80,443

80/tcp    open   http       Apache httpd 2.4.37 ((centos) OpenSSL/1.1.1c)
|_http-server-header: Apache/2.4.37 (centos) OpenSSL/1.1.1c
|_http-title: Did not follow redirect to https://thomaswreath.thm
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
443/tcp   open   ssl/http   Apache httpd 2.4.37 ((centos) OpenSSL/1.1.1c)
| http-methods: 
|   Supported Methods: HEAD GET POST OPTIONS TRACE
|_  Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.37 (centos) OpenSSL/1.1.1c
|_ssl-date: TLS randomness does not represent time
|_http-title: Thomas Wreath | Developer
| tls-alpn: 
|_  http/1.1
| ssl-cert: Subject: commonName=thomaswreath.thm/organizationName=Thomas Wreath Development/stateOrProvinceName=East Riding Yorkshire/countryName=GB
| Issuer: commonName=thomaswreath.thm/organizationName=Thomas Wreath Development/stateOrProvinceName=East Riding Yorkshire/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-03-19T11:23:08
| Not valid after:  2025-03-19T11:23:08
| MD5:   854b:decd:2f80:b6c8:d722:bf7b:d7f2:3a85
|_SHA-1: da64:6ac2:b1e8:1aaf:ee99:c299:6c0b:fecc:e466:e851

nikto --host https://thomaswreath.thm
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          10.200.101.200
+ Target Hostname:    thomaswreath.thm
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /C=GB/ST=East Riding Yorkshire/L=Easingwold/O=Thomas Wreath Development/CN=thomaswreath.thm/emailAddress=me@thomaswreath.thm
                   Ciphers:  TLS_AES_256_GCM_SHA384
                   Issuer:   /C=GB/ST=East Riding Yorkshire/L=Easingwold/O=Thomas Wreath Development/CN=thomaswreath.thm/emailAddress=me@thomaswreath.thm
+ Start Time:         2024-03-19 06:56:52 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.4.37 (centos) OpenSSL/1.1.1c
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /dbuvH7Fb.php: Retrieved x-powered-by header: PHP/7.2.24.
+ Apache/2.4.37 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.
+ OpenSSL/1.1.1c appears to be outdated (current is at least 3.0.7). OpenSSL 1.1.1s is current for the 1.x branch and will be supported until Nov 11 2023.
+ OPTIONS: Allowed HTTP Methods: HEAD, GET, POST, OPTIONS, TRACE .
+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See: https://owasp.org/www-community/attacks/Cross_Site_Tracing

+ /css/: Directory indexing found.
+ /css/: This might be interesting.
+ /img/: Directory indexing found.
+ /img/: This might be interesting.
+ /icons/: Directory indexing found.

Possible exploits

PreviousEnumeration Next10000

80/tcp open http Apache httpd 2.4.37 ((centos) OpenSSL/1.1.1c) |_http-server-header: Apache/2.4.37 (centos) OpenSSL/1.1.1c |_http-title: Did not follow redirect to https://thomaswreath.thm | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS 443/tcp open ssl/http Apache httpd 2.4.37 ((centos) OpenSSL/1.1.1c) | http-methods: | Supported Methods: HEAD GET POST OPTIONS TRACE |_ Potentially risky methods: TRACE |_http-server-header: Apache/2.4.37 (centos) OpenSSL/1.1.1c |_ssl-date: TLS randomness does not represent time |_http-title: Thomas Wreath | Developer | tls-alpn: |_ http/1.1 | ssl-cert: Subject: commonName=thomaswreath.thm/organizationName=Thomas Wreath Development/stateOrProvinceName=East Riding Yorkshire/countryName=GB | Issuer: commonName=thomaswreath.thm/organizationName=Thomas Wreath Development/stateOrProvinceName=East Riding Yorkshire/countryName=GB | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2024-03-19T11:23:08 | Not valid after: 2025-03-19T11:23:08 | MD5: 854b:decd:2f80:b6c8:d722:bf7b:d7f2:3a85 |_SHA-1: da64:6ac2:b1e8:1aaf:ee99:c299:6c0b:fecc:e466:e851

nikto --host https://thomaswreath.thm - Nikto v2.5.0 --------------------------------------------------------------------------- + Target IP: 10.200.101.200 + Target Hostname: thomaswreath.thm + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Subject: /C=GB/ST=East Riding Yorkshire/L=Easingwold/O=Thomas Wreath Development/CN=thomaswreath.thm/emailAddress=me@thomaswreath.thm Ciphers: TLS_AES_256_GCM_SHA384 Issuer: /C=GB/ST=East Riding Yorkshire/L=Easingwold/O=Thomas Wreath Development/CN=thomaswreath.thm/emailAddress=me@thomaswreath.thm + Start Time: 2024-03-19 06:56:52 (GMT-5) --------------------------------------------------------------------------- + Server: Apache/2.4.37 (centos) OpenSSL/1.1.1c + /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/ + /dbuvH7Fb.php: Retrieved x-powered-by header: PHP/7.2.24. + Apache/2.4.37 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch. + OpenSSL/1.1.1c appears to be outdated (current is at least 3.0.7). OpenSSL 1.1.1s is current for the 1.x branch and will be supported until Nov 11 2023. + OPTIONS: Allowed HTTP Methods: HEAD, GET, POST, OPTIONS, TRACE . + /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See: https://owasp.org/www-community/attacks/Cross_Site_Tracing + /css/: Directory indexing found. + /css/: This might be interesting. + /img/: Directory indexing found. + /img/: This might be interesting. + /icons/: Directory indexing found.