turkmenistan:scan-servidores-gobierno-y-medios

1º Búsqueda en google mediante gov site.tm

2º Guardarlo en medios.txt sin https:// ni www ni ninguna /, tiene que quedar así:

cat medios.txt

mfa.gov.tm
migration.gov.tm
turkmenistan.gov.tm
turkmentv.gov.tm
docslibrary.gov.tm
mlsp.gov.tm
stat.gov.tm
tdh.gov.tm
customs.gov.tm
asuda.gov.tm
turkmenistaninfo.gov.tm
maslahat.gov.tm
education.gov.tm
mintradefer.gov.tm
milligosun.gov.tm
minjust.gov.tm
tca.gov.tm

3º nmap -oA nmap_medios_af -iL medios.txt -A -T4 (tarda unos 25 minutos)

# Nmap 7.80 scan initiated Fri Dec 6 20:06:27 2024 as: nmap -oA nmap_medios_tm -iL medios.txt -A -T4
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Warning: 216.250.10.199 giving up on port because retransmission cap hit (6).
Warning: 216.250.11.65 giving up on port because retransmission cap hit (6).
Warning: 216.250.11.231 giving up on port because retransmission cap hit (6).
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Nmap scan report for mfa.gov.tm (217.174.238.29)
Host is up (0.17s latency).
Not shown: 936 closed ports, 62 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx
443/tcp open tcpwrapped

Nmap scan report for migration.gov.tm (216.250.11.21)
Host is up (0.16s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open tcpwrapped

Nmap scan report for turkmenistan.gov.tm (217.174.238.29)
Host is up (0.16s latency).
Not shown: 927 closed ports, 71 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
443/tcp open tcpwrapped

Nmap scan report for turkmentv.gov.tm (216.250.11.231)
Host is up (0.17s latency).
Not shown: 938 closed ports, 60 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for docslibrary.gov.tm (216.250.10.110)
Host is up (0.17s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for mlsp.gov.tm (216.250.9.121)
Host is up (0.17s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for stat.gov.tm (216.250.9.50)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
443/tcp open tcpwrapped

8081/tcp open tcpwrapped
8084/tcp open tcpwrapped

Nmap scan report for tdh.gov.tm (217.174.238.29)
Host is up (0.17s latency).
Not shown: 915 closed ports, 83 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
443/tcp open tcpwrapped

Nmap scan report for customs.gov.tm (217.174.238.29)
Host is up (0.16s latency).
Not shown: 919 closed ports, 79 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for asuda.gov.tm (95.85.97.147)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

8080/tcp closed http-proxy
8443/tcp closed https-alt

Nmap scan report for turkmenistaninfo.gov.tm (95.85.126.122)
Host is up (0.15s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for maslahat.gov.tm (216.250.11.65)
Host is up (0.16s latency).
Not shown: 902 closed ports, 95 filtered ports
PORT STATE SERVICE VERSION
443/tcp open tcpwrapped

3000/tcp open tcpwrapped
5003/tcp open tcpwrapped

Nmap scan report for education.gov.tm (216.250.12.92)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for mintradefer.gov.tm (216.250.11.34)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped

443/tcp open tcpwrapped

Nmap scan report for milligosun.gov.tm (216.250.9.51)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx (reverse proxy)

443/tcp open ssl/http nginx (reverse proxy)

3000/tcp open ppp?

8000/tcp closed http-alt
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3000-TCP:V=7.80%I=7%D=12/6%Time=675350B7%P=x86_64-pc-linux-gnu%r(Ge
SF:nericLines,67,“HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
SF:ext/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x
SF:20Request”)%r(GetRequest,118,“HTTP/1\.0\x20302\x20Found\r\nCache-Contro
SF:l:\x20no-store\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nLocat
SF:ion:\x20/login\r\nX-Content-Type-Options:\x20nosniff\r\nX-Frame-Options
SF::\x20deny\r\nX-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Fri,\x20
SF:06\x20Dec\x202024\x2019:30:01\x20GMT\r\nContent-Length:\x2029\r\n\r\n<a
SF:\x20href=\”/login\“>Found</a>\.\n\n”)%r(Help,67,“HTTP/1\.1\x20400\x20Ba
SF:d\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnec
SF:tion:\x20close\r\n\r\n400\x20Bad\x20Request”)%r(HTTPOptions,D2,“HTTP/1\
SF:.0\x20302\x20Found\r\nCache-Control:\x20no-store\r\nLocation:\x20/login
SF:\r\nX-Content-Type-Options:\x20nosniff\r\nX-Frame-Options:\x20deny\r\nX
SF:-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Fri,\x2006\x20Dec\x202
SF:024\x2019:30:07\x20GMT\r\nContent-Length:\x200\r\n\r\n”)%r(RTSPRequest,
SF:67,“HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\
SF:x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request”)
SF:%r(SSLSessionReq,67,“HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type
SF::\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x2
SF:0Bad\x20Request”)%r(TerminalServerCookie,67,“HTTP/1\.1\x20400\x20Bad\x2
SF:0Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection
SF::\x20close\r\n\r\n400\x20Bad\x20Request”)%r(TLSSessionReq,67,“HTTP/1\.1
SF:\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=ut
SF:f-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request”)%r(Kerberos,6
SF:7,“HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x
SF:20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request”)%
SF:r(FourOhFourRequest,182,“HTTP/1\.0\x20302\x20Found\r\nCache-Control:\x2
SF:0no-store\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nLocation:\
SF:x20/login\r\nSet-Cookie:\x20redirect_to=%2Fnice%2520ports%252C%2FTri%25
SF:6Eity\.txt%252ebak;\x20Path=/;\x20HttpOnly;\x20SameSite=Lax\r\nX-Conten
SF:t-Type-Options:\x20nosniff\r\nX-Frame-Options:\x20deny\r\nX-Xss-Protect
SF:ion:\x201;\x20mode=block\r\nDate:\x20Fri,\x2006\x20Dec\x202024\x2019:30
SF::37\x20GMT\r\nContent-Length:\x2029\r\n\r\n<a\x20href=\”/login\“>Found<
SF:/a>\.\n\n”);

Nmap scan report for minjust.gov.tm (216.250.10.199)
Host is up (0.21s latency).
Not shown: 927 closed ports, 71 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.18.0 (Ubuntu)

443/tcp open ssl/http nginx 1.18.0 (Ubuntu)

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Nmap scan report for tca.gov.tm (217.174.238.148)
Host is up (0.17s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.26.1

443/tcp open ssl/http nginx 1.26.1

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Dec 6 20:33:10 2024 – 17 IP addresses (17 hosts up) scanned in 1602.39 seconds

No se obtienen datos de interés, sin embargo si hacemos un scan de vulnerabilidades con:

nmap –script=vuln $(cat medios.txt) -oA nmap_vuln_medios_tm (tarda 1 hora)

…… si que se obtiene alguna vulnerabilidad

el resultado de éste último escaner le dejo en el .tar.gz.

nmap_medios_tm.tar.gz