Scribd
Upload
153 views8 pages

IP-Address-217 160 0 156

Uploaded by

Ghaith Mechregui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
153 views8 pages

IP-Address-217 160 0 156

Uploaded by

Ghaith Mechregui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

mercredi 28 février 2024 13:52

Info Gathering : Target Website : https://solutions-iot.sfmtechnologies.com/ --> [+] IP Address : 217.160.0.156

________________________________________________________finalrecon____________________________________________________________________
_______________________

┌──(root㉿kali)-[/opt]
└─# finalrecon --full https://solutions-iot.sfmtechnologies.com/

______ __ __ __ ______ __
/\ ___\/\ \ /\ "-.\ \ /\ __ \ /\ \
\ \ __\\ \ \\ \ \-. \\ \ __ \\ \ \____
\ \_\ \ \_\\ \_\\"\_\\ \_\ \_\\ \_____\
\/_/ \/_/ \/_/ \/_/ \/_/\/_/ \/_____/
______ ______ ______ ______ __ __
/\ == \ /\ ___\ /\ ___\ /\ __ \ /\ "-.\ \
\ \ __< \ \ __\ \ \ \____\ \ \/\ \\ \ \-. \
\ \_\ \_\\ \_____\\ \_____\\ \_____\\ \_\\"\_\
\/_/ /_/ \/_____/ \/_____/ \/_____/ \/_/ \/_/

[>] Created By : thewhiteh4t


|---> Twitter : https://twitter.com/thewhiteh4t
|---> Community : https://twc1rcle.com/
[>] Version : 1.1.6

[+] Target : https://solutions-iot.sfmtechnologies.com

[+] IP Address : 217.160.0.156

[!] Headers :

Content-Type : text/html; charset=UTF-8


Transfer-Encoding : chunked
Connection : keep-alive
Keep-Alive : timeout=15
Date : Tue, 27 Feb 2024 16:35:25 GMT
Server : Apache
Expires : Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control : no-store, no-cache, must-revalidate
Pragma : no-cache
Link : <https://solutions-iot.sfmtechnologies.com/wp-json/>; rel="https://api.w.org/", <https://solutions-iot.sfmtechnologies.com/wp-json/wp/v2/pages/8>;
rel="alternate"; type="application/json", <https://solutions-iot.sfmtechnologies.com/>; rel=shortlink
Set-Cookie : PHPSESSID=03771a9beb3c49c37816e81235ff086c; path=/, pbid=ba96d725b6f797a705ad935c309749dc3766c734fb490cf4aa95bd1ce306a20e;
expires=Sun, 25-Aug-2024 16:35:27 GMT; Max-Age=15552000; path=/
Content-Encoding : gzip

[!] SSL Certificate Information :

[+] subject
└╴commonName: *.sfmtechnologies.com
[+] issuer
└╴countryName: US
└╴organizationName: DigiCert Inc
└╴organizationalUnitName: www.digicert.com
└╴commonName: Encryption Everywhere DV TLS CA - G2
[+] version : 3
[+] serialNumber : 04F426DFF3FD31321D1742D4557BF0FD
[+] notBefore : Oct 15 00:00:00 2023 GMT
[+] notAfter : Oct 28 23:59:59 2024 GMT
[+] subjectAltName
└╴DNS: sfmtechnologies.com
[+] OCSP
└╴0: http://ocsp.digicert.com
[+] caIssuers
└╴0: http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G2.crt

[!] Whois Lookup :

Domain Name: SFMTECHNOLOGIES.COM


Registry Domain ID: 1602061261_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ionos.com
Registrar URL: http://www.ionos.com
Updated Date: 2023-12-17T08:02:28Z
Creation Date: 2010-06-14T17:13:41Z
Registry Expiry Date: 2024-12-16T05:15:16Z
Registrar: IONOS SE
Registrar IANA ID: 83
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.6105601459
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1041.UI-DNS.BIZ
Name Server: NS1041.UI-DNS.COM
Name Server: NS1041.UI-DNS.DE
Name Server: NS1041.UI-DNS.ORG

New Section 1 Page 1


Name Server: NS1041.UI-DNS.ORG
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

[!] Starting DNS Enumeration...

sfmtechnologies.com. 21600 IN NS ns1041.ui-dns.org.


sfmtechnologies.com. 21600 IN SOA ns1041.ui-dns.com. hostmaster.1and1.fr. 2017080930 28800 7200 604800 300
sfmtechnologies.com. 21600 IN NS ns1041.ui-dns.biz.
sfmtechnologies.com. 3600 IN A 217.160.0.156
sfmtechnologies.com. 300 IN SOA ns1041.ui-dns.com. hostmaster.1and1.fr. 2017080930 28800 7200 604800 300
sfmtechnologies.com. 21600 IN NS ns1041.ui-dns.com.
sfmtechnologies.com. 3600 IN MX 10 mx01.ionos.fr.
sfmtechnologies.com. 3600 IN TXT "google-site-verification=eHO26JV18o8IVTV_JjA6hhyj26-uck5zX9bd2yFCTOM"
sfmtechnologies.com. 3600 IN AAAA 2001:8d8:100f:f000::2b1
sfmtechnologies.com. 21600 IN NS ns1041.ui-dns.de.
sfmtechnologies.com. 3600 IN MX 10 mx00.ionos.fr.
sfmtechnologies.com. 3600 IN TXT "v=spf1 include:spf.mailjet.com include:_spf.perfora.net include:_spf-eu.ionos.com include:_spf.kundenserver.de ~all"

[-] DMARC Record Not Found!

[!] Starting Sub-Domain Enumeration...

[!] Skipping BeVigil : API key not found!


[!] Requesting AnubisDB
[!] Requesting ThreatMiner
[!] Skipping Facebook : API key not found!
[!] Skipping VirusTotal : API key not found!
[!] Skipping Shodan : API key not found!
[!] Requesting CertSpotter
[!] Requesting Wayback
[!] Requesting HackerTarget
[!] Requesting crt.sh
[+] CRT.sh found 80 subdomains!
[+] ThreatMiner found 0 subdomains!
[-] AnubisDB Status : 300
[+] Wayback found 1466 subdomains!
[+] HackerTarget found 49 subdomains!
[+] Certsport found 34 subdomains!

[+] Results :

portail-web-ivory-coast.sfmtechnologies.com
soquibat.environmant.sfmtechnologies.com
muntax.sfmtechnologies.com
bifecta.it-m.sfmtechnologies.com
demo.cosap.sfmtechnologies.com
audit-site-radio-nxt.sfmtechnologies.com
www.cosap.sfmtechnologies.com
energy-tracker-orange.sfmtechnologies.com
sfm.it-m.sfmtechnologies.com
cosapm.sfmtechnologies.com
tickets-tracker-togocom.sfmtechnologies.com
pmavps48.sfmtechnologies.com
www.iot.sfmtechnologies.com
qoentum.sfmtechnologies.com
it-m.sfmtechnologies.com
novatel.it-m.sfmtechnologies.com
iot.sfmtechnologies.com
www.nxt.it-m.sfmtechnologies.com
task-tracker.sfmtechnologies.com
burger-king.sfmtechnologies.com

[+] Results truncated...

[+] Total Unique Sub Domains Found : 59

[!] Starting Port Scan...

[+] Scanning Top 1000 Ports With 50 Threads...

[+] 80
[!] Scanning : 1000/1000
[!] Starting Crawler...

[+] Looking for robots.txt........[ Found ]


[+] Extracting robots Links
[-] Exception : list index out of range
[+] Looking for sitemap.xml.......[ Found ]
[+] Extracting sitemap Links......[ 5 ]
[+] Extracting CSS Links..........[ 65 ]
[+] Extracting Javascript Links...[ 41 ]
[+] Extracting Internal Links.....[ 15 ]
[+] Extracting External Links.....[ 4 ]
[+] Extracting Images.............[ 14 ]
[+] Crawling Sitemaps.............[ 67 ]
[+] Crawling Javascripts..........[ 17 ]

New Section 1 Page 2


[+] Crawling Javascripts..........[ 17 ]

[+] Total Unique Links Extracted : 205

[!] Starting Directory Enum...

[+] Threads : 50
[+] Timeout : 30
[+] Wordlist : /usr/share/finalrecon/wordlists/dirb_common.txt
[+] Allow Redirects : False
[+] SSL Verification : False
[+] DNS Servers : 8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1
[+] Wordlist Size : 4614
[+] File Extensions :

403 | https://solutions-iot.sfmtechnologies.com/.htaccess
403 | https://solutions-iot.sfmtechnologies.com/.git/HEAD
403 | https://solutions-iot.sfmtechnologies.com/.ssh
403 | https://solutions-iot.sfmtechnologies.com/.hta
[!] Requests : 4614/4614

[+] Directories Found : 4

[!] Starting WayBack Machine...

[!] Checking Availability on Wayback Machine....[ N/A ]

[+] Completed in 0:01:25.353898

[+] Exported : /root/.local/share/finalrecon/dumps/fr_solutions-iot.sfmtechnologies.com_27-02-2024_17:35:24

____________________________________________________________NMAP___________________________________________________________________
_______________
┌──(root㉿kali)-[/home/kali]
└─# nmap -sC -sV -p- -T4 141.94.78.107
Host is up (0.048s latency).
Not shown: 65530 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u4 (protocol 2.0)
| ssh-hostkey:
| 2048 46:8d:73:11:e5:59:5e:88:69:cb:66:f3:df:a2:7b:ea (RSA)
| 256 83:82:95:5b:cf:64:86:42:3b:64:d4:68:0e:af:f1:9c (ECDSA)
|_ 256 45:b2:af:0f:79:ab:8e:32:d2:6d:30:13:77:dd:82:56 (ED25519)
80/tcp open http Apache httpd 2.4.38 ((Debian))
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.4.38 (Debian)
443/tcp open ssl/http Apache httpd 2.4.38 ((Debian))
| ssl-cert: Subject: commonName=arptc-cosap.sfmtechnologies.com
| Subject Alternative Name: DNS:arptc-cosap.sfmtechnologies.com
| Not valid before: 2023-11-06T05:05:11
|_Not valid after: 2024-02-04T05:05:10
|_http-server-header: Apache/2.4.38 (Debian)
|_ssl-date: TLS randomness does not represent time
| http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_Requested resource was /login
3306/tcp open mysql MySQL 5.5.5-10.3.39-MariaDB-0+deb10u1
| mysql-info:
| Protocol: 10
| Version: 5.5.5-10.3.39-MariaDB-0+deb10u1
| Thread ID: 14119
| Capabilities flags: 63486
| Some Capabilities: SupportsTransactions, IgnoreSpaceBeforeParenthesis, Support41Auth, DontAllowDatabaseTableColumn, SupportsLoadDataLocal,
FoundRows, SupportsCompression, IgnoreSigpipes, InteractiveClient, LongColumnFlag, ODBCClient, Speaks41ProtocolOld, ConnectWithDatabase,
Speaks41ProtocolNew, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
| Status: Autocommit
| Salt: kc0e+DU]UscwKR9fv=n3
|_ Auth Plugin Name: mysql_native_password
5693/tcp open ssl/http Ajenti http control panel
| http-title: Log In &middot; NCPA
|_Requested resource was https://vps-dcd0aebc.vps.ovh.net:5693/login
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=vps5/organizationName=Nagios Enterprises, LLC/stateOrProvinceName=Minnesota/countryName=US
| Not valid before: 2022-09-27T11:32:01
|_Not valid after: 2032-09-24T11:32:01
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .


Nmap done: 1 IP address (1 host up) scanned in 726.84 seconds
_________________________________________________________________wpscan_____________________________________________________________
_________________________

┌──(root㉿kali)-[/home/kali]
└─# wpscan --url https://solutions-iot.sfmtechnologies.com --enumerate ap --random-user-agent
_______________________________________________________________
__ _______ _____
\\ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®

New Section 1 Page 3


\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team


Version 3.8.25
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://solutions-iot.sfmtechnologies.com/ [217.160.0.156]


[+] Started: Wed Feb 28 13:28:16 2024

Interesting Finding(s):

[+] Headers
| Interesting Entry: server: Apache
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://solutions-iot.sfmtechnologies.com/robots.txt


| Interesting Entry: /wp-content/uploads/wpo-plugins-tables-list.json
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://solutions-iot.sfmtechnologies.com/xmlrpc.php


| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://solutions-iot.sfmtechnologies.com/readme.html


| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://solutions-iot.sfmtechnologies.com/wp-cron.php


| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.4.3 identified (Latest, released on 2024-01-30).


| Found By: Rss Generator (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/feed/, <generator>https://wordpress.org/?v=6.4.3</generator>
| - https://solutions-iot.sfmtechnologies.com/comments/feed/, <generator>https://wordpress.org/?v=6.4.3</generator>

[+] WordPress theme in use: hello-elementor


| Location: https://solutions-iot.sfmtechnologies.com/wp-content/themes/hello-elementor/
| Latest Version: 3.0.1 (up to date)
| Last Updated: 2024-01-24T00:00:00.000Z
| Readme: https://solutions-iot.sfmtechnologies.com/wp-content/themes/hello-elementor/readme.txt
| Style URL: https://solutions-iot.sfmtechnologies.com/wp-content/themes/hello-elementor/style.css?ver=6.4.3
| Style Name: Hello Elementor
| Style URI: https://elementor.com/hello-theme/?utm_source=wp-themes&utm_campaign=theme-uri&utm_medium=wp-dash
| Description: Hello Elementor is a lightweight and minimalist WordPress theme that was built specifically to work ...
| Author: Elementor Team
| Author URI: https://elementor.com/?utm_source=wp-themes&utm_campaign=author-uri&utm_medium=wp-dash
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 3.0.1 (80% confidence)
| Found By: Style (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/themes/hello-elementor/style.css?ver=6.4.3, Match: 'Version: 3.0.1'

[+] Enumerating All Plugins (via Passive Methods)


[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] cf7-conditional-fields
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/cf7-conditional-fields/
| Latest Version: 2.4.7 (up to date)
| Last Updated: 2024-02-13T20:53:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.4.7 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.4.7
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.4.7

New Section 1 Page 4


| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.4.7
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/cf7-conditional-fields/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/cf7-conditional-fields/readme.txt

[+] column-shortcodes
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/column-shortcodes/
| Latest Version: 1.0.1 (up to date)
| Last Updated: 2022-10-11T12:57:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.0.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/column-shortcodes/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/column-shortcodes/readme.txt

[+] contact-form-7
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/contact-form-7/
| Latest Version: 5.8.7 (up to date)
| Last Updated: 2024-02-05T04:49:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
| Urls In 404 Page (Passive Detection)
| Hidden Input (Passive Detection)
|
| Version: 5.8.7 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.7
| Confirmed By:
| Hidden Input (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/, Match: '5.8.7'
| Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/contact-form-7/readme.txt

[+] download-pdf-after-submit-form
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/download-pdf-after-submit-form/
| Latest Version: 2.2.2 (up to date)
| Last Updated: 2023-11-10T13:26:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.2 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/download-pdf-after-submit-form/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/download-pdf-after-submit-form/readme.txt

[+] elementor
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/elementor/
| Latest Version: 3.19.2 (up to date)
| Last Updated: 2024-02-07T15:41:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.19.3 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.19.3
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/elementor/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/elementor/readme.txt

[+] elementor-addon-components
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/elementor-addon-components/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.1.0 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/elementor-addon-components/readme.txt

[+] essential-addons-for-elementor-lite
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/essential-addons-for-elementor-lite/
| Latest Version: 5.9.10 (up to date)
| Last Updated: 2024-02-19T09:12:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)

New Section 1 Page 5


| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 5.9.10 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt

[+] flexy-breadcrumb
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/flexy-breadcrumb/
| Latest Version: 1.2.1 (up to date)
| Last Updated: 2023-11-10T12:33:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.2.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/flexy-breadcrumb/public/css/flexy-breadcrumb-public.css?ver=1.2.1
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/flexy-breadcrumb/public/js/flexy-breadcrumb-public.js?ver=1.2.1
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/flexy-breadcrumb/README.txt

[+] happy-elementor-addons
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/happy-elementor-addons/
| Latest Version: 3.10.2 (up to date)
| Last Updated: 2024-01-29T07:55:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.10.2 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/happy-elementor-addons/readme.txt

[+] header-footer-elementor
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/header-footer-elementor/
| Latest Version: 1.6.25 (up to date)
| Last Updated: 2024-02-13T06:37:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.6.25 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/header-footer-elementor/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/header-footer-elementor/readme.txt

[+] pixelyoursite
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/pixelyoursite/
| Last Updated: 2024-02-20T07:44:00.000Z
| [!] The version is out of date, the latest version is 9.5.0.1
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 9.4.7.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/pixelyoursite/readme.txt

[+] premium-addons-for-elementor
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/premium-addons-for-elementor/
| Latest Version: 4.10.21 (up to date)
| Last Updated: 2024-02-20T13:00:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.10.22 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/premium-addons-for-elementor/readme.txt

[+] royal-elementor-addons
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/royal-elementor-addons/
| Latest Version: 1.3.92 (up to date)
| Last Updated: 2024-02-20T08:38:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.3.93 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/royal-elementor-addons/readme.txt

[+] skyboot-custom-icons-for-elementor
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/skyboot-custom-icons-for-elementor/
| Latest Version: 1.0.7 (up to date)

New Section 1 Page 6


| Latest Version: 1.0.7 (up to date)
| Last Updated: 2023-08-25T10:55:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.0.7 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/skyboot-custom-icons-for-elementor/readme.txt

[+] testimonial-pro
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/testimonial-pro/
|
| Found By: Urls In Homepage (Passive Detection)
|
| The version could not be determined.

[+] unlimited-elementor-inner-sections-by-boomdevs
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/
| Latest Version: 1.0.4 (up to date)
| Last Updated: 2024-01-29T12:08:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.0.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/README.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/README.txt

[+] wordpress-seo
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wordpress-seo/
| Latest Version: 22.1 (up to date)
| Last Updated: 2024-02-20T09:17:00.000Z
|
| Found By: Comment (Passive Detection)
|
| Version: 22.1 (100% confidence)
| Found By: Comment (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/, Match: 'optimized with the Yoast SEO plugin v22.1 -'
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wordpress-seo/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wordpress-seo/readme.txt

[+] wp-logo-showcase
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wp-logo-showcase/
| Latest Version: 1.4.4 (up to date)
| Last Updated: 2024-02-01T06:04:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.4.4 (90% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wp-logo-showcase/assets/css/wplogoshowcase.css?ver=1.4.4
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wp-logo-showcase/README.txt

[+] wpforms-lite
| Location: https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wpforms-lite/
| Latest Version: 1.8.6.4 (up to date)
| Last Updated: 2024-01-31T12:26:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.8.6.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wpforms-lite/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://solutions-iot.sfmtechnologies.com/wp-content/plugins/wpforms-lite/readme.txt

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Wed Feb 28 13:28:55 2024


[+] Requests Done: 74
[+] Cached Requests: 7
[+] Data Sent: 34.273 KB
[+] Data Received: 1.41 MB
[+] Memory used: 271.488 MB
[+] Elapsed time: 00:00:39

_____________________________________________NIKTO_________________________________________________________________________________
┌──(root㉿kali)-[/home/kali]

New Section 1 Page 7


┌──(root㉿kali)-[/home/kali]
└─# nikto -h https://solutions-iot.sfmtechnologies.com
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 217.160.0.156, 2001:8d8:100f:f000::2b1
+ Target IP: 217.160.0.156
+ Target Hostname: solutions-iot.sfmtechnologies.com
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /CN=*.sfmtechnologies.com
Ciphers: ECDHE-RSA-AES128-GCM-SHA256
Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Encryption Everywhere DV TLS CA - G2
+ Start Time: 2024-02-27 22:13:20 (GMT1)
---------------------------------------------------------------------------
+ Server: nginx
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-
Transport-Security
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See:
https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ : Server banner changed from 'nginx' to 'Apache'.
+ /yGp0hCKN.show_query_columns: Cookie PHPSESSID created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /yGp0hCKN.show_query_columns: Cookie PHPSESSID created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /yGp0hCKN.show_query_columns: Cookie pbid created without the secure flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /yGp0hCKN.show_query_columns: Cookie pbid created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /yGp0hCKN.show_query_columns: Drupal Link header found with value: <https://solutions-iot.sfmtechnologies.com/wp-json/>; rel="https://api.w.org/". See:
https://www.drupal.org/
+ /yGp0hCKN.: Uncommon header 'x-redirect-by' found, with contents: WordPress.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /robots.txt: Entry '/wp-content/uploads/wpo-plugins-tables-list.json' is returned a non-forbidden or redirect HTTP code (200). See:
https://portswigger.net/kb/issues/00600600_robots-txt-file
+ /robots.txt: contains 1 entry which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt
+ /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See:http://breachattack.com/
+ Server is using a wildcard certificate: *.sfmtechnologies.com. See: https://en.wikipedia.org/wiki/Wildcard_certificate
+ /index: Uncommon header 'tcn' found, with contents: list.
+ /index: Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. The following alternatives for 'index' were
found: index.php. See: http://www.wisec.it/sectou.php?id=4698ebdc59d15,https://exchange.xforce.ibmcloud.com/vulnerabilities/8275
+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: error:0A000438:SSL routines::tlsv1 alert
internal error at /var/lib/nikto/plugins/LW2.pm line 5254.
at /var/lib/nikto/plugins/LW2.pm line 5254.
; at /var/lib/nikto/plugins/LW2.pm line 5254.
+ Scan terminated: 19 error(s) and 16 item(s) reported on remote host
+ End Time: 2024-02-27 22:31:56 (GMT1) (1116 seconds)

New Section 1 Page 8

You might also like