# Nmap 7.93 scan initiated Wed Jan 25 11:18:39 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/kali/htb/metatwo/results/scans/tcp80/tcp_80_http_nmap.txt -oX /home/kali/htb/metatwo/results/scans/tcp80/xml/tcp_80_http_nmap.xml 10.10.11.186
Nmap scan report for metatwo.htb (10.10.11.186)
Host is up, received user-set (0.028s latency).
Scanned at 2023-01-25 11:18:40 EST for 81s

PORT   STATE SERVICE REASON  VERSION
80/tcp open  http    syn-ack nginx 1.18.0
| http-vhosts: 
|_128 names had status 302
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-sitemap-generator: 
|   Directory structure:
|   Longest directory structure:
|     Depth: 0
|     Dir: /
|   Total files found (by extension):
|_    
|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
|_http-fetch: Please enter the complete path of the directory to save data in.
|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
|_http-chrono: Request times for /; avg: 215.68ms; min: 203.92ms; max: 255.33ms
|_http-server-header: nginx/1.18.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-mobileversion-checker: No mobile version detected.
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://metapress.htb/
|_http-errors: Couldn't find any error pages.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-comments-displayer: Couldn't find any comments.
|_http-feed: Couldn't find any feeds.
| http-headers: 
|   Server: nginx/1.18.0
|   Date: Wed, 25 Jan 2023 16:18:51 GMT
|   Content-Type: text/html
|   Content-Length: 145
|   Connection: close
|   Location: http://metapress.htb/
|   
|_  (Request type: GET)
|_http-config-backup: ERROR: Script execution failed (use -d to debug)
|_http-referer-checker: Couldn't find any cross-domain scripts.
|_http-date: Wed, 25 Jan 2023 16:18:48 GMT; +2s from local time.
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-useragent-tester: 
|   Status for browser useragent: 200
|   Redirected To: http://metapress.htb/
|   Allowed User Agents: 
|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     Python-urllib/2.5
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     Wget/1.13.4 (linux-gnu)
|_    WWW-Mechanize/1.34
| http-security-headers: 
|   Cache_Control: 
|     Header: Cache-Control: no-store, no-cache, must-revalidate
|   Pragma: 
|     Header: Pragma: no-cache
|   Expires: 
|_    Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Jan 25 11:20:01 2023 -- 1 IP address (1 host up) scanned in 81.17 seconds