80 - Web Services
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 63 nginx 1.16.1
|_http-server-header: nginx/1.16.1
| http-enum:
| /blog/: Blog
|_ /contact/: Potentially interesting folder
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
| http-feed:
| Spidering limited to: maxpagecount=40; withinhost=192.168.135.62
| Found the following feeds:
| Atom: /blog/feeds/atom/
| Atom: http://192.168.135.62:80/blog/feeds/atom/
|_ RSS (version 2.0): /blog/feeds/rss/
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-title: Home | Mezzanine
|_http-passwd: ERROR: Script execution failed (use -d to debug)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-chrono: Request times for /; avg: 622.73ms; min: 506.14ms; max: 721.63ms
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-vhosts:
|_128 names had status 200
|_http-devframework: Django detected. Found Django admin login page on /admin/
| http-sitemap-generator:
| Directory structure:
| /
| Other: 1
| /about/team/
| Other: 1
| /blog/feeds/atom/
| Other: 1
| Longest directory structure:
| Depth: 3
| Dir: /blog/feeds/atom/
| Total files found (by extension):
|_ Other: 3
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.62
| Found the following possible CSRF vulnerabilities:
|
| Path: http://192.168.135.62:80/
| Form id:
| Form action: /search/
|
| Path: http://192.168.135.62:80/about/team/
| Form id:
|_ Form action: /search/
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-errors: Couldn't find any error pages.
| http-methods:
|_ Supported Methods: GET HEAD OPTIONS
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-malware-host: Host appears to be clean
| http-headers:
| Server: nginx/1.16.1
| Date: Tue, 09 Aug 2022 04:35:39 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 6927
| Connection: close
| X-Frame-Options: SAMEORIGIN
| Vary: Cookie
|
|_ (Request type: HEAD)
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
| http-useragent-tester:
| Status for browser useragent: 200
| Allowed User Agents:
| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
| libwww
| lwp-trivial
| libcurl-agent/1.0
| PHP/
| Python-urllib/2.5
| GT::WWW
| Snoopy
| MFC_Tear_Sample
| HTTP::Lite
| PHPCrawl
| URI::Fetch
| Zend_Http_Client
| http client
| PECL::HTTP
| Wget/1.13.4 (linux-gnu)
|_ WWW-Mechanize/1.34
|_http-mobileversion-checker: No mobile version detected.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-php-version: Logo query returned unknown hash e2d05cb54f0c980109f3fdab35c8404b
|_Credits query returned unknown hash e2d05cb54f0c980109f3fdab35c8404b
|_http-favicon: Unknown favicon MD5: 11FB4799192313DD5474A343D9CC0A17
| http-comments-displayer:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.135.62
|
| Path: http://192.168.135.62:80/about/team/
| Line number: 34
| Comment:
| <!--[if lt IE 9]>
| <script src="/static/js/html5shiv.js"></script>
| <script src="/static/js/respond.min.js"></script>
|_ <![endif]-->
|_http-frontpage-login: ERROR: Script execution failed (use -d to debug)
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-security-headers:
| X_Frame_Options:
| Header: X-Frame-Options: SAMEORIGIN
|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-date: Tue, 09 Aug 2022 04:35:47 GMT; -3s from local time.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Aug 9 00:39:08 2022 -- 1 IP address (1 host up) scanned in 221.85 secondsLast updated