Armani English language insitiute
- Category: Analysis, HuntingThings I Have found so far.
Armani
English language insitiute
Person
Iman Mafi
Fullname: Iman Rezazadeh Mafi
Management and founder.
Instagram ID (?):
[REDACTED]
Frontend developer. Studying [REDACTED].
National ID From [REDACTED] Leak: [REDACTED] ([REDACTED]) Instagram ID: [REDACTED] Birthday: [REDACTED] ([REDACTED])
[REDACTED]
Full name: [REDACTED]
Backend developer. Used to study in [REDACTED]. Now studying in [REDACTED].
National ID From [REDACTED] Leak: [REDACTED] ([REDACTED])
Email: [REDACTED] Telegram ID: [REDACTED] School: [REDACTED] Instagram ID: [REDACTED] Current residence: [REDACTED]
Website
armanienglish.com
Main website.
Vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
X-Nextjs-Cache: HIT
X-Powered-By: Next.js
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block
Server: ArvanCloud
Open-Graph-Protocol
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: ArvanCloud
443/tcp open tcpwrapped
|_http-server-header: ArvanCloud
| ssl-cert: Subject: commonName=armanienglish.com
| Subject Alternative Name: DNS:*.armanienglish.com, DNS:*.login.armanienglish.com, DNS:armanienglish.com
| Not valid before: 2024-11-01T22:03:58
|_Not valid after: 2025-01-30T22:03:57
8080/tcp open tcpwrapped
|_http-server-header: ArvanCloud
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Version: 2.1.4
OpenSSL 3.3.2 3 Sep 2024
Connected to 185.143.234.103
Testing SSL server armanienglish.com on port 443 using SNI name armanienglish.com
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 enabled
TLSv1.1 enabled
TLSv1.2 enabled
TLSv1.3 enabled
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253
Preferred TLSv1.2 128 bits ECDHE-ECDSA-AES128-GCM-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-ECDSA-CHACHA20-POLY1305 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
Preferred TLSv1.1 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.1 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
Preferred TLSv1.0 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.0 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
Server Key Exchange Group(s):
TLSv1.3 128 bits secp256r1 (NIST P-256)
TLSv1.3 192 bits secp384r1 (NIST P-384)
TLSv1.3 128 bits x25519
TLSv1.2 128 bits secp256r1 (NIST P-256)
TLSv1.2 192 bits secp384r1 (NIST P-384)
TLSv1.2 128 bits x25519
SSL Certificate:
Signature Algorithm: ecdsa-with-SHA384
ECC Curve Name: prime256v1
ECC Key Strength: 128
Subject: armanienglish.com
Altnames: DNS:*.armanienglish.com, DNS:*.login.armanienglish.com, DNS:armanienglish.com
Issuer: E5
Not valid before: Nov 1 22:03:58 2024 GMT
Not valid after: Jan 30 22:03:57 2025 GMT
; <<>> DiG 9.20.0-Debian <<>> -x armanienglish.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28580
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 512
;; QUESTION SECTION:
;com.armanienglish.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 5 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2024093051 1800 900 604800 3600
;; Query time: 95 msec
;; SERVER: 192.168.174.2#53(192.168.174.2) (UDP)
;; WHEN: Fri Nov 29 17:35:26 +0330 2024
;; MSG SIZE rcvd: 127
lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing.
Written by Stefan Behte (http://ge.mine.nu)
Proof-of-concept! Might give false positives.
Checking for DNS-Loadbalancing: FOUND
armanienglish.com has address 185.143.234.103
armanienglish.com has address 185.143.233.103
Checking for HTTP-Loadbalancing [Server]:
ArvanCloud
NOT FOUND
Checking for HTTP-Loadbalancing [Date]: 14:06:35, 14:06:35, 14:06:35, 14:06:35, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:40, 14:06:40, 14:06:41, NOT FOUND
Checking for HTTP-Loadbalancing [Diff]: FOUND
< X-Request-ID: 8b68b1ba18f0fe6bdd2bbbff31ec6704
> X-Request-ID: ee6b3114475d166a66697ba5f37df272
armanienglish.com does Load-balancing. Found via Methods: DNS HTTP[Diff]
[*] Checking https://armanienglish.com
ERROR:wafw00f:Something went wrong HTTPSConnectionPool(host='armanienglish.com', port=443): Read timed out. (read timeout=7)
[+] Generic Detection results:
[*] The site https://armanienglish.com seems to be behind a WAF or some sort of security solution
[~] Reason: The server header is different when an attack is detected.
The server header for a normal response is "ArvanCloud", while the server header a response to an attack is "",
[~] Number of requests: 6
armani-cms.s3.ir-thr-at1.arvanstorage.ir
http://armani-cms.s3.ir-thr-at1.arvanstorage.ir/
Seems to hold static files for the websites, except for Moodle.
Last modified: 2024-05-06T16:53:23.144Z = Mon May 06 2024 20:23:23 GMT+0330 (Iran Standard Time)
<DisplayName>ایمان رضازاده مافی</DisplayName>
INFO exists | armani-cms | ir-thr-at1 | AuthUsers: [] | AllUsers: [READ] | 354 objects (7.9 GB)
dev.armanienglish.com
Seems like a dev version of the main site
api.armanienglish.com
{"message":"no Route matched with those values"}
Summary : HTTPServer[ArvanCloud], UncommonHeaders[x-kong-response-latency,server-timing,x-request-id,x-sid]
Seems to be running KONG: https://github.com/Kong/kong
api-dev.armanienglish.com
Dev version of pervious, not much more.
blog.armanienglish.com
"دوره های آموزشی آنلاین ز…رائه ایمان مافی (IELTS)"
Nginx with reverse proxy.
Apache Server at blog.armanienglish.com Port 443
Last post: 3 Azar 1403
Last-Modified: Sat, 23 Nov 2024 16:50:29 GMT
Content-Encoding: gzip
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block
Server: ArvanCloud
JQuery[3.7.1], MetaGenerator[WordPress 6.7.1], Open-Graph-Protocol[website]
XMLRPC seems enabled: https://blog.armanienglish.com/xmlrpc.php
Default Login: https://blog.armanienglish.com/wp-admin
Tried usernames: admin, administrator, root
REST API Enabled: https://blog.armanienglish.com/wp-json
"namespaces": [
"oembed/1.0",
"rankmath/v1",
"rankmath/v1/an",
"rankmath/v1/ca",
"rankmath/v1/in",
"wp-rocket/v1",
"wp/v2",
"wp-site-health/v1",
"wp-block-editor/v1"
],
"authentication": {
"application-passwords": {
"endpoints": {
"authorization": "https://blog.armanienglish.com/wp-admin/authorize-application.php"
}
}
},
[+] robots.txt found: https://blog.armanienglish.com/robots.txt
| Interesting Entries:
| - /wp-admin/
| - /test
| - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] WordPress readme found: https://blog.armanienglish.com/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] Debug Log found: https://blog.armanienglish.com/wp-content/debug.log
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| Reference: https://codex.wordpress.org/Debugging_in_WordPress
[+] The external WP-Cron seems to be enabled: https://blog.armanienglish.com/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress theme in use: koji
| Location: https://blog.armanienglish.com/wp-content/themes/koji/
| Latest Version: 2.1 (up to date)
| Last Updated: 2024-02-23T00:00:00.000Z
| Readme: https://blog.armanienglish.com/wp-content/themes/koji/readme.txt
| Style URL: https://blog.armanienglish.com/wp-content/themes/koji/style.css?ver=2.1
| Style Name: Koji
| Style URI: https://andersnoren.se/teman/koji-wordpress-theme/
| Description: Koji is a clean and lightweight theme for bloggers. It features a masonry grid on the archive pages,...
| Author: Anders Norén
| Author URI: https://andersnoren.se
|
| Found By: Css Style In 404 Page (Passive Detection)
|
| Version: 2.1 (80% confidence)
| Found By: Style (Passive Detection)
| - https://blog.armanienglish.com/wp-content/themes/koji/style.css?ver=2.1, Match: 'Version: 2.1'
[+] armani
| Location: https://blog.armanienglish.com/wp-content/plugins/armani/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] structured-content
| Location: https://blog.armanienglish.com/wp-content/plugins/structured-content/
| Latest Version: 1.6.3 (up to date)
| Last Updated: 2024-08-05T20:12:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.6.3 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://blog.armanienglish.com/wp-content/plugins/structured-content/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://blog.armanienglish.com/wp-content/plugins/structured-content/readme.txt
[+] wp-rocket
| Location: https://blog.armanienglish.com/wp-content/plugins/wp-rocket/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
| Urls In 404 Page (Passive Detection)
| Comment (Passive Detection)
|
| The version could not be determined.
Fatal error: Uncaught Error: Call to undefined function get_header() in /www/wwwroot/blog.armanienglish.com/wp-content/themes/koji/index.php:1Stack trace:#0 {main} thrown in /www/wwwroot/blog.armanienglish.com/wp-content/themes/koji/index.php on line 1
chat.armanienglish.com
Service Unavailable
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]
8080 Returns empty
chatbot.armanienglish.com
{"detail":"Not Found"}
Guess: Django server
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]
club.armanienglish.com
{"message":"E_ROUTE_NOT_FOUND: Cannot GET:/"}
Guess: Adonisjs + Node
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]
POST /api/tokenlogin
GET /api/profile
??? /api/balance
GET /api/companies/:id
GET /api/companies/:id/logo
GET /api/packages/:id
POST /api/prizes
GET /api/categories
GET /api/packages?[JSON QUERY] (category_id)
GET /api/transactions
GET /api/refers
clubdev.armanienglish.com
Dev version of pervious, not much more.
cms.armanienglish.com
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
Link extracted from JS code from main website: https://cms.armanienglish.com/cms/v1/components
Seems to be listing the shops items. Accepts a filter parameter as json, for filtering the results.
Seems to be linked to a wordpress site (woo commerce?) by the looks of the wp_book_id
Guess: Laravel (likely not adonisjs as for not returning updated_at)
Other endpoints from JS code:
(All need Auth)
POST /carts/order
POST /carts/coupon
POST /carts
POST /cart/items
DELETE /cart/items
GET /cart/items
POST /consultation/request
Example REQ:
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="name"
sfdsfsdf
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="email"
asdsfsd@fdggfd.com
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="phone"
09124984982
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="available_time"
sunday
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="level"
Termic
-----------------------------25696515229954676421601960474--
Example RES:
{"statusCode":"10000","status":200,"meta":{},"data":{"name":"sfdsfsdf","email":"asdsfsd@fdggfd.com","phone":"09124984982","available_time":"sunday","level":"Termic","created_at":"2024-11-29T14:55:56.424+00:00","updated_at":"2024-11-29T14:55:56.424+00:00","id":244}}
GET /admin/feedbacks
GET /admin/consultations
GET /admin/first-time-buyers
{"errors":[{"message":"E_UNAUTHORIZED_ACCESS: Unauthorized access"}]}
Seems to be two types of admin: `admin` and `superadmin`
POST /feedbacks
POST /feedbacks/file
POST /newsletter
cmsdev.armanienglish.com
Dev version of pervious, not much more.
conf.armanienglish.com
Confluence | Your Remote-Friendly Team Workspace | Atlassian
WhatWeb report for https://conf.armanienglish.com/
Status : 302 Found
Title : <None>
IP : <Unknown>
Country : <Unknown>
Summary : Confluence, Cookies[JSESSIONID], HTTPServer[ArvanCloud], HttpOnly[JSESSIONID], RedirectLocation[https://conf.armanienglish.com/login.action?os_destination=%2Findex.action&permissionViolation=true], UncommonHeaders[x-confluence-request-time,x-content-type-options,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[1; mode=block]
Summary : Confluence, Cookies[JSESSIONID], HTML5, HTTPServer[ArvanCloud], HttpOnly[JSESSIONID], probably Index-Of, OpenSearch[/opensearch/osd.action], PasswordField[os_password], Script[context,module,resource,text/javascript,text/x-template], UncommonHeaders[x-confluence-request-time,x-content-type-options,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=EDGE], X-XSS-Protection[1; mode=block]
Host is up (0.00035s latency).
Other addresses for conf.armanienglish.com (not scanned): 185.143.233.103
All 1000 scanned ports on conf.armanienglish.com (185.143.234.103) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Too many fingerprints match this host to give specific OS details
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 ... 30
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.66 seconds
Confluence 7.19.22
demo.armanienglish.com
Direct Admin panel: https://www.directadmin.com/
Summary : HTML5, HTTPServer[ArvanCloud], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-UA-Compatible[ie=edge], X-XSS-Protection[1; mode=block]
Defaults creds did not work (demo_admin, demo)
#### email.armanienglish.com
Status : 200 OK
Title : MailWizz | Welcome
IP : <Unknown>
Country : <Unknown>
Summary : Bootstrap, Cookies[csrf_token,mwsid], HTML5, HTTPServer[ArvanCloud], HttpOnly[csrf_token,mwsid], JQuery, Script[text/javascript], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
Not shown: 999 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
8443/tcp open tcpwrapped
|_http-title: 400 The plain HTTP request was sent to HTTPS port
|_http-server-header: ArvanCloud
| ssl-cert: Subject: commonName=armanienglish.com
| Subject Alternative Name: DNS:*.armanienglish.com, DNS:*.login.armanienglish.com, DNS:armanienglish.com
| Not valid before: 2024-11-01T22:03:58
|_Not valid after: 2025-01-30T22:03:57
Not much was found
goal-api.armanienglish.com
HttpException: E_ROUTE_NOT_FOUND: Route not found GET /
Guess: Adonisjs + Node
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]
GET /usertasks
POST /usertasks
PUT /usertasks/$id
#### irsafam.armanienglish.com
Seems like a static website. maybe it was used in old days. it promotes termic. it has two videos.
Summary : HTML5, HTTPServer[ArvanCloud], JQuery[3.7.1], MetaGenerator[Powered by WPBakery Page Builder - drag and drop page builder for WordPress.,WordPress 6.7.1], PoweredBy[WPBakery], Script, UncommonHeaders[link,content-security-policy,server-timing,x-request-id,x-sid], WordPress[6.7.1], X-XSS-Protection[1; mode=block]
wp-json is enabled.
https://irsafam.armanienglish.com/wp-json/
"namespaces": [
"oembed/1.0",
"wp-statistics/v2",
"wp/v2",
"wp-site-health/v1",
"wp-block-editor/v1"
],
[+] Headers
| Interesting Entries:
| - content-security-policy: upgrade-insecure-requests
| - server: ArvanCloud
| - server-timing: total;dur=224
| - x-request-id: c10571571527d7b6c64f34e4524c82e0
| - x-sid: 2062
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] robots.txt found: https://irsafam.armanienglish.com/robots.txt
| Interesting Entries:
| - /wp-admin/
| - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: https://irsafam.armanienglish.com/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] WordPress readme found: https://irsafam.armanienglish.com/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] The external WP-Cron seems to be enabled: https://irsafam.armanienglish.com/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
Fingerprinting the version - Time: 00:00:24 <===================================> (702 / 702) 100.00% Time: 00:00:24
[i] The WordPress version could not be detected.
[+] WordPress theme in use: twentytwentythree
| Location: https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/
| Last Updated: 2024-11-13T00:00:00.000Z
| Readme: https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/readme.txt
| [!] The version is out of date, the latest version is 1.6
| Style URL: https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/style.css
| Style Name: Twenty Twenty-Three
| Style URI: https://wordpress.org/themes/twentytwentythree
| Description: Twenty Twenty-Three is designed to take advantage of the new design tools introduced in WordPress 6....
| Author: the WordPress team
| Author URI: https://wordpress.org
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.5 (80% confidence)
| Found By: Style (Passive Detection)
| - https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/style.css, Match: 'Version: 1.5'
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
[i] Plugin(s) Identified:
[+] js_composer
| Location: https://irsafam.armanienglish.com/wp-content/plugins/js_composer/
| Last Updated: 2024-11-28T22:47:55.000Z
| [!] The version is out of date, the latest version is 8.0.1
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Body Tag (Passive Detection)
|
| Version: 7.8 (80% confidence)
| Found By: Body Tag (Passive Detection)
| - https://irsafam.armanienglish.com/, Match: 'js-comp-ver-7.8'
| Confirmed By: Query Parameter (Passive Detection)
| - https://irsafam.armanienglish.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.8
| - https://irsafam.armanienglish.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=7.8
[+] Ultimate_VC_Addons
| Location: https://irsafam.armanienglish.com/wp-content/plugins/Ultimate_VC_Addons/
| Last Updated: 2024-11-28T16:20:19.000Z
| [!] The version is out of date, the latest version is 3.19.23
|
| Found By: Urls In Homepage (Passive Detection)
|
| Version: 3.19.22 (60% confidence)
| Found By: Change Log (Aggressive Detection)
| - https://irsafam.armanienglish.com/wp-content/plugins/Ultimate_VC_Addons/changelog.txt, Match: '3.19.22 -'
[+] wp-statistics
| Location: https://irsafam.armanienglish.com/wp-content/plugins/wp-statistics/
| Last Updated: 2024-11-17T18:34:00.000Z
| [!] The version is out of date, the latest version is 14.11.3
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 14.10.3 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://irsafam.armanienglish.com/wp-content/plugins/wp-statistics/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://irsafam.armanienglish.com/wp-content/plugins/wp-statistics/readme.txt
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:03 <=====================================> (137 / 137) 100.00% Time: 00:00:03
[i] No Config Backups Found.
Default login: https://irsafam.armanienglish.com/wp-login.php
Old shop: https://irsafam.armanienglish.com/shop/
Only auhtor seems to be: `mahdi`
Site was setup 23 Oct 2024
gate.armanienglish.com
Summary : Bootstrap, HTML5, HTTPServer[ArvanCloud], JQuery, Script[text/javascript], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-Powered-By[Sails <sailsjs.org>], X-XSS-Protection[1; mode=block]
KONGA 0.14.9
More than just another GUI to Kong Admin API https://github.com/pantsel/konga
jira.armanienglish.com
Jira issue tracker
Summary : Atlassian-JIRA, Cookies[JSESSIONID,atlassian.xsrf.token], HTML5, HTTPServer[ArvanCloud], HttpOnly[JSESSIONID], Java, OpenSearch[/osd.jsp], Script[context,module,resource,text/javascript], Strict-Transport-Security[max-age=31536000], UncommonHeaders[x-arequestid,referrer-policy,x-content-type-options,x-ausername,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=Edge], X-XSS-Protection[1; mode=block]
[+] [HIGH] Vulnerable To CVE-2019-3402 [Maybe] https://jira.armanienglish.com/secure/ConfigurePortal: https://jira.armanienglish.com/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert("XSS")%3C%2fscript%3Et1nmk&Search=Search
[+] [LOW] Vulnerable To CVE-2020-14179 : https://jira.armanienglish.com/secure/QueryComponent!Default.jspa
[+] [LOW] Vulnerable To CVE-2020-36287 : File Written at [CVE-2020-36287_jira.armanienglish.com.txt]
[+] [HIGH] Vulnerable To CVE-2018-5230 https://jira.armanienglish.com/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert%281%29%22%3E.vm
[+] [INFO] Found Unauthenticated DashBoard Access : https://jira.armanienglish.com/rest/api/2/dashboard?maxResults=100
[+] [LOW] Found Query Component Fields : https://jira.armanienglish.com/secure/QueryComponent!Jql.jspa?jql=
login.armanienglish.com
Moodle LMS
Summary : Content-Language[fa], Cookies[MoodleSession], HTML5, HTTPServer[ArvanCloud], Moodle, Script[text/css,text/javascript], UncommonHeaders[content-script-type,content-style-type,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[sameorigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
[+] Plugins found:
forum https://login.armanienglish.com/mod/forum/
https://login.armanienglish.com/mod/forum/upgrade.txt
https://login.armanienglish.com/mod/forum/version.php
[+] Themes found:
bootstrapbase https://login.armanienglish.com/theme/bootstrapbase/
https://login.armanienglish.com/theme/bootstrapbase/README.txt
https://login.armanienglish.com/theme/bootstrapbase/upgrade.txt
https://login.armanienglish.com/theme/bootstrapbase/version.php
clean https://login.armanienglish.com/theme/clean/
https://login.armanienglish.com/theme/clean/README.txt
https://login.armanienglish.com/theme/clean/version.php
more https://login.armanienglish.com/theme/more/
https://login.armanienglish.com/theme/more/version.php
[+] Possible version(s):
3.3.0
3.3.0-beta
3.3.0-rc1
3.3.0-rc2
3.3.0-rc3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
[+] Possible interesting urls found:
Static readme file. - https://login.armanienglish.com/README.txt
[+] Scan finished (0:00:04.100718 elapsed)
Version found via /question/upgrade.txt : Moodle v3.5.0-rc1
logindev.armanienglish.com
Dev version of login
Summary : Content-Language[en], Cookies[MoodleSession], HTML5, HTTPServer[ArvanCloud], HttpOnly[MoodleSession], probably Index-Of, Moodle, Script[text/css], UncommonHeaders[content-script-type,content-style-type,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[sameorigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
[+] Plugins found:
forum https://logindev.armanienglish.com/mod/forum/
https://logindev.armanienglish.com/mod/forum/upgrade.txt
https://logindev.armanienglish.com/mod/forum/version.php
[+] No themes found.
[+] No version found.
[+] Possible interesting urls found:
Admin panel - https://logindev.armanienglish.com/login/
[+] Scan finished (0:00:03.413705 elapsed)
Getting moodle version...
Version not found
meet.armanienglish.com
big blue button meeting
WhatWeb report for https://meet.armanienglish.com/
Status : 200 OK
Title : BigBlueButton
IP : 188.121.122.179
Country : IRAN (ISLAMIC REPUBLIC OF), IR
Summary : HTML5, HTTPServer[nginx], nginx, Script, X-UA-Compatible[IE=edge]
mini.armanienglish.com
Summary : HTTPServer[ArvanCloud], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
Apache Server at mini.armanienglish.com Port 443
not much else
mock.armanienglish.com
HttpException: E_ROUTE_NOT_FOUND: Route not found GET /
Guess: Adonisjs + Node
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]
mock-ielts.armanienglish.com
Summary : HTTPServer[ArvanCloud], RedirectLocation[https://my.armanienglish.com/mock-ielts], UncommonHeaders[server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
mock-ielts-dev.armanienglish.com
Summary : HTTPServer[ArvanCloud], RedirectLocation[https://my.armanienglish.com/mock-ielts], UncommonHeaders[server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
my.armanienglish.com
Summary : Frame, HTML5, HTTPServer[ArvanCloud], Script[module,text/partytown], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
https://partytown.builder.io/
BASE_URL: '/',
DEV: !1,
MODE: 'production',
PROD: !0,
SSR: !1,
VITE_PUBLIC_API_CLUB: 'https://club.armanienglish.com',
VITE_PUBLIC_API_CMS: 'https://cms.armanienglish.com/cms/v1',
VITE_PUBLIC_API_GOAL: 'https://goal-api.armanienglish.com',
VITE_PUBLIC_API_MOCKIELTS: 'https://mock.armanienglish.com',
VITE_PUBLIC_API_S3: 'https://armani-cms.s3.ir-thr-at1.arvanstorage.ir',
VITE_PUBLIC_API_SMARTCORRECTIONS: 'https://smart.armanienglish.com',
VITE_PUBLIC_API_SPEAKING: 'https://speaking.armanienglish.com',
VITE_PUBLIC_API_SSO: 'https://sso.armanienglish.com',
VITE_PUBLIC_API_SSO_DEV: 'https://ssodev.armanienglish.com',
VITE_PUBLIC_API_TICKETING: 'https://ticketing.armanienglish.com',
VITE_PUBLIC_API_WEBINAR: 'https://webinar.armanienglish.com',
VITE_PUBLIC_API_WEBINAR_CHAT: 'armani-chat-test.iran.liara.run',
VITE_PUBLIC_Cookie: 'armani-token',
VITE_PUBLIC_Cookie_MOCK: 'armani-token-mock',
VITE_PUBLIC_DOMAIN: 'armanienglish.com',
VITE_PUBLIC_FEATURE_CALCULATOR: 'yes',
VITE_PUBLIC_FEATURE_CLUB: 'yes',
VITE_PUBLIC_FEATURE_DARKMODE: 'yes',
VITE_PUBLIC_FEATURE_LIVE_COURSES: 'no',
VITE_PUBLIC_FEATURE_MOCKIELTS: 'new',
VITE_PUBLIC_FEATURE_MOCKIELTS_ARMANI: 'soon',
VITE_PUBLIC_FEATURE_MOCKIELTS_PAID_CORRECTION: 'yes',
VITE_PUBLIC_FEATURE_MOCKIELTS_SPEAKING: 'no',
VITE_PUBLIC_FEATURE_MOCKIELTS_WRITING_PDF: 'yes',
VITE_PUBLIC_FEATURE_MULTILINGUALITY: 'no',
VITE_PUBLIC_FEATURE_SMARTCORRECTIONS: 'yes',
VITE_PUBLIC_FEATURE_SPEAKING: 'soon',
VITE_PUBLIC_FEATURE_STUDYPLAN_PDF_VIEW: 'no',
VITE_PUBLIC_FEATURE_TICKETING: 'new',
VITE_PUBLIC_FEATURE_WEBINAR: 'yes',
VITE_PUBLIC_SHOPSLUG_MOCK_MANUAL_CORRECTION: 'mock-writing-correction',
VITE_PUBLIC_URL_MOCKIELTS: 'https://mock-ielts.armanienglish.com',
VITE_PUBLIC_URL_MY: 'https://my.armanienglish.com',
VITE_PUBLIC_URL_SHOP: 'https://armanienglish.com'
},
mydev.armanienglish.com
panel.armanienglish.com
admin panel
Summary : HTML5, HTTPServer[ArvanCloud], Script[module], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
Remix for backend
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
const m = {
BASE_URL: '/',
DEV: !1,
MODE: 'production',
PROD: !0,
SSR: !1,
VITE_PUBLIC_URL_CLUB_API: 'https://club.armanienglish.com/api',
VITE_PUBLIC_URL_CLUB_API_ADMIN: 'https://club.armanienglish.com/api/admin',
VITE_PUBLIC_URL_CLUB_BASE: 'https://club.armanienglish.com',
VITE_PUBLIC_URL_CMS_API: 'https://cms.armanienglish.com/cms/v1',
VITE_PUBLIC_URL_CMS_API_ADMIN: 'https://cms.armanienglish.com/cms/v1/admin',
VITE_PUBLIC_URL_CMS_BASE: 'https://cms.armanienglish.com/cms',
VITE_PUBLIC_URL_MOCK_API: 'https://mock.armanienglish.com/api',
VITE_PUBLIC_URL_MOCK_API_ADMIN: 'https://mock.armanienglish.com/api/admin',
VITE_PUBLIC_URL_MOCK_BASE: 'https://mock.armanienglish.com',
VITE_PUBLIC_URL_MY: 'https://my.armanienglish.com',
VITE_PUBLIC_URL_MY_MOCK: 'https://my.armanienglish.com/mock-ielts',
VITE_PUBLIC_URL_SSO: 'https://sso.armanienglish.com',
VITE_PUBLIC_URL_SSO_API: 'https://sso.armanienglish.com/api',
VITE_PUBLIC_URL_TICKETING_API_ADMIN: 'https://ticketing.armanienglish.com/ticketing/v1/admin',
VITE_PUBLIC_URL_TICKETING_BASE: 'https://ticketing.armanienglish.com/ticketing/v1',
VITE_PUBLIC_URL_WEBINAR_API: 'https://webinar.armanienglish.com/api',
VITE_PUBLIC_URL_WEBINAR_API_ADMIN: 'https://webinar.armanienglish.com/api/admin',
VITE_PUBLIC_URL_WEBINAR_BASE: 'https://webinar.armanienglish.com'
};
0: "root"
1: "routes/ticketing.categories.edit-order._index"
2: "routes/mock.teacher-checked-admin._index"
3: "routes/mock.question-groups.edit.$id"
4: "routes/mock.question-groups.tree.$id"
5: "routes/ticketing.categories.edit.$id"
6: "routes/speaking.userpackages._index"
7: "routes/cms.termic-courses.edit.$id"
8: "routes/mock.teacher-checked._index"
9: "routes/ticketing.categories._index"
10: "routes/club.packagecodes.edit.$id"
11: "routes/cms.ielts-courses.edit.$id"
12: "routes/webinar.system-logs._index"
13: "routes/cms.termic-courses._index"
14: "routes/mock.speaking-time._index"
15: "routes/mock.teacher-exams._index"
16: "routes/speaking.questions._index"
17: "routes/webinar.webinars.edit.$id"
18: "routes/club.transactions._index"
19: "routes/cms.ielts-courses._index"
20: "routes/cms.live-course.edit.$id"
21: "routes/mock.file-manager._index"
22: "routes/mock.question-groups.$id"
23: "routes/mock.question-groups.new"
24: "routes/speaking.packages._index"
25: "routes/ticketing.categories.$id"
26: "routes/ticketing.categories.new"
27: "routes/ticketing.tickets._index"
28: "routes/ticketing.users.edit.$id"
29: "routes/club.companies.edit.$id"
30: "routes/mock.check-speaking.$id"
31: "routes/mock.questions.edit.$id"
32: "routes/speaking.users.edit.$id"
33: "routes/ticketing.report._index"
34: "routes/webinar.system-logs.$id"
35: "routes/webinar.webinars._index"
36: "routes/club.categories._index"
37: "routes/club.packages.edit.$id"
38: "routes/cms.assignments._index"
39: "routes/cms.live-course._index"
40: "routes/cms.notfication._index"
41: "routes/cms.termic-courses.$id"
42: "routes/cms.termic-courses.new"
43: "routes/mock.check-writing.$id"
44: "routes/mock.teacher-exams.$id"
45: "routes/ticketing.users._index"
46: "routes/webinar.users.edit.$id"
47: "routes/club.cashout.edit.$id"
48: "routes/club.companies._index"
49: "routes/club.packagecodes.$id"
50: "routes/club.packagecodes.new"
51: "routes/cms.ielts-courses.$id"
52: "routes/cms.ielts-courses.new"
53: "routes/cms.packages.edit.$id"
54: "routes/mock.userexams._index"
55: "routes/speaking.users._index"
56: "routes/ticketing.tickets.$id"
57: "routes/club.packages._index"
58: "routes/ticketing.report.new"
59: "routes/webinar.users._index"
60: "routes/webinar.webinars.$id"
61: "routes/webinar.webinars.new"
62: "routes/club.cashout._index"
63: "routes/club.categories.$id"
64: "routes/club.users.edit.$id"
65: "routes/cms.live-course.$id"
66: "routes/cms.live-course.new"
67: "routes/cms.packages._index"
68: "routes/cms.teachers._index"
69: "routes/mock.check-exam.$id"
70: "routes/mock.check-test.$id"
71: "routes/mock.exams.edit.$id"
72: "routes/mock.exams.tree.$id"
73: "routes/mock.parts.edit.$id"
74: "routes/mock.parts.tree.$id"
75: "routes/mock.tests.edit.$id"
76: "routes/mock.tests.tree.$id"
77: "routes/mock.users.edit.$id"
78: "routes/ticketing.users.$id"
79: "routes/club.companies.$id"
80: "routes/club.companies.new"
81: "routes/club.prizes._index"
82: "routes/mock.questions.$id"
83: "routes/mock.questions.new"
84: "routes/mock.userexams.$id"
85: "routes/mock.usertests.$id"
86: "routes/speaking.users.$id"
87: "routes/club.packages.$id"
88: "routes/club.packages.new"
89: "routes/club.users._index"
90: "routes/cms.mock.edit.$id"
91: "routes/cms.orders._index"
92: "routes/mock.exams._index"
93: "routes/mock.tests._index"
94: "routes/mock.users._index"
95: "routes/webinar.users.$id"
96: "routes/club.cashout.$id"
97: "routes/cms.packages.new"
98: "routes/cms.users._index"
99: "routes/ticketing._index"
100: "routes/cms.mock._index"
101: "routes/speaking._index"
102: "routes/club.users.$id"
103: "routes/cms.orders.$id"
104: "routes/mock.exams.$id"
105: "routes/mock.exams.new"
106: "routes/mock.parts.$id"
107: "routes/mock.parts.new"
108: "routes/mock.tests.$id"
109: "routes/mock.tests.new"
110: "routes/mock.users.$id"
111: "routes/webinar._index"
112: "routes/cms.mock.$id"
113: "routes/cms.mock.new"
114: "routes/club._index"
115: "routes/mock._index"
116: "routes/cms._index"
117: "routes/_index"
118: "routes/login"
119: "routes/403"
120: "routes/pdf"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
User data scheme:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{
'role': 'user', 'admin', 'superadmin', 'teacher', '???',
'token': {'token': 'Authorization Bearer ...', }
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JODIT PDF EDITOR
https://xdsoft.net/jodit/
https://panel.armanienglish.com/pdf
paneldev.armanienglish.com
dev version
play.armanienglish.com
GPT Playground
seems to need auth
curl 'https://smartdev.armanienglish.com/api/play-ground' -X POST -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Referer: https://play.armanienglish.com/' -H 'Authorization: Bearer NDE.-d6WcCcOMXMOz5vgveie5pNsCW4ndifVRo6k6CE39ObaKd_1DbEOU80_y-xt' -H 'Content-Type: application/json' -H 'secret: 485tyfyr4CQSR6CKdrtfghjPHVqVUiD5V6JP' -H 'Origin: https://play.armanienglish.com' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-site' -H 'TE: trailers' --data-raw '{"text":"hello","prompt":"","temperature":0,"model":"gpt-4","max_tokens":8192,"stop":[],"top_p":1,"frequency_penalty":0,"presence_penalty":0}'
{"errors":[{"rule":"required","field":"prompt","message":"required validation failed"}]}
Summary : HTML5, HTTPServer[ArvanCloud], Script[module], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
radio.armanienglish.com
Podcast hosting
Summary : Cookies[_buzzsprout_session], HTML5, HTTPServer[Caddy], HttpOnly[_buzzsprout_session], Open-Graph-Protocol[website][58375489563], Script, Strict-Transport-Security[max-age=63072000; includeSubDomains], UncommonHeaders[content-security-policy,referrer-policy,x-content-type-options,x-download-options,x-permitted-cross-domain-policies,x-request-id], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[0]
https://www.buzzsprout.com/
shop.armanienglish.com
Summary : Frame, HTML5, HTTPServer[ArvanCloud], JQuery[3.7.1], MetaGenerator[WooCommerce 9.2.3,WordPress 6.6.2], Script[importmap,module,text/javascript], UncommonHeaders[referrer-policy,content-security-policy,server-timing,x-request-id,x-sid], WordPress[6.6.2], X-XSS-Protection[1; mode=block]
Interesting Finding(s):
[+] Headers
| Interesting Entries:
| - referrer-policy: no-referrer-when-downgrade
| - content-security-policy: upgrade-insecure-requests
| - server: ArvanCloud
| - server-timing: total;dur=13
| - x-request-id: 025ed917b9e5d0f604c23442e12bc64e
| - x-sid: 2066
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] robots.txt found: https://shop.armanienglish.com/robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: https://shop.armanienglish.com/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] WordPress readme found: https://shop.armanienglish.com/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] The external WP-Cron seems to be enabled: https://shop.armanienglish.com/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
Fingerprinting the version - Time: 00:00:33 <===========================================================================================================================================================> (702 / 702) 100.00% Time: 00:00:33
[i] The WordPress version could not be detected.
[+] WordPress theme in use: twentytwentyfour
| Location: https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/
| Last Updated: 2024-11-13T00:00:00.000Z
| Readme: https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/readme.txt
| [!] The version is out of date, the latest version is 1.3
| Style URL: https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/style.css
| Style Name: Twenty Twenty-Four
| Style URI: https://wordpress.org/themes/twentytwentyfour/
| Description: Twenty Twenty-Four is designed to be flexible, versatile and applicable to any website. Its collecti...
| Author: the WordPress team
| Author URI: https://wordpress.org
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.2 (80% confidence)
| Found By: Style (Passive Detection)
| - https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/style.css, Match: 'Version: 1.2'
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
[i] Plugin(s) Identified:
[+] w3-total-cache
| Location: https://shop.armanienglish.com/wp-content/plugins/w3-total-cache/
| Last Updated: 2024-11-12T17:00:00.000Z
| [!] The version is out of date, the latest version is 2.8.0
|
| Found By: Comment Debug Info (Passive Detection)
|
| Version: 2.7.5 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://shop.armanienglish.com/wp-content/plugins/w3-total-cache/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://shop.armanienglish.com/wp-content/plugins/w3-total-cache/readme.txt
[+] woocommerce
| Location: https://shop.armanienglish.com/wp-content/plugins/woocommerce/
| Last Updated: 2024-11-19T16:31:00.000Z
| [!] The version is out of date, the latest version is 9.4.2
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
| Urls In 404 Page (Passive Detection)
| Meta Generator (Passive Detection)
|
| Version: 9.2.3 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://shop.armanienglish.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=9.2.3
| - https://shop.armanienglish.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=9.2.3
| Confirmed By:
| Meta Generator (Passive Detection)
| - https://shop.armanienglish.com/, Match: 'WooCommerce 9.2.3'
| Readme - ChangeLog Section (Aggressive Detection)
| - https://shop.armanienglish.com/wp-content/plugins/woocommerce/readme.txt
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:15 <=============================================================================================================================================================> (137 / 137) 100.00% Time: 00:00:15
[i] No Config Backups Found.
"namespaces": [
"oembed/1.0",
"armani/v1",
"fast-plugin/v1",
"jwt-auth/v1",
"wc/v3",
"jetpack/v4",
"wc-admin",
"wc-analytics",
"wc/store",
"wc/store/v1",
"wc/private",
"wc/v1",
"wc/v2",
"wc-telemetry",
"wccom-site/v3",
"wp/v2",
"wp-site-health/v1",
"wp-block-editor/v1"
],
XMLRPC seems enabled: https://shop.armanienglish.com/xmlrpc.php
Default Login: https://shop.armanienglish.com/wp-admin
Tried usernames: admin, administrator, root
REST API Enabled: https://shop.armanienglish.com/wp-json
shopdev.armanienglish.com
Dev instance
shopold.armanienglish.com
Summary : HTML5, HTTPServer[ArvanCloud], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]
Apache Server at shopold.armanienglish.com Port 443
smart.armanienglish.com
{"message":"E_ROUTE_NOT_FOUND: Cannot GET:/api","stack":"HttpException: E_ROUTE_NOT_FOUND: Cannot GET:/api\n at Function.invoke (/home/smart/node_modules/@adonisjs/http-server/build/src/Exceptions/HttpException.js:31:23)\n at RequestHandler.findRoute (/home/smart/node_modules/@adonisjs/http-server/build/src/Server/RequestHandler/index.js:49:49)\n at RequestHandler.handle (/home/smart/node_modules/@adonisjs/http-server/build/src/Server/RequestHandler/index.js:65:14)\n at /home/smart/node_modules/@adonisjs/http-server/build/src/Server/index.js:77:44\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at Server.handleRequest (/home/smart/node_modules/@adonisjs/http-server/build/src/Server/index.js:108:13)","code":"E_ROUTE_NOT_FOUND"}
https://smart.armanienglish.com/api
So the guess for the adonisjs is correct.
/api/users/writing-correction-tokens
/api/tokenlogin
/api/writing/corrections
{"errors":[{"message":"E_UNAUTHORIZED_ACCESS: Unauthorized access"}]}
smartdev.armanienglish.com
Dev version
speaking.armanienglish.com
Status : 503 Service Unavailable
Title : <None>
IP : <Unknown>
Country : <Unknown>
Summary : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]
sso.armanienglish.com
Main api for registering and logging also managing roles.
adonisjs
/api/sso/moodle
/api/sso/live/moodle
/api/auth/user
/api/login
/api/otp/call
/api/otp/send
/api/register
/api/profile
/api/mobile/update
ssodev.armanienglish.com
dev version
studydev.armanienglish.com
Interestingly there is no study.armanienglish.com. There is just the dev version. maybe this is a WIP.
HttpException: E_ROUTE_NOT_FOUND: Route not found GET /
Guess: adonisjs
Possible connection to GOALS api.
ticketing.armanienglish.com
unleash.armanienglish.com
Summary : HTML5, HTTPServer[ArvanCloud], Script[module], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
Committed to creating new ways of developing software
https://github.com/Unleash/unleash
armani-chat-test.iran.liara.run
POST /api/chat/messages
POST /api/webinar/users/chat/authenticate
https://liara.ir/
https://armani-chat-test.iran.liara.run/
OK
Status : 200 OK
Title : <None>
IP : <Unknown>
Country : <Unknown>
Summary : Access-Control-Allow-Methods[GET, POST, PUT, DELETE, OPTIONS], UncommonHeaders[access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,uwebsockets]
#### webinar.armanienglish.com
POST /api/tokenlogin
POST /api/webinars/join
GET /api/webinar/:id
Seems to be built on Adobe connect platform.
??? /api/webinar/users/enroll
connect.armanienglish.com
https://connect.armanienglish.com/api/xml?action=common-info
https://connect.armanienglish.com/api/xml?action=login&login=${ T1 }&password=123456&session={ G1 }
https://connect.armanienglish.com/ielts-writing-master3?session=${ G1 }
There are 3 types of webinar: live, adobe connect or big blue button
irsafam.com
Seems to be parteners with ArmaniEnglish (or used to)
admin@armanienglish.com
info@armanienglish.com
Phone number
+982144675912
Found in JS source