قالب وردپرس درنا توس
Home / Tips and Tricks / How to Run OSINT Recon on a Target Domain with Raccoon Scanners «Null Byte :: WonderHowTo

How to Run OSINT Recon on a Target Domain with Raccoon Scanners «Null Byte :: WonderHowTo



Enlightenment is the phase of an attack in which a red team or hacker develops a strategy based on the information they can learn about the target, as well as what the available attack surface looks like. These scans may take time to detect relationships, but the Raccoon OSINT scanner coordinates several automated scans to generate invasive, detailed reports of a target with a single command.

Web site data such as software, URL registration information, and network information Like its IP addresses, it's critical for a hacker to determine which attack could be most effective. Rather than performing separate scans to collect this information, Raccoon Scanner searches for available information about target domains with a single command.

Domain OSINT Really Fast

While the use of scanners such as Nmap is typical For Recon, the ability to recognize relationships is often better for tools like Maltego. In general, Maltego is an excellent tool for exploring relationships and digging deeply, but since the Classic Edition is available at a high price, not everyone has access to everything Maltego offers. The community edition has limitations on the number of results returned. This is not always the ideal choice for reconversion.

On the other hand, Nmap can better understand which ports are open or what types of services are running. It lets you quickly see what kind of setup is being done at the other end of a connection. In addition to Nmap, there are a large number of different scanners that can be used to autonomously collect OSINT information on a target. In fact, Sn1per is another tool for Recon Automation that also performs the vulnerability testing step.

What you need

To get started, you need to have installed and fully updated Kali Linux ( apt update ). I also noticed that the installation instructions included with GitHub for Raccoon Scanner did not work on my Kali system. Because they used Python pip, I used pip3 to install the racoon scanner, which worked well. If you have not installed pip3, you can do so with the following command: apt install

  apt update
apt install python3-pip 

Step 1: Install the Raccoon Scanner

To install the Raccoon Scanner, simply enter the following command:

  pip3 install raccoon_scanner 

If that does not work, you can It also tries to manually install the GitHub page of the tool using the usual git-clone method.

Step 2: View Options and Filters

To begin, you can enter Raccoon Help a list of all available filters. As Priceline stranded yesterday in the hot Nevada desert, I wanted to use Priceline.com as a test, but after a scan, we found that their website blocked our IP address for a week. Note that a raccoon scanner can trigger such a defensive behavior! Due to the reaction of priceline.com we will use pbs.org instead.

We can specify the destination we want to use by typing -t in front of the website we are looking for. 19659009] Use: Raccoon [OPTIONS]

options:
–version Displays the version and exits it.
-t, –target TEXT target to scan [required] -d, –dns-records TEXT Comma-separated DNS records for query.
Standard: A, MX, NS, CNAME, SOA, TXT
–tor-routing Route HTTP traffic through Tor (uses port
9050). Slows the total runtime significantly
–proxy-list TEXT Path to the proxy list file that would be used
for routing HTTP traffic. A proxy of the
List is chosen randomly for everyone
Request. Slows the total runtime
-c, –cookies TEXT Comma-separated cookies to add to
Requests. Should be in the form of key: value
Example: PHPSESSID: 12345, isMobile: false
–proxy TEXT Proxy address for forwarding HTTP traffic.
Slows the total runtime
-w, –wordlist TEXT Path to the word list that would be used for the URL
fuzzing
-T, –threads INTEGER Number of threads for the URL
Fuzzing / subdomain enumeration. Standard: 25
–ignored-response-codes TEXT Comma-separated list of HTTP status codes
to ignore fuzzing. By default:
302,400,401,402,403,404,503,504
–subdomain-list TEXT Path to the subdomain list file that would be
used for enumeration
-sc, –scripts Execute Nmap-Scan with -sC flag
-sv, –services Execute nmap scan with -sV flag
-f, –full-scan Run the nmap scan with -sV and -sC
-p, –port TEXT Use this port range for Nmap Scan instead of
the standard
-fr, –follow-redirects Follow redirections when fuzzing. Default: Wrong
(does not follow forwarding)
–tls-port INTEGER Use this port for TLS queries. Standard: 443
–skip-health-check Do not test the availability of the destination host
–no-url-fuzzing Do not use URLs
–no-sub-enum Do not bring any subdomains to brood animals
–skip-nmap-scan Do not perform an Nmap scan
-q, –quiet Does not print in stdout
-o, –outdir TEXT Directory destination for the scan output
–help View and exit this message

If you want to have a high buffer between you and your target, you can start a Tor service so that all checks on your target are done through a Tor relay. To do this, enter through in another terminal window to start a new Tor session, and enter -or- routing after your destination to indicate that Raccoon is connecting to make through Tor. 19659009] root @ nullbyte: ~ # raccoon -t priceline.com –tor-routing

_____ _____ _____ ____ ____ _ _
| __ / / ____ | / ____ | / __ / __ | | |
| | __) | / | | | | | | | | | | | | | | |
| _ / / / | | | | | | | | | | | | | , & # 39; |
| | / ____ | | ____ | | ____ | | __ | | | | __ | | | | |
| _ | _ / _ / _ _____ | _____ | ____ / ____ / | _ | _ |

4841434b544845504c414e4554

https://github.com/evyatarmedged/Raccoon
————————————————– ————————–

[!] Testing that the Tor service is running …
[!] Validated Tor service is active. Guide traffic anonymously

### Raccoon scan started ###

[#] Attempts to gather information about the host: priceline.com
[!] priceline.com found as a nude domain
[v] Write DNS query results

[#] Set Nmap Scan to run in the background
[#] Nmap script to run: nmap -Pn priceline.com
[v] Nmap Scanning Launched

It is worth noting that Tor Exit notes are known to be "dirty", meaning that malicious traffic is regularly detected by them. Many websites block traffic from Tor because they know they are likely to be harmful, which results in the scanner being unable to retrieve results.

Step 3: Selecting and Scanning a Target Domain

We will do a scan on pbs.org using a Tor proxy. One thing to note is that due to misuse, many domains blacklist Tor-based IP addresses, which means using a Tor relay can produce fewer results than using a non-dirty IP address. Since Tor can be used by anyone, many website owners treat Tor traffic as inherently suspect.

To begin our scan, we can enter the following:

  Raccoon -t pbs.org --tor-relay 

This scan will take a long time, depending on the size of the target area. Using the – tor-relay flag also increases the time. If you find that it is running too slowly and it is not important for the destination to be scanned from your IP address, you can do so without the Tor relay and use a VPN or proxy.

Step 4: Navigate to Results and Read Reports

Once the scan is complete, a folder is created where the results of the scan are saved. To find these, type the following in a terminal window to change ( cd ) to the root, then the scan results, then list them ( ls )
cd Raccoon_scan_results
ls

Now you should see a list of all sites against which you have created a report. To continue, we enter cd pbs.org because this is the last scan we performed. Finally, we can enter ls to display all text files available in the report. To open these, we use nano.

  root @ nullbyte: ~ # ls
airgedon documents modwifi images raccoon templates
Desktop Downloads Music Public Racoon_scan_results & # 39; respero.pca & # 39;
root @ nullbyte: ~ # cd Raccoon_scan_results
root @ nullbyte: ~ # ls
pbs.org
root @ nullbyte: ~ / Raccoon_scan_results # cd pbs.org
root @ nullbyte: ~ / Raccoon_scan_results / pbs.org # ls
dns_mapping.png nmap_scan.txt subdomain_fuzz.txt tls_report.txt WAF.txt
dns_records.txt robots.txt subdomains.txt url_fuzz.txt web_scan.txt
root @ nullbyte: ~ / Raccoon_scan_results / pbs.org # 

Step 5: Interpreting the Scan Reports

To begin interpreting the results, we can use nano to evaluate the results of the nmap Scans open nmap_scan.txt . This will allow us to see the pbs.org IP address and any discovered ports. We can close this window by typing Ctrl-X .

  Nmap 7.70 (https://nmap.org) will launch on 2018-08-23 02:10 PDT
Nmap Scan report for pbs.org (54.225.206.152)
Host is active (0.096s latency).
Other addresses for pbs.org (not scanned): 54,225,198,196
rDNS record for 54.225.206.152: ec2-54-225-206-152.compute-1.amazonaws.com
Not shown: 998 filtered ports
Port State Service
80 / TCP open http
443 / TCP open https

Nmap finished: 1 IP address (1 host-up) scanned in 9.04 seconds 

Here we see that the IP address for pbs.org is 54.225.206.152 and the expected ports 80 and 443 for the web Traffic has opened. We can also see a "compute-1.amazonaws.com" address under the rDNS record, which gives us some clues about the service provider used.

Next, we see a list of subdomains that we discovered under the main domain by entering nano subdomains.txt . "This list can be used to further identify vulnerabilities by exposing the results of a vulnerability scanner such as Nikto.

  [1;34m[#] [0; 0m Enumerating Subdomains
[93m[!] [0; 0m Trying to find subdomains in the SAN list
[1;32m[v] [0; 0m subdomain recognized: ops.pbs.org
[1;32m[v] [0; 0m subdomain detected: sentry.pbs.org
[1;32m[v] [0; 0m subdomain detected: www-cache.pbs.org
[1;32m[v] [0; Discovered 0m subdomain: jaws.pbs.org
[1;32m[v] [0; 0m discovered subdomain: video.pbs.org
[1;32m[v] [0; 0m subdomain detected: image.pbs.org
[1;32m[v] [0; 0m subdomain detected: player.pbs.org
[1;32m[v] [0; 0m subdomain detected: login.pbs.org
[1;32m[v] [0; 0m subdomain detected: admin.pbs.org
[1;32m[v] [0; 0m subdomain recognized: teacherline.pbs.org
[1;32m[v] [0; 0m subdomain detected: git.pbs.org
[1;32m[v] [0; 0m subdomain recognized: dipsy-tc.pbs.org
[1;32m[v] [0; 0m subdomain recognized: koth-qa.svp.pbs.org
[1;32m[v] [0; 0m subdomain detected: heart.ops.pbs.org
[1;32m[v] [0; 0m subdomain recognized: account.pbs.org
[1;32m[v] [0; 0m subdomain detected: weta-qa.svp.pbs.org
[1;32m[v] [0; 0m subdomain detected: wnet.video-qa.pbs.org
[1;32m[v] [0; 0m subdomain recognized: www.pbs.org
[1;32m[v] [0; 0m subdomain detected: wnet.video-staging.pbs.org
[1;32m[v] [0; 0m subdomain detected: docs.pbs.org
[1;32m[v] [0; 0m subdomain detected: projects.pbs.org
[1;32m[v] [0; 0m subdomain detected: whut-qa.svp.pbs.org
[1;32m[v] [0; 0m subdomain detected: ga.video.cdn.pbs.org
[1;32m[v] [0; 0m subdomain recognized: kids.pbs.org
[1;32m[v] [0; 0m subdomain detected: urs.pbs.org
[93m[!] [0; 0m Try to discover subdomains in Google
[1;32m[v] [0; 0m Detected subdomain by Google dorking: shop.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Labto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: to.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: LearningMediato.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google Dorking: Timeto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Playto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: YouTubeto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Podcaststo.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Mediumto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: KIDSto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Mediato.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: PBSKidsto.pbs.org
[93m[!][0;0m Trying to extract subdomains from DNS dumpster
[1;31m[x]  [0; 0m Failed to query the DNS Recycle Bin for subdomains
[93m[!] [0; 0m Bruteforcing subdomains
[1;34m[#] [0; 0m Done listing subdomains
[1;34m[#] [0; 0m enumeration of subdomains
[93m[!] [0; 0m Trying to find subdomains in the SAN list
[1;32m[v] [0; 0m subdomain detected: git.pbs.org
[1;32m[v] [0; 0m subdomain detected: login.pbs.org
[1;32m[v] [0; 0m subdomain detected: projects.pbs.org
[1;32m[v] [0; 0m subdomain detected: ga.video.cdn.pbs.org
[1;32m[v] [0; 0m subdomain recognized: dipsy-tc.pbs.org
[1;32m[v] [0; 0m subdomain detected: whut-qa.svp.pbs.org
[1;32m[v] [0; 0m subdomain detected: heart.ops.pbs.org
[1;32m[v] [0; 0m subdomain detected: player.pbs.org
[1;32m[v] [0; Discovered 0m subdomain: jaws.pbs.org
[1;32m[v] [0; 0m subdomain recognized: kids.pbs.org
[1;32m[v] [0; 0m subdomain recognized: account.pbs.org
[1;32m[v] [0; 0m subdomain recognized: teacherline.pbs.org
[1;32m[v] [0; 0m subdomain detected: www-cache.pbs.org
[1;32m[v] [0; 0m subdomain detected: image.pbs.org
[1;32m[v] [0; 0m subdomain detected: admin.pbs.org
[1;32m[v] [0; 0m subdomain recognized: koth-qa.svp.pbs.org
[1;32m[v] [0; 0m subdomain detected: urs.pbs.org
[1;32m[v] [0; 0m subdomain recognized: ops.pbs.org
[1;32m[v] [0; 0m subdomain detected: wnet.video-staging.pbs.org
[1;32m[v] [0; 0m subdomain detected: weta-qa.svp.pbs.org
[1;32m[v] [0; 0m subdomain detected: sentry.pbs.org
[1;32m[v] [0; 0m discovered subdomain: video.pbs.org
[1;32m[v] [0; 0m subdomain detected: wnet.video-qa.pbs.org
[1;32m[v] [0; 0m subdomain recognized: www.pbs.org
[1;32m[v] [0; 0m subdomain detected: docs.pbs.org
[93m[!] [0; 0m Try to discover subdomains in Google
[1;32m[v] [0; 0m Detected subdomain by Google dorking: KIDSto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: PBSKidsto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Playto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Avenueto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Initiativeto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: shop.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: Rewireto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: YouTubeto.pbs.org
[1;32m[v] [0; 0m Detected subdomain by Google dorking: to.pbs.org
[93m[!] [0; 0m Trying to extract subdomains from the DNS container
[1;32m[v] [0; 0m subdomain found in DNS container: dam-qa.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: fc.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: sentry-poc.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dam-v6poc.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: source.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: ocsedge.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: stationexchange.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: people.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: webportal.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dam.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: itdrvpn.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: remoteapp.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: soup.pbs.org
[1;32m[v] [0; 0m subdomain found in the DNS container: images.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: shares.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: adfs.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: clips.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: creativelabrequest.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: tableau.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dam-dev.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: 3770-anlz01.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: 3770-anlz02.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: 3770-anlz03.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: 3770-anlz04.pbs.org
[1;32m[v] [0; 0m subdomain found in the DNS container: mediasoc.pbs.org
[1;32m[v] [0; 0m subdomain found in the DNS container: audio.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mail.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: autodiscover.pbs.org
[1;32m[v] [0; 0m subdomain found in the DNS container: backup.vpn.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: bvweb.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dam1-ext.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dam2-ext.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dns2.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: dns4.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: drlist.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: drmail.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: ed-dev.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: r53-vip.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: open.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: r53-api-vip.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: teacherline.pbs.org
[1;32m[v] [0; 0m subdomain found in the DNS container: www.teacherline.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: search.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: newshour.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: producers.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: misc-redirect.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: edsearch.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: excl.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: ntbvpn.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: freshdesk2smartbear.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: ftp2.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: itdr.vpn.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: listserv.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mail.public.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mxgw1.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mxgw2.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mxout.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: ntb.vpn.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mft-v6poc.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: orion.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: pbsftp.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: primary.vpn.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: pss.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: scand01.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: techops.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: sip.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: ildbcl3.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: pbsvideodb.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mft.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: smtp1.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: smtp2.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: stageftp.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: stwebservices.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: tlcftest.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: tllinux2.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: mobile.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: tlreal.pbs.org
[1;32m[v] [0; 0m subdomain found in the DNS container: videoindex.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: productorsworkshop.pbs.org
[1;32m[v] [0; 0m subdomain found in DNS container: webftp2.pbs.org
[93m[!] [0; 0m Bruteforcing subdomains
[1;34m[#] [0;0mDoneEnumerationofSubdomains

Next we can look at the results of the attempt to force common subdomains with the Raccoon built-in word list stored under "subdomain_fuzz.txt". If placeholders are used on the site, we are likely to see a false positive result on each word phrase attempt. Here's a limited answer, indicating that they are probably valid domains.

  [1;34m[#][0;0m Reading from list: /usr/local/lib/python3.6/dist-packages/raccoon_src/wordlists/subdomains
	[1;34m[301][0;0m http://beta.pbs.org redirects to https://beta.pbs.org/
	[1;34m[301][0;0m http://WWW.pbs.org redirects to https://www.pbs.org/
	[1;34m[301][0;0m http://blogs.pbs.org redirects to http://www.pbs.org
	[1;32m[200][0;0m http://admin.pbs.org
	[1;32m[200][0;0m http://webdisk.video.pbs.org
	[1;31m[405][0;0m http://sentry.pbs.org
	[1;34m[301][0;0m http://development.pbs.org redirects to http://www.pbs.org/development/
	[1;32m[200][0;0m http://services.pbs.org
	[1;34m[301][0;0m http://kids.pbs.org redirects to http://pbskids.org/
	[1;34m[301][0;0m http://shop.pbs.org redirects to https://shop.pbs.org/
	[1;34m[301][0;0m http://api.pbs.org redirects to http://api.pbs.org/admin/
	[1;32m[200][0;0m http://autodiscover.video.pbs.org
	[1;32m[200][0;0m http://log.pbs.org
	[1;34m[301][0;0m http://chrome.pbs.org redirects to http://jaws.pbs.org/
	[1;34m[301][0;0m http://merlin.pbs.org redirects to http://merlin.pbs.org/django-admin/
	[1;34m[301][0;0m http://login.pbs.org redirects to https://account.pbs.org/
	[1;34m[301][0;0m http://www.shop.pbs.org redirects to https://shop.pbs.org/
	[1;32m[200][0;0m http://autoconfig.video.pbs.org
	[1;34m[301][0;0m http://open.pbs.org redirects to https://open.pbs.org/
	[1;32m[200][0;0m http://dev.pbs.org
	[1;34m[301][0;0m http://search.pbs.org redirects to http://www.pbs.org/search/
	[1;34m[301][0;0m http://cgi.pbs.org redirects to http://www.pbs.org/
	[1;32m[200][0;0m http://ops.pbs.org
	[1;34m[301][0;0m http://qa.pbs.org redirects to https://qa.pbs.org/
	[1;34m[301][0;0m http://account.pbs.org redirects to https://account.pbs.org/
	[1;34m[301][0;0m http://www.video.pbs.org redirects to http://video.pbs.org/
	[1;34m[301][0;0m http://sales.pbs.org redirects to http://www.pbs.org/development/category/corporatesupport/
	[1;34m[301]  [0; 0m http://video.pbs.org Redirects to http://www.pbs.org/ Video /
[1;34m[#][0;0m Reading from list: /usr/local/lib/python3.6/dist-packages/raccoon_src/wordlists/subdomains
	[1;34m[301][0;0m http://beta.pbs.org redirects to https://beta.pbs.org/
	[1;34m[301][0;0m http://api.pbs.org redirects to http://api.pbs.org/admin/
	[1;34m[301][0;0m http://WWW.pbs.org redirects to https://www.pbs.org/
	[1;32m[200][0;0m http://dev.pbs.org
	[1;34m[301][0;0m http://account.pbs.org redirects to https://account.pbs.org/
	[1;34m[301][0;0m http://video.pbs.org redirects to http://www.pbs.org/video/
	[1;32m[200][0;0m http://ops.pbs.org
	[1;32m[200][0;0m http://admin.pbs.org
	[1;34m[301][0;0m http://search.pbs.org redirects to http://www.pbs.org/search/
	[1;31m[405][0;0m http://sentry.pbs.org
	[1;34m[301][0;0m http://cgi.pbs.org redirects to http://www.pbs.org/
	[1;32m[200][0;0m http://services.pbs.org
	[1;32m[200][0;0m http://autoconfig.video.pbs.org
	[1;34m[301][0;0m http://open.pbs.org redirects to https://open.pbs.org/
	[1;34m[301][0;0m http://qa.pbs.org redirects to https://qa.pbs.org/
	[1;32m[200][0;0m http://log.pbs.org
	[1;34m[301][0;0m http://shop.pbs.org redirects to https://shop.pbs.org/
	[1;34m[301][0;0m http://login.pbs.org redirects to https://account.pbs.org/
	[1;34m[301][0;0m http://www.video.pbs.org redirects to http://video.pbs.org/
	[1;34m[301][0;0m http://www.shop.pbs.org redirects to https://shop.pbs.org/
	[1;32m[200][0;0m http://webdisk.video.pbs.org
	[1;34m[301][0;0m http://blogs.pbs.org redirects to http://www.pbs.org
	[1;34m[301][0;0m http://chrome.pbs.org redirects to http://jaws.pbs.org/
	[1;34m[301][0;0m http://development.pbs.org redirects to http://www.pbs.org/development/
	[1;34m[301][0;0m http://sales.pbs.org redirects to http://www.pbs.org/development/category/corporatesupport/
	[1;34m[301][0;0m http://kids.pbs.org redirects to http://pbskids.org/
	[1;34m[301][0;0m http://merlin.pbs.org redirects to http://merlin.pbs.org/django-admin/
	[1;32m[200]  [0;0mhttp://autodiscovervideopbsorg

Next we can examine how the site encrypts its traffic by opening the file "tls_report.txt".

  [1;34m[#] [0; 0m Began collecting TLS data for pbs.org
[1;34m[#] [0; 0m Complete the collection of TLS data
[1;32m[v] [0; 0m Supported ciphers:
| TLSv1.0:
| digits:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (ie 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (RSA 2048) - C - [1; 31mWEAK [0; 0m
| compressors:
| ZERO
| Encryption setting: Server
| warnings:
[1; 31m | 64-bit block cipher 3DES vulnerable to SWEET32 attack [0; 0m
| TLSv1.1:
| digits:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (ie 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (RSA 2048) - C - [1; 31mWEAK [0; 0m
| compressors:
| ZERO
| Encryption setting: Server
| warnings:
[1; 31m | 64-bit block cipher 3DES vulnerable to SWEET32 attack [0; 0m
| TLSv1.2:
| digits:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (ie 2048) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (ie 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (ie 2048) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (ie 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (ie 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (ie 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (RSA 2048) - C - [1; 31mWEAK [0; 0m
| compressors:
| ZERO
| Encryption setting: Server
| warnings:
[1; 31m | 64-bit block cipher 3DES vulnerable to SWEET32 attack [0; 0m
| lowest strength: C

-------------------------------------------------- ------------------------------

SNI data:

TLSv1: True

TLSv1.1: True

TLSv1.2: True

SANs:
---------------
ops.pbs.org
sentry.pbs.de
www-cache.pbs.org
jaws.pbs.org
video.pbs.org
image.pbs.org
player.pbs.org
login.pbs.org
pbs.org
admin.pbs.org
lehrerleitung.pbs.org
git.pbs.org
dipsy-tc.pbs.org
koth-qa.svp.pbs.org
herz.ops.pbs.org
account.pbs.org
weta-qa.svp.pbs.org
wnet.video-qa.pbs.org
www.pbs.org
wnet.video-staging.pbs.org
docs.pbs.org
projekte.pbs.org
whut-qa.svp.pbs.org
ga.video.cdn.pbs.org
kids.pbs.org
urs.pbs.de
---------------

Certificate:
Dates:
Version: 3 (0x2)
Order number:
03: f2: 63: 93: 70: 71: b1: fd: 40: cc: f7: e9: dc: c3: b2: 30: 11: 97
Signature algorithm: sha256WithRSAEncryption
Exhibitor: C = US, O = Let's Encrypt, CN = Let's encrypt Authority X3
validity
Not before: July 5 08:31:20 2018 GMT
Not after: October 3 08:31:20 2018 GMT
Theme: CN = www.pbs.org
Subject Public Key Info:
Public key algorithm: rsaEncryption
Public key: (2048 bits)
Module:
00: b4: f6: 7a: b6: 8e: 5c: da: 54: 50: bd: e5: d2: d7: DE:
b8: a0: fb: 4f: c1: 61: 71: 85: b0: 1d: 8c: 5b: f8: 51: 59:
4d: da: 62: c3: bc: 48: 47: 49: 6d: 72: f2: 11: eb: cb: f3:
6a: de: fe: fe: e4: 59: 56: e2: 1e: 07: 91: 17: 33: b4: 38:
11: b0: 47: 9d: 32: a0: f1: bf: 2d: 5e: 49: b6: 77: 16: e2:
17: 78: 6e: 87: 7a: 3a: 8d: d3: d7: b8: 0b: 34: 5a: 1f: 28:
27: f9: 66: f3: 11: 0f: b1: c1: 24: d1: 57: f2: 28: e5: 76:
c6: cb: eg: 87: b3: 45: 45: ee: e5: 28: 56: d1: 52: 80: d2:
98: 3b: 4a: 3e: ec: bc: ab: 4b: 9c: cc: e7: 9d: 9b: 73: 19:
92: 4c: 16: b1: 18: 99: 64: 18: b1: 22: eb: fa: 15: 09: aa:
7a: 6d: d1: 43: c3: eg: 50: e8: d5: af: a0: 09: 57: 01: 08:
4c: d2: 3d: ee: 75: a1: ee: 12: d2: 72: c9: 51: 40: 26: cd:
25: 78: f6: eb: c9: 6a: 7f: there: 9f: e5: a8: 09: a5: 3a: a8:
9e: 2d: 57: d5: 56: 9d: 80: c7: e4: 91: 82: 69: c2: 4a: DE:
58: 2c: e8: a0: 6e: 3f: 24: a5: 74: 41: 94: a2: b1: 47: 13:
16: 0e: 40: 02: 30: 7f: e7: 23: 1d: 60: f2: c2: 6f: 8b: 18:
b2: e0: d5: 68: eg: e1: 92: 3a: 24: 1e: bb: 94: 59: 40: f3:
6c: cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 key usage: critical
Digital signature, key encryption
X509v3 advanced key usage:
TLS web server authentication, TLS web client authentication
X509v3 Basic restrictions: critical
CA: WRONG
X509v3 Subject Key ID:
76: AD: A5: A1: 7C: 26: 43: 2E: 5B: 91: 7F: 42: 72: 21: FE: 3C: FA: 4F: 48: 3A
X509v3 authorization key ID:
Key: A8: 4A: 6A: 63: 04: 7D: DD: BA: E6: D1: 39: B7: A6: 45: 65: EF: F3: A8: EC: A1

Access to official information:
OCSP - URI: http://ocsp.int-x3.letsencrypt.org
CA Exhibitor - URI: http: //cert.int-x3.letsencrypt.org/

X509v3 certificate policies:
Guideline: 2.23.140.1.2.1
Directive: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
Note to users:
Explicit text: This certificate may only be used by relying parties and only in accordance with the certificate policy found at https://letsencrypt.org/repository/.

CT Pre-Certificate SCTs:
Timestamp of the signed certificate:
Version: v1 (0x0)
Log-ID: DB: 74: AF: EE: CB: 29: EG: B1: FE: CA: 3E: 71: 6D: 2C: E5: B9:
AA: BB: 36: F7: 84: 71: 83: C7: 5D: 9D: 4F: 37: B6: 1F: BF: 64
Timestamp: July 5 09: 31: 20,892 2018 GMT
Extensions: none
Signature: Ecdsa-with-SHA256
30: 46: 02: 21: 00: B9: 61: FB: EG: BB: 91: DA: DD: F3: F0: 48:
D4: 61: B8: CB: 09: A0: 7F: 20: 6C: B7: 1F: 13: 7B: EE: 11: 5C:
4F: CF: 0E: 6B: 63: 02: 21: 00: EC: C2: 21: 16: 6E: 90: E0: DA:
FC: 02: 9A: FC: 5A: 3A: D0: 92: 38: 8B: 83: 39: 83: 1D: 3B: A9:
FE: 58: 06: 2C: 4D: BF: 74: 3B
Timestamp of the signed certificate:
Version: v1 (0x0)
Log-ID: 29: 3C: 51: 96: 54: C8: 39: 65: BA: AA: 50: FC: 58: 07: D4: B7:
6F: BF: 58: 7A: 29: 72: DC: A4: C3: 0C: F4: E5: 45: 47: F4: 78
Timestamp: 5 Jul 09:31:20909 2018 GMT
Extensions: none
Signature: Ecdsa-with-SHA256
30: 46: 02: 21: 00: A0: 6B: 4C: 3D: 0C: E3: 35: B3: 71: E1: E5:
F2: 70: 89: 7D: CD: A4: BA: F7: 16: 12: 48: C5: A9: E7: DA: 3A:
EB: B3: E2: BB: 46: 02: 21: 00: 95: 29: A4: 22: F5: A3: B0: 66:
C7: 1A: 71: 1C: F9: 95: 6A: 69: 85: 56: 8B: 08: E1: C8: 3C: E7:
3B: 23: 1D: A2: D4: 5B: F3: 0C
    Signaturalgorithmus: sha256WithRSAEncryption
         4f: aa: 24: 2f: 7f: a9: a9: 30: 98: c4: 61: b9: a2: eb: d3: 93: 87: 43:
         9d: b8: 63: 0a: 2b: 5a: cd: a4: cc: 48: aa: c1: 8d: 35: 2c: 7c: 8a: 32:
         9f: 0b: f6: 6f: d3: 40: ab: d6: ae: df: d2: 11: d5: ee: 14: 4f: 43: 64:
         9d: f6: tt: 77: 7f: cb: 39: a4: 0a: db: d6: 73: a5: c1: 05: 4c: d2: ac:
         93: ea: 61: ed: ac: 12: 19: 2d: a2: 20: 0b: c9: 8e: dc: 9f: cb: f4: c8:
         fd: d6: 66: sei: 44: c4: 16: ff: c8: c9: e0: 0c: d6: 8d: e2: 13: 58: 24:
         9b: c8: 51: c7: a0: 33: 41: 3b: 32: 3d: 4e: 29: 08: 84: 6e: 42: d5: 63:
         56: ba: a7: 35: 89: 8c: 2c: 6c: 5c: bf: 8d: 75: 38: 3b: f4: 1a: cc: 3d:
         2d: b8: d9: 07: b5: 39: 78: 06: 4e: d3: c2: 1b: 45: 15: e4: ff: 3d: 50:
         2e: 74: 0d: c4: df: 2c: 19: 24: 04: 96: 21: 46: 98: 61: 47: 9d: eb: a1:
         55: a7: c5: 72: 41: 0b: 40: f3: 80: 2e: 17: 98: 27: b6: 5a: 58: vgl .: ae:
         e2: d5: 95: 2f: b6: a9: 15: 7b: 51: 48: 33: e4: a3: f2: 60: 3a: 80: eb:
         62: 08: 5c: 08: c7: 2d: 9c: a2: d8: e9: 3c: e4: d6: 9a: f9: ae: c1: 1a:
         d1: d4: ec: fe: 1f: 8f: 2e: 24: cc: 4e: 76: 26: 96: 22: 28: 9c: e5: a0:
         39: 73: 15: de
-------------------------------------------------- ------------------------------

Nicht-SNI-Daten:

TLSv1: Wahr

TLSv1.1: Wahr

TLSv1.2: Wahr

SANs:
---------------
 ops.pbs.org
sentry.pbs.de
www-cache.pbs.org
jaws.pbs.org
video.pbs.org
image.pbs.org
player.pbs.org
login.pbs.org
pbs.org
admin.pbs.org
lehrerleitung.pbs.org
git.pbs.org
dipsy-tc.pbs.org
koth-qa.svp.pbs.org
herz.ops.pbs.org
account.pbs.org
weta-qa.svp.pbs.org
wnet.video-qa.pbs.org
www.pbs.org
wnet.video-staging.pbs.org
docs.pbs.org
projekte.pbs.org
whut-qa.svp.pbs.org
ga.video.cdn.pbs.org
kids.pbs.org
urs.pbs.de
---------------

Gleich wie SNI-Zertifikat
[1;34m[#] [0; 0m Begann, TLS-Daten für pbs.org zu sammeln
[1;34m[#] [0; 0m Erledigt das Sammeln von TLS-Daten
[1;32m[v] [0; 0m Unterstützte Chiffren:
| TLSv1.0:
| Ziffern:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (RSA 2048) - C - [1; 31mWEAK [0; 0m
| Kompressoren:
| NULL
| Verschlüsselungseinstellung: Server
| Warnungen:
[1; 31m | 64-Bit Blockchiffre 3DES anfällig für SWEET32 Angriff [0; 0m
| TLSv1.1:
| Ziffern:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (RSA 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (RSA 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C - [1;31mWEAK[0;0m
| compressors:
| NULL
| cipher preference: server
| warnings:
[1;31m|       64-bit block cipher 3DES vulnerable to SWEET32 attack[0;0m
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C - [1;31mWEAK[0;0m
| compressors:
| NULL
| cipher preference: server
| warnings:
[1;31m|       64-bit block cipher 3DES vulnerable to SWEET32 attack[0;0m
|_  least strength: C

--------------------------------------------------------------------------------

SNI Data:

TLSv1: True

TLSv1.1: True

TLSv1.2: True

SANs:
---------------
 git.pbs.org
login.pbs.org
projects.pbs.org
ga.video.cdn.pbs.org
dipsy-tc.pbs.org
whut-qa.svp.pbs.org
heart.ops.pbs.org
player.pbs.org
jaws.pbs.org
kids.pbs.org
account.pbs.org
teacherline.pbs.org
www-cache.pbs.org
image.pbs.org
admin.pbs.org
koth-qa.svp.pbs.org
urs.pbs.org
ops.pbs.org
wnet.video-staging.pbs.org
weta-qa.svp.pbs.org
sentry.pbs.org
video.pbs.org
wnet.video-qa.pbs.org
www.pbs.org
docs.pbs.org
pbs.org
---------------

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f2:63:93:70:71:b1:fd:40:cc:f7:e9:dc:c3:b2:30:11:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
validity
            Not Before: Jul  5 08:31:20 2018 GMT
            Not After : Oct  3 08:31:20 2018 GMT
        Subject: CN = www.pbs.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:f6:7a:b6:8e:5c:da:54:50:bd:e5:d2:d7:de:
                    b8:a0:fb:4f:c1:61:71:85:b0:1d:8c:5b:f8:51:59:
                    4d:da:62:c3:bc:48:47:49:6d:72:f2:11:eb:cb:f3:
                    6a:de:fe:fe:e4:59:56:e2:1e:07:91:17:33:b4:38:
                    11:b0:47:9d:32:a0:f1:bf:2d:5e:49:b6:77:16:e2:
                    17:78:6e:87:7a:3a:8d:d3:d7:b8:0b:34:5a:1f:28:
                    27:f9:66:f3:11:0f:b1:c1:24:d1:57:f2:28:e5:76:
                    c6:cb:fe:87:b3:45:45:ee:e5:28:56:d1:52:80:d2:
                    98:3b:4a:3e:ec:bc:ab:4b:9c:cc:e7:9d:9b:73:19:
                    92:4c:16:b1:18:99:64:18:b1:22:eb:fa:15:09:aa:
                    7a:6d:d1:43:c3:fe:50:e8:d5:af:a0:09:57:01:08:
                    4c:d2:3d:ee:75:a1:ee:12:d2:72:c9:51:40:26:cd:
                    25:78:f6:eb:c9:6a:7f:da:9f:e5:a8:09:a5:3a:a8:
                    9e:2d:57:d5:56:9d:80:c7:e4:91:82:69:c2:4a:de:
                    58:2c:e8:a0:6e:3f:24:a5:74:41:94:a2:b1:47:13:
                    16:0e:40:02:30:7f:e7:23:1d:60:f2:c2:6f:8b:18:
                    b2:e0:d5:68:fe:e1:92:3a:24:1e:bb:94:59:40:f3:
                    6c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                76:AD:A5:A1:7C:26:43:2E:5B:91:7F:42:72:21:FE:3C:FA:4F:48:3A
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org
                  User Notice:
                    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DB:74:AF:EE:CB:29:EC:B1:FE:CA:3E:71:6D:2C:E5:B9:
                                AA:BB:36:F7:84:71:83:C7:5D:9D:4F:37:B6:1F:BF:64
                    Timestamp : Jul  5 09:31:20.892 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:B9:61:FB:EC:BB:91:DA:DD:F3:F0:48:
                                D4:61:B8:CB:09:A0:7F:20:6C:B7:1F:13:7B:EE:11:5C:
                                4F:CF:0E:6B:63:02:21:00:EC:C2:21:16:6E:90:E0:DA:
                                FC:02:9A:FC:5A:3A:D0:92:38:8B:83:39:83:1D:3B:A9:
                                FE:58:06:2C:4D:BF:74:3B
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Jul  5 09:31:20.909 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A0:6B:4C:3D:0C:E3:35:B3:71:E1:E5:
                                F2:70:89:7D:CD:A4:BA:F7:16:12:48:C5:A9:E7:DA:3A:
                                EB:B3:E2:BB:46:02:21:00:95:29:A4:22:F5:A3:B0:66:
                                C7:1A:71:1C:F9:95:6A:69:85:56:8B:08:E1:C8:3C:E7:
                                3B:23:1D:A2:D4:5B:F3:0C
    Signature Algorithm: sha256WithRSAEncryption
         4f:ea:24:2f:7f:a9:a9:30:98:c4:61:b9:a2:eb:d3:93:87:43:
         9d:b8:63:0a:2b:5a:cd:a4:cc:48:aa:c1:8d:35:2c:7c:8a:32:
         9f:0b:f6:6f:d3:40:ab:d6:ae:df:d2:11:d5:ee:14:4f:43:64:
         9d:f6:dd:77:7f:cb:39:a4:0a:db:d6:73:a5:c1:05:4c:d2:ac:
         93:ea:61:ed:ac:12:19:2d:a2:20:0b:c9:8e:dc:9f:cb:f4:c8:
         fd:d6:66:be:44:c4:16:ff:c8:c9:e0:0c:d6:8d:e2:13:58:24:
         9b:c8:51:c7:a0:33:41:3b:32:3d:4e:29:08:84:6e:42:d5:63:
         56:ba:a7:35:89:8c:2c:6c:5c:bf:8d:75:38:3b:f4:1a:cc:3d:
         2d:b8:d9:07:b5:39:78:06:4e:d3:c2:1b:45:15:e4:ff:3d:50:
         2e:74:0d:c4:df:2c:19:24:04:96:21:46:98:61:47:9d:eb:a1:
         55:a7:c5:72:41:0b:40:f3:80:2e:17:98:27:b6:5a:58:cf:ae:
         e2:d5:95:2f:b6:a9:15:7b:51:48:33:e4:a3:f2:60:3a:80:eb:
         62:08:5c:08:c7:2d:9c:a2:d8:e9:3c:e4:d6:9a:f9:ae:c1:1a:
         d1:d4:ec:fe:1f:8f:2e:24:cc:4e:76:26:96:22:28:9c:e5:a0:
         39:73:15:de
--------------------------------------------------------------------------------

non-SNI Data:

TLSv1: True

TLSv1.1: True

TLSv1.2: True

SANs:
---------------
 git.pbs.org
login.pbs.org
projects.pbs.org
ga.video.cdn.pbs.org
dipsy-tc.pbs.org
whut-qa.svp.pbs.org
heart.ops.pbs.org
player.pbs.org
jaws.pbs.org
kids.pbs.org
account.pbs.org
teacherline.pbs.org
www-cache.pbs.org
image.pbs.org
admin.pbs.org
koth-qa.svp.pbs.org
urs.pbs.org
ops.pbs.org
wnet.video-staging.pbs.org
weta-qa.svp.pbs.org
sentry.pbs.org
video.pbs.org
wnet.video-qa.pbs.org
www.pbs.org
docs.pbs.org
pbs.org
---------------

Same as SNI Certificate

This is a lot of information! Most importantly, we have gotten a warning about a high severity vulnerability in the transportation layer security of the website. In the report, we see the following warning:

64-bit block cipher 3DES vulnerable to SWEET32 attack

This vulnerability, known as the "sweet 32" attack or CVE-2016-2183, could allow an attacker to intercept and modify traffic between a visitor to the website and the server. We reported this vulnerability to pbs.org during the course of making this article.

Next, we can take a look at the dns_records.txt file to learn more information about IP addresses.

[1;32m[v][0;0m Writing DNS query results
ON

	54.225.198.196
	54.225.206.152
MX

	10 mxgw2.pbs.org.
	20 mxgw1.pbs.org.
NS

	ns1.p10.dynect.net.
	ns2.p10.dynect.net.
	ns4.p10.dynect.net.
	ns3.p10.dynect.net.
SOA

	ns1.p10.dynect.net. dnssupport.verisign-grs.com. 1534492239 3600 600 604800 1800
TXT

	"HOLciSiucyx9z9GJ0guhSicbiLe0Rm3WCSDQVy0AHuanMAOgr82WpdSHdFOw0HqcSaW6kuo5DAegSm0PC1ALJg=="
	"detectify-verification=1583bf00b85b6570195c4ec81a2625ae"
	"MS=ms58428140"
	"v=spf1 include:stspg-customer.com a:listserv.pbs.org a:smtp1.pbs.org a:smtp2.pbs.org a:mxout.pbs.org a:servers.mcsv.net include:k12msg.com ip4:184.173.19.244/30 ~all"
	"status-page-domain-verification=g90gln3s127q"
	"facebook-domain-verification=hxcquifih7vsf9z0u39e2t2ks317j6"
[1;32m[v][0;0m Writing DNS query results
ON

	54.225.206.152
	54.225.198.196
MX

	20 mxgw1.pbs.org.
	10 mxgw2.pbs.org.
NS

	ns3.p10.dynect.net.
	ns4.p10.dynect.net.
	ns1.p10.dynect.net.
	ns2.p10.dynect.net.
SOA

	ns1.p10.dynect.net. dnssupport.verisign-grs.com. 1534979967 3600 600 604800 1800
TXT

	"HOLciSiucyx9z9GJ0guhSicbiLe0Rm3WCSDQVy0AHuanMAOgr82WpdSHdFOw0HqcSaW6kuo5DAegSm0PC1ALJg=="
	"detectify-verification=1583bf00b85b6570195c4ec81a2625ae"
	"v=spf1 include:stspg-customer.com a:listserv.pbs.org a:smtp1.pbs.org a:smtp2.pbs.org a:mxout.pbs.org a:servers.mcsv.net include:k12msg.com ip4:184.173.19.244/30 ~all"
	"facebook-domain-verification=hxcquifih7vsf9z0u39e2t2ks317j6"
	"status-page-domain-verification=g90gln3s127q"
	"MS=ms58428140"

This gives us information about the email server the domain uses, the IP addresses involved in serving users, and other important domains like "dynect.net" which could lead us to information about hosting and infrastructure providers.

Next, we can take a look at the software powering the website inside the "web_scan" report. We also get information about email addresses discovered, fuzzable URLs, and HTML forms along with form methods discovered. This could help us in automating an attack against the website by studying the underlying software.

[1;34m[#][0;0m Trying to collect pbs.org web application data
[1;32m[v][0;0m CMS detected: target is using [1;32mDjango Framework[0;0m
[1;32m[v][0;0m Found robots.txt
[1;32m[v][0;0m Web server detected: [1;32mnginx[0;0m
[93m[!][0;0m 28 fuzzable URLs discovered
	http://to.pbs.org/2mFOyNc?utm_source=carousel_bundle_3&utm_medium=related_link_3&utm_campaign=pbs_homepage
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=premiere_link&utm_campaign=pbs_homepage
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/our-man-in-tehran-part-one-p9eu3w&text=Check%20out%20this%20video%20from%20@PBS:%20FRONTLINE,%20Our%20Man%20in%20Tehran%20%28Part%20One%29
	https://shop.pbs.org/?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_footer_shoplink
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/the-final-7d9s6z&text=Check%20out%20this%20video%20from%20@PBS:%20The%20Great%20British%20Baking%20Show,%20The%20Final
	https://shop.pbs.org/?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_shopbuttontopnav
	http://to.pbs.org/2m7l6fD?utm_source=carousel_bundle_3&utm_medium=related_link_2&utm_campaign=pbs_homepage
	https://account.pbs.org/oauth2/social/login/google-oauth2/?scope=account+vppa&redirect_uri=https://www.pbs.org/login/&response_type=code&client_id=LXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE
	https://shop.pbs.org/digital-downloads?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_footer_digital
	https://shop.pbs.org/drama-and-arts-best-sellers?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home-show_module_20OffDramaArts_AUG18
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/trailer-g7chzs&t=The%20Miniaturist,%20Trailer
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/shields-and-brooks-1534525761&text=Check%20out%20this%20video%20from%20@PBS:%20PBS%20NewsHour,%20Shields%20and%20Brooks%20on%20%E2%80%98reality%20show%E2%80%99%20rules
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/our-man-in-tehran-part-two-7elm5x&t=FRONTLINE,%20Our%20Man%20in%20Tehran%20%28Part%20Two%29
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/our-man-in-tehran-part-one-p9eu3w&t=FRONTLINE,%20Our%20Man%20in%20Tehran%20%28Part%20One%29
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/our-man-in-tehran-part-two-7elm5x&text=Check%20out%20this%20video%20from%20@PBS:%20FRONTLINE,%20Our%20Man%20in%20Tehran%20%28Part%20Two%29
	https://account.pbs.org/oauth2/register/?next=%2Foauth2%2Fauthorize%2F%3Fscope%3Daccount%2Bvppa%26redirect_uri%3Dhttps%3A%2F%2Fwww.pbs.org%2Flogin%2F%26response_type%3Dcode%26client_id%3DLXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE%26confirmed%3D1
	https://account.pbs.org/oauth2/social/login/facebook/?scope=account+vppa&redirect_uri=https://www.pbs.org/login/&response_type=code&client_id=LXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=related_link_1&utm_campaign=pbs_homepage
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=headline&utm_campaign=pbs_homepage
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/shields-and-brooks-1534525761&t=PBS%20NewsHour,%20Shields%20and%20Brooks%20on%20%E2%80%98reality%20show%E2%80%99%20rules
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=image&utm_campaign=pbs_homepage
	https://account.pbs.org/oauth2/authorize/?scope=account+vppa&redirect_uri=https://www.pbs.org/login/&response_type=code&client_id=LXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE
	https://shop.pbs.org/?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_shopbuttontopnav_dropdown_shophomepage
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/the-final-7d9s6z&t=The%20Great%20British%20Baking%20Show,%20The%20Final
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/trailer-g7chzs&text=Check%20out%20this%20video%20from%20@PBS:%20The%20Miniaturist,%20Trailer
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=short_description&utm_campaign=pbs_homepage
	https://shop.pbs.org/digital-downloads?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_shopbuttontopnav_dropdown_digital
	https://plus.google.com/share?url=https://www.pbs.org/video/trailer-g7chzs
[93m[!][0;0m 1 email addresses discovered
	?subject=Check out this video from PBS: Trailer&body=I thought you might like this: https://www.pbs.org/video/trailer-g7chzs
[93m[!][0;0m 2 HTML forms discovered
	Form details: ID: None, Class: ['dropdown', 'nav-item--search__form', 'an-18_2']Method: None, action: /search/
	Form details: ID: None, Class: ['dropdown', 'nav-item--search__form', 'an-18_2']Method: None, action: /search/
[1;34m[#][0;0m Trying to collect pbs.org web application data
[1;32m[v][0;0m CMS detected: target is using [1;32mDjango Framework[0;0m
[1;32m[v][0;0m Found robots.txt
[1;32m[v][0;0m Web server detected: [1;32mnginx[0;0m
[93m[!][0;0m 28 fuzzable URLs discovered
	http://to.pbs.org/2mFOyNc?utm_source=carousel_bundle_3&utm_medium=related_link_3&utm_campaign=pbs_homepage
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/our-man-in-tehran-part-one-p9eu3w&t=FRONTLINE,%20Our%20Man%20in%20Tehran%20%28Part%20One%29
	https://plus.google.com/share?url=https://www.pbs.org/video/trailer-g7chzs
	https://shop.pbs.org/digital-downloads?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_shopbuttontopnav_dropdown_digital
	http://to.pbs.org/2m7l6fD?utm_source=carousel_bundle_3&utm_medium=related_link_2&utm_campaign=pbs_homepage
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/first-look-wd8rsm&text=Check%20out%20this%20video%20from%20@PBS:%20Poldark,%20First%20Look
	https://shop.pbs.org/digital-downloads?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_footer_digital
	https://shop.pbs.org/?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_shopbuttontopnav
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/shields-and-brooks-1534525761&text=Check%20out%20this%20video%20from%20@PBS:%20PBS%20NewsHour,%20Shields%20and%20Brooks%20on%20%E2%80%98reality%20show%E2%80%99%20rules
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/shields-and-brooks-1534525761&t=PBS%20NewsHour,%20Shields%20and%20Brooks%20on%20%E2%80%98reality%20show%E2%80%99%20rules
	https://account.pbs.org/oauth2/authorize/?scope=account+vppa&redirect_uri=https://www.pbs.org/login/&response_type=code&client_id=LXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=short_description&utm_campaign=pbs_homepage
	https://account.pbs.org/oauth2/social/login/facebook/?scope=account+vppa&redirect_uri=https://www.pbs.org/login/&response_type=code&client_id=LXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=headline&utm_campaign=pbs_homepage
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/first-look-wd8rsm&t=Poldark,%20First%20Look
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/trailer-g7chzs&text=Check%20out%20this%20video%20from%20@PBS:%20The%20Miniaturist,%20Trailer
	https://shop.pbs.org/pbs-best-sellers?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home-show_module_15Off6920Off9925Off150_AUG18
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=premiere_link&utm_campaign=pbs_homepage
	https://shop.pbs.org/?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_shopbuttontopnav_dropdown_shophomepage
	https://account.pbs.org/oauth2/social/login/google-oauth2/?scope=account+vppa&redirect_uri=https://www.pbs.org/login/&response_type=code&client_id=LXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/trailer-g7chzs&t=The%20Miniaturist,%20Trailer
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/our-man-in-tehran-part-one-p9eu3w&text=Check%20out%20this%20video%20from%20@PBS:%20FRONTLINE,%20Our%20Man%20in%20Tehran%20%28Part%20One%29
	https://shop.pbs.org/?utm_source=PBS&utm_medium=Link&utm_campaign=pbs_home_footer_shoplink
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=related_link_1&utm_campaign=pbs_homepage
	https://account.pbs.org/oauth2/register/?next=%2Foauth2%2Fauthorize%2F%3Fscope%3Daccount%2Bvppa%26redirect_uri%3Dhttps%3A%2F%2Fwww.pbs.org%2Flogin%2F%26response_type%3Dcode%26client_id%3DLXLFIaXOVDsfS850bnvsxdcLKlvLStjRBoBWbFRE%26confirmed%3D1
	http://www.pbs.org/value/home/?utm_source=carousel_bundle_3&utm_medium=image&utm_campaign=pbs_homepage
	https://www.facebook.com/sharer/sharer.php?u=https://www.pbs.org/video/the-final-7d9s6z&t=The%20Great%20British%20Baking%20Show,%20The%20Final
	https://www.twitter.com/intent/tweet?url=https://www.pbs.org/video/the-final-7d9s6z&text=Check%20out%20this%20video%20from%20@PBS:%20The%20Great%20British%20Baking%20Show,%20The%20Final
[93m[!][0;0m 1 email addresses discovered
	?subject=Check out this video from PBS: Trailer&body=I thought you might like this: https://www.pbs.org/video/trailer-g7chzs
[93m[!][0;0m 2 HTML forms discovered
	Form details: ID: None, Class: ['dropdown', 'nav-item--search__form', 'an-18_2']Method: None, action: /search/
	Form details: ID: None, Class: ['dropdown', 'nav-item--search__form', 'an-18_2']Method: None, action: /search/

You can learn more information about the web application firewall in the "WAF.txt" report, but our scan did not detect one.

Basic information about the registered domain owner can also be found under the "whois.txt" report, although many times this registration information is just for the company who registered the domain on behalf of the customer.

Recon Is an Essential Part of Any Plan

By using Raccoon scanner, a hacker can streamline an attack according to the surface area discovered in an initial scan. Because Raccoon scanner includes the ability to scan through a Tor relay, it's an exciting and subtle tool for compiling a lot of targeting data about a domain in an extremely short period of time.

For a red team or for a blue team looking to understand their publically exposed attack surface, Raccoon hits the sweet spot between Maltego and Nmap for OSINT recon on domain targets.

I hope you enjoyed this guide to using Raccoon scanner to gather OSINT data on a target domain! If you have any questions about this tutorial on Raccoon scanner or you have a comment, feel free to reach me in the comments below or on Twitter @KodyKinzie.

Cover photo and screenshots by Kody/Null Byte




Source link