RustScan
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/roquefort]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
Please contribute more quotes to our GitHub https://github.com/rustscan/rustscan
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.206.67:21
Open 192.168.206.67:22
Open 192.168.206.67:2222
Open 192.168.206.67:3000
Nmap
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/roquefort]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-04 13:36 CEST
Nmap scan report for 192.168.206.67
Host is up (0.023s latency).
Not shown: 65530 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.5b
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
| ssh-hostkey:
| 2048 aa:77:6f:b1:ed:65:b5:ad:14:64:40:d2:24:d3:9c:0d (RSA)
| 256 a9:b4:4f:61:2e:2d:9d:4c:48:15:fe:70:8e:fa:af:b3 (ECDSA)
|_ 256 92:56:eb:af:c9:34:af:ea:a1:cf:9f:e1:90:dd:2f:61 (ED25519)
2222/tcp open ssh Dropbear sshd 2016.74 (protocol 2.0)
3000/tcp open http Golang net/http server
| fingerprint-strings:
| GenericLines, Help:
| HTTP/1.1 400 Bad Request
| Content-Type: text/plain; charset=utf-8
| Connection: close
| Request
| GetRequest:
| HTTP/1.0 200 OK
| Content-Type: text/html; charset=UTF-8
| Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
| Set-Cookie: i_like_gitea=a4f9f92ed920f3fa; Path=/; HttpOnly
| Set-Cookie: _csrf=OLEPWLyK2Bxf0BD9GhQMYGdFWxQ6MTc0Mzc2NjY2OTIzOTQ0NTQzNw%3D%3D; Path=/; Expires=Sat, 05 Apr 2025 11:37:49 GMT; HttpOnly
| X-Frame-Options: SAMEORIGIN
| Date: Fri, 04 Apr 2025 11:37:49 GMT
| <!DOCTYPE html>
| <html>
| <head data-suburl="">
| <meta charset="utf-8">
| <meta name="viewport" content="width=device-width, initial-scale=1">
| <meta http-equiv="x-ua-compatible" content="ie=edge">
| <title>Gitea: Git with a cup of tea</title>
| <link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
| <script>
| ('serviceWorker' in navigator) {
| window.addEventListener('load', function() {
| navigator.serviceWorker.register('/serviceworker.js').then(function(registration) {
| HTTPOptions:
| HTTP/1.0 404 Not Found
| Content-Type: text/html; charset=UTF-8
| Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
| Set-Cookie: i_like_gitea=c2f01fe9985cda23; Path=/; HttpOnly
| Set-Cookie: _csrf=gKvF9zRL7v-9vXdGEC3yz9M1xVA6MTc0Mzc2NjY2OTM0NTQ0NDA3NA%3D%3D; Path=/; Expires=Sat, 05 Apr 2025 11:37:49 GMT; HttpOnly
| X-Frame-Options: SAMEORIGIN
| Date: Fri, 04 Apr 2025 11:37:49 GMT
| <!DOCTYPE html>
| <html>
| <head data-suburl="">
| <meta charset="utf-8">
| <meta name="viewport" content="width=device-width, initial-scale=1">
| <meta http-equiv="x-ua-compatible" content="ie=edge">
| <title>Page Not Found - Gitea: Git with a cup of tea</title>
| <link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
| <script>
| ('serviceWorker' in navigator) {
| window.addEventListener('load', function() {
|_ navigator.serviceWorker.register('/serviceworker.js').then(function(registration
|_http-title: Gitea: Git with a cup of tea
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3000-TCP:V=7.95%I=7%D=4/4%Time=67EFC48E%P=x86_64-pc-linux-gnu%r(Gen
SF:ericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20te
SF:xt/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x2
SF:0Request")%r(GetRequest,156C,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x
SF:20text/html;\x20charset=UTF-8\r\nSet-Cookie:\x20lang=en-US;\x20Path=/;\
SF:x20Max-Age=2147483647\r\nSet-Cookie:\x20i_like_gitea=a4f9f92ed920f3fa;\
SF:x20Path=/;\x20HttpOnly\r\nSet-Cookie:\x20_csrf=OLEPWLyK2Bxf0BD9GhQMYGdF
SF:WxQ6MTc0Mzc2NjY2OTIzOTQ0NTQzNw%3D%3D;\x20Path=/;\x20Expires=Sat,\x2005\
SF:x20Apr\x202025\x2011:37:49\x20GMT;\x20HttpOnly\r\nX-Frame-Options:\x20S
SF:AMEORIGIN\r\nDate:\x20Fri,\x2004\x20Apr\x202025\x2011:37:49\x20GMT\r\n\
SF:r\n<!DOCTYPE\x20html>\n<html>\n<head\x20data-suburl=\"\">\n\t<meta\x20c
SF:harset=\"utf-8\">\n\t<meta\x20name=\"viewport\"\x20content=\"width=devi
SF:ce-width,\x20initial-scale=1\">\n\t<meta\x20http-equiv=\"x-ua-compatibl
SF:e\"\x20content=\"ie=edge\">\n\t<title>Gitea:\x20Git\x20with\x20a\x20cup
SF:\x20of\x20tea</title>\n\t<link\x20rel=\"manifest\"\x20href=\"/manifest\
SF:.json\"\x20crossorigin=\"use-credentials\">\n\t\n\t<script>\n\t\tif\x20
SF:\('serviceWorker'\x20in\x20navigator\)\x20{\n\x20\x20\t\t\twindow\.addE
SF:ventListener\('load',\x20function\(\)\x20{\n\x20\x20\x20\x20\t\t\tnavig
SF:ator\.serviceWorker\.register\('/serviceworker\.js'\)\.then\(function\(
SF:registration\)\x20{\n\x20\x20\x20\x20\x20\x20\t\t\t\t\n\x20\x20\x20\x20
SF:\x20\x20\t\t\t")%r(Help,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConte
SF:nt-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\
SF:n400\x20Bad\x20Request")%r(HTTPOptions,1FE2,"HTTP/1\.0\x20404\x20Not\x2
SF:0Found\r\nContent-Type:\x20text/html;\x20charset=UTF-8\r\nSet-Cookie:\x
SF:20lang=en-US;\x20Path=/;\x20Max-Age=2147483647\r\nSet-Cookie:\x20i_like
SF:_gitea=c2f01fe9985cda23;\x20Path=/;\x20HttpOnly\r\nSet-Cookie:\x20_csrf
SF:=gKvF9zRL7v-9vXdGEC3yz9M1xVA6MTc0Mzc2NjY2OTM0NTQ0NDA3NA%3D%3D;\x20Path=
SF:/;\x20Expires=Sat,\x2005\x20Apr\x202025\x2011:37:49\x20GMT;\x20HttpOnly
SF:\r\nX-Frame-Options:\x20SAMEORIGIN\r\nDate:\x20Fri,\x2004\x20Apr\x20202
SF:5\x2011:37:49\x20GMT\r\n\r\n<!DOCTYPE\x20html>\n<html>\n<head\x20data-s
SF:uburl=\"\">\n\t<meta\x20charset=\"utf-8\">\n\t<meta\x20name=\"viewport\
SF:"\x20content=\"width=device-width,\x20initial-scale=1\">\n\t<meta\x20ht
SF:tp-equiv=\"x-ua-compatible\"\x20content=\"ie=edge\">\n\t<title>Page\x20
SF:Not\x20Found\x20-\x20Gitea:\x20Git\x20with\x20a\x20cup\x20of\x20tea</ti
SF:tle>\n\t<link\x20rel=\"manifest\"\x20href=\"/manifest\.json\"\x20crosso
SF:rigin=\"use-credentials\">\n\t\n\t<script>\n\t\tif\x20\('serviceWorker'
SF:\x20in\x20navigator\)\x20{\n\x20\x20\t\t\twindow\.addEventListener\('lo
SF:ad',\x20function\(\)\x20{\n\x20\x20\x20\x20\t\t\tnavigator\.serviceWork
SF:er\.register\('/serviceworker\.js'\)\.then\(function\(registration");
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 181.32 secondsThe target system appears to be Debian
UDP
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/roquefort]
└─$ sudo nmap -sU --top-ports 10000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-04 13:37 CEST
Nmap scan report for 192.168.206.67
Host is up (0.032s latency).
All 10000 scanned ports on 192.168.206.67 are in ignored states.
Not shown: 10000 open|filtered udp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 323.81 seconds