# 80 - Web Services

```
PORT   STATE SERVICE REASON         VERSION
80/tcp open  http    syn-ack ttl 63 nginx 1.16.1
|_http-server-header: nginx/1.16.1
| http-enum: 
|   /blog/: Blog
|_  /contact/: Potentially interesting folder
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-feed: 
| Spidering limited to: maxpagecount=40; withinhost=192.168.135.62
|   Found the following feeds: 
|     Atom: /blog/feeds/atom/
|     Atom: http://192.168.135.62:80/blog/feeds/atom/
|_    RSS (version 2.0): /blog/feeds/rss/
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-title: Home | Mezzanine
|_http-passwd: ERROR: Script execution failed (use -d to debug)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-chrono: Request times for /; avg: 622.73ms; min: 506.14ms; max: 721.63ms
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-vhosts: 
|_128 names had status 200
|_http-devframework: Django detected. Found Django admin login page on /admin/
| http-sitemap-generator: 
|   Directory structure:
|     /
|       Other: 1
|     /about/team/
|       Other: 1
|     /blog/feeds/atom/
|       Other: 1
|   Longest directory structure:
|     Depth: 3
|     Dir: /blog/feeds/atom/
|   Total files found (by extension):
|_    Other: 3
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.62
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://192.168.135.62:80/
|     Form id: 
|     Form action: /search/
|     
|     Path: http://192.168.135.62:80/about/team/
|     Form id: 
|_    Form action: /search/
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-errors: Couldn't find any error pages.
| http-methods: 
|_  Supported Methods: GET HEAD OPTIONS
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-malware-host: Host appears to be clean
| http-headers: 
|   Server: nginx/1.16.1
|   Date: Tue, 09 Aug 2022 04:35:39 GMT
|   Content-Type: text/html; charset=utf-8
|   Content-Length: 6927
|   Connection: close
|   X-Frame-Options: SAMEORIGIN
|   Vary: Cookie
|   
|_  (Request type: HEAD)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
| http-useragent-tester: 
|   Status for browser useragent: 200
|   Allowed User Agents: 
|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     Python-urllib/2.5
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     Wget/1.13.4 (linux-gnu)
|_    WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-php-version: Logo query returned unknown hash e2d05cb54f0c980109f3fdab35c8404b
|_Credits query returned unknown hash e2d05cb54f0c980109f3fdab35c8404b
|_http-favicon: Unknown favicon MD5: 11FB4799192313DD5474A343D9CC0A17
| http-comments-displayer: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.62
|     
|     Path: http://192.168.135.62:80/about/team/
|     Line number: 34
|     Comment: 
|         <!--[if lt IE 9]>
|         <script src="/static/js/html5shiv.js"></script>
|         <script src="/static/js/respond.min.js"></script>
|_        <![endif]-->
|_http-frontpage-login: ERROR: Script execution failed (use -d to debug)
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-security-headers: 
|   X_Frame_Options: 
|     Header: X-Frame-Options: SAMEORIGIN
|_    Description: The browser must not display this content in any frame from a page of different origin than the content itself.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Tue, 09 Aug 2022 04:35:47 GMT; -3s from local time.

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Aug  9 00:39:08 2022 -- 1 IP address (1 host up) scanned in 221.85 seconds
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lyethar.gitbook.io/twiggy/enumeration/80-web-services.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.