nmap

  ___                        
 ( _ ) _ __ ___   __ _ _ __  
 / _ \| '_ ` _ \ / _` | '_ \ 
| (_) | | | | | | (_| | |_) |
 \___/|_| |_| |_|\__,_| .__/ 
                      |_|    
          adot8 <3

[+] Scanning 192.168.205.128 [65535 TCP ports]


[+] Enumerating 192.168.205.128 [22,80,88,110,995]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-27 10:04 CDT
Nmap scan report for 192.168.205.128
Host is up (0.048s latency).

PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey: 
|   2048 04:d0:6e:c4:ba:4a:31:5a:6f:b3:ee:b8:1b:ed:5a:b7 (RSA)
|   256 24:b3:df:01:0b:ca:c2:ab:2e:e9:49:b0:58:08:6a:fa (ECDSA)
|_  256 6a:c4:35:6a:7a:1e:7e:51:85:5b:81:5c:7c:74:49:84 (ED25519)
80/tcp  open  http     Apache httpd 2.4.38 ((Debian))
|_http-server-header: Apache/2.4.38 (Debian)
|_http-title: Apache2 Debian Default Page: It works
88/tcp  open  http     nginx 1.14.2
|_http-title: 404 Not Found
|_http-server-header: nginx/1.14.2
110/tcp open  pop3     Courier pop3d
|_pop3-capabilities: PIPELINING USER IMPLEMENTATION(Courier Mail Server) STLS UTF8(USER) UIDL TOP LOGIN-DELAY(10)
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=localhost/organizationName=Courier Mail Server/stateOrProvinceName=NY/countryName=US
| Subject Alternative Name: email:postmaster@example.com
| Not valid before: 2020-09-17T16:28:06
|_Not valid after:  2021-09-17T16:28:06
995/tcp open  ssl/pop3 Courier pop3d
| ssl-cert: Subject: commonName=localhost/organizationName=Courier Mail Server/stateOrProvinceName=NY/countryName=US
| Subject Alternative Name: email:postmaster@example.com
| Not valid before: 2020-09-17T16:28:06
|_Not valid after:  2021-09-17T16:28:06
|_ssl-date: TLS randomness does not represent time
|_pop3-capabilities: PIPELINING USER IMPLEMENTATION(Courier Mail Server) UTF8(USER) UIDL TOP LOGIN-DELAY(10)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.78 seconds

[+] Enumerating 192.168.205.128 for vulnerabilities [22,80,88,110,995]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-27 10:04 CDT
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 192.168.205.128
Host is up (0.043s latency).

PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.205.128
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://192.168.205.128:80/manual/es/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/da/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/en/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/fr/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/pt-br/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/tr/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/ja/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/de/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/zh-cn/index.html
|     Form id: 
|     Form action: http://www.google.com/search
|     
|     Path: http://192.168.205.128:80/manual/ko/index.html
|     Form id: 
|_    Form action: http://www.google.com/search
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-enum: 
|   /rss.php: RSS or Atom feed
|   /core/: Potentially interesting folder
|   /docs/: Potentially interesting folder
|   /manual/: Potentially interesting folder
|_  /uploads/: Potentially interesting folder
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
88/tcp  open  kerberos-sec
110/tcp open  pop3
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 66.17 seconds

[+] Scanning 192.168.205.128 [1000 UDP ports]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-27 10:05 CDT
Initiating Ping Scan at 10:05
Scanning 192.168.205.128 [4 ports]
Completed Ping Scan at 10:05, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:05
Completed Parallel DNS resolution of 1 host. at 10:05, 0.01s elapsed
Initiating UDP Scan at 10:05
Scanning 192.168.205.128 [100 ports]
Increasing send delay for 192.168.205.128 from 0 to 50 due to max_successful_tryno increase to 5
Increasing send delay for 192.168.205.128 from 50 to 100 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 192.168.205.128 from 100 to 200 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 192.168.205.128 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Completed UDP Scan at 10:06, 55.29s elapsed (100 total ports)
Nmap scan report for 192.168.205.128
Host is up (0.054s latency).
Not shown: 55 closed udp ports (port-unreach)
PORT      STATE         SERVICE
7/udp     open|filtered echo
19/udp    open|filtered chargen
53/udp    open|filtered domain
67/udp    open|filtered dhcps
69/udp    open|filtered tftp
111/udp   open|filtered rpcbind
120/udp   open|filtered cfdptkt
137/udp   open|filtered netbios-ns
138/udp   open|filtered netbios-dgm
139/udp   open|filtered netbios-ssn
158/udp   open|filtered pcmail-srv
161/udp   open|filtered snmp
162/udp   open|filtered snmptrap
177/udp   open|filtered xdmcp
443/udp   open|filtered https
500/udp   open|filtered isakmp
593/udp   open|filtered http-rpc-epmap
623/udp   open|filtered asf-rmcp
631/udp   open|filtered ipp
999/udp   open|filtered applix
1025/udp  open|filtered blackjack
1028/udp  open|filtered ms-lsa
1029/udp  open|filtered solid-mux
1645/udp  open|filtered radius
1646/udp  open|filtered radacct
1701/udp  open|filtered L2TP
1718/udp  open|filtered h225gatedisc
1719/udp  open|filtered h323gatestat
1813/udp  open|filtered radacct
2048/udp  open|filtered dls-monitor
2223/udp  open|filtered rockwell-csp2
3456/udp  open|filtered IISrpc-or-vat
3703/udp  open|filtered adobeserver-3
5060/udp  open|filtered sip
5353/udp  open|filtered zeroconf
9200/udp  open|filtered wap-wsp
31337/udp open|filtered BackOrifice
32815/udp open|filtered unknown
49152/udp open|filtered unknown
49154/udp open|filtered unknown
49182/udp open|filtered unknown
49185/udp open|filtered unknown
49186/udp open|filtered unknown
49201/udp open|filtered unknown
65024/udp open|filtered unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 55.61 seconds
           Raw packets sent: 669 (42.602KB) | Rcvd: 156 (29.667KB)

[+] Completed!