1º Búsqueda en google mediante gov site.tm \\
 \\
2º Guardarlo en medios.txt sin https:%%//%% ni www ni ninguna /, tiene que quedar así: \\
 \\
cat medios.txt \\
 \\
mfa.gov.tm \\
migration.gov.tm \\
turkmenistan.gov.tm \\
turkmentv.gov.tm \\
docslibrary.gov.tm \\
mlsp.gov.tm \\
stat.gov.tm \\
tdh.gov.tm \\
customs.gov.tm \\
asuda.gov.tm \\
turkmenistaninfo.gov.tm \\
maslahat.gov.tm \\
education.gov.tm \\
mintradefer.gov.tm \\
milligosun.gov.tm \\
minjust.gov.tm \\
tca.gov.tm \\
 \\

3º nmap -oA nmap_medios_af -iL medios.txt -A -T4 (tarda unos 25 minutos) \\
 \\
# Nmap 7.80 scan initiated Fri Dec  6 20:06:27 2024 as: nmap -oA nmap_medios_tm -iL medios.txt -A -T4 \\
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6). \\
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6). \\
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6). \\
Warning: 216.250.10.199 giving up on port because retransmission cap hit (6). \\
Warning: 216.250.11.65 giving up on port because retransmission cap hit (6). \\
Warning: 216.250.11.231 giving up on port because retransmission cap hit (6). \\
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6). \\
Nmap scan report for mfa.gov.tm (217.174.238.29) \\
Host is up (0.17s latency). \\
Not shown: 936 closed ports, 62 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  http      nginx \\
443/tcp open  tcpwrapped \\
 \\
Nmap scan report for migration.gov.tm (216.250.11.21) \\
Host is up (0.16s latency). \\
Not shown: 999 filtered ports \\
PORT    STATE SERVICE    VERSION \\
443/tcp open  tcpwrapped \\
|_http-server-header: nginx \\
|_http-title: T\xC3\x9CRKMENISTANY\xC5\x87 D\xC3\x96WLET MIGRASI\xC3\x9DA GULLUGY \\
| ssl-cert: Subject: commonName=*.migration.gov.tm \\
| Subject Alternative Name: DNS:*.migration.gov.tm, DNS:migration.gov.tm \\
| Not valid before: 2024-04-04T00:00:00 \\
|_Not valid after:  2025-04-04T23:59:59 \\
| tls-alpn: \\
|_  http/1.1 \\
| tls-nextprotoneg: \\
|_  http/1.1 \\
 \\
Nmap scan report for turkmenistan.gov.tm (217.174.238.29) \\
Host is up (0.16s latency). \\
Not shown: 927 closed ports, 71 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
443/tcp open  tcpwrapped \\
 \\
Nmap scan report for turkmentv.gov.tm (216.250.11.231) \\
Host is up (0.17s latency). \\
Not shown: 938 closed ports, 60 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx \\
|_https-redirect: ERROR: Script execution failed (use -d to debug) \\
443/tcp open  tcpwrapped \\
|_http-server-header: nginx \\
|_http-title: 403 Forbidden \\
| ssl-cert: Subject: commonName=*.turkmentv.gov.tm \\
| Subject Alternative Name: DNS:*.turkmentv.gov.tm, DNS:turkmentv.gov.tm \\
| Not valid before: 2024-09-06T00:00:00 \\
|_Not valid after:  2025-09-06T23:59:59 \\
| tls-alpn: \\
|  h2 \\
|_  http/1.1 \\
 \\
Nmap scan report for docslibrary.gov.tm (216.250.10.110) \\
Host is up (0.17s latency). \\
Not shown: 998 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx \\
443/tcp open  tcpwrapped \\
|_http-server-header: nginx \\
|_http-title: Digital Library Of International Documents \\
| ssl-cert: Subject: commonName=docslibrary.gov.tm \\
| Subject Alternative Name: DNS:docslibrary.gov.tm, DNS:www.docslibrary.gov.tm \\
| Not valid before: 2024-07-04T00:00:00 \\
|_Not valid after:  2025-07-04T23:59:59 \\
| tls-alpn: \\
|_  http/1.1 \\
 \\
Nmap scan report for mlsp.gov.tm (216.250.9.121) \\
Host is up (0.17s latency). \\
Not shown: 998 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx \\
443/tcp open  tcpwrapped \\
|_http-server-header: nginx \\
| ssl-cert: Subject: commonName=mlsp.gov.tm \\
| Subject Alternative Name: DNS:mlsp.gov.tm, DNS:www.mlsp.gov.tm \\
| Not valid before: 2024-05-21T00:00:00 \\
|_Not valid after:  2025-05-21T23:59:59 \\
| tls-alpn: \\
|_  http/1.1 \\
 \\
Nmap scan report for stat.gov.tm (216.250.9.50) \\
Host is up (0.17s latency). \\
Not shown: 996 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
443/tcp  open  tcpwrapped \\
| ssl-cert: Subject: commonName=*.stat.gov.tm \\
| Subject Alternative Name: DNS:*.stat.gov.tm, DNSConfusedtat.gov.tm \\
| Not valid before: 2024-06-04T00:00:00 \\
|_Not valid after:  2025-06-04T23:59:59 \\
|_ssl-date: TLS randomness does not represent time \\
| tls-alpn: \\
|_  http/1.1 \\
8081/tcp open  tcpwrapped \\
8084/tcp open  tcpwrapped \\
 \\
Nmap scan report for tdh.gov.tm (217.174.238.29) \\
Host is up (0.17s latency). \\
Not shown: 915 closed ports, 83 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
443/tcp open  tcpwrapped \\
 \\
Nmap scan report for customs.gov.tm (217.174.238.29) \\
Host is up (0.16s latency). \\
Not shown: 919 closed ports, 79 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx \\
|_http-server-header: nginx \\
|_http-server-header: nginx \\
443/tcp open  tcpwrapped \\
| http-robots.txt: 3 disallowed entries \\
|_/storage/ /vendor/ /public/pages/ \\
|_http-server-header: nginx \\
|_http-server-header: nginx \\
|_http-server-header: nginx \\
|_http-server-header: nginx \\
| ssl-cert: Subject: commonName=www.tdh.gov.tm \\
| Subject Alternative Name: DNS:www.tdh.gov.tm, DNS:tdh.gov.tm \\
| Not valid before: 2023-12-14T00:00:00 \\
|_Not valid after:  2024-12-22T23:59:59 \\
| ssl-cert: Subject: commonName=mfa.gov.tm \\
| Subject Alternative Name: DNS:mfa.gov.tm, DNS:www.mfa.gov.tm \\
| Not valid before: 2024-05-01T00:00:00 \\
|_Not valid after:  2025-05-01T23:59:59 \\
| ssl-cert: Subject: commonName=www.turkmenistan.gov.tm \\
| Subject Alternative Name: DNS:www.turkmenistan.gov.tm, DNS:turkmenistan.gov.tm \\
| Not valid before: 2023-12-14T00:00:00 \\
|_Not valid after:  2024-12-22T23:59:59 \\
| ssl-cert: Subject: commonName=customs.gov.tm \\
| Subject Alternative Name: DNS:customs.gov.tm, DNS:www.customs.gov.tm \\
| Not valid before: 2023-12-09T00:00:00 \\
|_Not valid after:  2024-12-09T23:59:59 \\
 \\
Nmap scan report for asuda.gov.tm (95.85.97.147) \\
Host is up (0.17s latency). \\
Not shown: 996 filtered ports \\
PORT    STATE  SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx/1.18.0 (Ubuntu) \\
|_http-title: Did not follow redirect to https://asuda.gov.tm/ \\
443/tcp  open  tcpwrapped \\
|_http-server-header: nginx \\
|_http-title: 400 The plain HTTP request was sent to HTTPS port \\
| ssl-cert: Subject: commonName=*.asuda.gov.tm \\
| Subject Alternative Name: DNS:*.asuda.gov.tm, DNS:asuda.gov.tm \\
| Not valid before: 2024-11-22T00:00:00 \\
|_Not valid after:  2025-11-22T23:59:59 \\
| tls-alpn: \\
|_  http/1.1 \\
| tls-nextprotoneg: \\
|_  http/1.1 \\
8080/tcp closed http-proxy \\
8443/tcp closed https-alt \\
 \\
Nmap scan report for turkmenistaninfo.gov.tm (95.85.126.122) \\
Host is up (0.15s latency). \\
Not shown: 998 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx/1.26.2 \\
443/tcp open  tcpwrapped \\
|_http-server-header: nginx/1.26.2 \\
|_http-title: __TITLE__ \\
| ssl-cert: Subject: commonName=turkmenistaninfo.gov.tm \\
| Subject Alternative Name: DNS:turkmenistaninfo.gov.tm, DNS:www.turkmenistaninfo.gov.tm \\
| Not valid before: 2024-02-22T00:00:00 \\
|_Not valid after:  2025-02-21T23:59:59 \\
| tls-alpn: \\
|_  http/1.1 \\
 \\
Nmap scan report for maslahat.gov.tm (216.250.11.65) \\
Host is up (0.16s latency). \\
Not shown: 902 closed ports, 95 filtered ports \\
PORT    STATE SERVICE    VERSION \\
443/tcp  open  tcpwrapped \\
|_http-server-header: nginx/1.24.0 (Ubuntu) \\
| ssl-cert: Subject: commonName=maslahat.gov.tm \\
| Subject Alternative Name: DNS:maslahat.gov.tm, DNS:www.maslahat.gov.tm \\
| Not valid before: 2024-11-25T07:31:15 \\
|_Not valid after:  2025-02-23T07:31:14 \\
3000/tcp open  tcpwrapped \\
5003/tcp open  tcpwrapped \\
 \\
Nmap scan report for education.gov.tm (216.250.12.92) \\
Host is up (0.16s latency). \\
Not shown: 998 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: nginx \\
443/tcp open  tcpwrapped \\
|_http-server-header: nginx \\
|_http-title: 403 Forbidden \\
| ssl-cert: Subject: commonName=education.gov.tm \\
| Subject Alternative Name: DNS:education.gov.tm, DNS:www.education.gov.tm \\
| Not valid before: 2024-06-24T00:00:00 \\
|_Not valid after:  2025-06-24T23:59:59 \\
 \\
Nmap scan report for mintradefer.gov.tm (216.250.11.34) \\
Host is up (0.16s latency). \\
Not shown: 998 filtered ports \\
PORT    STATE SERVICE    VERSION \\
80/tcp  open  tcpwrapped \\
|_http-server-header: Apache/2.4.62 (Ubuntu) \\
443/tcp open  tcpwrapped \\
|_http-cors: GET \\
|_http-server-header: Apache/2.4.62 (Ubuntu) \\
|_http-title: TS we DYAM \\
| ssl-cert: Subject: commonName=mintradefer.gov.tm \\
| Subject Alternative Name: DNS:mintradefer.gov.tm, DNS:www.mintradefer.gov.tm \\
| Not valid before: 2023-12-29T00:00:00 \\
|_Not valid after:  2024-12-29T23:59:59 \\
| tls-alpn: \\
|_  http/1.1 \\
 \\
Nmap scan report for milligosun.gov.tm (216.250.9.51) \\
Host is up (0.17s latency). \\
Not shown: 996 filtered ports \\
PORT    STATE  SERVICE  VERSION \\
80/tcp  open  http    nginx (reverse proxy) \\
|_http-server-header: Milligosun Server \\
443/tcp  open  ssl/http nginx (reverse proxy) \\
|_http-server-header: Milligosun Server \\
| ssl-cert: Subject: commonName=milligosun.gov.tm \\
| Subject Alternative Name: DNS:milligosun.gov.tm, DNS:www.milligosun.gov.tm \\
| Not valid before: 2024-09-30T00:00:00 \\
|_Not valid after:  2024-12-29T23:59:59 \\
| tls-alpn: \\
|  h2 \\
|_  http/1.1 \\
| tls-nextprotoneg: \\
|  h2 \\
|_  http/1.1 \\
3000/tcp open  ppp? \\
| fingerprint-strings: \\
|  FourOhFourRequest: \\
|    HTTP/1.0 302 Found \\
|    Cache-Control: no-store \\
|    Content-Type: text/html; charset=utf-8 \\
|    Location: /login \\
|    Set-Cookie: redirect_to=%2Fnice%2520ports%252C%2FTri%256Eity.txt%252ebak; Path=/; HttpOnly; SameSite=Lax \\
|    X-Content-Type-Options: nosniff \\
|    X-Frame-Options: deny \\
|    X-Xss-Protection: 1; mode=block \\
|    Date: Fri, 06 Dec 2024 19:30:37 GMT \\
|    Content-Length: 29 \\
|    href="/login">Found</a>. \\
|  GenericLines, Help, Kerberos, RTSPRequest, SSLSessionReq, TLSSessionReq, TerminalServerCookie: \\
|    HTTP/1.1 400 Bad Request \\
|    Content-Type: text/plain; charset=utf-8 \\
|    Connection: close \\
|    Request \\
|  GetRequest: \\
|    HTTP/1.0 302 Found \\
|    Cache-Control: no-store \\
|    Content-Type: text/html; charset=utf-8 \\
|    Location: /login \\
|    X-Content-Type-Options: nosniff \\
|    X-Frame-Options: deny \\
|    X-Xss-Protection: 1; mode=block \\
|    Date: Fri, 06 Dec 2024 19:30:01 GMT \\
|    Content-Length: 29 \\
|    href="/login">Found</a>. \\
|  HTTPOptions: \\
|    HTTP/1.0 302 Found \\
|    Cache-Control: no-store \\
|    Location: /login \\
|    X-Content-Type-Options: nosniff \\
|    X-Frame-Options: deny \\
|    X-Xss-Protection: 1; mode=block \\
|    Date: Fri, 06 Dec 2024 19:30:07 GMT \\
|_    Content-Length: 0 \\
8000/tcp closed http-alt \\
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : \\
SF-Port3000-TCP:V=7.80%I=7%D=12/6%Time=675350B7%P=x86_64-pc-linux-gnu%r(Ge \\
SF:nericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t \\
SF:ext/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x \\
SF:20Request")%r(GetRequest,118,"HTTP/1\.0\x20302\x20Found\r\nCache-Contro \\
SF:l:\x20no-store\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nLocat \\
SF:ion:\x20/login\r\nX-Content-Type-Options:\x20nosniff\r\nX-Frame-Options \\
SF::\x20deny\r\nX-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Fri,\x20 \\
SF:06\x20Dec\x202024\x2019:30:01\x20GMT\r\nContent-Length:\x2029\r\n\r\n<a \\
SF:\x20href=\"/login\">Found</a>\.\n\n")%r(Help,67,"HTTP/1\.1\x20400\x20Ba \\
SF:d\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnec \\
SF:tion:\x20close\r\n\r\n400\x20Bad\x20Request")%r(HTTPOptions,D2,"HTTP/1\ \\
SF:.0\x20302\x20Found\r\nCache-Control:\x20no-store\r\nLocation:\x20/login \\
SF:\r\nX-Content-Type-Options:\x20nosniff\r\nX-Frame-Options:\x20deny\r\nX \\
SF:-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Fri,\x2006\x20Dec\x202 \\
SF:024\x2019:30:07\x20GMT\r\nContent-Length:\x200\r\n\r\n")%r(RTSPRequest, \\
SF:67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\ \\
SF:x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request") \\
SF:%r(SSLSessionReq,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type \\
SF::\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x2 \\
SF:0Bad\x20Request")%r(TerminalServerCookie,67,"HTTP/1\.1\x20400\x20Bad\x2 \\
SF:0Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection \\
SF::\x20close\r\n\r\n400\x20Bad\x20Request")%r(TLSSessionReq,67,"HTTP/1\.1 \\
SF:\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=ut \\
SF:f-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(Kerberos,6 \\
SF:7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x \\
SF:20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")% \\
SF:r(FourOhFourRequest,182,"HTTP/1\.0\x20302\x20Found\r\nCache-Control:\x2 \\
SF:0no-store\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nLocation:\ \\
SF:x20/login\r\nSet-Cookie:\x20redirect_to=%2Fnice%2520ports%252C%2FTri%25 \\
SF:6Eity\.txt%252ebak;\x20Path=/;\x20HttpOnly;\x20SameSite=Lax\r\nX-Conten \\
SF:t-Type-Options:\x20nosniff\r\nX-Frame-Options:\x20deny\r\nX-Xss-Protect \\
SF:ion:\x201;\x20mode=block\r\nDate:\x20Fri,\x2006\x20Dec\x202024\x2019:30 \\
SF::37\x20GMT\r\nContent-Length:\x2029\r\n\r\n<a\x20href=\"/login\">Found< \\
SF:/a>\.\n\n"); \\
 \\
Nmap scan report for minjust.gov.tm (216.250.10.199) \\
Host is up (0.21s latency). \\
Not shown: 927 closed ports, 71 filtered ports \\
PORT    STATE SERVICE  VERSION \\
80/tcp  open  http    nginx 1.18.0 (Ubuntu) \\
|_http-server-header: nginx/1.18.0 (Ubuntu) \\
443/tcp open  ssl/http nginx 1.18.0 (Ubuntu) \\
|_http-server-header: nginx/1.18.0 (Ubuntu) \\
|_http-title: Site doesn't have a title (text/html; charset=utf-8). \\
| ssl-cert: Subject: commonName=www.minjust.gov.tm \\
| Subject Alternative Name: DNS:minjust.gov.tm, DNS:www.minjust.gov.tm \\
| Not valid before: 2024-09-23T02:29:40 \\
|_Not valid after:  2024-12-22T02:29:39 \\
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel \\
 \\
Nmap scan report for tca.gov.tm (217.174.238.148) \\
Host is up (0.17s latency). \\
Not shown: 998 filtered ports \\
PORT    STATE SERVICE  VERSION \\
80/tcp  open  http    nginx 1.26.1 \\
|_http-server-header: nginx/1.26.1 \\
443/tcp open  ssl/http nginx 1.26.1 \\
|_http-server-header: nginx/1.26.1 \\
| ssl-cert: Subject: commonName=tca.gov.tm \\
| Subject Alternative Name: DNS:tca.gov.tm, DNS:www.tca.gov.tm \\
| Not valid before: 2024-11-30T05:15:14 \\
|_Not valid after:  2025-02-28T05:15:13 \\
 \\
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . \\
# Nmap done at Fri Dec  6 20:33:10 2024 -- 17 IP addresses (17 hosts up) scanned in 1602.39 seconds \\
 \\
 \\
No se obtienen datos de interés, sin embargo si hacemos un scan de vulnerabilidades con: \\
 \\
nmap --script=vuln $(cat medios.txt) -oA nmap_vuln_medios_tm (tarda 1 hora) \\
 \\
...... si que se obtiene alguna vulnerabilidad \\
 \\
el resultado de éste último escaner le dejo en el .tar.gz. \\

{{ :turkmenistan:nmap_medios_tm.tar.gz |}}