{{ :afganistan:nmap_mopvpe.gov.af.txt.gz |}}
sudo nmap -Pn -sS -p 22,80,443,8080,3306 -sCV -vv -T4 mopvpe.gov.af -oN nmap_mopvpe.gov.af.txt
Starting Nmap 7.80 ( https://nmap.org ) at 2025-06-16 02:24 CEST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 02:24
Completed Parallel DNS resolution of 1 host. at 02:24, 9.69s elapsed
Initiating SYN Stealth Scan at 02:24
Scanning mopvpe.gov.af (103.132.98.226) [5 ports]
Discovered open port 80/tcp on 103.132.98.226
Discovered open port 22/tcp on 103.132.98.226
Discovered open port 443/tcp on 103.132.98.226
Completed SYN Stealth Scan at 02:24, 2.21s elapsed (5 total ports)
Initiating Service scan at 02:24
Scanning 3 services on mopvpe.gov.af (103.132.98.226)
Completed Service scan at 02:24, 13.16s elapsed (3 services on 1 host)
NSE: Script scanning 103.132.98.226.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 11.18s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 1.59s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
Nmap scan report for mopvpe.gov.af (103.132.98.226)
Host is up, received user-set (0.18s latency).
Scanned at 2025-06-16 02:24:25 CEST for 29s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 47 OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey:
| 3072 81:25:bd:ae:9a:01:a3:f1:19:bb:60:ac:36:0e:1b:a5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkw1U5ivfJGEQYygiSENy2TzmP+2PFV5L9C6dB99Fqv+yG7QOQn4BKKIf32l0UIiby+5kkoLp2ik8P3qM/w7cVeL5N43qE6jhqcPWeQY5uS2XVBEfVqugTyadv3JPc0sueOyZy5FiNnf+wgOn0wIxXcu8Uw61ib5tblabLGHk6aGzERCqjMvcwXuowqqib8ab8EN2m1kAhGmDhWT1W5bt8r+Gn3hImOCM/dXvvIcTCDEtdD1VULJXX5jDO/mIDqQAJ3teE9c94P4kQcDAJuIH8FO8ScSEjfihM/by2zE+6ydBYcT00qyOQu6ERRQIbiavZ+pprZ0OKHLMeBycSLnT1XJ96weGeMSN9rk6G3E/4xByirf7jVrEIv7apCmfNKSz7uCHmJXsuiRtSGGzGgA5Fmxyo7icbmCt6h4O2Dq45sU4j6u2njaVAaNyonke6MFUaZAGXFJZcOd06h3nDMmeBwK6IDCUqXj4NawmuLY1BF+7PrlGdswf4U+1o7wo/XLs=
| 256 e4:43:4a:ab:06:f8:dc:36:a8:17:7c:1d:74:5d:eb:b2 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPMpmfsz/Y0Jfk86O4lUMkoWGZGzrs8UPgB9mdqXk+EYd9iNr4+wc419rb88NiC5Fm1ywrSqLElqqIdP4bRSl10=
| 256 6f:ac:81:c0:41:77:d8:15:56:12:d5:0e:01:a1:34:c2 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiKruMfvxXPkGTkl/cTnaJfVchhQ6aSteIrvRENIOQE
80/tcp open http syn-ack ttl 47 Apache httpd 2.4.62 ((Unix) OpenSSL/1.1.1k)
|_http-generator: Drupal 8 (https://www.drupal.org)
| http-methods:
|_ Supported Methods: GET POST HEAD OPTIONS
| http-robots.txt: 22 disallowed entries
| /core/ /profiles/ /README.txt /web.config /admin/
| /comment/reply/ /filter/tips /node/add/ /search/ /user/register/
| /user/password/ /user/login/ /user/logout/ /index.php/admin/
| /index.php/comment/reply/ /index.php/filter/tips /index.php/node/add/
| /index.php/search/ /index.php/user/password/ /index.php/user/register/
|_/index.php/user/login/ /index.php/user/logout/
|_http-server-header: Apache/2.4.62 (Unix) OpenSSL/1.1.1k
|_http-title: \xDA\xA9\xD9\x88\xD8\xB1 | \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xAA \xD8\xA7\xD9\x85\xD8\xB1 \xD8\xA8\xD8\xA7\xD8\xA7\xD9\x84\xD9\x85\xD8\xB9\xD8\xB1\xD9\x88\xD9\x81\xD8\x8C \xD9\x86\xD9\x87\xDB\x8C \xD8\xB9\xD9\x86 \xD8\xA7...
443/tcp open ssl/ssl syn-ack ttl 47 Apache httpd (SSL-only mode)
|_http-generator: Drupal 8 (https://www.drupal.org)
| http-methods:
|_ Supported Methods: GET POST HEAD OPTIONS
| http-robots.txt: 22 disallowed entries
| /core/ /profiles/ /README.txt /web.config /admin/
| /comment/reply/ /filter/tips /node/add/ /search/ /user/register/
| /user/password/ /user/login/ /user/logout/ /index.php/admin/
| /index.php/comment/reply/ /index.php/filter/tips /index.php/node/add/
| /index.php/search/ /index.php/user/password/ /index.php/user/register/
|_/index.php/user/login/ /index.php/user/logout/
|_http-server-header: Apache/2.4.62 (Unix) OpenSSL/1.1.1k
|_http-title: \xDA\xA9\xD9\x88\xD8\xB1 | \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xAA \xD8\xA7\xD9\x85\xD8\xB1 \xD8\xA8\xD8\xA7\xD8\xA7\xD9\x84\xD9\x85\xD8\xB9\xD8\xB1\xD9\x88\xD9\x81\xD8\x8C \xD9\x86\xD9\x87\xDB\x8C \xD8\xB9\xD9\x86 \xD8\xA7...
| ssl-cert: Subject: commonName=www.mopvpe.gov.af
| Subject Alternative Name: DNS:mail.mopvpe.gov.af, DNS:mopvpe.gov.af, DNS:www.mopvpe.gov.af
| Issuer: commonName=E6/organizationName=Let's Encrypt/countryName=US
| Public Key type: ec
| Public Key bits: 256
| Signature Algorithm: ecdsa-with-SHA384
| Not valid before: 2025-05-26T03:15:07
| Not valid after: 2025-08-24T03:15:06
| MD5: 78e6 9059 5d5b ef49 9d35 db6b 3362 2968
| SHA-1: cf13 aabb f65f a0da 7808 a785 ee61 69da e87a 28e6
| -----BEGIN CERTIFICATE-----
| MIIDszCCAzmgAwIBAgISBh2HkEJ743j8a9J+MQPu8jMWMAoGCCqGSM49BAMDMDIx
| CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
| NjAeFw0yNTA1MjYwMzE1MDdaFw0yNTA4MjQwMzE1MDZaMBwxGjAYBgNVBAMTEXd3
| dy5tb3B2cGUuZ292LmFmMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEryswa8xz
| ZLo2yVi8MBOZyvtfrqzJklrQ4Vq2cpvP54jmu5jznp9Q2gPwOOP3xTm9WQ2jVipo
| ++I0agjqgK44TKOCAkMwggI/MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
| BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgJMCkhTi
| hyHuvWP6Cp/weWjwxUkwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjbI79YlNIw
| MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5v
| cmcvMD8GA1UdEQQ4MDaCEm1haWwubW9wdnBlLmdvdi5hZoINbW9wdnBlLmdvdi5h
| ZoIRd3d3Lm1vcHZwZS5nb3YuYWYwEwYDVR0gBAwwCjAIBgZngQwBAgEwLQYDVR0f
| BCYwJDAioCCgHoYcaHR0cDovL2U2LmMubGVuY3Iub3JnLzIzLmNybDCCAQUGCisG
| AQQB1nkCBAIEgfYEgfMA8QB3AKRCxQZJYGFUjw/U6pz7ei0mRU2HqX8v30VZ9idP
| OoRUAAABlwrLzXUAAAQDAEgwRgIhAJOxuqbuipdEbTO94+AfLHqVYOF0KYAwIJW1
| eP6JnWK6AiEAyttEJDGjE15ekdRLrChmXPr/vIruWRplq6yOL1DgsJ4AdgDM+w9q
| hXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAAAZcKy82LAAAEAwBHMEUCIQDl
| QCgxaSb5vURsfCBQq8wfeLgfcJfPVA5k0MzfAgWYbAIgcaz2qe4NAaicumQxdGIQ
| uwCKVmJBYFT4CQp0iRlYQe8wCgYIKoZIzj0EAwMDaAAwZQIwE3OMGxGrtWdUDoBr
| u23fif/Ycy5WGMVpxcWwBFu12BxmJfGSm5MFfICPv89mXhrvAjEAh5vozaV/sDGJ
| 9R5D41PZDur8s0kMIa1fAgXqYPFmJXPtcnzfLsC9kGzCcoSuKBr0
|_-----END CERTIFICATE-----
3306/tcp filtered mysql no-response
8080/tcp filtered http-proxy no-response
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 44.23 seconds
Raw packets sent: 7 (308B) | Rcvd: 3 (132B)
af@dictadura:$ nmap --script=vuln mopvpe.gov.af
Starting Nmap 7.80 ( https://nmap.org ) at 2025-02-09 20:56 CET
Pre-scan script results:
| broadcast-avahi-dos:
| Discovered hosts:
| 224.0.0.251
| After NULL UDP avahi packet DoS (CVE-2011-1002).
|_ Hosts are all up (not vulnerable).
Nmap scan report for mopvpe.gov.af (103.132.98.224)
Host is up (0.25s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
25/tcp open smtp
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 2048
| Generator Length: 8
| Public Key Length: 2048
| References:
|_ https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown:
80/tcp open http
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
110/tcp open pop3
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_ssl-ccs-injection: ERROR: Script execution failed (use -d to debug)
|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
143/tcp open imap
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_ssl-ccs-injection: ERROR: Script execution failed (use -d to debug)
|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown:
443/tcp open https
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=mopvpe.gov.af
| Found the following possible CSRF vulnerabilities:
|
| Path: https://mopvpe.gov.af:443/
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/dr/faq
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
| Form id: shorten-current
| Form action: /index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|
| Path: https://mopvpe.gov.af:443/dr/news
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/dr/%d8%a7%d9%88%d9%82%d8%a7%d8%aa-%da%a9%d8%a7%d8%b1%db%8c
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/tenders
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/dr/%d8%b3%d8%ae%d9%86%d8%b1%d8%a7%d9%86%db%8c-%d9%87%d8%a7
| Form id: edit-keys
| Form action: /dr/search
|
| Path: https://mopvpe.gov.af:443/dr/node/176
| Form id: edit-keys
|_ Form action: /dr/search
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-sql-injection: ERROR: Script execution failed (use -d to debug)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-trace: TRACE is enabled
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown:
465/tcp open smtps
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown:
587/tcp open submission
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 2048
| Generator Length: 8
| Public Key Length: 2048
| References:
|_ https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown:
993/tcp open imaps
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown:
995/tcp open pop3s
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown:
2030/tcp open device2
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
Nmap done: 1 IP address (1 host up) scanned in 457.71 seconds
HTTP TRACE está habilitado: Posible vulnerabilidad
Impacto: Puede ser usado en ataques de Cross-Site Tracing (XST) para robar cookies o tokens de autenticación.
Posibles vulnerabilidades CSRF detectadas (muy vulnerable)
Impacto: Formularios en /dr/search podrían ser explotables mediante Cross-Site Request Forgery (CSRF).
SSL/TLS configuraciones débiles
SSLv2 DROWN Attack: Algunos puertos parecen ser vulnerables a DROWN (CVE-2016-0800).
configuraciones inseguras en TLS y HTTP
^Puerto^Estado^Servicio^Observaciones^
|22/tcp|Abierto (último escaner)|SSH|Disponible|
|25/tcp|Abierto|SMTP|Posible servidor de correo|
|80/tcp|Abierto|HTTP|Página web accesible|
|110/tcp|Abierto|POP3|Servidor de correo POP3|
|143/tcp|Abierto|IMAP|Servidor de correo IMAP|
|443/tcp|Abierto|HTTPS|Tiene problemas de seguridad en TLS|
|465/tcp|Abierto|SMTPS|SMTP seguro, pero con posibles vulnerabilidades|
|587/tcp|Abierto|Submission|SMTP para envío de correos autenticados|
|993/tcp|Abierto|IMAPS|IMAP seguro, pero con posibles vulnerabilidades|
|995/tcp|Abierto|POP3S|POP3 seguro, pero con posibles vulnerabilidades|