OpenSSL is prone to security-bypass vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Updates are available.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Send two SSL ChangeCipherSpec request and check the response.

Details: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check) (OID: 1.3.6.1.4.1.25623.1.0.105043)

Version used: $Revision: 1152 $

OpenSSL is prone to security-bypass vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Updates are available.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Send two SSL ChangeCipherSpec request and check the response.

Details: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check) (OID: 1.3.6.1.4.1.25623.1.0.105043)

Version used: $Revision: 1152 $

OpenSSL is prone to security-bypass vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Updates are available.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Send two SSL ChangeCipherSpec request and check the response.

Details: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check) (OID: 1.3.6.1.4.1.25623.1.0.105043)

Version used: $Revision: 1152 $

OpenSSL is prone to security-bypass vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Solution type: VendorFix

Updates are available.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Send two SSL ChangeCipherSpec request and check the response.

Details: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105042)

Version used: $Revision: 1369 $

OpenSSL is prone to security-bypass vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Solution type: VendorFix

Updates are available.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Send two SSL ChangeCipherSpec request and check the response.

Details: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105042)

Version used: $Revision: 1369 $

OpenSSL is prone to security-bypass vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Solution type: VendorFix

Updates are available.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h

OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Send two SSL ChangeCipherSpec request and check the response.

Details: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105042)

Version used: $Revision: 1369 $

The remote server's SSL certificate has already expired.

Expired Certificates:
The SSL certificate on the remote service expired on 2013-11-09 10:32:06
Certificate details:
subject ...: 1.2.840.113549.1.9.1=#696E666F40706172616C6C656C732E636F6D,CN=Parallels Panel↵
,OU=Parallels Panel,O=Parallels,L=Herndon,ST=Virginia,C=US
issued by .: 1.2.840.113549.1.9.1=#696E666F40706172616C6C656C732E636F6D,CN=Parallels Panel↵
,OU=Parallels Panel,O=Parallels,L=Herndon,ST=Virginia,C=US
serial ....: 509CDBA6
valid from : 2012-11-09 10:32:06 UTC
valid until: 2013-11-09 10:32:06 UTC
fingerprint: E56C82EE6205DD93BF17E938356E70BAA1719167
The SSL certificate on the remote service expired on 2013-11-09 10:32:06
Certificate details:
subject ...: 1.2.840.113549.1.9.1=#696E666F40706172616C6C656C732E636F6D,CN=Parallels Panel↵
,OU=Parallels Panel,O=Parallels,L=Herndon,ST=Virginia,C=US
issued by .: 1.2.840.113549.1.9.1=#696E666F40706172616C6C656C732E636F6D,CN=Parallels Panel↵
,OU=Parallels Panel,O=Parallels,L=Herndon,ST=Virginia,C=US
serial ....: 509CDBA6
valid from : 2012-11-09 10:32:06 UTC
valid until: 2013-11-09 10:32:06 UTC
fingerprint: E56C82EE6205DD93BF17E938356E70BAA1719167
The SSL certificate on the remote service expired on 2013-11-09 10:32:06
Certificate details:
subject ...: 1.2.840.113549.1.9.1=#696E666F40706172616C6C656C732E636F6D,CN=Parallels Panel↵
,OU=Parallels Panel,O=Parallels,L=Herndon,ST=Virginia,C=US
issued by .: 1.2.840.113549.1.9.1=#696E666F40706172616C6C656C732E636F6D,CN=Parallels Panel↵
,OU=Parallels Panel,O=Parallels,L=Herndon,ST=Virginia,C=US
serial ....: 509CDBA6
valid from : 2012-11-09 10:32:06 UTC
valid until: 2013-11-09 10:32:06 UTC
fingerprint: E56C82EE6205DD93BF17E938356E70BAA1719167

Replace the SSL certificate by a new one.

This script checks expiry dates of certificates associated with SSL-enabled services on the target and reports whether any have already expired.

Details: SSL Certification Expired (OID: 1.3.6.1.4.1.25623.1.0.103955)

Version used: $Revision: 626 $

This routine search for weak SSL ciphers offered by a service.

Weak ciphers offered by this service:
  SSL2_RC4_128_MD5
  SSL2_RC4_128_EXPORT40_WITH_MD5
  SSL2_RC2_CBC_128_CBC_WITH_MD5
  SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
  SSL3_RSA_RC4_40_MD5
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_RSA_RC2_40_MD5
  SSL3_RSA_DES_40_CBC_SHA
  SSL3_RSA_DES_64_CBC_SHA
  SSL3_EDH_RSA_DES_40_CBC_SHA
  SSL3_EDH_RSA_DES_64_CBC_SHA
  SSL3_ADH_RC4_40_MD5
  SSL3_ADH_RC4_128_MD5
  SSL3_ADH_DES_40_CBC_SHA
  SSL3_ADH_DES_64_CBC_SHA
  TLS1_RSA_RC4_40_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_RSA_RC2_40_MD5
  TLS1_RSA_DES_40_CBC_SHA
  TLS1_RSA_DES_64_CBC_SHA
  TLS1_EDH_RSA_DES_40_CBC_SHA
  TLS1_EDH_RSA_DES_64_CBC_SHA
  TLS1_ADH_RC4_40_MD5
  TLS1_ADH_RC4_128_MD5
  TLS1_ADH_DES_40_CBC_SHA
  TLS1_ADH_DES_64_CBC_SHA

The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.

These rules are applied for the evaluation of the cryptographic strength:

- Any SSL/TLS using no cipher is considered weak.

- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.

- RC4 is considered to be weak.

- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak.

- 1024 bit RSA authentication is considered to be insecure and therefore as weak.

- CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks

- Any cipher considered to be secure for only the next 10 years is considered as medium

- Any other cipher is considered as strong

Details: Check for SSL Weak Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103440)

Version used: $Revision: 733 $

This routine search for weak SSL ciphers offered by a service.

Weak ciphers offered by this service:
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_ADH_RC4_128_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_ADH_RC4_128_MD5

The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.

These rules are applied for the evaluation of the cryptographic strength:

- Any SSL/TLS using no cipher is considered weak.

- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.

- RC4 is considered to be weak.

- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak.

- 1024 bit RSA authentication is considered to be insecure and therefore as weak.

- CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks

- Any cipher considered to be secure for only the next 10 years is considered as medium

- Any other cipher is considered as strong

Details: Check for SSL Weak Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103440)

Version used: $Revision: 733 $

This host is installed with OpenSSL and is prone to information disclosure vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream.

Impact Level: Application

Vendor released a patch to address this vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org

NOTE: The only correct way to fix POODLE is to disable SSL v3.0

OpenSSL through 1.0.1i

The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code

Send a SSLv3 request and check the response.

Details: POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802087)

Version used: $Revision: 1152 $

This routine search for weak SSL ciphers offered by a service.

Weak ciphers offered by this service:
  SSL2_RC4_128_MD5
  SSL2_RC4_128_EXPORT40_WITH_MD5
  SSL2_RC2_CBC_128_CBC_WITH_MD5
  SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
  SSL3_RSA_RC4_40_MD5
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_RSA_RC2_40_MD5
  SSL3_RSA_DES_40_CBC_SHA
  SSL3_RSA_DES_64_CBC_SHA
  TLS1_RSA_RC4_40_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_RSA_RC2_40_MD5
  TLS1_RSA_DES_40_CBC_SHA
  TLS1_RSA_DES_64_CBC_SHA

The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.

These rules are applied for the evaluation of the cryptographic strength:

- Any SSL/TLS using no cipher is considered weak.

- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.

- RC4 is considered to be weak.

- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak.

- 1024 bit RSA authentication is considered to be insecure and therefore as weak.

- CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks

- Any cipher considered to be secure for only the next 10 years is considered as medium

- Any other cipher is considered as strong

Details: Check for SSL Weak Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103440)

Version used: $Revision: 733 $

This host is installed with OpenSSL and is prone to information disclosure vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream.

Impact Level: Application

Vendor released a patch to address this vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org

NOTE: The only correct way to fix POODLE is to disable SSL v3.0

OpenSSL through 1.0.1i

The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code

Send a SSLv3 request and check the response.

Details: POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802087)

Version used: $Revision: 1152 $

This routine search for weak SSL ciphers offered by a service.

Weak ciphers offered by this service:
  SSL2_RC4_128_MD5
  SSL2_RC4_128_EXPORT40_WITH_MD5
  SSL2_RC2_CBC_128_CBC_WITH_MD5
  SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
  SSL3_RSA_RC4_40_MD5
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_RSA_RC2_40_MD5
  SSL3_RSA_DES_40_CBC_SHA
  SSL3_RSA_DES_64_CBC_SHA
  TLS1_RSA_RC4_40_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_RSA_RC2_40_MD5
  TLS1_RSA_DES_40_CBC_SHA
  TLS1_RSA_DES_64_CBC_SHA

The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.

These rules are applied for the evaluation of the cryptographic strength:

- Any SSL/TLS using no cipher is considered weak.

- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.

- RC4 is considered to be weak.

- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak.

- 1024 bit RSA authentication is considered to be insecure and therefore as weak.

- CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks

- Any cipher considered to be secure for only the next 10 years is considered as medium

- Any other cipher is considered as strong

Details: Check for SSL Weak Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103440)

Version used: $Revision: 733 $

This host is installed with OpenSSL and is prone to information disclosure vulnerability.

Vulnerability was detected according to the Vulnerability Detection Method.

Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream.

Impact Level: Application

Vendor released a patch to address this vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org

NOTE: The only correct way to fix POODLE is to disable SSL v3.0

OpenSSL through 1.0.1i

The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code

Send a SSLv3 request and check the response.

Details: POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802087)

Version used: $Revision: 1152 $

The remote host implements TCP timestamps and therefore allows to compute the uptime.

It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Paket 1: 773628534
Paket 2: 773628652

A side effect of this feature is that the uptime of the remote host can sometimes be computed.

To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.

To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'

Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment.

See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152

TCP/IPv4 implementations that implement RFC1323.

The remote host implements TCP timestamps, as defined by RFC1323.

Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported.

Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)

Version used: $Revision: 787 $

This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine remote operating system version.

ICMP based OS fingerprint results: (100% confidence)
Linux Kernel

Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)

Version used: $Revision: 1739 $

The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. This information could theoretically be used to exploit weak time-based random number generators in other services.

Vulnerability was detected according to the Vulnerability Detection Method.

Details: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)

Version used: $Revision: 13 $

A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct.

Here is the route from 45.79.134.130 to 176.28.50.165:
45.79.134.130
207.99.53.41
209.123.10.102
209.123.11.142
195.66.225.173
80.237.129.181
176.28.4.54
176.28.50.165

Block unwanted packets from escaping your network.

Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)

Version used: $Revision: 975 $

This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of operating systems, services and applications detected during the scan.

176.28.50.165|cpe:/a:postfix:postfix
176.28.50.165|cpe:/a:nginx:nginx:1.4.1
176.28.50.165|cpe:/a:php:php:5.3.10
176.28.50.165|cpe:/a:openbsd:openssh:5.3p1
176.28.50.165|cpe:/o:canonical:ubuntu_linux

Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)

Version used: $Revision: 314 $

This Plugin detects the FTP Server Banner

Remote FTP server banner :
220 ProFTPD 1.3.3e Server (ProFTPD) [176.28.50.165] 

Details: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)

Version used: $Revision: 1776 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

An FTP server is running on this port.
Here is its banner : 
220 ProFTPD 1.3.3e Server (ProFTPD) [176.28.50.165] 

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

Identification of SSH protocol versions supported by the remote SSH Server. Also reads the corresponding fingerprints from the service.

The following versions are tried: 1.33, 1.5, 1.99 and 2.0

The remote SSH Server supports the following SSH Protocol Versions:
1.99
2.0
SSHv2 Fingerprint:
ssh-rsa: a1:7d:bd:2c:5d:9f:02:26:da:52:91:c0:2d:20:2f:3c
ssh-dss: 2d:4e:a6:d9:33:4a:f5:cf:fe:7a:e2:55:66:0a:41:ae

Details: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)

Version used: $Revision: 1952 $

This detects the SSH Server's type and version by connecting to the server and processing the buffer received.

This information gives potential attackers additional information about the system they are attacking. Versions and Types should be omitted where possible.

Detected SSH server version: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7.1
Remote SSH supported authentication: password,publickey
Remote SSH banner: 
(not available)
CPE: cpe:/a:openbsd:openssh:5.3p1
Concluded from remote connection attempt with credentials:
  Login: OpenVAS
  Password: OpenVAS

Details: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Version used: $Revision: 1789 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

An ssh server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This detects the SMTP Server's type and version by connecting to the server and processing the buffer received.

Remote SMTP server banner :
220 rs202995.rs.hosteurope.de ESMTP Postfix (Ubuntu) 
This is probably: Postfix
Detected Postfix
Version: unknown
Location: 25/tcp
CPE: cpe:/a:postfix:postfix

Change the login banner to something generic.

Details: SMTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10263)

Version used: $Revision: 1545 $

Check if the remote Mailserver supports the STARTTLS command.

The remote Mailserver supports the STARTTLS command.

Details: SMTP STARTTLS Detection (OID: 1.3.6.1.4.1.25623.1.0.103118)

Version used: $Revision: 703 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

An SMTP server is running on this port
Here is its banner : 
220 rs202995.rs.hosteurope.de ESMTP Postfix (Ubuntu) 

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This routine search for SSL ciphers offered by a service.

Service supports SSLv2 ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  SSL3_EDH_RSA_DES_192_CBC3_SHA
  SSL3_ADH_DES_192_CBC_SHA
  SSL3_DHE_RSA_WITH_AES_128_SHA
  SSL3_ADH_WITH_AES_128_SHA
  TLS1_RSA_DES_192_CBC3_SHA
  TLS1_EDH_RSA_DES_192_CBC3_SHA
  TLS1_ADH_DES_192_CBC_SHA
  TLS1_DHE_RSA_WITH_AES_128_SHA
  TLS1_ADH_WITH_AES_128_SHA
Weak ciphers offered by this service:
  SSL2_RC4_128_MD5
  SSL2_RC4_128_EXPORT40_WITH_MD5
  SSL2_RC2_CBC_128_CBC_WITH_MD5
  SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
  SSL3_RSA_RC4_40_MD5
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_RSA_RC2_40_MD5
  SSL3_RSA_DES_40_CBC_SHA
  SSL3_RSA_DES_64_CBC_SHA
  SSL3_EDH_RSA_DES_40_CBC_SHA
  SSL3_EDH_RSA_DES_64_CBC_SHA
  SSL3_ADH_RC4_40_MD5
  SSL3_ADH_RC4_128_MD5
  SSL3_ADH_DES_40_CBC_SHA
  SSL3_ADH_DES_64_CBC_SHA
  TLS1_RSA_RC4_40_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_RSA_RC2_40_MD5
  TLS1_RSA_DES_40_CBC_SHA
  TLS1_RSA_DES_64_CBC_SHA
  TLS1_EDH_RSA_DES_40_CBC_SHA
  TLS1_EDH_RSA_DES_64_CBC_SHA
  TLS1_ADH_RC4_40_MD5
  TLS1_ADH_RC4_128_MD5
  TLS1_ADH_DES_40_CBC_SHA
  TLS1_ADH_DES_64_CBC_SHA
No non-ciphers are supported by this service

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

This Plugin reports about SSL Medium Ciphers.

Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  SSL3_EDH_RSA_DES_192_CBC3_SHA
  SSL3_ADH_DES_192_CBC_SHA
  SSL3_DHE_RSA_WITH_AES_128_SHA
  SSL3_ADH_WITH_AES_128_SHA
  TLS1_RSA_DES_192_CBC3_SHA
  TLS1_EDH_RSA_DES_192_CBC3_SHA
  TLS1_ADH_DES_192_CBC_SHA
  TLS1_DHE_RSA_WITH_AES_128_SHA
  TLS1_ADH_WITH_AES_128_SHA

Details: Check for SSL Medium Ciphers (OID: 1.3.6.1.4.1.25623.1.0.902816)

Version used: $Revision: 12 $

A DNS Server is running at this Host. A Name Server translates domain names into IP addresses. This makes it possible for a user to access a website by typing in the domain name instead of the website's actual IP address.

Vulnerability was detected according to the Vulnerability Detection Method.

Details: DNS Server Detection (OID: 1.3.6.1.4.1.25623.1.0.100069)

Version used: $Revision: 488 $

Detection of nginx.

The script sends a connection request to the server and attempts to extract the version number from the reply.

Detected nginx
Version: 1.4.1
Location: 80/tcp
CPE: cpe:/a:nginx:nginx:1.4.1
Concluded from version identification result:
Server: nginx/1.4.1

Details: nginx Detection (OID: 1.3.6.1.4.1.25623.1.0.100274)

Version used: $Revision: 1581 $

This detects the HTTP Server's type and version.

The remote web server type is :
nginx/1.4.1 

Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Version used: $Revision: 229 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A web server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host.

It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror.

The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/listproducts.php (cat [1] )
/artists.php (artist [1] )
/search.php (goButton [go] test [query] searchFor [] )
/secured/newuser.php (uuname [] upass [] upass2 [] urname [] ucc [] uemail [] uphone [] si↵
gnup [signup] )
/showimage.php (file [+pict.item(0).firstChild.nodeValue+] )
/hpp/ (pp [12] )
/userinfo.php (uname [] pass [] )
/comment.php (aid [1] )
The following directories have been discovered :
/images
/AJAX
/Mod_Rewrite_Shop
/hpp
/Mod_Rewrite_Shop/images
/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1
/Mod_Rewrite_Shop/Details/web-camera-a4tech/2
/Mod_Rewrite_Shop/Details/color-printer/3
Directory index found at /images/
Directory index found at /Mod_Rewrite_Shop/images/

Details: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)

Version used: $Revision: 1825 $

This plugin attempts to determine the presence of various common dirs on the remote web server

The following directories were discovered:
/admin, /cgi-bin, /secured, /CVS, /Templates, /images
While this is not, in and of itself, a bug, you should manually inspect 
these directories to ensure that they are in compliance with company
security standards

Details: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)

Version used: $Revision: 1717 $

The script prints out the directories which are used when CGI scanning is enabled.

The following directories are used for CGI scanning:
/scripts
/cgi-bin
/CVS
/Mod_Rewrite_Shop
/AJAX
/admin
/images
/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1
/Mod_Rewrite_Shop/Details/web-camera-a4tech/2
/hpp
/Mod_Rewrite_Shop/Details/color-printer/3
/secured
/Templates
/Mod_Rewrite_Shop/images
/

Details: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)

Version used: $Revision: 1727 $

Detection of installed version of PHP.

This script sends HTTP GET request and try to get the version from the responce, and sets the result in KB.

Detected PHP
Version: 5.3.10
Location: tcp/80
CPE: cpe:/a:php:php:5.3.10
Concluded from version identification result:
X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 

Details: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)

Version used: $Revision: 1554 $

This Plugin detects the FTP Server Banner

Remote FTP server banner :
200 poppassd hello, who are you? 

Details: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)

Version used: $Revision: 1776 $

This plugin performs service detection.

Description :

This plugin is a complement of find_service.nasl. It attempts to identify services that return 3 ASCII digits codes (ie: FTP, SMTP, NNTP, ...)

A FTP server is running on this port

Details: Identifies services like FTP, SMTP, NNTP... (OID: 1.3.6.1.4.1.25623.1.0.14773)

Version used: $Revision: 1717 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A pop3 server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

The remote POP3 Server supports the STARTTLS command.

Vulnerability was detected according to the Vulnerability Detection Method.

Details: POP3 STARTTLS Detection (OID: 1.3.6.1.4.1.25623.1.0.105008)

Version used: $Revision: 696 $

This routine search for SSL ciphers offered by a service.

Service does not support SSLv2 ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
No medium ciphers are supported by this service
No weak ciphers are supported by this service
No non-ciphers are supported by this service

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

An IMAP server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

The remote IMAP Server supports the STARTTLS command.

Vulnerability was detected according to the Vulnerability Detection Method.

Details: IMAP STARTTLS Detection (OID: 1.3.6.1.4.1.25623.1.0.105007)

Version used: $Revision: 696 $

Displays the imap4 service banner.

The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFEREN↵
CES SORT QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION STARTTLS] 

Details: IMAP Banner (OID: 1.3.6.1.4.1.25623.1.0.11414)

Version used: $Revision: 17 $

This routine search for SSL ciphers offered by a service.

Service does not support SSLv2 ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
No medium ciphers are supported by this service
No weak ciphers are supported by this service
No non-ciphers are supported by this service

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

This detects the SMTP Server's type and version by connecting to the server and processing the buffer received.

Remote SMTP server banner :
220 rs202995.rs.hosteurope.de ESMTP Postfix (Ubuntu) 
This is probably: Postfix
Detected Postfix
Version: unknown
Location: 465/tcp
CPE: cpe:/a:postfix:postfix

Change the login banner to something generic.

Details: SMTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10263)

Version used: $Revision: 1545 $

The SSL certificate contains a common name (CN) that does not match the hostname.

Hostname: testphp.vulnweb.com
Common Name: Parallels Panel

Details: SSL Certificate - Subject Common Name Does Not Match Server FQDN (OID: 1.3.6.1.4.1.25623.1.0.103141)

Version used: $Revision: 1279 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A TLScustom server answered on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

An SMTP server is running on this port through SSL
Here is its banner : 
220 rs202995.rs.hosteurope.de ESMTP Postfix (Ubuntu) 

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This routine search for SSL ciphers offered by a service.

Service does not support SSLv2 ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  SSL3_EDH_RSA_DES_192_CBC3_SHA
  SSL3_ADH_DES_192_CBC_SHA
  SSL3_DHE_RSA_WITH_AES_128_SHA
  SSL3_ADH_WITH_AES_128_SHA
  TLS1_RSA_DES_192_CBC3_SHA
  TLS1_EDH_RSA_DES_192_CBC3_SHA
  TLS1_ADH_DES_192_CBC_SHA
  TLS1_DHE_RSA_WITH_AES_128_SHA
  TLS1_ADH_WITH_AES_128_SHA
Weak ciphers offered by this service:
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_ADH_RC4_128_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_ADH_RC4_128_MD5
No non-ciphers are supported by this service

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

This Plugin reports about SSL Medium Ciphers.

Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  SSL3_EDH_RSA_DES_192_CBC3_SHA
  SSL3_ADH_DES_192_CBC_SHA
  SSL3_DHE_RSA_WITH_AES_128_SHA
  SSL3_ADH_WITH_AES_128_SHA
  TLS1_RSA_DES_192_CBC3_SHA
  TLS1_EDH_RSA_DES_192_CBC3_SHA
  TLS1_ADH_DES_192_CBC_SHA
  TLS1_DHE_RSA_WITH_AES_128_SHA
  TLS1_ADH_WITH_AES_128_SHA

Details: Check for SSL Medium Ciphers (OID: 1.3.6.1.4.1.25623.1.0.902816)

Version used: $Revision: 12 $

The SSL certificate contains a common name (CN) that does not match the hostname.

Hostname: testphp.vulnweb.com
Common Name: Parallels Panel

Details: SSL Certificate - Subject Common Name Does Not Match Server FQDN (OID: 1.3.6.1.4.1.25623.1.0.103141)

Version used: $Revision: 1279 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A TLScustom server answered on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

An IMAP server is running on this port through SSL

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

Displays the imap4 service banner.

The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFEREN↵
CES SORT QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION] 

Details: IMAP Banner (OID: 1.3.6.1.4.1.25623.1.0.11414)

Version used: $Revision: 17 $

This routine search for SSL ciphers offered by a service.

Service supports SSLv2 ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  TLS1_RSA_DES_192_CBC3_SHA
Weak ciphers offered by this service:
  SSL2_RC4_128_MD5
  SSL2_RC4_128_EXPORT40_WITH_MD5
  SSL2_RC2_CBC_128_CBC_WITH_MD5
  SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
  SSL3_RSA_RC4_40_MD5
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_RSA_RC2_40_MD5
  SSL3_RSA_DES_40_CBC_SHA
  SSL3_RSA_DES_64_CBC_SHA
  TLS1_RSA_RC4_40_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_RSA_RC2_40_MD5
  TLS1_RSA_DES_40_CBC_SHA
  TLS1_RSA_DES_64_CBC_SHA
No non-ciphers are supported by this service

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

This Plugin reports about SSL Medium Ciphers.

Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  TLS1_RSA_DES_192_CBC3_SHA

Details: Check for SSL Medium Ciphers (OID: 1.3.6.1.4.1.25623.1.0.902816)

Version used: $Revision: 12 $

The SSL certificate contains a common name (CN) that does not match the hostname.

Hostname: testphp.vulnweb.com
Common Name: Parallels Panel

Details: SSL Certificate - Subject Common Name Does Not Match Server FQDN (OID: 1.3.6.1.4.1.25623.1.0.103141)

Version used: $Revision: 1279 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A TLScustom server answered on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A pop3 server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

This routine search for SSL ciphers offered by a service.

Service supports SSLv2 ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  TLS1_RSA_DES_192_CBC3_SHA
Weak ciphers offered by this service:
  SSL2_RC4_128_MD5
  SSL2_RC4_128_EXPORT40_WITH_MD5
  SSL2_RC2_CBC_128_CBC_WITH_MD5
  SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
  SSL3_RSA_RC4_40_MD5
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_RSA_RC2_40_MD5
  SSL3_RSA_DES_40_CBC_SHA
  SSL3_RSA_DES_64_CBC_SHA
  TLS1_RSA_RC4_40_MD5
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_RSA_RC2_40_MD5
  TLS1_RSA_DES_40_CBC_SHA
  TLS1_RSA_DES_64_CBC_SHA
No non-ciphers are supported by this service

Details: Check for SSL Ciphers (OID: 1.3.6.1.4.1.25623.1.0.802067)

Version used: $Revision: 312 $

This Plugin reports about SSL Medium Ciphers.

Medium ciphers offered by this service:
  SSL3_RSA_DES_192_CBC3_SHA
  TLS1_RSA_DES_192_CBC3_SHA

Details: Check for SSL Medium Ciphers (OID: 1.3.6.1.4.1.25623.1.0.902816)

Version used: $Revision: 12 $

This detects the HTTP Server's type and version.

The remote web server type is :
sw-cp-server 

Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Version used: $Revision: 229 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A web server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

The script prints out the directories which are used when CGI scanning is enabled.

The following directories are used for CGI scanning:
/scripts
/cgi-bin
/

Details: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)

Version used: $Revision: 1727 $

This detects the HTTP Server's type and version.

The remote web server type is :
sw-cp-server 

Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Version used: $Revision: 229 $

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

A web server is running on this port

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

The script prints out the directories which are used when CGI scanning is enabled.

The following directories are used for CGI scanning:
/scripts
/cgi-bin
/

Details: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)

Version used: $Revision: 1727 $