Enumeration
╰─❯ rustscan -a 10.10.11.56 --ulimit 5000 -- -Pn -sV -sC ─╯
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
RustScan: allowing you to send UDP packets into the void 1200x faster than NMAP
[~] The config file is expected to be at "/Users/tharushkadinujaya/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
Open 10.10.11.56:22
Open 10.10.11.56:80
Open 10.10.11.56:8080
[~] Starting Script(s)
[>] Running script "nmap -vvv -p {{port}} {{ip}} -Pn -sV -sC" on ip 10.10.11.56
Depending on the complexity of the script, results may take some time to appear.
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
[~] Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-24 15:12 +0530
NSE: Loaded 157 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 15:12
Completed NSE at 15:12, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 15:12
Completed NSE at 15:12, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 15:12
Completed NSE at 15:12, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 15:12
Completed Parallel DNS resolution of 1 host. at 15:12, 0.04s elapsed
DNS resolution of 1 IPs took 0.05s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 15:12
Scanning 10.10.11.56 [3 ports]
Discovered open port 22/tcp on 10.10.11.56
Discovered open port 80/tcp on 10.10.11.56
Discovered open port 8080/tcp on 10.10.11.56
Completed Connect Scan at 15:12, 0.42s elapsed (3 total ports)
Initiating Service scan at 15:12
Scanning 3 services on 10.10.11.56
Completed Service scan at 15:13, 6.76s elapsed (3 services on 1 host)
NSE: Script scanning 10.10.11.56.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 15:13
Completed NSE at 15:13, 8.85s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 15:13
Completed NSE at 15:13, 1.42s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 15:13
Completed NSE at 15:13, 0.00s elapsed
Nmap scan report for 10.10.11.56
Host is up, received user-set (0.19s latency).
Scanned at 2025-02-24 15:12:55 +0530 for 18s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 aa:54:07:41:98:b8:11:b0:78:45:f1:ca:8c:5a:94:2e (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNQsMcD52VU4FwV2qhq65YVV9Flp7+IUAUrkugU+IiOs5ph+Rrqa4aofeBosUCIziVzTUB/vNQwODCRSTNBvdXQ=
| 256 8f:2b:f3:22:1e:74:3b:ee:8b:40:17:6c:6c:b1:93:9c (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRBr02nNGqdVIlkXK+vsFIdhcYJoWEVqAIvGCGz+nHY
80/tcp open http syn-ack Apache httpd
|_http-server-header: Apache
|_http-title: 403 Forbidden
8080/tcp open http syn-ack Apache httpd
|_http-title: 403 Forbidden
|_http-server-header: Apache
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 15:13
Completed NSE at 15:13, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 15:13
Completed NSE at 15:13, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 15:13
Completed NSE at 15:13, 0.00s elapsed
Read data files from: /opt/homebrew/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.73 secondsWeb Enumeration (Port 80)
Visiting the website on port 80, we find a simple landing page for a company called “Checker Security Solutions”. The source code reveals a comment:
<!-- TODO: Remove dev subdomain before going live -->