 128
|     Comment: 
|         <!-- #content -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 158
|     Comment: 
|         <!-- #colophon -->
|     
|     Path: http://192.168.135.166:80/
|     Line number: 146
|     Comment: 
|_        <!-- .widget-area -->
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
| http-wordpress-users: 
| Username found: admin
|_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-users.limit'

wordpress-users.limit'

| http-enum: 
|   /wp-login.php: Possible admin folder
|   /readme.html: Wordpress version: 2 
|   /: WordPress version: 5.7.2
|   /wp-includes/images/rss.png: Wordpress version 2.2 found.
|   /wp-includes/js/jquery/suggest.js: Wordpress version 2.5 found.
|   /wp-includes/images/blank.gif: Wordpress version 2.6 found.
|   /wp-includes/js/comment-reply.js: Wordpress version 2.7 found.
|   /wp-login.php: Wordpress login page.
|   /wp-admin/upgrade.php: Wordpress login page.
|_  /readme.html: Interesting, a readme.
| http-headers: 
|   Date: Thu, 04 Aug 2022 19:05:29 GMT
|   Server: Apache/2.4.38 (Debian)
|   Link: <http://192.168.135.166/index.php/wp-json/>; rel="https://api.w.org/"
|   Connection: close
|   Content-Type: text/html; charset=UTF-8
|   
|_  (Request type: HEAD)
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-sitemap-generator: 
|   Directory structure:
|     /
|       Other: 1
|     /index.php/comments/feed/
|       Other: 1
|     /wp-includes/
|       xml: 1
|   Longest directory structure:
|     Depth: 3
|     Dir: /index.php/comments/feed/
|   Total files found (by extension):
|_    Other: 2; xml: 1
|_http-server-header: Apache/2.4.38 (Debian)
| http-useragent-tester: 
|   Status for browser useragent: 200
|   Allowed User Agents: 
|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     Python-urllib/2.5
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     Wget/1.13.4 (linux-gnu)
|_    WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-errors: Couldn't find any error pages.
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.166
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://192.168.135.166:80/
|     Form id: search-form-1
|_    Form action: http://192.168.135.166/
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-generator: WordPress 5.7.2
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-wordpress-enum: 
| Search limited to top 100 themes/plugins
|   plugins
|_    akismet 4.1.9
| http-grep: 
|   (1) http://192.168.135.166:80/: 
|     (1) ip: 
|_      + 192.168.135.166
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Thu, 04 Aug 2022 19:05:25 GMT; -1s from local time.
| http-php-version: Logo query returned unknown hash fbceb47ed2f08b18f92fb27a3411849d
|_Credits query returned unknown hash fef478f4c2cf100714c1b583acd18397
| http-vhosts: 
| 127 names had status 200
|_cdn
|_http-devframework: Wordpress detected. Found common traces on /
|_http-title: Readys &#8211; Just another WordPress site
| http-feed: 
| Spidering limited to: maxpagecount=40; withinhost=192.168.135.166
|   Found the following feeds: 
|     RSS (version 2.0): http://192.168.135.166/index.php/comments/feed/
|     RSS (version 2.0): http://192.168.135.166/index.php/category/uncategorised/feed/
|     RSS (version 2.0): http://192.168.135.166/index.php/feed/
|     RSS (version 2.0): http://192.168.135.166/index.php/2021/07/11/hello-world/feed/
|_    RSS (version 2.0): http://192.168.135.166:80/index.php/feed/
|_http-chrono: Request times for /; avg: 300.37ms; min: 185.93ms; max: 355.04ms

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Aug  4 15:05:42 2022 -- 1 IP address (1 host up) scanned in 23.49 seconds

PreviousUDP NextNikto

Last updated 3 years ago