#######################################################################################################################################
=======================================================================================================================================
Hostname 	www.csirt.gob.cl 	  	ISP 	Amazon.com, Inc.
Continent 	North America 	  	Flag 	
US
Country 	United States 	  	Country Code 	US
Region 	Virginia 	  	Local time 	31 Oct 2019 00:45 EDT
City 	Ashburn 	  	Postal Code 	20149
IP Address 	18.211.128.100 	  	Latitude 	39.048
  	  	  	Longitude 	-77.473
=======================================================================================================================================
#######################################################################################################################################
> www.csirt.gob.cl
Server:		185.93.180.131
Address:	185.93.180.131#53

Non-authoritative answer:
www.csirt.gob.cl	canonical name = g1.mincl.pyxsoft.net.
Name:	g1.mincl.pyxsoft.net
Address: 18.211.128.100
> 
#######################################################################################################################################

[+] Target : www.csirt.gob.cl

[+] IP Address : 18.211.128.100

[+] Headers :

[+] Date : Thu, 31 Oct 2019 05:03:58 GMT
[+] Content-Type : text/html
[+] Content-Length : 37566
[+] Connection : keep-alive
[+] Server : PxShield
[+] X-Time-Phase-1 : 0
[+] Vary : Accept-Encoding
[+] Accept-Ranges : bytes
[+] ETag : "1400086885"
[+] Last-Modified : Thu, 31 Oct 2019 00:39:42 GMT

[+] SSL Certificate Information : 

[+] countryName : CL
[+] stateOrProvinceName : Region Metropolitana
[+] localityName : Santiago
[+] organizationalUnitName : Informatica
[+] organizationName : Subsecretaria del Interior
[+] commonName : *.interior.gob.cl
[+] countryName : BE
[+] organizationName : GlobalSign nv-sa
[+] commonName : GlobalSign RSA OV SSL CA 2018
[+] Version : 3
[+] Serial Number : 5E0A5EAF083EA7A038A4B7DA
[+] Not Before : Jul  3 20:14:04 2019 GMT
[+] Not After : Jan 19 19:11:05 2020 GMT
[+] OCSP : ('http://ocsp.globalsign.com/gsrsaovsslca2018',)
[+] subject Alt Name : (('DNS', '*.interior.gob.cl'), ('DNS', '*.extranjeria.gob.cl'), ('DNS', '*.ciberseguridad.gob.cl'), ('DNS', '*.csirt.gob.cl'), ('DNS', '*.subinterior.gob.cl'), ('DNS', '*.concienciadigital.gob.cl'), ('DNS', '*.diarioficial.cl'), ('DNS', '*.diariooficial.interior.gob.cl'), ('DNS', '*.boletinoficialdemineria.cl'), ('DNS', '*.interior.gov.cl'), ('DNS', '*.minterior.gov.cl'), ('DNS', 'nic.gob.cl'), ('DNS', 'cecipu.gob.cl'), ('DNS', 'www.cecipu.gob.cl'), ('DNS', 'interior.gob.cl'))
[+] CA Issuers : ('http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt',)
[+] CRL Distribution Points : ('http://crl.globalsign.com/gsrsaovsslca2018.crl',)

[+] Whois Lookup : 

[+] NIR : None
[+] ASN Registry : arin
[+] ASN : 14618
[+] ASN CIDR : 18.208.0.0/13
[+] ASN Country Code : US
[+] ASN Date : 2018-06-29
[+] ASN Description : AMAZON-AES - Amazon.com, Inc., US
[+] cidr : 18.128.0.0/9
[+] name : AT-88-Z
[+] handle : NET-18-128-0-0-1
[+] range : 18.128.0.0 - 18.255.255.255
[+] description : Amazon Technologies Inc.
[+] country : US
[+] state : WA
[+] city : Seattle
[+] address : 410 Terry Ave N.
[+] postal_code : 98109
[+] emails : ['amzn-noc-contact@amazon.com', 'aws-routing-poc@amazon.com', 'abuse@amazonaws.com']
[+] created : 2018-06-29
[+] updated : 2018-09-19

[+] Crawling Target...

[+] Looking for robots.txt........[ Not Found ]
[+] Looking for sitemap.xml.......[ Not Found ]
[+] Extracting CSS Links..........[ 4 ]
[+] Extracting Javascript Links...[ 10 ]
[+] Extracting Internal Links.....[ 0 ]
[+] Extracting External Links.....[ 19 ]
[+] Extracting Images.............[ 20 ]

[+] Total Links Extracted : 53

[+] Dumping Links in /opt/FinalRecon/dumps/www.csirt.gob.cl.dump
[+] Completed!
#######################################################################################################################################
[+] Starting At 2019-10-31 01:04:31.041321
[+] Collecting Information On: https://www.csirt.gob.cl/
[#] Status: 200
--------------------------------------------------
[#] Web Server Detected: PxShield
[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
- Date: Thu, 31 Oct 2019 05:04:33 GMT
- Content-Type: text/html
- Content-Length: 37566
- Connection: keep-alive
- Server: PxShield
- X-Time-Phase-1: 0.0010001659393311
- Vary: Accept-Encoding
- Accept-Ranges: bytes
- ETag: "3416400805"
- Last-Modified: Thu, 31 Oct 2019 00:39:42 GMT
--------------------------------------------------
[#] Finding Location..!
[#] status: success
[#] country: Chile
[#] countryCode: CL
[#] region: RM
[#] regionName: Santiago Metropolitan
[#] city: Santiago
[#] zip: 8320000
[#] lat: -33.4429
[#] lon: -70.6539
[#] timezone: America/Santiago
[#] isp: Latin American and Caribbean IP address Regional Registry
[#] org: Ministerio del Interior y de Seguridad Publica - Gobierno de Chile
[#] as: AS17147 Latin American and Caribbean IP address Regional Registry
[#] query: 163.247.175.147
--------------------------------------------------
[x] Didn't Detect WAF Presence on: https://www.csirt.gob.cl/
--------------------------------------------------
[#] Starting Reverse DNS
[-] Failed ! Fail
--------------------------------------------------
[!] Scanning Open Port
[#] 1/tcp  open tcpmux
[#] 3/tcp  open compressnet
[#] 4/tcp  open unknown
[#] 6/tcp  open unknown
[#] 7/tcp  open echo
[#] 9/tcp  open discard
[#] 13/tcp  open daytime
[#] 17/tcp  open qotd
[#] 19/tcp  open chargen
[#] 20/tcp  open ftp-data
[#] 21/tcp  open ftp
[#] 22/tcp  open ssh
[#] 24/tcp  open priv-mail
[#] 26/tcp  open rsftp
[#] 30/tcp  open unknown
[#] 32/tcp  open unknown
[#] 33/tcp  open dsp
[#] 37/tcp  open time
[#] 42/tcp  open nameserver
[#] 43/tcp  open whois
[#] 49/tcp  open tacacs
[#] 53/tcp  open domain
[#] 70/tcp  open gopher
[#] 79/tcp  open finger
[#] 80/tcp  open http
[#] 81/tcp  open hosts2-ns
[#] 82/tcp  open xfer
[#] 83/tcp  open mit-ml-dev
[#] 84/tcp  open ctf
[#] 85/tcp  open mit-ml-dev
[#] 88/tcp  open kerberos-sec
[#] 89/tcp  open su-mit-tg
[#] 90/tcp  open dnsix
[#] 99/tcp  open metagram
[#] 100/tcp  open newacct
[#] 106/tcp  open pop3pw
[#] 109/tcp  open pop2
[#] 110/tcp  open pop3
[#] 111/tcp  open rpcbind
[#] 119/tcp  open nntp
[#] 125/tcp  open locus-map
[#] 143/tcp  open imap
[#] 144/tcp  open news
[#] 146/tcp  open iso-tp0
[#] 161/tcp  open snmp
[#] 163/tcp  open cmip-man
[#] 179/tcp  open bgp
[#] 199/tcp  open smux
[#] 211/tcp  open 914c-g
[#] 212/tcp  open anet
[#] 222/tcp  open rsh-spx
[#] 254/tcp  open unknown
[#] 255/tcp  open unknown
[#] 256/tcp  open fw1-secureremote
[#] 259/tcp  open esro-gen
[#] 264/tcp  open bgmp
[#] 280/tcp  open http-mgmt
[#] 301/tcp  open unknown
[#] 306/tcp  open unknown
[#] 311/tcp  open asip-webadmin
[#] 340/tcp  open unknown
[#] 366/tcp  open odmr
[#] 389/tcp  open ldap
[#] 406/tcp  open imsp
[#] 407/tcp  open timbuktu
[#] 416/tcp  open silverplatter
[#] 417/tcp  open onmux
[#] 425/tcp  open icad-el
[#] 427/tcp  open svrloc
[#] 443/tcp  open https
[#] 444/tcp  open snpp
[#] 458/tcp  open appleqtc
[#] 464/tcp  open kpasswd5
[#] 465/tcp  open smtps
[#] 481/tcp  open dvs
[#] 497/tcp  open retrospect
[#] 500/tcp  open isakmp
[#] 512/tcp  open exec
[#] 513/tcp  open login
[#] 514/tcp  open shell
[#] 515/tcp  open printer
[#] 524/tcp  open ncp
[#] 541/tcp  open uucp-rlogin
[#] 543/tcp  open klogin
[#] 544/tcp  open kshell
[#] 545/tcp  open ekshell
[#] 548/tcp  open afp
[#] 554/tcp  open rtsp
[#] 555/tcp  open dsf
[#] 563/tcp  open snews
[#] 587/tcp  open submission
[#] 593/tcp  open http-rpc-epmap
[#] 616/tcp  open sco-sysmgr
[#] 617/tcp  open sco-dtmgr
[#] 625/tcp  open apple-xsrvr-admin
[#] 631/tcp  open ipp
[#] 636/tcp  open ldapssl
[#] 646/tcp  open ldp
[#] 648/tcp  open rrp
[#] 666/tcp  open doom
[#] 667/tcp  open disclose
[#] 668/tcp  open mecomm
[#] 683/tcp  open corba-iiop
[#] 687/tcp  open asipregistry
[#] 691/tcp  open resvc
[#] 700/tcp  open epp
[#] 705/tcp  open agentx
[#] 711/tcp  open cisco-tdp
[#] 714/tcp  open iris-xpcs
[#] 720/tcp  open unknown
[#] 722/tcp  open unknown
[#] 726/tcp  open unknown
[#] 749/tcp  open kerberos-adm
[#] 765/tcp  open webster
[#] 777/tcp  open multiling-http
[#] 783/tcp  open spamassassin
[#] 787/tcp  open qsc
[#] 800/tcp  open mdbs_daemon
[#] 801/tcp  open device
[#] 808/tcp  open ccproxy-http
[#] 843/tcp  open unknown
[#] 873/tcp  open rsync
[#] 880/tcp  open unknown
[#] 888/tcp  open accessbuilder
[#] 898/tcp  open sun-manageconsole
[#] 900/tcp  open omginitialrefs
[#] 901/tcp  open samba-swat
[#] 902/tcp  open iss-realsecure
[#] 903/tcp  open iss-console-mgr
[#] 911/tcp  open xact-backup
[#] 912/tcp  open apex-mesh
[#] 981/tcp  open unknown
[#] 987/tcp  open unknown
[#] 990/tcp  open ftps
[#] 992/tcp  open telnets
[#] 993/tcp  open imaps
[#] 995/tcp  open pop3s
[#] 999/tcp  open garcon
[#] 1000/tcp  open cadlock
[#] 1001/tcp  open webpush
[#] 1002/tcp  open windows-icfw
[#] 1007/tcp  open unknown
[#] 1009/tcp  open unknown
[#] 1010/tcp  open surf
[#] 1011/tcp  open unknown
[#] 1021/tcp  open exp1
[#] 1022/tcp  open exp2
[#] 1023/tcp  open netvenuechat
[#] 1024/tcp  open kdm
[#] 1025/tcp  open NFS-or-IIS
[#] 1026/tcp  open LSA-or-nterm
[#] 1027/tcp  open IIS
[#] 1028/tcp  open unknown
[#] 1029/tcp  open ms-lsa
[#] 1030/tcp  open iad1
[#] 1031/tcp  open iad2
[#] 1032/tcp  open iad3
[#] 1033/tcp  open netinfo
[#] 1034/tcp  open zincite-a
[#] 1035/tcp  open multidropper
[#] 1036/tcp  open nsstp
[#] 1037/tcp  open ams
[#] 1038/tcp  open mtqp
[#] 1039/tcp  open sbl
[#] 1040/tcp  open netsaint
[#] 1041/tcp  open danf-ak2
[#] 1042/tcp  open afrog
[#] 1043/tcp  open boinc
[#] 1044/tcp  open dcutility
[#] 1045/tcp  open fpitp
[#] 1046/tcp  open wfremotertm
[#] 1047/tcp  open neod1
[#] 1048/tcp  open neod2
[#] 1049/tcp  open td-postman
[#] 1050/tcp  open java-or-OTGfileshare
[#] 1051/tcp  open optima-vnet
[#] 1052/tcp  open ddt
[#] 1053/tcp  open remote-as
[#] 1054/tcp  open brvread
[#] 1055/tcp  open ansyslmd
[#] 1056/tcp  open vfo
[#] 1057/tcp  open startron
[#] 1058/tcp  open nim
[#] 1059/tcp  open nimreg
[#] 1060/tcp  open polestar
[#] 1061/tcp  open kiosk
[#] 1062/tcp  open veracity
[#] 1063/tcp  open kyoceranetdev
[#] 1064/tcp  open jstel
[#] 1065/tcp  open syscomlan
[#] 1066/tcp  open fpo-fns
[#] 1067/tcp  open instl_boots
[#] 1068/tcp  open instl_bootc
[#] 1069/tcp  open cognex-insight
[#] 1070/tcp  open gmrupdateserv
[#] 1071/tcp  open bsquare-voip
[#] 1072/tcp  open cardax
[#] 1073/tcp  open bridgecontrol
[#] 1074/tcp  open warmspotMgmt
[#] 1075/tcp  open rdrmshc
[#] 1076/tcp  open sns_credit
[#] 1077/tcp  open imgames
[#] 1078/tcp  open avocent-proxy
[#] 1079/tcp  open asprovatalk
[#] 1080/tcp  open socks
[#] 1081/tcp  open pvuniwien
[#] 1082/tcp  open amt-esd-prot
[#] 1083/tcp  open ansoft-lm-1
[#] 1084/tcp  open ansoft-lm-2
[#] 1085/tcp  open webobjects
[#] 1086/tcp  open cplscrambler-lg
[#] 1087/tcp  open cplscrambler-in
[#] 1088/tcp  open cplscrambler-al
[#] 1089/tcp  open ff-annunc
[#] 1090/tcp  open ff-fms
[#] 1091/tcp  open ff-sm
[#] 1092/tcp  open obrpd
[#] 1093/tcp  open proofd
[#] 1094/tcp  open rootd
[#] 1095/tcp  open nicelink
[#] 1096/tcp  open cnrprotocol
[#] 1097/tcp  open sunclustermgr
[#] 1098/tcp  open rmiactivation
[#] 1099/tcp  open rmiregistry
[#] 1100/tcp  open mctp
[#] 1102/tcp  open adobeserver-1
[#] 1104/tcp  open xrl
[#] 1105/tcp  open ftranhc
[#] 1106/tcp  open isoipsigport-1
[#] 1107/tcp  open isoipsigport-2
[#] 1108/tcp  open ratio-adp
[#] 1110/tcp  open nfsd-status
[#] 1111/tcp  open lmsocialserver
[#] 1112/tcp  open msql
[#] 1113/tcp  open ltp-deepspace
[#] 1114/tcp  open mini-sql
[#] 1117/tcp  open ardus-mtrns
[#] 1119/tcp  open bnetgame
[#] 1121/tcp  open rmpp
[#] 1122/tcp  open availant-mgr
[#] 1123/tcp  open murray
[#] 1124/tcp  open hpvmmcontrol
[#] 1126/tcp  open hpvmmdata
[#] 1130/tcp  open casp
[#] 1131/tcp  open caspssl
[#] 1132/tcp  open kvm-via-ip
[#] 1137/tcp  open trim
[#] 1138/tcp  open encrypted_admin
[#] 1141/tcp  open mxomss
[#] 1145/tcp  open x9-icue
[#] 1147/tcp  open capioverlan
[#] 1148/tcp  open elfiq-repl
[#] 1149/tcp  open bvtsonar
[#] 1151/tcp  open unizensus
[#] 1152/tcp  open winpoplanmess
[#] 1154/tcp  open resacommunity
[#] 1163/tcp  open sddp
[#] 1164/tcp  open qsm-proxy
[#] 1165/tcp  open qsm-gui
[#] 1166/tcp  open qsm-remote
[#] 1169/tcp  open tripwire
[#] 1174/tcp  open fnet-remote-ui
[#] 1175/tcp  open dossier
[#] 1183/tcp  open llsurfup-http
[#] 1185/tcp  open catchpole
[#] 1186/tcp  open mysql-cluster
[#] 1187/tcp  open alias
[#] 1192/tcp  open caids-sensor
[#] 1198/tcp  open cajo-discovery
[#] 1199/tcp  open dmidi
[#] 1201/tcp  open nucleus-sand
[#] 1213/tcp  open mpc-lifenet
[#] 1216/tcp  open etebac5
[#] 1217/tcp  open hpss-ndapi
[#] 1218/tcp  open aeroflight-ads
[#] 1233/tcp  open univ-appserver
[#] 1234/tcp  open hotline
[#] 1236/tcp  open bvcontrol
[#] 1244/tcp  open isbconference1
[#] 1247/tcp  open visionpyramid
[#] 1248/tcp  open hermes
[#] 1259/tcp  open opennl-voice
[#] 1271/tcp  open excw
[#] 1272/tcp  open cspmlockmgr
[#] 1277/tcp  open miva-mqs
[#] 1287/tcp  open routematch
[#] 1296/tcp  open dproxy
[#] 1300/tcp  open h323hostcallsc
[#] 1301/tcp  open ci3-software-1
[#] 1309/tcp  open jtag-server
[#] 1310/tcp  open husky
[#] 1311/tcp  open rxmon
[#] 1322/tcp  open novation
[#] 1328/tcp  open ewall
[#] 1334/tcp  open writesrv
[#] 1352/tcp  open lotusnotes
[#] 1417/tcp  open timbuktu-srv1
[#] 1433/tcp  open ms-sql-s
[#] 1434/tcp  open ms-sql-m
[#] 1443/tcp  open ies-lm
[#] 1455/tcp  open esl-lm
[#] 1461/tcp  open ibm_wrless_lan
[#] 1494/tcp  open citrix-ica
[#] 1500/tcp  open vlsi-lm
[#] 1501/tcp  open sas-3
[#] 1503/tcp  open imtc-mcs
[#] 1521/tcp  open oracle
[#] 1524/tcp  open ingreslock
[#] 1533/tcp  open virtual-places
[#] 1556/tcp  open veritas_pbx
[#] 1580/tcp  open tn-tl-r1
[#] 1583/tcp  open simbaexpress
[#] 1594/tcp  open sixtrak
[#] 1600/tcp  open issd
[#] 1641/tcp  open invision
[#] 1658/tcp  open sixnetudr
[#] 1666/tcp  open netview-aix-6
[#] 1687/tcp  open nsjtp-ctrl
[#] 1688/tcp  open nsjtp-data
[#] 1700/tcp  open mps-raft
[#] 1717/tcp  open fj-hdnet
[#] 1718/tcp  open h323gatedisc
[#] 1719/tcp  open h323gatestat
[#] 1720/tcp  open h323q931
[#] 1721/tcp  open caicci
[#] 1723/tcp  open pptp
[#] 1755/tcp  open wms
[#] 1761/tcp  open landesk-rc
[#] 1782/tcp  open hp-hcip
[#] 1783/tcp  open unknown
[#] 1801/tcp  open msmq
[#] 1805/tcp  open enl-name
[#] 1812/tcp  open radius
[#] 1839/tcp  open netopia-vo1
[#] 1840/tcp  open netopia-vo2
[#] 1862/tcp  open mysql-cm-agent
[#] 1863/tcp  open msnp
[#] 1864/tcp  open paradym-31
[#] 1875/tcp  open westell-stats
[#] 1900/tcp  open upnp
[#] 1914/tcp  open elm-momentum
[#] 1935/tcp  open rtmp
[#] 1947/tcp  open sentinelsrm
[#] 1971/tcp  open netop-school
[#] 1972/tcp  open intersys-cache
[#] 1974/tcp  open drp
[#] 1984/tcp  open bigbrother
[#] 1998/tcp  open x25-svc-port
[#] 1999/tcp  open tcp-id-port
[#] 2000/tcp  open cisco-sccp
[#] 2001/tcp  open dc
[#] 2002/tcp  open globe
[#] 2003/tcp  open finger
[#] 2004/tcp  open mailbox
[#] 2005/tcp  open deslogin
[#] 2006/tcp  open invokator
[#] 2007/tcp  open dectalk
[#] 2008/tcp  open conf
[#] 2009/tcp  open news
[#] 2010/tcp  open search
[#] 2013/tcp  open raid-am
[#] 2020/tcp  open xinupageserver
[#] 2021/tcp  open servexec
[#] 2022/tcp  open down
[#] 2030/tcp  open device2
[#] 2033/tcp  open glogger
[#] 2034/tcp  open scoremgr
[#] 2035/tcp  open imsldoc
[#] 2038/tcp  open objectmanager
[#] 2040/tcp  open lam
[#] 2041/tcp  open interbase
[#] 2042/tcp  open isis
[#] 2043/tcp  open isis-bcast
[#] 2045/tcp  open cdfunc
[#] 2046/tcp  open sdfunc
[#] 2047/tcp  open dls
[#] 2048/tcp  open dls-monitor
[#] 2049/tcp  open nfs
[#] 2065/tcp  open dlsrpn
[#] 2068/tcp  open avocentkvm
[#] 2099/tcp  open h2250-annex-g
[#] 2100/tcp  open amiganetfs
[#] 2103/tcp  open zephyr-clt
[#] 2105/tcp  open eklogin
[#] 2106/tcp  open ekshell
[#] 2107/tcp  open msmq-mgmt
[#] 2111/tcp  open kx
[#] 2119/tcp  open gsigatekeeper
[#] 2121/tcp  open ccproxy-ftp
[#] 2126/tcp  open pktcable-cops
[#] 2135/tcp  open gris
[#] 2144/tcp  open lv-ffx
[#] 2160/tcp  open apc-2160
[#] 2161/tcp  open apc-agent
[#] 2170/tcp  open eyetv
[#] 2179/tcp  open vmrdp
[#] 2190/tcp  open tivoconnect
[#] 2191/tcp  open tvbus
[#] 2196/tcp  open unknown
[#] 2200/tcp  open ici
[#] 2222/tcp  open EtherNetIP-1
[#] 2251/tcp  open dif-port
[#] 2260/tcp  open apc-2260
[#] 2288/tcp  open netml
[#] 2301/tcp  open compaqdiag
[#] 2366/tcp  open qip-login
[#] 2381/tcp  open compaq-https
[#] 2382/tcp  open ms-olap3
[#] 2383/tcp  open ms-olap4
[#] 2393/tcp  open ms-olap1
[#] 2394/tcp  open ms-olap2
[#] 2399/tcp  open fmpro-fdal
[#] 2401/tcp  open cvspserver
[#] 2492/tcp  open groove
[#] 2500/tcp  open rtsserv
[#] 2522/tcp  open windb
[#] 2525/tcp  open ms-v-worlds
[#] 2557/tcp  open nicetec-mgmt
[#] 2601/tcp  open zebra
[#] 2602/tcp  open ripd
[#] 2604/tcp  open ospfd
[#] 2605/tcp  open bgpd
[#] 2607/tcp  open connection
[#] 2608/tcp  open wag-service
[#] 2638/tcp  open sybase
[#] 2701/tcp  open sms-rcinfo
[#] 2702/tcp  open sms-xfer
[#] 2710/tcp  open sso-service
[#] 2717/tcp  open pn-requester
[#] 2718/tcp  open pn-requester2
[#] 2725/tcp  open msolap-ptp2
[#] 2800/tcp  open acc-raid
[#] 2809/tcp  open corbaloc
[#] 2811/tcp  open gsiftp
[#] 2869/tcp  open icslap
[#] 2875/tcp  open dxmessagebase2
[#] 2909/tcp  open funk-dialout
[#] 2910/tcp  open tdaccess
[#] 2920/tcp  open roboeda
[#] 2967/tcp  open symantec-av
[#] 2968/tcp  open enpp
[#] 2998/tcp  open iss-realsec
[#] 3000/tcp  open ppp
[#] 3001/tcp  open nessus
[#] 3003/tcp  open cgms
[#] 3005/tcp  open deslogin
[#] 3006/tcp  open deslogind
[#] 3007/tcp  open lotusmtap
[#] 3011/tcp  open trusted-web
[#] 3013/tcp  open gilatskysurfer
[#] 3017/tcp  open event_listener
[#] 3030/tcp  open arepa-cas
[#] 3031/tcp  open eppc
[#] 3052/tcp  open powerchute
[#] 3071/tcp  open csd-mgmt-port
[#] 3077/tcp  open orbix-loc-ssl
[#] 3128/tcp  open squid-http
[#] 3168/tcp  open poweronnud
[#] 3211/tcp  open avsecuremgmt
[#] 3221/tcp  open xnm-clear-text
[#] 3260/tcp  open iscsi
[#] 3261/tcp  open winshadow
[#] 3268/tcp  open globalcatLDAP
[#] 3269/tcp  open globalcatLDAPssl
[#] 3283/tcp  open netassistant
[#] 3300/tcp  open ceph
[#] 3301/tcp  open unknown
[#] 3306/tcp  open mysql
[#] 3322/tcp  open active-net
[#] 3323/tcp  open active-net
[#] 3324/tcp  open active-net
[#] 3325/tcp  open active-net
[#] 3333/tcp  open dec-notes
[#] 3351/tcp  open btrieve
[#] 3367/tcp  open satvid-datalnk
[#] 3369/tcp  open satvid-datalnk
[#] 3370/tcp  open satvid-datalnk
[#] 3371/tcp  open satvid-datalnk
[#] 3372/tcp  open msdtc
[#] 3390/tcp  open dsc
[#] 3404/tcp  open unknown
[#] 3476/tcp  open nppmp
[#] 3493/tcp  open nut
[#] 3517/tcp  open 802-11-iapp
[#] 3527/tcp  open beserver-msg-q
[#] 3546/tcp  open unknown
[#] 3551/tcp  open apcupsd
[#] 3580/tcp  open nati-svrloc
[#] 3659/tcp  open apple-sasl
[#] 3689/tcp  open rendezvous
[#] 3690/tcp  open svn
[#] 3703/tcp  open adobeserver-3
[#] 3737/tcp  open xpanel
[#] 3766/tcp  open sitewatch-s
[#] 3784/tcp  open bfd-control
[#] 3800/tcp  open pwgpsi
[#] 3801/tcp  open ibm-mgr
[#] 3809/tcp  open apocd
[#] 3814/tcp  open neto-dcs
[#] 3826/tcp  open wormux
[#] 3827/tcp  open netmpi
[#] 3828/tcp  open neteh
[#] 3851/tcp  open spectraport
[#] 3869/tcp  open ovsam-mgmt
[#] 3871/tcp  open avocent-adsap
[#] 3878/tcp  open fotogcad
[#] 3880/tcp  open igrs
[#] 3889/tcp  open dandv-tester
[#] 3905/tcp  open mupdate
[#] 3914/tcp  open listcrt-port-2
[#] 3918/tcp  open pktcablemmcops
[#] 3920/tcp  open exasoftport1
[#] 3945/tcp  open emcads
[#] 3971/tcp  open lanrevserver
[#] 3986/tcp  open mapper-ws_ethd
[#] 3995/tcp  open iss-mgmt-ssl
[#] 3998/tcp  open dnx
[#] 4000/tcp  open remoteanything
[#] 4001/tcp  open newoak
[#] 4002/tcp  open mlchat-proxy
[#] 4003/tcp  open pxc-splr-ft
[#] 4004/tcp  open pxc-roid
[#] 4005/tcp  open pxc-pin
[#] 4006/tcp  open pxc-spvr
[#] 4045/tcp  open lockd
[#] 4111/tcp  open xgrid
[#] 4125/tcp  open rww
[#] 4126/tcp  open ddrepl
[#] 4129/tcp  open nuauth
[#] 4224/tcp  open xtell
[#] 4242/tcp  open vrml-multi-use
[#] 4279/tcp  open vrml-multi-use
[#] 4321/tcp  open rwhois
[#] 4343/tcp  open unicall
[#] 4443/tcp  open pharos
[#] 4444/tcp  open krb524
[#] 4445/tcp  open upnotifyp
[#] 4446/tcp  open n1-fwp
[#] 4449/tcp  open privatewire
[#] 4550/tcp  open gds-adppiw-db
[#] 4567/tcp  open tram
[#] 4662/tcp  open edonkey
[#] 4848/tcp  open appserv-http
[#] 4899/tcp  open radmin
[#] 4900/tcp  open hfcs
[#] 4998/tcp  open maybe-veritas
[#] 5000/tcp  open upnp
[#] 5001/tcp  open commplex-link
[#] 5002/tcp  open rfe
[#] 5003/tcp  open filemaker
[#] 5004/tcp  open avt-profile-1
[#] 5009/tcp  open airport-admin
[#] 5030/tcp  open surfpass
[#] 5033/tcp  open jtnetd-server
[#] 5050/tcp  open mmcc
[#] 5051/tcp  open ida-agent
[#] 5054/tcp  open rlm-admin
[#] 5060/tcp  open sip
[#] 5061/tcp  open sip-tls
[#] 5080/tcp  open onscreen
[#] 5087/tcp  open biotic
[#] 5100/tcp  open admd
[#] 5101/tcp  open admdog
[#] 5102/tcp  open admeng
[#] 5120/tcp  open barracuda-bbs
[#] 5190/tcp  open aol
[#] 5200/tcp  open targus-getdata
[#] 5214/tcp  open unknown
[#] 5221/tcp  open 3exmp
[#] 5222/tcp  open xmpp-client
[#] 5225/tcp  open hp-server
[#] 5226/tcp  open hp-status
[#] 5269/tcp  open xmpp-server
[#] 5280/tcp  open xmpp-bosh
[#] 5298/tcp  open presence
[#] 5357/tcp  open wsdapi
[#] 5405/tcp  open pcduo
[#] 5414/tcp  open statusd
[#] 5432/tcp  open postgresql
[#] 5440/tcp  open unknown
[#] 5500/tcp  open hotline
[#] 5510/tcp  open secureidprop
[#] 5544/tcp  open unknown
[#] 5550/tcp  open sdadmind
[#] 5555/tcp  open freeciv
[#] 5560/tcp  open isqlplus
[#] 5566/tcp  open westec-connect
[#] 5631/tcp  open pcanywheredata
[#] 5633/tcp  open beorl
[#] 5666/tcp  open nrpe
[#] 5678/tcp  open rrac
[#] 5679/tcp  open activesync
[#] 5718/tcp  open dpm
[#] 5730/tcp  open unieng
[#] 5800/tcp  open vnc-http
[#] 5801/tcp  open vnc-http-1
[#] 5802/tcp  open vnc-http-2
[#] 5810/tcp  open unknown
[#] 5811/tcp  open unknown
[#] 5815/tcp  open unknown
[#] 5822/tcp  open unknown
[#] 5825/tcp  open unknown
[#] 5850/tcp  open unknown
[#] 5859/tcp  open wherehoo
[#] 5862/tcp  open unknown
[#] 5877/tcp  open unknown
[#] 5900/tcp  open vnc
[#] 5901/tcp  open vnc-1
[#] 5902/tcp  open vnc-2
[#] 5903/tcp  open vnc-3
[#] 5904/tcp  open unknown
[#] 5906/tcp  open unknown
[#] 5907/tcp  open unknown
[#] 5910/tcp  open cm
[#] 5911/tcp  open cpdlc
[#] 5915/tcp  open unknown
[#] 5922/tcp  open unknown
[#] 5925/tcp  open unknown
[#] 5950/tcp  open unknown
[#] 5952/tcp  open unknown
[#] 5959/tcp  open unknown
[#] 5960/tcp  open unknown
[#] 5961/tcp  open unknown
[#] 5962/tcp  open unknown
[#] 5963/tcp  open indy
[#] 5987/tcp  open wbem-rmi
[#] 5988/tcp  open wbem-http
[#] 5989/tcp  open wbem-https
[#] 5998/tcp  open ncd-diag
[#] 5999/tcp  open ncd-conf
[#] 6000/tcp  open X11
[#] 6001/tcp  open X11:1
[#] 6002/tcp  open X11:2
[#] 6003/tcp  open X11:3
[#] 6004/tcp  open X11:4
[#] 6005/tcp  open X11:5
[#] 6006/tcp  open X11:6
[#] 6007/tcp  open X11:7
[#] 6009/tcp  open X11:9
[#] 6025/tcp  open x11
[#] 6059/tcp  open X11:59
[#] 6100/tcp  open synchronet-db
[#] 6101/tcp  open backupexec
[#] 6106/tcp  open isdninfo
[#] 6112/tcp  open dtspc
[#] 6123/tcp  open backup-express
[#] 6129/tcp  open unknown
[#] 6156/tcp  open unknown
[#] 6346/tcp  open gnutella
[#] 6389/tcp  open clariion-evr01
[#] 6502/tcp  open netop-rc
[#] 6510/tcp  open mcer-port
[#] 6543/tcp  open mythtv
[#] 6547/tcp  open powerchuteplus
[#] 6565/tcp  open unknown
[#] 6566/tcp  open sane-port
[#] 6567/tcp  open esp
[#] 6580/tcp  open parsec-master
[#] 6646/tcp  open unknown
[#] 6666/tcp  open irc
[#] 6667/tcp  open irc
[#] 6668/tcp  open irc
[#] 6669/tcp  open irc
[#] 6689/tcp  open tsa
[#] 6692/tcp  open unknown
[#] 6699/tcp  open napster
[#] 6779/tcp  open unknown
[#] 6788/tcp  open smc-http
[#] 6789/tcp  open ibm-db2-admin
[#] 6792/tcp  open unknown
[#] 6839/tcp  open unknown
[#] 6881/tcp  open bittorrent-tracker
[#] 6901/tcp  open jetstream
[#] 6969/tcp  open acmsoda
[#] 7000/tcp  open afs3-fileserver
[#] 7001/tcp  open afs3-callback
[#] 7002/tcp  open afs3-prserver
[#] 7004/tcp  open afs3-kaserver
[#] 7007/tcp  open afs3-bos
[#] 7019/tcp  open doceri-ctl
[#] 7025/tcp  open vmsvc-2
[#] 7070/tcp  open realserver
[#] 7100/tcp  open font-service
[#] 7103/tcp  open unknown
[#] 7106/tcp  open unknown
[#] 7200/tcp  open fodms
[#] 7201/tcp  open dlip
[#] 7402/tcp  open rtps-dd-mt
[#] 7435/tcp  open unknown
[#] 7443/tcp  open oracleas-https
[#] 7496/tcp  open unknown
[#] 7512/tcp  open unknown
[#] 7625/tcp  open unknown
[#] 7627/tcp  open soap-http
[#] 7676/tcp  open imqbrokerd
[#] 7741/tcp  open scriptview
[#] 7777/tcp  open cbt
[#] 7778/tcp  open interwise
[#] 7800/tcp  open asr
[#] 7911/tcp  open unknown
[#] 7920/tcp  open unknown
[#] 7921/tcp  open unknown
[#] 7937/tcp  open nsrexecd
[#] 7938/tcp  open lgtomapper
[#] 7999/tcp  open irdmi2
[#] 8000/tcp  open http-alt
[#] 8001/tcp  open vcom-tunnel
[#] 8002/tcp  open teradataordbms
[#] 8007/tcp  open ajp12
[#] 8008/tcp  open http
[#] 8009/tcp  open ajp13
[#] 8010/tcp  open xmpp
[#] 8011/tcp  open unknown
[#] 8021/tcp  open ftp-proxy
[#] 8022/tcp  open oa-system
[#] 8031/tcp  open unknown
[#] 8042/tcp  open fs-agent
[#] 8045/tcp  open unknown
[#] 8080/tcp  open http-proxy
[#] 8081/tcp  open blackice-icecap
[#] 8082/tcp  open blackice-alerts
[#] 8083/tcp  open us-srv
[#] 8084/tcp  open unknown
[#] 8085/tcp  open unknown
[#] 8086/tcp  open d-s-n
[#] 8087/tcp  open simplifymedia
[#] 8088/tcp  open radan-http
[#] 8089/tcp  open unknown
[#] 8090/tcp  open opsmessaging
[#] 8093/tcp  open unknown
[#] 8099/tcp  open unknown
[#] 8100/tcp  open xprint-server
[#] 8180/tcp  open unknown
[#] 8181/tcp  open intermapper
[#] 8192/tcp  open sophos
[#] 8193/tcp  open sophos
[#] 8194/tcp  open sophos
[#] 8200/tcp  open trivnet1
[#] 8222/tcp  open unknown
[#] 8254/tcp  open unknown
[#] 8290/tcp  open unknown
[#] 8291/tcp  open unknown
[#] 8292/tcp  open blp3
[#] 8300/tcp  open tmi
[#] 8333/tcp  open bitcoin
[#] 8383/tcp  open m2mservices
[#] 8400/tcp  open cvd
[#] 8402/tcp  open abarsd
[#] 8443/tcp  open https-alt
[#] 8500/tcp  open fmtp
[#] 8600/tcp  open asterix
[#] 8649/tcp  open unknown
[#] 8651/tcp  open unknown
[#] 8652/tcp  open unknown
[#] 8654/tcp  open unknown
[#] 8701/tcp  open unknown
[#] 8800/tcp  open sunwebadmin
[#] 8873/tcp  open dxspider
[#] 8888/tcp  open sun-answerbook
[#] 8899/tcp  open ospf-lite
[#] 8994/tcp  open unknown
[#] 9000/tcp  open cslistener
[#] 9001/tcp  open tor-orport
[#] 9002/tcp  open dynamid
[#] 9003/tcp  open unknown
[#] 9009/tcp  open pichat
[#] 9010/tcp  open sdr
[#] 9011/tcp  open d-star
[#] 9040/tcp  open tor-trans
[#] 9050/tcp  open tor-socks
[#] 9071/tcp  open unknown
[#] 9080/tcp  open glrpc
[#] 9081/tcp  open cisco-aqos
[#] 9090/tcp  open zeus-admin
[#] 9091/tcp  open xmltec-xmlmail
[#] 9099/tcp  open unknown
[#] 9100/tcp  open jetdirect
[#] 9101/tcp  open jetdirect
[#] 9102/tcp  open jetdirect
[#] 9103/tcp  open jetdirect
[#] 9110/tcp  open unknown
[#] 9111/tcp  open DragonIDSConsole
[#] 9200/tcp  open wap-wsp
[#] 9207/tcp  open wap-vcal-s
[#] 9220/tcp  open unknown
[#] 9290/tcp  open unknown
[#] 9415/tcp  open unknown
[#] 9418/tcp  open git
[#] 9485/tcp  open unknown
[#] 9500/tcp  open ismserver
[#] 9502/tcp  open unknown
[#] 9503/tcp  open unknown
[#] 9535/tcp  open man
[#] 9575/tcp  open unknown
[#] 9593/tcp  open cba8
[#] 9594/tcp  open msgsys
[#] 9595/tcp  open pds
[#] 9618/tcp  open condor
[#] 9666/tcp  open zoomcp
[#] 9876/tcp  open sd
[#] 9877/tcp  open unknown
[#] 9878/tcp  open kca-service
[#] 9898/tcp  open monkeycom
[#] 9900/tcp  open iua
[#] 9917/tcp  open unknown
[#] 9929/tcp  open nping-echo
[#] 9943/tcp  open unknown
[#] 9944/tcp  open unknown
[#] 9968/tcp  open unknown
[#] 9998/tcp  open distinct32
[#] 9999/tcp  open abyss
[#] 10000/tcp  open snet-sensor-mgmt
[#] 10001/tcp  open scp-config
[#] 10002/tcp  open documentum
[#] 10003/tcp  open documentum_s
[#] 10004/tcp  open emcrmirccd
[#] 10009/tcp  open swdtp-sv
[#] 10010/tcp  open rxapi
[#] 10012/tcp  open unknown
[#] 10024/tcp  open unknown
[#] 10025/tcp  open unknown
[#] 10082/tcp  open amandaidx
[#] 10180/tcp  open unknown
[#] 10215/tcp  open unknown
[#] 10243/tcp  open unknown
[#] 10566/tcp  open unknown
[#] 10616/tcp  open unknown
[#] 10617/tcp  open unknown
[#] 10621/tcp  open unknown
[#] 10626/tcp  open unknown
[#] 10628/tcp  open unknown
[#] 10629/tcp  open unknown
[#] 10778/tcp  open unknown
[#] 11110/tcp  open sgi-soap
[#] 11111/tcp  open vce
[#] 11967/tcp  open sysinfo-sp
[#] 12000/tcp  open cce4x
[#] 12174/tcp  open unknown
[#] 12265/tcp  open unknown
[#] 12345/tcp  open netbus
[#] 13456/tcp  open unknown
[#] 13722/tcp  open netbackup
[#] 13782/tcp  open netbackup
[#] 13783/tcp  open netbackup
[#] 14000/tcp  open scotty-ft
[#] 14238/tcp  open unknown
[#] 14441/tcp  open unknown
[#] 14442/tcp  open unknown
[#] 15000/tcp  open hydap
[#] 15002/tcp  open onep-tls
[#] 15003/tcp  open unknown
[#] 15004/tcp  open unknown
[#] 15660/tcp  open bex-xr
[#] 15742/tcp  open unknown
[#] 16000/tcp  open fmsas
[#] 16001/tcp  open fmsascon
[#] 16012/tcp  open unknown
[#] 16016/tcp  open unknown
[#] 16018/tcp  open unknown
[#] 16080/tcp  open osxwebadmin
[#] 16113/tcp  open unknown
[#] 16992/tcp  open amt-soap-http
[#] 16993/tcp  open amt-soap-https
[#] 17877/tcp  open unknown
[#] 17988/tcp  open unknown
[#] 18040/tcp  open unknown
[#] 18101/tcp  open unknown
[#] 18988/tcp  open unknown
[#] 19101/tcp  open unknown
[#] 19283/tcp  open keysrvr
[#] 19315/tcp  open keyshadow
[#] 19350/tcp  open unknown
[#] 19780/tcp  open unknown
[#] 19801/tcp  open unknown
[#] 19842/tcp  open unknown
[#] 20000/tcp  open dnp
[#] 20005/tcp  open btx
[#] 20031/tcp  open unknown
[#] 20221/tcp  open unknown
[#] 20222/tcp  open ipulse-ics
[#] 20828/tcp  open unknown
[#] 21571/tcp  open unknown
[#] 22939/tcp  open unknown
[#] 23502/tcp  open unknown
[#] 24444/tcp  open unknown
[#] 24800/tcp  open unknown
[#] 25734/tcp  open unknown
[#] 25735/tcp  open unknown
[#] 26214/tcp  open unknown
[#] 27000/tcp  open flexlm0
[#] 27352/tcp  open unknown
[#] 27353/tcp  open unknown
[#] 27355/tcp  open unknown
[#] 27356/tcp  open unknown
[#] 27715/tcp  open unknown
[#] 28201/tcp  open unknown
[#] 30000/tcp  open ndmps
[#] 30718/tcp  open unknown
[#] 30951/tcp  open unknown
[#] 31038/tcp  open unknown
[#] 31337/tcp  open Elite
[#] 32768/tcp  open filenet-tms
[#] 32769/tcp  open filenet-rpc
[#] 32770/tcp  open sometimes-rpc3
[#] 32771/tcp  open sometimes-rpc5
[#] 32772/tcp  open sometimes-rpc7
[#] 32773/tcp  open sometimes-rpc9
[#] 32774/tcp  open sometimes-rpc11
[#] 32775/tcp  open sometimes-rpc13
[#] 32776/tcp  open sometimes-rpc15
[#] 32777/tcp  open sometimes-rpc17
[#] 32778/tcp  open sometimes-rpc19
[#] 32779/tcp  open sometimes-rpc21
[#] 32780/tcp  open sometimes-rpc23
[#] 32781/tcp  open unknown
[#] 32782/tcp  open unknown
[#] 32783/tcp  open unknown
[#] 32784/tcp  open unknown
[#] 32785/tcp  open unknown
[#] 33354/tcp  open unknown
[#] 33899/tcp  open unknown
[#] 34571/tcp  open unknown
[#] 34572/tcp  open unknown
[#] 34573/tcp  open unknown
[#] 35500/tcp  open unknown
[#] 38292/tcp  open landesk-cba
[#] 40193/tcp  open unknown
[#] 40911/tcp  open unknown
[#] 41511/tcp  open unknown
[#] 42510/tcp  open caerpc
[#] 44176/tcp  open unknown
[#] 44442/tcp  open coldfusion-auth
[#] 44443/tcp  open coldfusion-auth
[#] 44501/tcp  open unknown
[#] 45100/tcp  open unknown
[#] 48080/tcp  open unknown
[#] 49152/tcp  open unknown
[#] 49153/tcp  open unknown
[#] 49154/tcp  open unknown
[#] 49155/tcp  open unknown
[#] 49156/tcp  open unknown
[#] 49157/tcp  open unknown
[#] 49158/tcp  open unknown
[#] 49159/tcp  open unknown
[#] 49160/tcp  open unknown
[#] 49161/tcp  open unknown
[#] 49163/tcp  open unknown
[#] 49165/tcp  open unknown
[#] 49167/tcp  open unknown
[#] 49175/tcp  open unknown
[#] 49176/tcp  open unknown
[#] 49400/tcp  open compaqdiag
[#] 49999/tcp  open unknown
[#] 50000/tcp  open ibm-db2
[#] 50001/tcp  open unknown
[#] 50002/tcp  open iiimsf
[#] 50003/tcp  open unknown
[#] 50006/tcp  open unknown
[#] 50300/tcp  open unknown
[#] 50389/tcp  open unknown
[#] 50500/tcp  open unknown
[#] 50636/tcp  open unknown
[#] 50800/tcp  open unknown
[#] 51103/tcp  open unknown
[#] 51493/tcp  open unknown
[#] 52673/tcp  open unknown
[#] 52822/tcp  open unknown
[#] 52848/tcp  open unknown
[#] 52869/tcp  open unknown
[#] 54045/tcp  open unknown
[#] 54328/tcp  open unknown
[#] 55055/tcp  open unknown
[#] 55056/tcp  open unknown
[#] 55555/tcp  open unknown
[#] 55600/tcp  open unknown
[#] 56737/tcp  open unknown
[#] 56738/tcp  open unknown
[#] 57294/tcp  open unknown
[#] 57797/tcp  open unknown
[#] 58080/tcp  open unknown
[#] 60020/tcp  open unknown
[#] 60443/tcp  open unknown
[#] 61532/tcp  open unknown
[#] 61900/tcp  open unknown
[#] 62078/tcp  open iphone-sync
[#] 63331/tcp  open unknown
[#] 64623/tcp  open unknown
[#] 64680/tcp  open unknown
[#] 65000/tcp  open unknown
[#] 65129/tcp  open unknown
[#] 65389/tcp  open unknown
--------------------------------------------------
[+] Collecting Information Disclosure!
[#] Detecting sitemap.xml file
[-] sitemap.xml file not Found!?
[#] Detecting robots.txt file
[-] robots.txt file not Found!?
[#] Detecting GNU Mailman
[-] GNU Mailman App Not Detected!?
--------------------------------------------------
[+] Crawling Url Parameter On: https://www.csirt.gob.cl/
--------------------------------------------------
[#] Searching Html Form !
[-] No Html Form Found!?
--------------------------------------------------
[!] Found 9 dom parameter
[#] https://www.csirt.gob.cl//#
[#] https://www.csirt.gob.cl//#reportarIncidente
[#] https://www.csirt.gob.cl//#myModal
[#] https://www.csirt.gob.cl//#convenio_israel
[#] https://www.csirt.gob.cl//#convenio_espana
[#] https://www.csirt.gob.cl//#convenio_argentina
[#] https://www.csirt.gob.cl//#convenio_oea
[#] https://www.csirt.gob.cl//#convenio_colombia
[#] https://www.csirt.gob.cl//#convenio_ecuador
--------------------------------------------------
[-] No internal Dynamic Parameter Found!?
--------------------------------------------------
[!] 1 External Dynamic Parameter Discovered
[#] https://twitter.com/CSIRTGOB?ref_src=twsrc%5Etfw
--------------------------------------------------
[!] 41 Internal links Discovered
[+] https://www.csirt.gob.cl///assets/images/icons/favicon.ico
[+] https://www.csirt.gob.cl///assets/css/style.css
[+] https://www.csirt.gob.cl///assets/vendors/fontawesome/css/all.css
[+] https://www.csirt.gob.cl///assets/vendors/bootstrap431/css/bootstrap.min.css
[+] https://www.csirt.gob.cl///assets/vendors/OwlCarousel/css/owl.carousel.min.css
[+] https://www.csirt.gob.cl///
[+] https://www.csirt.gob.cl///
[+] https://www.csirt.gob.cl///quienes-somos/
[+] https://www.csirt.gob.cl///matriz-clasificacion-incidentes/
[+] https://www.csirt.gob.cl///sistemas-y-herramientas/
[+] https://www.csirt.gob.cl///leyes/
[+] https://www.csirt.gob.cl///preguntas-y-respuestas-frecuentes/
[+] https://www.csirt.gob.cl///decretos/
[+] https://eventos.csirt.gob.cl
[+] https://www.csirt.gob.cl///como-y-cuando-reportar/
[+] https://www.csirt.gob.cl///noticias/antigua-vulnerabilidad-de-dia-cero-afecta-a-nuevas-versiones-de-android/
[+] https://www.csirt.gob.cl///noticias/
[+] https://www.csirt.gob.cl///alertas/8ffr-00101-001/
[+] https://www.csirt.gob.cl///alertas/8ffr-00100-001/
[+] https://www.csirt.gob.cl///alertas/
[+] https://www.csirt.gob.cl///vulnerabilidades/9vsa-00078-001-2/
[+] https://www.csirt.gob.cl///vulnerabilidades/9vsa-00078-001/
[+] https://www.csirt.gob.cl///vulnerabilidades/
[+] https://www.csirt.gob.cl///reportes/10cnd-00026-002/
[+] https://www.csirt.gob.cl///reportes/10cnd-00024-001/
[+] https://www.csirt.gob.cl///reportes/
[+] https://www.csirt.gob.cl///estadisticas/boletin-de-ciberseguridad-n17/
[+] https://www.csirt.gob.cl///estadisticas/boletin-de-ciberseguridad-n16/
[+] https://www.csirt.gob.cl///estadisticas/boletin-de-ciberseguridad-n15/
[+] https://www.csirt.gob.cl///estadisticas/informe-de-gestion-de-csirt-mes-de-septiembre/
[+] https://www.csirt.gob.cl///estadisticas/boletin-de-ciberseguridad-n14/
[+] https://www.csirt.gob.cl///estadisticas/boletin-de-ciberseguridad-n13/
[+] https://www.csirt.gob.cl///estadisticas/
[+] https://www.csirt.gob.cl///recomendaciones/la-importancia-del-https-para-aumentar-estandares-de-seguridad-en-los-sitios-web-2/
[+] https://www.csirt.gob.cl///recomendaciones/
[+] https://www.csirt.gob.cl///media/2019/07/MOU-CHILE-ESPANA.pdf
[+] https://www.csirt.gob.cl///media/2019/07/MOU-CHILE-ISRAEL.pdf
[+] https://www.csirt.gob.cl///media/2019/07/MOU-CHILE-ARGENTINA.pdf
[+] https://www.csirt.gob.cl///media/2019/07/MOU-CHILE-OEA.pdf
[+] https://www.csirt.gob.cl///media/2019/07/MOU-CHILE-COLOMBIA.pdf
[+] https://www.csirt.gob.cl///media/2019/07/MOU-CHILE-ECUADOR.pdf
--------------------------------------------------
[!] 18 External links Discovered
[#] https://mesdelaciberseguridad.cl
[#] https://mesdelaciberseguridad.cl
[#] https://mesdelaciberseguridad.cl
[#] https://www.meridianprocess.org/
[#] https://csirtamericas.org/
[#] https://alianzapacifico.net/
[#] https://www.youtube.com/channel/UCua0E5Jz9V1Rn-VtLHPP4Nw/
[#] https://www.linkedin.com/in/csirt-gobierno-18584817b/
[#] https://twitter.com/csirtgob/
[#] https://www.interior.gob.cl
[#] http://www.gobiernotransparentechile.gob.cl/
[#] https://www.ciberseguridad.gob.cl/
[#] https://www.ccn.cni.es/index.php/es/
[#] https://www.gov.il/en/Departments/israel_national_cyber_directorate
[#] https://csirt.minseg.gob.ar/
[#] https://www.sites.oas.org/cyber/Es/Paginas/default.aspx
[#] http://www.colcert.gov.co/
[#] https://www.ecucert.gob.ec/
--------------------------------------------------
[#] Mapping Subdomain..
[!] Found 2 Subdomain
- csirt.gob.cl
- www.csirt.gob.cl
--------------------------------------------------
[!] Done At 2019-10-31 01:05:48.708000
#######################################################################################################################################
[i] Scanning Site: https://www.csirt.gob.cl 



B A S I C   I N F O 
====================


[+] Site Title: CSIRT
[+] IP address: 18.211.128.100
[+] Web Server: PxShield 
[+] CMS: Could Not Detect 
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt! 




W H O I S   L O O K U P
========================

	%%
%% This is the NIC Chile Whois server (whois.nic.cl).
%%
%% Rights restricted by copyright.
%% See https://www.nic.cl/normativa/politica-publicacion-de-datos-cl.pdf
%%

Invalid domain name: csirt.gob.cl

%%
%% Check you are using UTF-8 encoding for IDN domain names.
%% The list of allowed IDN names in .CL is https://www.nic.cl/normativa/CL-IDN-policy.html
%%
%% This Registry database contains ONLY .CL domains.
%%




G E O  I P  L O O K  U P
=========================

[i] IP Address: 163.247.172.147 
[i] Country: Chile 
[i] State:  
[i] City:  
[i] Latitude: -33.4378 
[i] Longitude: -70.6503 




H T T P   H E A D E R S
=======================


[i]  HTTP/1.1 200 OK
[i]  Date: Thu, 31 Oct 2019 05:04:43 GMT
[i]  Content-Type: text/html
[i]  Content-Length: 37566
[i]  Connection: close
[i]  Server: PxShield
[i]  X-Time-Phase-1: 0
[i]  Vary: Accept-Encoding
[i]  Accept-Ranges: bytes
[i]  ETag: "1272524724"
[i]  Last-Modified: Thu, 31 Oct 2019 00:39:42 GMT




D N S   L O O K U P
===================

csirt.gob.cl.		3599	IN	SOA	ns.gob.cl. webmaster.interior.gob.cl. 2019103001 900 600 86400 3600
csirt.gob.cl.		3599	IN	NS	ns2.gob.cl.
csirt.gob.cl.		3599	IN	NS	ns.gob.cl.
csirt.gob.cl.		3599	IN	NS	ns6.gob.cl.
csirt.gob.cl.		3599	IN	NS	ns7.gob.cl.
csirt.gob.cl.		3599	IN	A	163.247.175.147
csirt.gob.cl.		3599	IN	A	163.247.172.147
csirt.gob.cl.		3599	IN	MX	10 mta01.interior.gob.cl.
csirt.gob.cl.		3599	IN	MX	10 mta03.interior.gob.cl.
csirt.gob.cl.		3599	IN	MX	10 mta04.interior.gob.cl.
csirt.gob.cl.		3599	IN	MX	10 mta02.interior.gob.cl.
csirt.gob.cl.		3599	IN	TXT	"v=spf1 mx ip4:163.247.70.0/24 ip4:163.247.4.3 ip4:163.247.77.100 ip4:163.247.77.101 include:newsletter.interior.gob.cl include:newsletter.interior.gov.cl -all"




S U B N E T   C A L C U L A T I O N
====================================

Address       = 163.247.172.147
Network       = 163.247.172.147 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 163.247.172.147 - 163.247.172.147 }



N M A P   P O R T   S C A N
============================

Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-31 05:04 UTC
Nmap scan report for csirt.gob.cl (163.247.175.147)
Host is up (0.13s latency).
Other addresses for csirt.gob.cl (not scanned): 163.247.172.147

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 5.11 seconds



S U B - D O M A I N   F I N D E R
==================================


[i] Total Subdomains Found : 1

[+] Subdomain: www.csirt.gob.cl
[-] IP: 163.247.175.147
#######################################################################################################################################
[INFO] ------TARGET info------
[*] TARGET: https://www.csirt.gob.cl/
[*] Same target https://www.csirt.gob.cl/ was previously analyzed 1 time(s)
[*] TARGET IP: 18.211.128.100
[INFO] NO load balancer detected for www.csirt.gob.cl...
[*] DNS servers: g1.mincl.pyxsoft.net. ns1.public.pyxsoftcdn.com.
[*] TARGET server: PxShield
[*] CC: US
[*] Country: United States
[*] RegionCode: VA
[*] RegionName: Virginia
[*] City: Ashburn
[*] ASN: AS14618
[*] BGP_PREFIX: 18.208.0.0/13
[*] ISP: AMAZON-AES - Amazon.com, Inc., US
[INFO] SSL/HTTPS certificate detected
[*] Issuer: issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
[*] Subject: subject=C = CL, ST = Region Metropolitana, L = Santiago, OU = Informatica, O = Subsecretaria del Interior, CN = *.interior.gob.cl
[INFO] DNS enumeration:
[INFO] Possible abuse mails are:
[*] abuse@csirt.gob.cl
[*] abuse@gob.cl
[*] abuse@www.csirt.gob.cl
[INFO] NO PAC (Proxy Auto Configuration) file FOUND
[INFO] Starting FUZZing in http://www.csirt.gob.cl/FUzZzZzZzZz...
[INFO] Status code 	 Folders 
[ALERT] Look in the source code. It may contain passwords

Recherche 18.211.128.100
Connexion HTTP à 18.211.128.100
Envoi de la requête HTTP.
Requête HTTP envoyée. Attente de réponse.
Alerte ! : Erreur de lecture inattendue ; connexion interrompue.
Accès impossible `http://18.211.128.100/'
Alerte ! : Impossible d’accéder au document.

lynx : accès impossible au fichier de départ 
[INFO] Links found from https://www.csirt.gob.cl/ http://18.211.128.100/:
[*] https://alianzapacifico.net/
[*] https://csirtamericas.org/
[*] https://csirt.minseg.gob.ar/
[*] https://eventos.csirt.gob.cl/
[*] https://mesdelaciberseguridad.cl/
[*] https://twitter.com/csirtgob/
[*] https://twitter.com/CSIRTGOB?ref_src=twsrc^tfw
[*] https://www.ccn.cni.es/index.php/es/
[*] https://www.ciberseguridad.gob.cl/
[*] https://www.csirt.gob.cl/
[*] https://www.csirt.gob.cl/alertas/
[*] https://www.csirt.gob.cl/alertas/8ffr-00100-001/
[*] https://www.csirt.gob.cl/alertas/8ffr-00101-001/
[*] https://www.csirt.gob.cl/como-y-cuando-reportar/
[*] https://www.csirt.gob.cl/#convenio_argentina
[*] https://www.csirt.gob.cl/#convenio_colombia
[*] https://www.csirt.gob.cl/#convenio_ecuador
[*] https://www.csirt.gob.cl/#convenio_espana
[*] https://www.csirt.gob.cl/#convenio_israel
[*] https://www.csirt.gob.cl/#convenio_oea
[*] https://www.csirt.gob.cl/decretos/
[*] https://www.csirt.gob.cl/estadisticas/
[*] https://www.csirt.gob.cl/estadisticas/boletin-de-ciberseguridad-n13/
[*] https://www.csirt.gob.cl/estadisticas/boletin-de-ciberseguridad-n14/
[*] https://www.csirt.gob.cl/estadisticas/boletin-de-ciberseguridad-n15/
[*] https://www.csirt.gob.cl/estadisticas/boletin-de-ciberseguridad-n16/
[*] https://www.csirt.gob.cl/estadisticas/boletin-de-ciberseguridad-n17/
[*] https://www.csirt.gob.cl/estadisticas/informe-de-gestion-de-csirt-mes-de-septiembre/
[*] https://www.csirt.gob.cl/leyes/
[*] https://www.csirt.gob.cl/matriz-clasificacion-incidentes/
[*] https://www.csirt.gob.cl/media/2019/07/MOU-CHILE-ARGENTINA.pdf
[*] https://www.csirt.gob.cl/media/2019/07/MOU-CHILE-COLOMBIA.pdf
[*] https://www.csirt.gob.cl/media/2019/07/MOU-CHILE-ECUADOR.pdf
[*] https://www.csirt.gob.cl/media/2019/07/MOU-CHILE-ESPANA.pdf
[*] https://www.csirt.gob.cl/media/2019/07/MOU-CHILE-ISRAEL.pdf
[*] https://www.csirt.gob.cl/media/2019/07/MOU-CHILE-OEA.pdf
[*] https://www.csirt.gob.cl/#myModal
[*] https://www.csirt.gob.cl/noticias/
[*] https://www.csirt.gob.cl/noticias/antigua-vulnerabilidad-de-dia-cero-afecta-a-nuevas-versiones-de-android/
[*] https://www.csirt.gob.cl/preguntas-y-respuestas-frecuentes/
[*] https://www.csirt.gob.cl/quienes-somos/
[*] https://www.csirt.gob.cl/recomendaciones/
[*] https://www.csirt.gob.cl/recomendaciones/la-importancia-del-https-para-aumentar-estandares-de-seguridad-en-los-sitios-web-2/
[*] https://www.csirt.gob.cl/#reportarIncidente
[*] https://www.csirt.gob.cl/reportes/
[*] https://www.csirt.gob.cl/reportes/10cnd-00024-001/
[*] https://www.csirt.gob.cl/reportes/10cnd-00026-002/
[*] https://www.csirt.gob.cl/sistemas-y-herramientas/
[*] https://www.csirt.gob.cl/vulnerabilidades/
[*] https://www.csirt.gob.cl/vulnerabilidades/9vsa-00078-001/
[*] https://www.csirt.gob.cl/vulnerabilidades/9vsa-00078-001-2/
[*] https://www.ecucert.gob.ec/
[*] https://www.gov.il/en/Departments/israel_national_cyber_directorate
[*] https://www.interior.gob.cl/
[*] https://www.linkedin.com/in/csirt-gobierno-18584817b/
[*] https://www.meridianprocess.org/
[*] https://www.sites.oas.org/cyber/Es/Paginas/default.aspx
[*] https://www.youtube.com/channel/UCua0E5Jz9V1Rn-VtLHPP4Nw/
[*] https://www.youtube.com/embed/56FrzoN1BV8
[*] http://www.colcert.gov.co/
[*] http://www.gobiernotransparentechile.gob.cl/
[INFO] Shodan detected the following opened ports on 18.211.128.100:
[*] 22
[*] 443
[INFO] ------VirusTotal SECTION------
[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
[INFO] ------Alexa Rank SECTION------
[INFO] Percent of Visitors Rank in Country:
[INFO] Percent of Search Traffic:
[INFO] Percent of Unique Visits:
[INFO] Total Sites Linking In:
[*] Total  Sites
[INFO] Useful links related to www.csirt.gob.cl - 18.211.128.100:
[*] https://www.virustotal.com/pt/ip-address/18.211.128.100/information/
[*] https://www.hybrid-analysis.com/search?host=18.211.128.100
[*] https://www.shodan.io/host/18.211.128.100
[*] https://www.senderbase.org/lookup/?search_string=18.211.128.100
[*] https://www.alienvault.com/open-threat-exchange/ip/18.211.128.100
[*] http://pastebin.com/search?q=18.211.128.100
[*] http://urlquery.net/search.php?q=18.211.128.100
[*] http://www.alexa.com/siteinfo/www.csirt.gob.cl
[*] http://www.google.com/safebrowsing/diagnostic?site=www.csirt.gob.cl
[*] https://censys.io/ipv4/18.211.128.100
[*] https://www.abuseipdb.com/check/18.211.128.100
[*] https://urlscan.io/search/#18.211.128.100
[*] https://github.com/search?q=18.211.128.100&type=Code
[INFO] Useful links related to AS14618 - 18.208.0.0/13:
[*] http://www.google.com/safebrowsing/diagnostic?site=AS:14618
[*] https://www.senderbase.org/lookup/?search_string=18.208.0.0/13
[*] http://bgp.he.net/AS14618
[*] https://stat.ripe.net/AS14618
[INFO] Date: 31/10/19 | Time: 01:07:50
[INFO] Total time: 3 minute(s) and 4 second(s)
#######################################################################################################################################
Trying "csirt.gob.cl"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25509
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;csirt.gob.cl.			IN	ANY

;; ANSWER SECTION:
csirt.gob.cl.		3600	IN	TXT	"v=spf1 mx ip4:163.247.70.0/24 ip4:163.247.4.3 ip4:163.247.77.100 ip4:163.247.77.101 include:newsletter.interior.gob.cl include:newsletter.interior.gov.cl -all"
csirt.gob.cl.		3600	IN	MX	10 mta02.interior.gob.cl.
csirt.gob.cl.		3600	IN	MX	10 mta04.interior.gob.cl.
csirt.gob.cl.		3600	IN	MX	10 mta01.interior.gob.cl.
csirt.gob.cl.		3600	IN	MX	10 mta03.interior.gob.cl.
csirt.gob.cl.		3600	IN	A	163.247.175.147
csirt.gob.cl.		3600	IN	A	163.247.172.147
csirt.gob.cl.		3600	IN	SOA	ns.gob.cl. webmaster.interior.gob.cl. 2019103001 900 600 86400 3600
csirt.gob.cl.		3600	IN	NS	ns7.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns6.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns2.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns.gob.cl.

;; AUTHORITY SECTION:
csirt.gob.cl.		3600	IN	NS	ns.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns6.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns7.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns2.gob.cl.

Received 503 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 285 ms
#######################################################################################################################################
; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace csirt.gob.cl
;; global options: +cmd
.			83663	IN	NS	k.root-servers.net.
.			83663	IN	NS	d.root-servers.net.
.			83663	IN	NS	e.root-servers.net.
.			83663	IN	NS	l.root-servers.net.
.			83663	IN	NS	f.root-servers.net.
.			83663	IN	NS	h.root-servers.net.
.			83663	IN	NS	a.root-servers.net.
.			83663	IN	NS	j.root-servers.net.
.			83663	IN	NS	c.root-servers.net.
.			83663	IN	NS	i.root-servers.net.
.			83663	IN	NS	m.root-servers.net.
.			83663	IN	NS	g.root-servers.net.
.			83663	IN	NS	b.root-servers.net.
.			83663	IN	RRSIG	NS 8 0 518400 20191112170000 20191030160000 22545 . Wt1S7t0IrZwEFTcod1Oteon/rq1wrAqpT2e1SlwzkT/o0EzL5tKx6eDW HiMcMigzQmrJewk6KS0JV4LxJblzawwAbl4HANRRca7u0uzTQY0+5SHg l+J8EtwkMRs42zNTUSZ1OANDC3iPtRVXYoun02/tXpAHmbuu9ogRX4Ca 8k3BgsQiLMJHEtcnKprCvgrcv7hDi450c1fFY2NZ8NMU/yypawX+WbDx eJBmuQWKKkuCutRP7dFrimv14KSd4gqtiNiHnmKLn6KLhrF31zn/C2zN mGnYtPQgNK08V7NLdX8nBHv0ZhveifTzMaYf9UYfYdtEG3S5CErfELjJ 8haXeA==
;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 27 ms

cl.			172800	IN	NS	a.nic.cl.
cl.			172800	IN	NS	b.nic.cl.
cl.			172800	IN	NS	c.nic.cl.
cl.			172800	IN	NS	cl1.dnsnode.net.
cl.			172800	IN	NS	cl-ns.anycast.pch.net.
cl.			172800	IN	NS	cl1-tld.d-zone.ca.
cl.			172800	IN	NS	cl2-tld.d-zone.ca.
cl.			86400	IN	DS	21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
cl.			86400	IN	RRSIG	DS 8 1 86400 20191113050000 20191031040000 22545 . piHy05ZyqYx+3f6W+Qm02P3p9pBhhMjw7qs0fGmqGkTtV7COlY5rWL8A Kaxa0Q6a2EnSFn6phAh6zFq6NNQ+TgMzz9XGve4NS4VLFQSaR8FhfJsN jf9rapcKA63TvLtWS/A0dfLfdTxihcJ7iPNozGCIDni4sguTknrZVGdD 6RFZNrr8/gW5f0pGjATk0Ocgbt+aiFffplSk6DJ/QQOftQNCXpWXB6c4 x05U/DR1TWB45a89HNdAjkMbDLPbgpFWyEVBwV3PvMAAvdoyh6N+Wz6o t/ChPgcAMOz3b++aPaKmHQxJf9pCdzGnUyROe1DRZxgbTf5qYGgICuwF XGZTIw==
;; Received 822 bytes from 2001:500:2f::f#53(f.root-servers.net) in 22 ms

gob.cl.			3600	IN	NS	a.nic.cl.
gob.cl.			3600	IN	NS	b.nic.cl.
gob.cl.			3600	IN	NS	ns.gob.cl.
gob.cl.			3600	IN	NS	ns2.gob.cl.
gob.cl.			3600	IN	NS	ns6.gob.cl.
gob.cl.			3600	IN	NS	ns7.gob.cl.
v6gcor3s6vtm1o5ojso19tld95ibmpms.cl. 900 IN NSEC3 1 1 2 123BF8539CD33DC2BF7018B188DEFE84 V8J04V4IP4F3T3V1E032N3FNGE87K30O NS SOA TXT RRSIG DNSKEY NSEC3PARAM
o0go4vh67n43bfighugk95eb3b8me7gd.cl. 900 IN NSEC3 1 1 2 123BF8539CD33DC2BF7018B188DEFE84 O75O6FA9I89ESLVQTIILJQ1E83ATT6AJ NS DS RRSIG
v6gcor3s6vtm1o5ojso19tld95ibmpms.cl. 900 IN RRSIG NSEC3 8 2 900 20191215001328 20191031043025 12363 cl. NS6SOuSrfqeMAMDa9C+UQTXeNBe+aT563E3oQcGZeyCsmwQmMHK9F605 JlJtIn3r9I7SjhH6UrJsNVHCPeREUfNAvyakx5VhZm8xHfNxsn0PoZhT U1uqWdFOzW2P9dpdcHasllML33wErie1JTX2+qvRL2bpQNXtABM7L+xR vVA=
o0go4vh67n43bfighugk95eb3b8me7gd.cl. 900 IN RRSIG NSEC3 8 2 900 20191212173827 20191031043025 12363 cl. FnHc6BpFr2A4/mj27RHBvc2g/qjhfD2xEqpBcUCiiZi75yKA7QLCQJjE x7+XIneEzE4/b+sY8QWhXtP6RKbNiZaLANmKpEklviz8PS0SfHK+pQf7 0vx7AGDQX98SsDuvO4t2nb8obqtwZkL1nhH5IvS/yeF0yNfRb0+5u1fM gc8=
;; Received 931 bytes from 185.159.197.56#53(cl1-tld.d-zone.ca) in 65 ms

csirt.gob.cl.		3600	IN	A	163.247.175.147
csirt.gob.cl.		3600	IN	A	163.247.172.147
csirt.gob.cl.		3600	IN	NS	ns2.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns7.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns.gob.cl.
csirt.gob.cl.		3600	IN	NS	ns6.gob.cl.
;; Received 348 bytes from 163.247.72.25#53(ns6.gob.cl) in 181 ms
#######################################################################################################################################
[*] Performing General Enumeration of Domain: csirt.gob.cl
[-] DNSSEC is not configured for csirt.gob.cl
[*] 	 SOA ns.gob.cl 163.247.54.111
[*] 	 NS ns7.gob.cl 163.247.75.25
[*] 	 NS ns7.gob.cl 2801:2:85::75:0:25
[*] 	 NS ns6.gob.cl 163.247.72.25
[*] 	 NS ns6.gob.cl 2801:2:85::72:0:25
[*] 	 NS ns.gob.cl 163.247.54.111
[*] 	 NS ns.gob.cl 2801:2:85::54:0:111
[*] 	 NS ns2.gob.cl 163.247.70.25
[*] 	 NS ns2.gob.cl 2801:2:85::70:0:25
[*] 	 MX mta01.interior.gob.cl 163.247.70.211
[*] 	 MX mta04.interior.gob.cl 163.247.70.214
[*] 	 MX mta03.interior.gob.cl 163.247.70.213
[*] 	 MX mta02.interior.gob.cl 163.247.70.211
[*] 	 A csirt.gob.cl 163.247.175.147
[*] 	 A csirt.gob.cl 163.247.172.147
[*] 	 TXT csirt.gob.cl v=spf1 mx ip4:163.247.70.0/24 ip4:163.247.4.3 ip4:163.247.77.100 ip4:163.247.77.101 include:newsletter.interior.gob.cl include:newsletter.interior.gov.cl -all
[*] Enumerating SRV Records
[-] No SRV Records Found for csirt.gob.cl
[+] 0 Records Found
#######################################################################################################################################
[*] Processing domain csirt.gob.cl
[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
[+] Getting nameservers
163.247.75.25 - ns7.gob.cl
163.247.72.25 - ns6.gob.cl
163.247.54.111 - ns.gob.cl
163.247.70.25 - ns2.gob.cl
[-] Zone transfer failed

[+] TXT records found
"v=spf1 mx ip4:163.247.70.0/24 ip4:163.247.4.3 ip4:163.247.77.100 ip4:163.247.77.101 include:newsletter.interior.gob.cl include:newsletter.interior.gov.cl -all"

[+] MX records found, added to target list
10 mta01.interior.gob.cl.
10 mta04.interior.gob.cl.
10 mta03.interior.gob.cl.
10 mta02.interior.gob.cl.

[*] Scanning csirt.gob.cl for A records
163.247.175.147 - csirt.gob.cl                       
163.247.172.147 - csirt.gob.cl
18.211.128.100 - www.csirt.gob.cl                                
                                                 
#######################################################################################################################################
 AVAILABLE PLUGINS
 -----------------

  SessionResumptionPlugin
  HeartbleedPlugin
  OpenSslCipherSuitesPlugin
  FallbackScsvPlugin
  CompressionPlugin
  RobotPlugin
  SessionRenegotiationPlugin
  HttpHeadersPlugin
  EarlyDataPlugin
  OpenSslCcsInjectionPlugin
  CertificateInfoPlugin



 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   18.211.128.100:443                       => 18.211.128.100 




 SCAN RESULTS FOR 18.211.128.100:443 - 18.211.128.100
 ----------------------------------------------------

 * Deflate Compression:
                                          OK - Compression disabled

 * Session Renegotiation:
       Client-initiated Renegotiation:    OK - Rejected
       Secure Renegotiation:              OK - Supported

 * TLS 1.2 Session Resumption Support:
      With Session IDs:                  NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
      With TLS Tickets:                  OK - Supported

 * TLSV1_3 Cipher Suites:
       Forward Secrecy                    OK - Supported
       RC4                                OK - Not Supported

     Preferred:
        TLS_AES_256_GCM_SHA384                                           256 bits      Error sending HTTP GET                                      
     Accepted:
        TLS_CHACHA20_POLY1305_SHA256                                     256 bits      Error sending HTTP GET                                      
        TLS_AES_256_GCM_SHA384                                           256 bits      Error sending HTTP GET                                      
        TLS_AES_128_GCM_SHA256                                           128 bits      Error sending HTTP GET                                      

 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * ROBOT Attack:
                                          OK - Not vulnerable

 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported

 * TLSV1_1 Cipher Suites:
      Server rejected all cipher suites.

 * TLSV1 Cipher Suites:
      Server rejected all cipher suites.

 * Certificate Information:
     Content
       SHA1 Fingerprint:                  dccc01c1d953acd13025ca545a25a80defb90413
       Common Name:                       server.pyxsoftcdn.com
       Issuer:                            server.pyxsoftcdn.com
       Serial Number:                     11641675870099991279
       Not Before:                        2018-08-27 14:40:00
       Not After:                         2019-08-27 14:40:00
       Signature Algorithm:               sha256
       Public Key Algorithm:              RSA
       Key Size:                          4096
       Exponent:                          65537 (0x10001)
       DNS Subject Alternative Names:     []

     Trust
       Hostname Validation:               FAILED - Certificate does NOT match 18.211.128.100
       Android CA Store (9.0.0_r9):       FAILED - Certificate is NOT Trusted: self signed certificate
       Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
       Java CA Store (jdk-12.0.1):        FAILED - Certificate is NOT Trusted: self signed certificate
       Mozilla CA Store (2019-03-14):     FAILED - Certificate is NOT Trusted: self signed certificate
       Windows CA Store (2019-05-27):     FAILED - Certificate is NOT Trusted: self signed certificate
       Symantec 2018 Deprecation:         OK - Not a Symantec-issued certificate
       Received Chain:                    server.pyxsoftcdn.com
       Verified Chain:                    ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain Contains Anchor:    ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      ERROR - Could not build verified chain (certificate untrusted?)

     Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          NOT SUPPORTED - Extension not found

     OCSP Stapling
                                          NOT SUPPORTED - Server did not send back an OCSP response

 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

 * TLSV1_2 Cipher Suites:
       Forward Secrecy                    OK - Supported
       RC4                                OK - Not Supported

     Preferred:
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      Error sending HTTP GET                                      
     Accepted:
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256                      256 bits      Error sending HTTP GET                                      
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      Error sending HTTP GET                                      
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384                            256 bits      Error sending HTTP GET                                      
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256                            128 bits      Error sending HTTP GET                                      
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256                            128 bits      Error sending HTTP GET                                      

 * SSLV3 Cipher Suites:
      Server rejected all cipher suites.


 SCAN COMPLETED IN 3.58 S
 ------------------------
#######################################################################################################################################

Domains still to check: 1
	Checking if the hostname csirt.gob.cl. given is in fact a domain...

Analyzing domain: csirt.gob.cl.
	Checking NameServers using system default resolver...
		IP: 163.247.75.25 (Chile)
			HostName: ns7.gob.cl 			Type: NS
			HostName: ns7.gov.cl			Type: PTR
		IP: 163.247.72.25 (Chile)
			HostName: ns6.gob.cl 			Type: NS
			HostName: ns6.gov.cl			Type: PTR
		IP: 163.247.54.111 (Chile)
			HostName: ns.gob.cl 			Type: NS
			HostName: ns.gov.cl			Type: PTR
		IP: 163.247.70.25 (Chile)
			HostName: ns2.gob.cl 			Type: NS
			HostName: ns2.gov.cl			Type: PTR

	Checking MailServers using system default resolver...
		IP: 163.247.70.211 (Chile)
			HostName: mta01.interior.gob.cl 			Type: MX
			HostName: mta01.interior.gob.cl			Type: PTR
		IP: 163.247.70.214 (Chile)
			HostName: mta04.interior.gob.cl 			Type: MX
			HostName: mta04.interior.gob.cl			Type: PTR
		IP: 163.247.70.213 (Chile)
			HostName: mta03.interior.gob.cl 			Type: MX
			HostName: mta03.interior.gob.cl			Type: PTR
		IP: 163.247.70.211 (Chile)
			HostName: mta01.interior.gob.cl 			Type: MX
			HostName: mta01.interior.gob.cl			Type: PTR
			HostName: mta02.interior.gob.cl 			Type: MX

	Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
		No zone transfer found on nameserver 163.247.72.25
		No zone transfer found on nameserver 163.247.75.25
		No zone transfer found on nameserver 163.247.54.111
		No zone transfer found on nameserver 163.247.70.25

	Checking SPF record...
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 163.247.70.0/24, but only the network IP
		New IP found: 163.247.70.0
		New IP found: 163.247.4.3
		New IP found: 163.247.77.100
		New IP found: 163.247.77.101

	Checking SPF record...
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 163.247.70.0/24, but only the network IP

	Checking SPF record...
		WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 163.247.70.0/24, but only the network IP

	Checking 192 most common hostnames using system default resolver...
		IP: 18.211.128.100 (United States)
			HostName: www.csirt.gob.cl. 			Type: A

	Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
		Checking netblock 163.247.72.0
		Checking netblock 163.247.75.0
		Checking netblock 163.247.70.0
		Checking netblock 163.247.4.0
		Checking netblock 18.211.128.0
		Checking netblock 163.247.54.0
		Checking netblock 163.247.77.0

	Searching for csirt.gob.cl. emails in Google

	Checking 12 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
		Host 163.247.72.25 is up (reset ttl 64)
		Host 163.247.75.25 is up (reset ttl 64)
		Host 163.247.70.211 is up (reset ttl 64)
		Host 163.247.4.3 is up (reset ttl 64)
		Host 18.211.128.100 is up (reset ttl 64)
		Host 163.247.70.214 is up (reset ttl 64)
		Host 163.247.54.111 is up (reset ttl 64)
		Host 163.247.70.0 is up (reset ttl 64)
		Host 163.247.70.25 is up (reset ttl 64)
		Host 163.247.77.100 is up (reset ttl 64)
		Host 163.247.77.101 is up (reset ttl 64)
		Host 163.247.70.213 is up (reset ttl 64)

	Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
		Scanning ip 163.247.72.25 (ns6.gov.cl (PTR)):
			53/tcp   open   domain       syn-ack ttl 51 (generic dns response: NOTIMP)
				| fingerprint-strings: 
				|   DNSVersionBindReqTCP: 
				|     version
				|_    bind
			2000/tcp open   tcpwrapped   syn-ack ttl 53
			5060/tcp open   tcpwrapped   syn-ack ttl 53
		Scanning ip 163.247.75.25 (ns7.gov.cl (PTR)):
			53/tcp   open   domain       syn-ack ttl 51 (generic dns response: NOTIMP)
				| fingerprint-strings: 
				|   DNSVersionBindReqTCP: 
				|     version
				|_    bind
			2000/tcp open   tcpwrapped   syn-ack ttl 53
			5060/tcp open   tcpwrapped   syn-ack ttl 53
		Scanning ip 163.247.70.211 (mta02.interior.gob.cl):
			2000/tcp open   cisco-sccp?  syn-ack ttl 53
			5060/tcp open   sip?         syn-ack ttl 53
				Device type: general purpose|WAP
				Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		Scanning ip 163.247.4.3 ():
		Scanning ip 18.211.128.100 (www.csirt.gob.cl.):
			22/tcp  open   ssh          syn-ack ttl 48 OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
				| ssh-hostkey: 
				|   2048 43:31:d9:d3:9f:0f:91:4c:84:a4:a2:55:60:5a:eb:78 (RSA)
				|   256 55:43:fe:01:ff:ad:42:a9:09:c6:b6:f8:40:7c:45:b5 (ECDSA)
				|_  256 30:66:c9:6b:ec:27:4d:5e:b7:ad:38:00:20:9d:ba:25 (ED25519)
			80/tcp  open   http?        syn-ack ttl 48
			443/tcp open   ssl/https    syn-ack ttl 48 openresty/1.15.8.2
				|_http-server-header: openresty/1.15.8.2
				|_http-title: 400 The plain HTTP request was sent to HTTPS port
				| ssl-cert: Subject: commonName=server.pyxsoftcdn.com/organizationName=PyxsoftCDN/stateOrProvinceName=Some-State/countryName=CL
				| Issuer: commonName=server.pyxsoftcdn.com/organizationName=PyxsoftCDN/stateOrProvinceName=Some-State/countryName=CL
				| Public Key type: rsa
				| Public Key bits: 4096
				| Signature Algorithm: sha256WithRSAEncryption
				| Not valid before: 2018-08-27T14:40:00
				| Not valid after:  2019-08-27T14:40:00
				| MD5:   c811 6791 861d 41b3 c245 b88e 9415 a821
				|_SHA-1: dccc 01c1 d953 acd1 3025 ca54 5a25 a80d efb9 0413
				Device type: storage-misc|general purpose|broadband router|WAP
				Running (JUST GUESSING): HP embedded (90%), Linux 3.X|4.X|2.6.X|2.4.X (89%)
			OS Info: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
		Scanning ip 163.247.70.214 (mta04.interior.gob.cl (PTR)):
			2000/tcp open   cisco-sccp?  syn-ack ttl 53
			5060/tcp open   sip?         syn-ack ttl 53
				Device type: general purpose|WAP
				Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		Scanning ip 163.247.54.111 (ns.gov.cl (PTR)):
		Scanning ip 163.247.70.0 ():
			2000/tcp open   cisco-sccp?  syn-ack ttl 53
			5060/tcp open   sip?         syn-ack ttl 53
				Device type: general purpose|WAP
				Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		Scanning ip 163.247.70.25 (ns2.gov.cl (PTR)):
			53/tcp   open   domain       syn-ack ttl 50 (generic dns response: NOTIMP)
				| fingerprint-strings: 
				|   DNSVersionBindReqTCP: 
				|     version
				|_    bind
			2000/tcp open   tcpwrapped   syn-ack ttl 53
			5060/tcp open   tcpwrapped   syn-ack ttl 53
		Scanning ip 163.247.77.100 ():
			2000/tcp open   cisco-sccp?  syn-ack ttl 53
			5060/tcp open   sip?         syn-ack ttl 53
				Device type: general purpose|WAP
				Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		Scanning ip 163.247.77.101 ():
			2000/tcp open   cisco-sccp?  syn-ack ttl 53
			5060/tcp open   sip?         syn-ack ttl 53
				Device type: general purpose|WAP
				Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		Scanning ip 163.247.70.213 (mta03.interior.gob.cl (PTR)):
			2000/tcp open   cisco-sccp?  syn-ack ttl 53
			5060/tcp open   sip?         syn-ack ttl 53
				Device type: general purpose|WAP
				Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
	WebCrawling domain's web servers... up to 50 max links.

	+ URL to crawl: http://www.csirt.gob.cl.:443
	+ Date: 2019-10-31

	+ Crawling URL: http://www.csirt.gob.cl.:443:
		+ Links: 
			+ Crawling http://www.csirt.gob.cl.:443  (400 Bad Request) 
		+ Searching for directories...
		+ Searching open folders... 

--Finished--
Summary information for domain csirt.gob.cl.
-----------------------------------------

	Domain Ips Information:
		IP: 163.247.72.25
			HostName: ns6.gob.cl 			Type: NS
			HostName: ns6.gov.cl			Type: PTR
			Country: Chile
			Is Active: True (reset ttl 64)
			Port: 53/tcp   open   domain       syn-ack ttl 51 (generic dns response: NOTIMP)
				Script Info: | fingerprint-strings: 
				Script Info: |   DNSVersionBindReqTCP: 
				Script Info: |     version
				Script Info: |_    bind
			Port: 2000/tcp open   tcpwrapped   syn-ack ttl 53
			Port: 5060/tcp open   tcpwrapped   syn-ack ttl 53
		IP: 163.247.75.25
			HostName: ns7.gob.cl 			Type: NS
			HostName: ns7.gov.cl			Type: PTR
			Country: Chile
			Is Active: True (reset ttl 64)
			Port: 53/tcp   open   domain       syn-ack ttl 51 (generic dns response: NOTIMP)
				Script Info: | fingerprint-strings: 
				Script Info: |   DNSVersionBindReqTCP: 
				Script Info: |     version
				Script Info: |_    bind
			Port: 2000/tcp open   tcpwrapped   syn-ack ttl 53
			Port: 5060/tcp open   tcpwrapped   syn-ack ttl 53
		IP: 163.247.70.211
			HostName: mta01.interior.gob.cl 			Type: MX
			HostName: mta01.interior.gob.cl			Type: PTR
			HostName: mta02.interior.gob.cl 			Type: MX
			Country: Chile
			Is Active: True (reset ttl 64)
			Port: 2000/tcp open   cisco-sccp?  syn-ack ttl 53
			Port: 5060/tcp open   sip?         syn-ack ttl 53
				Script Info: Device type: general purpose|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		IP: 163.247.4.3
			Type: SPF
			Is Active: True (reset ttl 64)
		IP: 18.211.128.100
			HostName: www.csirt.gob.cl. 			Type: A
			Country: United States
			Is Active: True (reset ttl 64)
			Port: 22/tcp  open   ssh          syn-ack ttl 48 OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
				Script Info: | ssh-hostkey: 
				Script Info: |   2048 43:31:d9:d3:9f:0f:91:4c:84:a4:a2:55:60:5a:eb:78 (RSA)
				Script Info: |   256 55:43:fe:01:ff:ad:42:a9:09:c6:b6:f8:40:7c:45:b5 (ECDSA)
				Script Info: |_  256 30:66:c9:6b:ec:27:4d:5e:b7:ad:38:00:20:9d:ba:25 (ED25519)
			Port: 80/tcp  open   http?        syn-ack ttl 48
			Port: 443/tcp open   ssl/https    syn-ack ttl 48 openresty/1.15.8.2
				Script Info: |_http-server-header: openresty/1.15.8.2
				Script Info: |_http-title: 400 The plain HTTP request was sent to HTTPS port
				Script Info: | ssl-cert: Subject: commonName=server.pyxsoftcdn.com/organizationName=PyxsoftCDN/stateOrProvinceName=Some-State/countryName=CL
				Script Info: | Issuer: commonName=server.pyxsoftcdn.com/organizationName=PyxsoftCDN/stateOrProvinceName=Some-State/countryName=CL
				Script Info: | Public Key type: rsa
				Script Info: | Public Key bits: 4096
				Script Info: | Signature Algorithm: sha256WithRSAEncryption
				Script Info: | Not valid before: 2018-08-27T14:40:00
				Script Info: | Not valid after:  2019-08-27T14:40:00
				Script Info: | MD5:   c811 6791 861d 41b3 c245 b88e 9415 a821
				Script Info: |_SHA-1: dccc 01c1 d953 acd1 3025 ca54 5a25 a80d efb9 0413
				Script Info: Device type: storage-misc|general purpose|broadband router|WAP
				Script Info: Running (JUST GUESSING): HP embedded (90%), Linux 3.X|4.X|2.6.X|2.4.X (89%)
			Os Info:  OS: Linux; CPE: cpe:/o:linux:linux_kernel
		IP: 163.247.70.214
			HostName: mta04.interior.gob.cl 			Type: MX
			HostName: mta04.interior.gob.cl			Type: PTR
			Country: Chile
			Is Active: True (reset ttl 64)
			Port: 2000/tcp open   cisco-sccp?  syn-ack ttl 53
			Port: 5060/tcp open   sip?         syn-ack ttl 53
				Script Info: Device type: general purpose|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		IP: 163.247.54.111
			HostName: ns.gob.cl 			Type: NS
			HostName: ns.gov.cl			Type: PTR
			Country: Chile
			Is Active: True (reset ttl 64)
		IP: 163.247.70.0
			Type: SPF
			Type: SPF
			Type: SPF
			Is Active: True (reset ttl 64)
			Port: 2000/tcp open   cisco-sccp?  syn-ack ttl 53
			Port: 5060/tcp open   sip?         syn-ack ttl 53
				Script Info: Device type: general purpose|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		IP: 163.247.70.25
			HostName: ns2.gob.cl 			Type: NS
			HostName: ns2.gov.cl			Type: PTR
			Country: Chile
			Is Active: True (reset ttl 64)
			Port: 53/tcp   open   domain       syn-ack ttl 50 (generic dns response: NOTIMP)
				Script Info: | fingerprint-strings: 
				Script Info: |   DNSVersionBindReqTCP: 
				Script Info: |     version
				Script Info: |_    bind
			Port: 2000/tcp open   tcpwrapped   syn-ack ttl 53
			Port: 5060/tcp open   tcpwrapped   syn-ack ttl 53
		IP: 163.247.77.100
			Type: SPF
			Is Active: True (reset ttl 64)
			Port: 2000/tcp open   cisco-sccp?  syn-ack ttl 53
			Port: 5060/tcp open   sip?         syn-ack ttl 53
				Script Info: Device type: general purpose|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		IP: 163.247.77.101
			Type: SPF
			Is Active: True (reset ttl 64)
			Port: 2000/tcp open   cisco-sccp?  syn-ack ttl 53
			Port: 5060/tcp open   sip?         syn-ack ttl 53
				Script Info: Device type: general purpose|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
		IP: 163.247.70.213
			HostName: mta03.interior.gob.cl 			Type: MX
			HostName: mta03.interior.gob.cl			Type: PTR
			Country: Chile
			Is Active: True (reset ttl 64)
			Port: 2000/tcp open   cisco-sccp?  syn-ack ttl 53
			Port: 5060/tcp open   sip?         syn-ack ttl 53
				Script Info: Device type: general purpose|WAP
				Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%)
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:11 EDT
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up (0.33s latency).
Not shown: 994 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 19.22 seconds
######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:11 EDT
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up (0.31s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
500/udp  open|filtered isakmp
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 6.29 seconds
#######################################################################################################################################
# general
(gen) banner: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
(gen) software: OpenSSH 7.4p1
(gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) curve25519-sha256                     -- [warn] unknown algorithm
(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
                                            `- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53

# host-key algorithms
(key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512                          -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256                          -- [info] available since OpenSSH 7.2
(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
                                            `- [warn] using weak random number generator could reveal the key
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
                                            `- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2

# message authentication code algorithms
(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28

# algorithm recommendations (for OpenSSH 7.4)
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove 
(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove 
(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove 
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove 
(rec) -hmac-sha2-512                        -- mac algorithm to remove 
(rec) -umac-128@openssh.com                 -- mac algorithm to remove 
(rec) -hmac-sha2-256                        -- mac algorithm to remove 
(rec) -umac-64@openssh.com                  -- mac algorithm to remove 
(rec) -hmac-sha1                            -- mac algorithm to remove 
(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove 
(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove 
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:11 EDT
NSE: [ssh-run] Failed to specify credentials and command to run.
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up (0.40s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
| ssh-auth-methods: 
|   Supported authentication methods: 
|_    publickey
|_ssh-brute: Password authentication not allowed
| ssh-hostkey: 
|   2048 43:31:d9:d3:9f:0f:91:4c:84:a4:a2:55:60:5a:eb:78 (RSA)
|   256 55:43:fe:01:ff:ad:42:a9:09:c6:b6:f8:40:7c:45:b5 (ECDSA)
|_  256 30:66:c9:6b:ec:27:4d:5e:b7:ad:38:00:20:9d:ba:25 (ED25519)
| ssh-publickey-acceptance: 
|_  Accepted Public Keys: No public keys accepted
|_ssh-run: Failed to specify credentials and command to run.
| vulscan: VulDB - https://vuldb.com:
| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
| [94611] OpenSSH up to 7.3 Access Control privilege escalation
| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
| [90405] OpenSSH up to 7.2p2 sshd information disclosure
| [90404] OpenSSH up to 7.2p2 sshd information disclosure
| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
| 
| MITRE CVE - https://cve.mitre.org:
| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
| 
| SecurityFocus - https://www.securityfocus.com/bid/:
| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
| [75990] OpenSSH Login Handling Security Bypass Weakness
| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
| [61286] OpenSSH Remote Denial of Service Vulnerability
| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
| [30794] Red Hat OpenSSH Backdoor Vulnerability
| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
| [28531] OpenSSH ForceCommand Command Execution Weakness
| [28444] OpenSSH X Connections Session Hijacking Vulnerability
| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
| [20956] OpenSSH Privilege Separation Key Signature Weakness
| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
| [6168] OpenSSH Visible Password Vulnerability
| [5374] OpenSSH Trojan Horse Vulnerability
| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
| [4241] OpenSSH Channel Code Off-By-One Vulnerability
| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
| [2917] OpenSSH PAM Session Evasion Vulnerability
| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
| [2356] OpenSSH Private Key Authentication Check Vulnerability
| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
| [1334] OpenSSH UseLogin Vulnerability
| 
| IBM X-Force - https://exchange.xforce.ibmcloud.com:
| [83258] GSI-OpenSSH auth-pam.c security bypass
| [82781] OpenSSH time limit denial of service
| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
| [72756] Debian openssh-server commands information disclosure
| [68339] OpenSSH pam_thread buffer overflow
| [67264] OpenSSH ssh-keysign unauthorized access
| [65910] OpenSSH remote_glob function denial of service
| [65163] OpenSSH certificate information disclosure
| [64387] OpenSSH J-PAKE security bypass
| [63337] Cisco Unified Videoconferencing OpenSSH weak security
| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
| [45202] OpenSSH signal handler denial of service
| [44747] RHEL OpenSSH backdoor
| [44280] OpenSSH PermitRootLogin information disclosure
| [44279] OpenSSH sshd weak security
| [44037] OpenSSH sshd SELinux role unauthorized access
| [43940] OpenSSH X11 forwarding information disclosure
| [41549] OpenSSH ForceCommand directive security bypass
| [41438] OpenSSH sshd session hijacking
| [40897] OpenSSH known_hosts weak security
| [40587] OpenSSH username weak security
| [37371] OpenSSH username data manipulation
| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
| [37112] RHSA update for OpenSSH signal handler race condition not installed
| [37107] RHSA update for OpenSSH identical block denial of service not installed
| [36637] OpenSSH X11 cookie privilege escalation
| [35167] OpenSSH packet.c newkeys[mode] denial of service
| [34490] OpenSSH OPIE information disclosure
| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
| [32975] Apple Mac OS X OpenSSH denial of service
| [32387] RHSA-2006:0738 updates for openssh not installed
| [32359] RHSA-2006:0697 updates for openssh not installed
| [32230] RHSA-2006:0298 updates for openssh not installed
| [32132] RHSA-2006:0044 updates for openssh not installed
| [30120] OpenSSH privilege separation monitor authentication verification weakness
| [29255] OpenSSH GSSAPI user enumeration
| [29254] OpenSSH signal handler race condition
| [29158] OpenSSH identical block denial of service
| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
| [25116] OpenSSH OpenPAM denial of service
| [24305] OpenSSH SCP shell expansion command execution
| [22665] RHSA-2005:106 updates for openssh not installed
| [22117] OpenSSH GSSAPI allows elevated privileges
| [22115] OpenSSH GatewayPorts security bypass
| [20930] OpenSSH sshd.c LoginGraceTime denial of service
| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
| [17213] OpenSSH allows port bouncing attacks
| [16323] OpenSSH scp file overwrite
| [13797] OpenSSH PAM information leak
| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
| [13264] OpenSSH PAM code could allow an attacker to gain access
| [13215] OpenSSH buffer management errors could allow an attacker to execute code
| [13214] OpenSSH memory vulnerabilities
| [13191] OpenSSH large packet buffer overflow
| [12196] OpenSSH could allow an attacker to bypass login restrictions
| [11970] OpenSSH could allow an attacker to obtain valid administrative account
| [11902] OpenSSH PAM support enabled information leak
| [9803] OpenSSH &quot
| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
| [9307] OpenSSH is running on the system
| [9169] OpenSSH &quot
| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
| [8383] OpenSSH off-by-one error in channel code
| [7647] OpenSSH UseLogin option arbitrary code execution
| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
| [7179] OpenSSH source IP access control bypass
| [6757] OpenSSH &quot
| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
| [5517] OpenSSH allows unauthorized access to resources
| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
| 
| Exploit-DB - https://www.exploit-db.com:
| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
| 
| OpenVAS (Nessus) - http://www.openvas.org:
| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
| [881183] CentOS Update for openssh CESA-2012:0884 centos6 
| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
| [870763] RedHat Update for openssh RHSA-2012:0884-04
| [870129] RedHat Update for openssh RHSA-2008:0855-01
| [861813] Fedora Update for openssh FEDORA-2010-5429
| [861319] Fedora Update for openssh FEDORA-2007-395
| [861170] Fedora Update for openssh FEDORA-2007-394
| [861012] Fedora Update for openssh FEDORA-2007-715
| [840345] Ubuntu Update for openssh vulnerability USN-597-1
| [840300] Ubuntu Update for openssh update USN-612-5
| [840271] Ubuntu Update for openssh vulnerability USN-612-2
| [840268] Ubuntu Update for openssh update USN-612-7
| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
| [840214] Ubuntu Update for openssh vulnerability USN-566-1
| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
| [100584] OpenSSH X Connections Session Hijacking Vulnerability
| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
| [65987] SLES10: Security update for OpenSSH
| [65819] SLES10: Security update for OpenSSH
| [65514] SLES9: Security update for OpenSSH
| [65513] SLES9: Security update for OpenSSH
| [65334] SLES9: Security update for OpenSSH
| [65248] SLES9: Security update for OpenSSH
| [65218] SLES9: Security update for OpenSSH
| [65169] SLES9: Security update for openssh,openssh-askpass
| [65126] SLES9: Security update for OpenSSH
| [65019] SLES9: Security update for OpenSSH
| [65015] SLES9: Security update for OpenSSH
| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
| [61639] Debian Security Advisory DSA 1638-1 (openssh)
| [61030] Debian Security Advisory DSA 1576-2 (openssh)
| [61029] Debian Security Advisory DSA 1576-1 (openssh)
| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
| [60667] Slackware Advisory SSA:2008-095-01 openssh 
| [59014] Slackware Advisory SSA:2007-255-01 openssh 
| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
| [57492] Slackware Advisory SSA:2006-272-02 openssh 
| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
| [57470] FreeBSD Ports: openssh
| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
| [56294] Slackware Advisory SSA:2006-045-06 openssh 
| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages 
| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory 
| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again 
| [53788] Debian Security Advisory DSA 025-1 (openssh)
| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
| [11343] OpenSSH Client Unauthorized Remote Forwarding
| [10954] OpenSSH AFS/Kerberos ticket/token passing
| [10883] OpenSSH Channel Code Off by 1
| [10823] OpenSSH UseLogin Environment Variables
| 
| SecurityTracker - https://www.securitytracker.com:
| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
| 
| OSVDB - http://www.osvdb.org:
| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
| [56921] OpenSSH Unspecified Remote Compromise
| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
| [43745] OpenSSH X11 Forwarding Local Session Hijacking
| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
| [37315] pam_usb OpenSSH Authentication Unspecified Issue
| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
| [34601] OPIE w/ OpenSSH Account Enumeration
| [34600] OpenSSH S/KEY Authentication Account Enumeration
| [32721] OpenSSH Username Password Complexity Account Enumeration
| [30232] OpenSSH Privilege Separation Monitor Weakness
| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
| [29152] OpenSSH Identical Block Packet DoS
| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
| [22692] OpenSSH scp Command Line Filename Processing Command Injection
| [20216] OpenSSH with KerberosV Remote Authentication Bypass
| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
| [6601] OpenSSH *realloc() Unspecified Memory Errors
| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
| [6072] OpenSSH PAM Conversation Function Stack Modification
| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
| [5408] OpenSSH echo simulation Information Disclosure
| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
| [4536] OpenSSH Portable AIX linker Privilege Escalation
| [3938] OpenSSL and OpenSSH /dev/random Check Failure
| [3456] OpenSSH buffer_append_space() Heap Corruption
| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
| [2140] OpenSSH w/ PAM Username Validity Timing Attack
| [2112] OpenSSH Reverse DNS Lookup Bypass
| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
| [1853] OpenSSH Symbolic Link 'cookies' File Removal
| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
| [688] OpenSSH UseLogin Environment Variable Local Command Execution
| [642] OpenSSH Multiple Key Type ACL Bypass
| [504] OpenSSH SSHv2 Public Key Authentication Bypass
| [341] OpenSSH UseLogin Local Privilege Escalation
|_
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|storage-misc
Running (JUST GUESSING): Linux 3.X (91%), Crestron 2-Series (87%), HP embedded (85%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
Aggressive OS guesses: Linux 3.10 - 3.13 (91%), Crestron XPanel control system (87%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 22/tcp)
HOP RTT       ADDRESS
1   258.08 ms 10.244.204.1
2   394.43 ms 213.184.122.97
3   394.41 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   394.48 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
5   394.48 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
6   394.51 ms bzq-219-189-73.dsl.bezeqint.net (62.219.189.73)
7   394.49 ms ae9.cr1-lon2.ip4.gtt.net (46.33.89.185)
8   394.55 ms et-10-3-0.cr4-nyc2.ip4.gtt.net (213.254.214.10)
9   394.55 ms et-10-3-0.cr4-nyc2.ip4.gtt.net (213.254.214.10)
10  394.57 ms a100-gw.ip4.gtt.net (173.205.58.70)
11  319.76 ms 52.93.1.32
12  394.86 ms 52.93.1.95
13  ... 16
17  394.86 ms 54.239.41.180
18  394.83 ms 52.93.132.136
19  ... 30
#######################################################################################################################################
USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
RHOSTS => 18.211.128.100
RHOST => 18.211.128.100
[*] 18.211.128.100:22 - SSH - Using malformed packet technique
[*] 18.211.128.100:22 - SSH - Starting scan
[+] 18.211.128.100:22 - SSH - User 'admin' found
[+] 18.211.128.100:22 - SSH - User 'administrator' found
[+] 18.211.128.100:22 - SSH - User 'anonymous' found
[+] 18.211.128.100:22 - SSH - User 'backup' found
[+] 18.211.128.100:22 - SSH - User 'bee' found
[+] 18.211.128.100:22 - SSH - User 'ftp' found
[+] 18.211.128.100:22 - SSH - User 'guest' found
[+] 18.211.128.100:22 - SSH - User 'GUEST' found
[+] 18.211.128.100:22 - SSH - User 'info' found
[+] 18.211.128.100:22 - SSH - User 'mail' found
[+] 18.211.128.100:22 - SSH - User 'mailadmin' found
[+] 18.211.128.100:22 - SSH - User 'msfadmin' found
[+] 18.211.128.100:22 - SSH - User 'mysql' found
[+] 18.211.128.100:22 - SSH - User 'nobody' found
[+] 18.211.128.100:22 - SSH - User 'oracle' found
[+] 18.211.128.100:22 - SSH - User 'owaspbwa' found
[+] 18.211.128.100:22 - SSH - User 'postfix' found
[+] 18.211.128.100:22 - SSH - User 'postgres' found
[+] 18.211.128.100:22 - SSH - User 'private' found
[+] 18.211.128.100:22 - SSH - User 'proftpd' found
[+] 18.211.128.100:22 - SSH - User 'public' found
[+] 18.211.128.100:22 - SSH - User 'root' found
[+] 18.211.128.100:22 - SSH - User 'superadmin' found
[+] 18.211.128.100:22 - SSH - User 'support' found
[+] 18.211.128.100:22 - SSH - User 'sys' found
[+] 18.211.128.100:22 - SSH - User 'system' found
[+] 18.211.128.100:22 - SSH - User 'systemadmin' found
[+] 18.211.128.100:22 - SSH - User 'systemadministrator' found
[+] 18.211.128.100:22 - SSH - User 'test' found
[+] 18.211.128.100:22 - SSH - User 'tomcat' found
[+] 18.211.128.100:22 - SSH - User 'user' found
[+] 18.211.128.100:22 - SSH - User 'webmaster' found
[+] 18.211.128.100:22 - SSH - User 'www-data' found
[+] 18.211.128.100:22 - SSH - User 'Fortimanager_Access' found
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:14 EDT
NSE: Loaded 163 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 01:14
Completed NSE at 01:14, 0.00s elapsed
Initiating NSE at 01:14
Completed NSE at 01:14, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 01:14
Completed Parallel DNS resolution of 1 host. at 01:14, 0.02s elapsed
Initiating SYN Stealth Scan at 01:14
Scanning ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100) [1 port]
Discovered open port 80/tcp on 18.211.128.100
Completed SYN Stealth Scan at 01:14, 0.33s elapsed (1 total ports)
Initiating Service scan at 01:14
Scanning 1 service on ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Completed Service scan at 01:15, 39.61s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Retrying OS detection (try #2) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Initiating Traceroute at 01:15
Completed Traceroute at 01:15, 6.62s elapsed
Initiating Parallel DNS resolution of 14 hosts. at 01:15
Completed Parallel DNS resolution of 14 hosts. at 01:15, 0.62s elapsed
NSE: Script scanning 18.211.128.100.
Initiating NSE at 01:15
NSE: [http-wordpress-enum 18.211.128.100:80] got no answers from pipelined queries
Completed NSE at 01:22, 448.95s elapsed
Initiating NSE at 01:22
Completed NSE at 01:23, 2.83s elapsed
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up (0.46s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http?
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-brute:   
|_  Path "/" does not require authentication
|_http-chrono: Request times for /; avg: 10003.30ms; min: 9580.56ms; max: 10196.31ms
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-errors: ERROR: Script execution failed (use -d to debug)
|_http-feed: Couldn't find any feeds.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-mobileversion-checker: No mobile version detected.
|_http-security-headers: 
| http-sitemap-generator: 
|   Directory structure:
|   Longest directory structure:
|     Depth: 0
|     Dir: /
|   Total files found (by extension):
|_    
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-traceroute: ERROR: Script execution failed (use -d to debug)
| http-vhosts: 
|_127 names had status ERROR
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-xssed: No previously reported XSS vuln.
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|storage-misc
Running (JUST GUESSING): Linux 3.X (91%), Crestron 2-Series (87%), HP embedded (85%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
Aggressive OS guesses: Linux 3.10 - 3.13 (91%), Crestron XPanel control system (87%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 10.463 days (since Sun Oct 20 14:15:47 2019)
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   445.02 ms 10.244.204.1
2   445.11 ms 213.184.122.97
3   445.09 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   445.12 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   445.18 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
6   445.17 ms ae9.cr1-lon2.ip4.gtt.net (46.33.89.185)
7   445.23 ms bzq-179-72-241.cust.bezeqint.net (212.179.72.241)
8   605.01 ms et-10-3-0.cr4-nyc2.ip4.gtt.net (213.254.214.10)
9   604.98 ms et-10-3-0.cr4-nyc2.ip4.gtt.net (213.254.214.10)
10  285.41 ms a100-gw.ip4.gtt.net (173.205.58.70)
11  472.12 ms 52.93.1.93
12  ...
13  506.17 ms 52.93.1.54
14  ... 15
16  506.16 ms 72.21.222.227
17  ...
18  506.16 ms 54.239.41.180
19  ... 27
28  369.38 ms 52.93.28.126
29  ... 30

NSE: Script Post-scanning.
Initiating NSE at 01:23
Completed NSE at 01:23, 0.00s elapsed
Initiating NSE at 01:23
Completed NSE at 01:23, 0.00s elapsed
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:23 EDT
NSE: Loaded 163 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 01:23
Completed NSE at 01:23, 0.00s elapsed
Initiating NSE at 01:23
Completed NSE at 01:23, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 01:23
Completed Parallel DNS resolution of 1 host. at 01:23, 0.04s elapsed
Initiating SYN Stealth Scan at 01:23
Scanning ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100) [1 port]
Discovered open port 443/tcp on 18.211.128.100
Completed SYN Stealth Scan at 01:23, 0.34s elapsed (1 total ports)
Initiating Service scan at 01:23
Scanning 1 service on ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Completed Service scan at 01:24, 71.58s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Retrying OS detection (try #2) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Initiating Traceroute at 01:24
Completed Traceroute at 01:24, 6.47s elapsed
Initiating Parallel DNS resolution of 12 hosts. at 01:24
Completed Parallel DNS resolution of 12 hosts. at 01:24, 0.63s elapsed
NSE: Script scanning 18.211.128.100.
Initiating NSE at 01:24
Completed NSE at 01:29, 262.02s elapsed
Initiating NSE at 01:29
Completed NSE at 01:29, 6.06s elapsed
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up (0.42s latency).

PORT    STATE SERVICE   VERSION
443/tcp open  ssl/https openresty/1.15.8.2
| http-brute:   
|_  Path "/" does not require authentication
|_http-chrono: Request times for /; avg: 9859.63ms; min: 9614.93ms; max: 10101.19ms
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-date: Thu, 31 Oct 2019 05:25:09 GMT; -1s from local time.
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
| http-errors: 
| Spidering limited to: maxpagecount=40; withinhost=ec2-18-211-128-100.compute-1.amazonaws.com
|   Found the following error pages: 
|   
|   Error Code: 400
|_  	http://ec2-18-211-128-100.compute-1.amazonaws.com:443/
|_http-feed: Couldn't find any feeds.
|_http-fetch: Please enter the complete path of the directory to save data in.
| http-headers: 
|   Server: openresty/1.15.8.2
|   Date: Thu, 31 Oct 2019 05:25:40 GMT
|   Content-Type: text/html
|   Content-Length: 261
|   Connection: close
|   
|_  (Request type: GET)
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-mobileversion-checker: No mobile version detected.
| http-security-headers: 
|   Strict_Transport_Security: 
|_    HSTS not configured in HTTPS Server
|_http-server-header: openresty/1.15.8.2
| http-sitemap-generator: 
|   Directory structure:
|   Longest directory structure:
|     Depth: 0
|     Dir: /
|   Total files found (by extension):
|_    
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| http-vhosts: 
|_127 names had status 400
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-xssed: No previously reported XSS vuln.
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|storage-misc
Running (JUST GUESSING): Linux 3.X (91%), Crestron 2-Series (87%), HP embedded (85%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
Aggressive OS guesses: Linux 3.10 - 3.13 (91%), Crestron XPanel control system (87%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 8.113 days (since Tue Oct 22 22:46:11 2019)
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   451.65 ms 10.244.204.1
2   451.73 ms 213.184.122.97
3   451.71 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   451.74 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
5   451.79 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
6   451.78 ms bzq-179-72-241.cust.bezeqint.net (212.179.72.241)
7   451.84 ms bzq-179-72-241.cust.bezeqint.net (212.179.72.241)
8   451.83 ms ae9.cr1-lon2.ip4.gtt.net (46.33.89.185)
9   451.87 ms a100-gw.ip4.gtt.net (173.205.58.70)
10  289.25 ms a100-gw.ip4.gtt.net (173.205.58.70)
11  327.97 ms 52.93.1.81
12  355.71 ms 52.93.1.85
13  355.61 ms 52.93.1.52
14  ... 16
17  355.62 ms 72.21.222.231
18  ... 30

NSE: Script Post-scanning.
Initiating NSE at 01:29
Completed NSE at 01:29, 0.00s elapsed
Initiating NSE at 01:29
Completed NSE at 01:29, 0.00s elapsed
#######################################################################################################################################
Version: 1.11.13-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 18.211.128.100

Testing SSL server 18.211.128.100 on port 443 using SNI name 18.211.128.100

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    4096

Subject:  server.pyxsoftcdn.com
Issuer:   server.pyxsoftcdn.com

Not valid before: Aug 27 14:40:00 2018 GMT
Not valid after:  Aug 27 14:40:00 2019 GMT
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:31 EDT
NSE: Loaded 47 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 01:31
Completed NSE at 01:31, 0.00s elapsed
Initiating NSE at 01:31
Completed NSE at 01:31, 0.00s elapsed
Initiating Ping Scan at 01:31
Scanning 18.211.128.100 [4 ports]
Completed Ping Scan at 01:31, 0.57s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 01:31
Completed Parallel DNS resolution of 1 host. at 01:31, 0.02s elapsed
Initiating SYN Stealth Scan at 01:31
Scanning ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100) [65535 ports]
Discovered open port 22/tcp on 18.211.128.100
Discovered open port 443/tcp on 18.211.128.100
Discovered open port 80/tcp on 18.211.128.100
SYN Stealth Scan Timing: About 2.39% done; ETC: 01:53 (0:21:08 remaining)
SYN Stealth Scan Timing: About 6.97% done; ETC: 01:46 (0:13:34 remaining)
SYN Stealth Scan Timing: About 12.55% done; ETC: 01:43 (0:10:34 remaining)
SYN Stealth Scan Timing: About 17.76% done; ETC: 01:43 (0:09:20 remaining)
SYN Stealth Scan Timing: About 23.35% done; ETC: 01:43 (0:08:45 remaining)
SYN Stealth Scan Timing: About 28.94% done; ETC: 01:42 (0:07:47 remaining)
SYN Stealth Scan Timing: About 35.84% done; ETC: 01:42 (0:06:34 remaining)
SYN Stealth Scan Timing: About 43.33% done; ETC: 01:41 (0:05:27 remaining)
SYN Stealth Scan Timing: About 50.89% done; ETC: 01:40 (0:04:30 remaining)
SYN Stealth Scan Timing: About 58.93% done; ETC: 01:40 (0:03:36 remaining)
SYN Stealth Scan Timing: About 68.26% done; ETC: 01:40 (0:02:38 remaining)
SYN Stealth Scan Timing: About 78.50% done; ETC: 01:39 (0:01:41 remaining)
SYN Stealth Scan Timing: About 90.18% done; ETC: 01:39 (0:00:44 remaining)
Completed SYN Stealth Scan at 01:39, 452.24s elapsed (65535 total ports)
Initiating Service scan at 01:39
Scanning 3 services on ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Completed Service scan at 01:40, 72.05s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Retrying OS detection (try #2) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Initiating Traceroute at 01:40
Completed Traceroute at 01:40, 6.48s elapsed
Initiating Parallel DNS resolution of 12 hosts. at 01:40
Completed Parallel DNS resolution of 12 hosts. at 01:40, 0.47s elapsed
NSE: Script scanning 18.211.128.100.
Initiating NSE at 01:40
Completed NSE at 01:40, 9.58s elapsed
Initiating NSE at 01:40
Completed NSE at 01:41, 3.33s elapsed
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up (0.41s latency).
Not shown: 65529 filtered ports
PORT    STATE  SERVICE      VERSION
22/tcp  open   ssh          OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
| vulscan: VulDB - https://vuldb.com:
| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
| [94611] OpenSSH up to 7.3 Access Control privilege escalation
| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
| [90405] OpenSSH up to 7.2p2 sshd information disclosure
| [90404] OpenSSH up to 7.2p2 sshd information disclosure
| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
| 
| MITRE CVE - https://cve.mitre.org:
| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
| 
| SecurityFocus - https://www.securityfocus.com/bid/:
| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
| [75990] OpenSSH Login Handling Security Bypass Weakness
| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
| [61286] OpenSSH Remote Denial of Service Vulnerability
| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
| [30794] Red Hat OpenSSH Backdoor Vulnerability
| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
| [28531] OpenSSH ForceCommand Command Execution Weakness
| [28444] OpenSSH X Connections Session Hijacking Vulnerability
| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
| [20956] OpenSSH Privilege Separation Key Signature Weakness
| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
| [6168] OpenSSH Visible Password Vulnerability
| [5374] OpenSSH Trojan Horse Vulnerability
| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
| [4241] OpenSSH Channel Code Off-By-One Vulnerability
| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
| [2917] OpenSSH PAM Session Evasion Vulnerability
| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
| [2356] OpenSSH Private Key Authentication Check Vulnerability
| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
| [1334] OpenSSH UseLogin Vulnerability
| 
| IBM X-Force - https://exchange.xforce.ibmcloud.com:
| [83258] GSI-OpenSSH auth-pam.c security bypass
| [82781] OpenSSH time limit denial of service
| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
| [72756] Debian openssh-server commands information disclosure
| [68339] OpenSSH pam_thread buffer overflow
| [67264] OpenSSH ssh-keysign unauthorized access
| [65910] OpenSSH remote_glob function denial of service
| [65163] OpenSSH certificate information disclosure
| [64387] OpenSSH J-PAKE security bypass
| [63337] Cisco Unified Videoconferencing OpenSSH weak security
| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
| [45202] OpenSSH signal handler denial of service
| [44747] RHEL OpenSSH backdoor
| [44280] OpenSSH PermitRootLogin information disclosure
| [44279] OpenSSH sshd weak security
| [44037] OpenSSH sshd SELinux role unauthorized access
| [43940] OpenSSH X11 forwarding information disclosure
| [41549] OpenSSH ForceCommand directive security bypass
| [41438] OpenSSH sshd session hijacking
| [40897] OpenSSH known_hosts weak security
| [40587] OpenSSH username weak security
| [37371] OpenSSH username data manipulation
| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
| [37112] RHSA update for OpenSSH signal handler race condition not installed
| [37107] RHSA update for OpenSSH identical block denial of service not installed
| [36637] OpenSSH X11 cookie privilege escalation
| [35167] OpenSSH packet.c newkeys[mode] denial of service
| [34490] OpenSSH OPIE information disclosure
| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
| [32975] Apple Mac OS X OpenSSH denial of service
| [32387] RHSA-2006:0738 updates for openssh not installed
| [32359] RHSA-2006:0697 updates for openssh not installed
| [32230] RHSA-2006:0298 updates for openssh not installed
| [32132] RHSA-2006:0044 updates for openssh not installed
| [30120] OpenSSH privilege separation monitor authentication verification weakness
| [29255] OpenSSH GSSAPI user enumeration
| [29254] OpenSSH signal handler race condition
| [29158] OpenSSH identical block denial of service
| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
| [25116] OpenSSH OpenPAM denial of service
| [24305] OpenSSH SCP shell expansion command execution
| [22665] RHSA-2005:106 updates for openssh not installed
| [22117] OpenSSH GSSAPI allows elevated privileges
| [22115] OpenSSH GatewayPorts security bypass
| [20930] OpenSSH sshd.c LoginGraceTime denial of service
| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
| [17213] OpenSSH allows port bouncing attacks
| [16323] OpenSSH scp file overwrite
| [13797] OpenSSH PAM information leak
| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
| [13264] OpenSSH PAM code could allow an attacker to gain access
| [13215] OpenSSH buffer management errors could allow an attacker to execute code
| [13214] OpenSSH memory vulnerabilities
| [13191] OpenSSH large packet buffer overflow
| [12196] OpenSSH could allow an attacker to bypass login restrictions
| [11970] OpenSSH could allow an attacker to obtain valid administrative account
| [11902] OpenSSH PAM support enabled information leak
| [9803] OpenSSH &quot
| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
| [9307] OpenSSH is running on the system
| [9169] OpenSSH &quot
| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
| [8383] OpenSSH off-by-one error in channel code
| [7647] OpenSSH UseLogin option arbitrary code execution
| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
| [7179] OpenSSH source IP access control bypass
| [6757] OpenSSH &quot
| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
| [5517] OpenSSH allows unauthorized access to resources
| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
| 
| Exploit-DB - https://www.exploit-db.com:
| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
| 
| OpenVAS (Nessus) - http://www.openvas.org:
| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
| [881183] CentOS Update for openssh CESA-2012:0884 centos6 
| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
| [870763] RedHat Update for openssh RHSA-2012:0884-04
| [870129] RedHat Update for openssh RHSA-2008:0855-01
| [861813] Fedora Update for openssh FEDORA-2010-5429
| [861319] Fedora Update for openssh FEDORA-2007-395
| [861170] Fedora Update for openssh FEDORA-2007-394
| [861012] Fedora Update for openssh FEDORA-2007-715
| [840345] Ubuntu Update for openssh vulnerability USN-597-1
| [840300] Ubuntu Update for openssh update USN-612-5
| [840271] Ubuntu Update for openssh vulnerability USN-612-2
| [840268] Ubuntu Update for openssh update USN-612-7
| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
| [840214] Ubuntu Update for openssh vulnerability USN-566-1
| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
| [100584] OpenSSH X Connections Session Hijacking Vulnerability
| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
| [65987] SLES10: Security update for OpenSSH
| [65819] SLES10: Security update for OpenSSH
| [65514] SLES9: Security update for OpenSSH
| [65513] SLES9: Security update for OpenSSH
| [65334] SLES9: Security update for OpenSSH
| [65248] SLES9: Security update for OpenSSH
| [65218] SLES9: Security update for OpenSSH
| [65169] SLES9: Security update for openssh,openssh-askpass
| [65126] SLES9: Security update for OpenSSH
| [65019] SLES9: Security update for OpenSSH
| [65015] SLES9: Security update for OpenSSH
| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
| [61639] Debian Security Advisory DSA 1638-1 (openssh)
| [61030] Debian Security Advisory DSA 1576-2 (openssh)
| [61029] Debian Security Advisory DSA 1576-1 (openssh)
| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
| [60667] Slackware Advisory SSA:2008-095-01 openssh 
| [59014] Slackware Advisory SSA:2007-255-01 openssh 
| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
| [57492] Slackware Advisory SSA:2006-272-02 openssh 
| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
| [57470] FreeBSD Ports: openssh
| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
| [56294] Slackware Advisory SSA:2006-045-06 openssh 
| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages 
| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory 
| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again 
| [53788] Debian Security Advisory DSA 025-1 (openssh)
| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
| [11343] OpenSSH Client Unauthorized Remote Forwarding
| [10954] OpenSSH AFS/Kerberos ticket/token passing
| [10883] OpenSSH Channel Code Off by 1
| [10823] OpenSSH UseLogin Environment Variables
| 
| SecurityTracker - https://www.securitytracker.com:
| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
| 
| OSVDB - http://www.osvdb.org:
| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
| [56921] OpenSSH Unspecified Remote Compromise
| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
| [43745] OpenSSH X11 Forwarding Local Session Hijacking
| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
| [37315] pam_usb OpenSSH Authentication Unspecified Issue
| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
| [34601] OPIE w/ OpenSSH Account Enumeration
| [34600] OpenSSH S/KEY Authentication Account Enumeration
| [32721] OpenSSH Username Password Complexity Account Enumeration
| [30232] OpenSSH Privilege Separation Monitor Weakness
| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
| [29152] OpenSSH Identical Block Packet DoS
| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
| [22692] OpenSSH scp Command Line Filename Processing Command Injection
| [20216] OpenSSH with KerberosV Remote Authentication Bypass
| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
| [6601] OpenSSH *realloc() Unspecified Memory Errors
| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
| [6072] OpenSSH PAM Conversation Function Stack Modification
| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
| [5408] OpenSSH echo simulation Information Disclosure
| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
| [4536] OpenSSH Portable AIX linker Privilege Escalation
| [3938] OpenSSL and OpenSSH /dev/random Check Failure
| [3456] OpenSSH buffer_append_space() Heap Corruption
| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
| [2140] OpenSSH w/ PAM Username Validity Timing Attack
| [2112] OpenSSH Reverse DNS Lookup Bypass
| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
| [1853] OpenSSH Symbolic Link 'cookies' File Removal
| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
| [688] OpenSSH UseLogin Environment Variable Local Command Execution
| [642] OpenSSH Multiple Key Type ACL Bypass
| [504] OpenSSH SSHv2 Public Key Authentication Bypass
| [341] OpenSSH UseLogin Local Privilege Escalation
|_
25/tcp  closed smtp
80/tcp  open   http?
139/tcp closed netbios-ssn
443/tcp open   ssl/https?
445/tcp closed microsoft-ds
Device type: storage-misc|general purpose|broadband router|WAP
Running (JUST GUESSING): HP embedded (90%), Linux 2.6.X|3.X|4.X|2.4.X (89%)
OS CPE: cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22
Aggressive OS guesses: HP P2000 G3 NAS device (90%), Linux 2.6.32 (89%), Linux 3.18 (89%), Linux 2.6.32 - 3.1 (89%), OpenWrt 12.09-rc1 Attitude Adjustment (Linux 3.3 - 3.7) (89%), Linux 3.16 - 4.6 (89%), Linux 3.2 (89%), Linux 3.8 (89%), Linux 2.6.26 - 2.6.35 (88%), Linux 2.6.32 - 3.13 (88%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 7.897 days (since Wed Oct 23 04:09:31 2019)
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   456.96 ms 10.244.204.1
2   457.06 ms 213.184.122.97
3   457.06 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
4   457.17 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
5   457.06 ms bzq-219-189-2.dsl.bezeqint.net (62.219.189.2)
6   457.17 ms bzq-179-124-122.cust.bezeqint.net (212.179.124.122)
7   457.22 ms bzq-179-124-78.cust.bezeqint.net (212.179.124.78)
8   457.27 ms et-10-1-0.cr4-nyc2.ip4.gtt.net (213.254.214.14)
9   457.26 ms et-10-1-0.cr4-nyc2.ip4.gtt.net (213.254.214.14)
10  295.45 ms 52.93.1.91
11  344.77 ms 52.93.1.83
12  354.62 ms 52.93.1.12
13  ... 27
28  455.48 ms 52.93.28.130
29  ... 30

NSE: Script Post-scanning.
Initiating NSE at 01:41
Completed NSE at 01:41, 0.00s elapsed
Initiating NSE at 01:41
Completed NSE at 01:41, 0.00s elapsed
#######################################################################################################################################
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-31 01:41 EDT
NSE: Loaded 47 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 01:41
Completed NSE at 01:41, 0.00s elapsed
Initiating NSE at 01:41
Completed NSE at 01:41, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 01:41
Completed Parallel DNS resolution of 1 host. at 01:41, 0.03s elapsed
Initiating UDP Scan at 01:41
Scanning ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100) [15 ports]
Completed UDP Scan at 01:41, 5.05s elapsed (15 total ports)
Initiating Service scan at 01:41
Scanning 15 services on ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Service scan Timing: About 6.67% done; ETC: 02:05 (0:22:52 remaining)
Completed Service scan at 01:42, 102.60s elapsed (15 services on 1 host)
Initiating OS detection (try #1) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Retrying OS detection (try #2) against ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Initiating Traceroute at 01:42
Completed Traceroute at 01:43, 9.03s elapsed
NSE: Script scanning 18.211.128.100.
Initiating NSE at 01:43
Completed NSE at 01:43, 8.15s elapsed
Initiating NSE at 01:43
Completed NSE at 01:43, 2.30s elapsed
Nmap scan report for ec2-18-211-128-100.compute-1.amazonaws.com (18.211.128.100)
Host is up.

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
500/udp  open|filtered isakmp
|_ike-version: ERROR: Script execution failed (use -d to debug)
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT    ADDRESS
1   ... 30

NSE: Script Post-scanning.
Initiating NSE at 01:43
Completed NSE at 01:43, 0.00s elapsed
Initiating NSE at 01:43
Completed NSE at 01:43, 0.00s elapsed
#######################################################################################################################################
Hosts
=====

address         mac  name                                        os_name   os_flavor  os_sp  purpose  info  comments
-------         ---  ----                                        -------   ---------  -----  -------  ----  --------
18.211.128.100       ec2-18-211-128-100.compute-1.amazonaws.com  embedded                    device         

Services
========

host            port  proto  name          state    info
----            ----  -----  ----          -----    ----
18.211.128.100  22    tcp    ssh           open     OpenSSH 7.4p1 Debian 10+deb9u7 protocol 2.0
18.211.128.100  25    tcp    smtp          closed   
18.211.128.100  53    udp    domain        unknown  
18.211.128.100  67    udp    dhcps         unknown  
18.211.128.100  68    udp    dhcpc         unknown  
18.211.128.100  69    udp    tftp          unknown  
18.211.128.100  80    tcp    http          open     
18.211.128.100  88    udp    kerberos-sec  unknown  
18.211.128.100  123   udp    ntp           unknown  
18.211.128.100  137   udp    netbios-ns    unknown  
18.211.128.100  138   udp    netbios-dgm   unknown  
18.211.128.100  139   tcp    netbios-ssn   closed   
18.211.128.100  139   udp    netbios-ssn   unknown  
18.211.128.100  161   udp    snmp          unknown  
18.211.128.100  162   udp    snmptrap      unknown  
18.211.128.100  389   udp    ldap          unknown  
18.211.128.100  443   tcp    ssl/https     open     
18.211.128.100  445   tcp    microsoft-ds  closed   
18.211.128.100  500   udp    isakmp        unknown  
18.211.128.100  520   udp    route         unknown  
18.211.128.100  2049  udp    nfs           unknown  
#######################################################################################################################################
                                                 Anonymous JTSEC #OpChili Full Recon #2