Alireza's blog

Armani English language insitiute

- Category: Analysis, Hunting

Things I Have found so far.

Armani

English language insitiute

Person

Iman Mafi

Fullname: Iman Rezazadeh Mafi

Management and founder.

Instagram ID (?):

[REDACTED]

Frontend developer. Studying [REDACTED].

National ID From [REDACTED] Leak: [REDACTED] ([REDACTED]) Instagram ID: [REDACTED] Birthday: [REDACTED] ([REDACTED])

[REDACTED]

Full name: [REDACTED]

Backend developer. Used to study in [REDACTED]. Now studying in [REDACTED].

National ID From [REDACTED] Leak: [REDACTED] ([REDACTED])

Email: [REDACTED] Telegram ID: [REDACTED] School: [REDACTED] Instagram ID: [REDACTED] Current residence: [REDACTED]

Website

armanienglish.com

Main website.

Vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
X-Nextjs-Cache: HIT
X-Powered-By: Next.js
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block
Server: ArvanCloud

Open-Graph-Protocol

PORT     STATE SERVICE    VERSION
80/tcp   open  tcpwrapped
|_http-server-header: ArvanCloud
443/tcp  open  tcpwrapped
|_http-server-header: ArvanCloud
| ssl-cert: Subject: commonName=armanienglish.com
| Subject Alternative Name: DNS:*.armanienglish.com, DNS:*.login.armanienglish.com, DNS:armanienglish.com
| Not valid before: 2024-11-01T22:03:58
|_Not valid after:  2025-01-30T22:03:57
8080/tcp open  tcpwrapped
|_http-server-header: ArvanCloud
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host

Version: 2.1.4
OpenSSL 3.3.2 3 Sep 2024

Connected to 185.143.234.103

Testing SSL server armanienglish.com on port 443 using SNI name armanienglish.com

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   enabled
TLSv1.1   enabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve 25519 DHE 253
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve 25519 DHE 253
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve 25519 DHE 253
Preferred TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Preferred TLSv1.1  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.1  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Preferred TLSv1.0  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.0  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  192 bits  secp384r1 (NIST P-384)
TLSv1.3  128 bits  x25519
TLSv1.2  128 bits  secp256r1 (NIST P-256)
TLSv1.2  192 bits  secp384r1 (NIST P-384)
TLSv1.2  128 bits  x25519

  SSL Certificate:
Signature Algorithm: ecdsa-with-SHA384
ECC Curve Name:      prime256v1
ECC Key Strength:    128

Subject:  armanienglish.com
Altnames: DNS:*.armanienglish.com, DNS:*.login.armanienglish.com, DNS:armanienglish.com
Issuer:   E5

Not valid before: Nov  1 22:03:58 2024 GMT
Not valid after:  Jan 30 22:03:57 2025 GMT

; <<>> DiG 9.20.0-Debian <<>> -x armanienglish.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28580
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 512
;; QUESTION SECTION:
;com.armanienglish.in-addr.arpa.        IN      PTR

;; AUTHORITY SECTION:
in-addr.arpa.           5       IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2024093051 1800 900 604800 3600

;; Query time: 95 msec
;; SERVER: 192.168.174.2#53(192.168.174.2) (UDP)
;; WHEN: Fri Nov 29 17:35:26 +0330 2024
;; MSG SIZE  rcvd: 127

lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing.
                                    Written by Stefan Behte (http://ge.mine.nu)
                                    Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: FOUND
armanienglish.com has address 185.143.234.103
armanienglish.com has address 185.143.233.103

Checking for HTTP-Loadbalancing [Server]: 
 ArvanCloud
 NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 14:06:35, 14:06:35, 14:06:35, 14:06:35, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:36, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:37, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:38, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:39, 14:06:40, 14:06:40, 14:06:41, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< X-Request-ID: 8b68b1ba18f0fe6bdd2bbbff31ec6704
> X-Request-ID: ee6b3114475d166a66697ba5f37df272

armanienglish.com does Load-balancing. Found via Methods: DNS HTTP[Diff]

[*] Checking https://armanienglish.com
ERROR:wafw00f:Something went wrong HTTPSConnectionPool(host='armanienglish.com', port=443): Read timed out. (read timeout=7)
[+] Generic Detection results:
[*] The site https://armanienglish.com seems to be behind a WAF or some sort of security solution
[~] Reason: The server header is different when an attack is detected.
The server header for a normal response is "ArvanCloud", while the server header a response to an attack is "",
[~] Number of requests: 6

armani-cms.s3.ir-thr-at1.arvanstorage.ir

http://armani-cms.s3.ir-thr-at1.arvanstorage.ir/

Seems to hold static files for the websites, except for Moodle.

Last modified: 2024-05-06T16:53:23.144Z = Mon May 06 2024 20:23:23 GMT+0330 (Iran Standard Time)

<DisplayName>ایمان رضازاده مافی</DisplayName>

INFO exists    | armani-cms | ir-thr-at1 | AuthUsers: [] | AllUsers: [READ] | 354 objects (7.9 GB) 

dev.armanienglish.com

Seems like a dev version of the main site

api.armanienglish.com

{"message":"no Route matched with those values"}

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[x-kong-response-latency,server-timing,x-request-id,x-sid]

Seems to be running KONG: https://github.com/Kong/kong
api-dev.armanienglish.com
Dev version of pervious, not much more.

blog.armanienglish.com

"دوره های آموزشی آنلاین ز…رائه ایمان مافی (IELTS)"

Nginx with reverse proxy. 
Apache Server at blog.armanienglish.com Port 443

Last post: 3 Azar 1403

Last-Modified: Sat, 23 Nov 2024 16:50:29 GMT
Content-Encoding: gzip
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block
Server: ArvanCloud

JQuery[3.7.1], MetaGenerator[WordPress 6.7.1], Open-Graph-Protocol[website]

XMLRPC seems enabled: https://blog.armanienglish.com/xmlrpc.php

Default Login: https://blog.armanienglish.com/wp-admin
Tried usernames: admin, administrator, root

REST API Enabled: https://blog.armanienglish.com/wp-json

"namespaces": [
    "oembed/1.0",
    "rankmath/v1",
    "rankmath/v1/an",
    "rankmath/v1/ca",
    "rankmath/v1/in",
    "wp-rocket/v1",
    "wp/v2",
    "wp-site-health/v1",
    "wp-block-editor/v1"
  ],
  "authentication": {
    "application-passwords": {
      "endpoints": {
        "authorization": "https://blog.armanienglish.com/wp-admin/authorize-application.php"
      }
    }
  },
  
  
  [+] robots.txt found: https://blog.armanienglish.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /test
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%



[+] WordPress readme found: https://blog.armanienglish.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Debug Log found: https://blog.armanienglish.com/wp-content/debug.log
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | Reference: https://codex.wordpress.org/Debugging_in_WordPress

[+] The external WP-Cron seems to be enabled: https://blog.armanienglish.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress theme in use: koji
 | Location: https://blog.armanienglish.com/wp-content/themes/koji/
 | Latest Version: 2.1 (up to date)
 | Last Updated: 2024-02-23T00:00:00.000Z
 | Readme: https://blog.armanienglish.com/wp-content/themes/koji/readme.txt
 | Style URL: https://blog.armanienglish.com/wp-content/themes/koji/style.css?ver=2.1
 | Style Name: Koji
 | Style URI: https://andersnoren.se/teman/koji-wordpress-theme/
 | Description: Koji is a clean and lightweight theme for bloggers. It features a masonry grid on the archive pages,...
 | Author: Anders Norén
 | Author URI: https://andersnoren.se
 |
 | Found By: Css Style In 404 Page (Passive Detection)
 |
 | Version: 2.1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://blog.armanienglish.com/wp-content/themes/koji/style.css?ver=2.1, Match: 'Version: 2.1'


[+] armani
 | Location: https://blog.armanienglish.com/wp-content/plugins/armani/
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | The version could not be determined.

[+] structured-content
 | Location: https://blog.armanienglish.com/wp-content/plugins/structured-content/
 | Latest Version: 1.6.3 (up to date)
 | Last Updated: 2024-08-05T20:12:00.000Z
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 1.6.3 (100% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://blog.armanienglish.com/wp-content/plugins/structured-content/readme.txt
 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
 |  - https://blog.armanienglish.com/wp-content/plugins/structured-content/readme.txt

[+] wp-rocket
 | Location: https://blog.armanienglish.com/wp-content/plugins/wp-rocket/
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By:
 |  Urls In 404 Page (Passive Detection)
 |  Comment (Passive Detection)
 |
 | The version could not be determined.

Fatal error:  Uncaught Error: Call to undefined function get_header() in /www/wwwroot/blog.armanienglish.com/wp-content/themes/koji/index.php:1Stack trace:#0 {main}  thrown in /www/wwwroot/blog.armanienglish.com/wp-content/themes/koji/index.php on line 1

chat.armanienglish.com

Service Unavailable

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]

8080 Returns empty

chatbot.armanienglish.com

{"detail":"Not Found"}

Guess: Django server

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]

club.armanienglish.com

{"message":"E_ROUTE_NOT_FOUND: Cannot GET:/"}

Guess: Adonisjs + Node

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]

POST /api/tokenlogin
GET /api/profile
??? /api/balance
GET /api/companies/:id
GET /api/companies/:id/logo
GET /api/packages/:id
POST /api/prizes
GET /api/categories
GET /api/packages?[JSON QUERY] (category_id)
GET /api/transactions
GET /api/refers
clubdev.armanienglish.com
Dev version of pervious, not much more.

cms.armanienglish.com

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]


Link extracted from JS code from main website: https://cms.armanienglish.com/cms/v1/components
Seems to be listing the shops items. Accepts a filter parameter as json, for filtering the results. 
Seems to be linked to a wordpress site (woo commerce?) by the looks of the wp_book_id

Guess: Laravel (likely not adonisjs as for not returning updated_at)


Other endpoints from JS code:
(All need Auth) 

POST /carts/order
POST /carts/coupon
POST /carts
POST /cart/items
DELETE /cart/items
GET /cart/items

POST /consultation/request
Example REQ: 
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="name"

sfdsfsdf
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="email"

asdsfsd@fdggfd.com
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="phone"

09124984982
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="available_time"

sunday
-----------------------------25696515229954676421601960474
Content-Disposition: form-data; name="level"

Termic
-----------------------------25696515229954676421601960474--
Example RES:
{"statusCode":"10000","status":200,"meta":{},"data":{"name":"sfdsfsdf","email":"asdsfsd@fdggfd.com","phone":"09124984982","available_time":"sunday","level":"Termic","created_at":"2024-11-29T14:55:56.424+00:00","updated_at":"2024-11-29T14:55:56.424+00:00","id":244}}

GET /admin/feedbacks
GET /admin/consultations
GET /admin/first-time-buyers
{"errors":[{"message":"E_UNAUTHORIZED_ACCESS: Unauthorized access"}]}

Seems to be two types of admin: `admin` and `superadmin`

POST /feedbacks
POST /feedbacks/file
POST /newsletter
cmsdev.armanienglish.com
Dev version of pervious, not much more.

conf.armanienglish.com

Confluence | Your Remote-Friendly Team Workspace | Atlassian

WhatWeb report for https://conf.armanienglish.com/
Status    : 302 Found
Title     : <None>
IP        : <Unknown>
Country   : <Unknown>

Summary   : Confluence, Cookies[JSESSIONID], HTTPServer[ArvanCloud], HttpOnly[JSESSIONID], RedirectLocation[https://conf.armanienglish.com/login.action?os_destination=%2Findex.action&permissionViolation=true], UncommonHeaders[x-confluence-request-time,x-content-type-options,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[1; mode=block]

Summary   : Confluence, Cookies[JSESSIONID], HTML5, HTTPServer[ArvanCloud], HttpOnly[JSESSIONID], probably Index-Of, OpenSearch[/opensearch/osd.action], PasswordField[os_password], Script[context,module,resource,text/javascript,text/x-template], UncommonHeaders[x-confluence-request-time,x-content-type-options,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=EDGE], X-XSS-Protection[1; mode=block]

Host is up (0.00035s latency).
Other addresses for conf.armanienglish.com (not scanned): 185.143.233.103
All 1000 scanned ports on conf.armanienglish.com (185.143.234.103) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 80/tcp)
HOP RTT    ADDRESS
1   ... 30

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.66 seconds

Confluence 7.19.22


demo.armanienglish.com

Direct Admin panel: https://www.directadmin.com/

Summary   : HTML5, HTTPServer[ArvanCloud], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-UA-Compatible[ie=edge], X-XSS-Protection[1; mode=block]

Defaults creds did not work (demo_admin, demo)

#### email.armanienglish.com
Status    : 200 OK
Title     : MailWizz | Welcome
IP        : <Unknown>
Country   : <Unknown>

Summary   : Bootstrap, Cookies[csrf_token,mwsid], HTML5, HTTPServer[ArvanCloud], HttpOnly[csrf_token,mwsid], JQuery, Script[text/javascript], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]

Not shown: 999 filtered tcp ports (no-response)
PORT     STATE SERVICE    VERSION
8443/tcp open  tcpwrapped
|_http-title: 400 The plain HTTP request was sent to HTTPS port
|_http-server-header: ArvanCloud
| ssl-cert: Subject: commonName=armanienglish.com
| Subject Alternative Name: DNS:*.armanienglish.com, DNS:*.login.armanienglish.com, DNS:armanienglish.com
| Not valid before: 2024-11-01T22:03:58
|_Not valid after:  2025-01-30T22:03:57

Not much was found

goal-api.armanienglish.com

HttpException: E_ROUTE_NOT_FOUND: Route not found GET /

Guess: Adonisjs + Node

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]

GET /usertasks
POST /usertasks
PUT /usertasks/$id

#### irsafam.armanienglish.com
Seems like a static website. maybe it was used in old days.  it promotes termic. it has two videos. 

Summary   : HTML5, HTTPServer[ArvanCloud], JQuery[3.7.1], MetaGenerator[Powered by WPBakery Page Builder - drag and drop page builder for WordPress.,WordPress 6.7.1], PoweredBy[WPBakery], Script, UncommonHeaders[link,content-security-policy,server-timing,x-request-id,x-sid], WordPress[6.7.1], X-XSS-Protection[1; mode=block]

wp-json is enabled. 
https://irsafam.armanienglish.com/wp-json/

  "namespaces": [
    "oembed/1.0",
    "wp-statistics/v2",
    "wp/v2",
    "wp-site-health/v1",
    "wp-block-editor/v1"
  ],
  
  [+] Headers
 | Interesting Entries:
 |  - content-security-policy: upgrade-insecure-requests
 |  - server: ArvanCloud
 |  - server-timing: total;dur=224
 |  - x-request-id: c10571571527d7b6c64f34e4524c82e0
 |  - x-sid: 2062
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://irsafam.armanienglish.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://irsafam.armanienglish.com/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://irsafam.armanienglish.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://irsafam.armanienglish.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

Fingerprinting the version - Time: 00:00:24 <===================================> (702 / 702) 100.00% Time: 00:00:24
[i] The WordPress version could not be detected.

[+] WordPress theme in use: twentytwentythree
 | Location: https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/
 | Last Updated: 2024-11-13T00:00:00.000Z
 | Readme: https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/readme.txt
 | [!] The version is out of date, the latest version is 1.6
 | Style URL: https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/style.css
 | Style Name: Twenty Twenty-Three
 | Style URI: https://wordpress.org/themes/twentytwentythree
 | Description: Twenty Twenty-Three is designed to take advantage of the new design tools introduced in WordPress 6....
 | Author: the WordPress team
 | Author URI: https://wordpress.org
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 1.5 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://irsafam.armanienglish.com/wp-content/themes/twentytwentythree/style.css, Match: 'Version: 1.5'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] js_composer
 | Location: https://irsafam.armanienglish.com/wp-content/plugins/js_composer/
 | Last Updated: 2024-11-28T22:47:55.000Z
 | [!] The version is out of date, the latest version is 8.0.1
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Body Tag (Passive Detection)
 |
 | Version: 7.8 (80% confidence)
 | Found By: Body Tag (Passive Detection)
 |  - https://irsafam.armanienglish.com/, Match: 'js-comp-ver-7.8'
 | Confirmed By: Query Parameter (Passive Detection)
 |  - https://irsafam.armanienglish.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.8
 |  - https://irsafam.armanienglish.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=7.8

[+] Ultimate_VC_Addons
 | Location: https://irsafam.armanienglish.com/wp-content/plugins/Ultimate_VC_Addons/
 | Last Updated: 2024-11-28T16:20:19.000Z
 | [!] The version is out of date, the latest version is 3.19.23
 |
 | Found By: Urls In Homepage (Passive Detection)
 |
 | Version: 3.19.22 (60% confidence)
 | Found By: Change Log (Aggressive Detection)
 |  - https://irsafam.armanienglish.com/wp-content/plugins/Ultimate_VC_Addons/changelog.txt, Match: '3.19.22 -'

[+] wp-statistics
 | Location: https://irsafam.armanienglish.com/wp-content/plugins/wp-statistics/
 | Last Updated: 2024-11-17T18:34:00.000Z
 | [!] The version is out of date, the latest version is 14.11.3
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 14.10.3 (100% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://irsafam.armanienglish.com/wp-content/plugins/wp-statistics/readme.txt
 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
 |  - https://irsafam.armanienglish.com/wp-content/plugins/wp-statistics/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:03 <=====================================> (137 / 137) 100.00% Time: 00:00:03

[i] No Config Backups Found.

Default login: https://irsafam.armanienglish.com/wp-login.php


Old shop: https://irsafam.armanienglish.com/shop/
Only auhtor seems to be: `mahdi`
Site was setup 23 Oct 2024

gate.armanienglish.com

Summary   : Bootstrap, HTML5, HTTPServer[ArvanCloud], JQuery, Script[text/javascript], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-Powered-By[Sails <sailsjs.org>], X-XSS-Protection[1; mode=block]

KONGA 0.14.9
         More than just another GUI to Kong Admin API        https://github.com/pantsel/konga

jira.armanienglish.com

Jira issue tracker

Summary   : Atlassian-JIRA, Cookies[JSESSIONID,atlassian.xsrf.token], HTML5, HTTPServer[ArvanCloud], HttpOnly[JSESSIONID], Java, OpenSearch[/osd.jsp], Script[context,module,resource,text/javascript], Strict-Transport-Security[max-age=31536000], UncommonHeaders[x-arequestid,referrer-policy,x-content-type-options,x-ausername,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=Edge], X-XSS-Protection[1; mode=block]
[+] [HIGH]  Vulnerable To CVE-2019-3402 [Maybe] https://jira.armanienglish.com/secure/ConfigurePortal: https://jira.armanienglish.com/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert("XSS")%3C%2fscript%3Et1nmk&Search=Search

[+] [LOW] Vulnerable To CVE-2020-14179 : https://jira.armanienglish.com/secure/QueryComponent!Default.jspa

[+] [LOW] Vulnerable To CVE-2020-36287 : File Written at [CVE-2020-36287_jira.armanienglish.com.txt]

[+] [HIGH] Vulnerable To CVE-2018-5230 https://jira.armanienglish.com/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert%281%29%22%3E.vm

[+] [INFO] Found Unauthenticated DashBoard Access : https://jira.armanienglish.com/rest/api/2/dashboard?maxResults=100

[+] [LOW] Found Query Component Fields : https://jira.armanienglish.com/secure/QueryComponent!Jql.jspa?jql=

login.armanienglish.com

Moodle LMS

Summary   : Content-Language[fa], Cookies[MoodleSession], HTML5, HTTPServer[ArvanCloud], Moodle, Script[text/css,text/javascript], UncommonHeaders[content-script-type,content-style-type,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[sameorigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]

[+] Plugins found:                                                              
    forum https://login.armanienglish.com/mod/forum/
        https://login.armanienglish.com/mod/forum/upgrade.txt
        https://login.armanienglish.com/mod/forum/version.php

[+] Themes found:
    bootstrapbase https://login.armanienglish.com/theme/bootstrapbase/
        https://login.armanienglish.com/theme/bootstrapbase/README.txt
        https://login.armanienglish.com/theme/bootstrapbase/upgrade.txt
        https://login.armanienglish.com/theme/bootstrapbase/version.php
    clean https://login.armanienglish.com/theme/clean/
        https://login.armanienglish.com/theme/clean/README.txt
        https://login.armanienglish.com/theme/clean/version.php
    more https://login.armanienglish.com/theme/more/
        https://login.armanienglish.com/theme/more/version.php

[+] Possible version(s):
    3.3.0
    3.3.0-beta
    3.3.0-rc1
    3.3.0-rc2
    3.3.0-rc3
    3.3.1
    3.3.2
    3.3.3
    3.3.4
    3.3.5
    3.3.6
    3.3.7
    3.3.8
    3.3.9

[+] Possible interesting urls found:
    Static readme file. - https://login.armanienglish.com/README.txt

[+] Scan finished (0:00:04.100718 elapsed)
                                           
Version found via /question/upgrade.txt : Moodle v3.5.0-rc1
logindev.armanienglish.com
Dev version of login

Summary   : Content-Language[en], Cookies[MoodleSession], HTML5, HTTPServer[ArvanCloud], HttpOnly[MoodleSession], probably Index-Of, Moodle, Script[text/css], UncommonHeaders[content-script-type,content-style-type,content-security-policy,server-timing,x-request-id,x-sid], X-Frame-Options[sameorigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]

[+] Plugins found:                                                              
    forum https://logindev.armanienglish.com/mod/forum/
        https://logindev.armanienglish.com/mod/forum/upgrade.txt
        https://logindev.armanienglish.com/mod/forum/version.php

[+] No themes found.

[+] No version found.

[+] Possible interesting urls found:
    Admin panel - https://logindev.armanienglish.com/login/

[+] Scan finished (0:00:03.413705 elapsed)


Getting moodle version...

Version not found

meet.armanienglish.com

big blue button meeting

WhatWeb report for https://meet.armanienglish.com/
Status    : 200 OK
Title     : BigBlueButton
IP        : 188.121.122.179
Country   : IRAN (ISLAMIC REPUBLIC OF), IR

Summary   : HTML5, HTTPServer[nginx], nginx, Script, X-UA-Compatible[IE=edge]

mini.armanienglish.com

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]


Apache Server at mini.armanienglish.com Port 443

not much else

mock.armanienglish.com

HttpException: E_ROUTE_NOT_FOUND: Route not found GET /

Guess: Adonisjs + Node

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]

mock-ielts.armanienglish.com

Summary   : HTTPServer[ArvanCloud], RedirectLocation[https://my.armanienglish.com/mock-ielts], UncommonHeaders[server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]

mock-ielts-dev.armanienglish.com
Summary   : HTTPServer[ArvanCloud], RedirectLocation[https://my.armanienglish.com/mock-ielts], UncommonHeaders[server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]

my.armanienglish.com

Summary   : Frame, HTML5, HTTPServer[ArvanCloud], Script[module,text/partytown], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]


https://partytown.builder.io/

  BASE_URL: '/',
  DEV: !1,
  MODE: 'production',
  PROD: !0,
  SSR: !1,
  VITE_PUBLIC_API_CLUB: 'https://club.armanienglish.com',
  VITE_PUBLIC_API_CMS: 'https://cms.armanienglish.com/cms/v1',
  VITE_PUBLIC_API_GOAL: 'https://goal-api.armanienglish.com',
  VITE_PUBLIC_API_MOCKIELTS: 'https://mock.armanienglish.com',
  VITE_PUBLIC_API_S3: 'https://armani-cms.s3.ir-thr-at1.arvanstorage.ir',
  VITE_PUBLIC_API_SMARTCORRECTIONS: 'https://smart.armanienglish.com',
  VITE_PUBLIC_API_SPEAKING: 'https://speaking.armanienglish.com',
  VITE_PUBLIC_API_SSO: 'https://sso.armanienglish.com',
  VITE_PUBLIC_API_SSO_DEV: 'https://ssodev.armanienglish.com',
  VITE_PUBLIC_API_TICKETING: 'https://ticketing.armanienglish.com',
  VITE_PUBLIC_API_WEBINAR: 'https://webinar.armanienglish.com',
  VITE_PUBLIC_API_WEBINAR_CHAT: 'armani-chat-test.iran.liara.run',
  VITE_PUBLIC_Cookie: 'armani-token',
  VITE_PUBLIC_Cookie_MOCK: 'armani-token-mock',
  VITE_PUBLIC_DOMAIN: 'armanienglish.com',
  VITE_PUBLIC_FEATURE_CALCULATOR: 'yes',
  VITE_PUBLIC_FEATURE_CLUB: 'yes',
  VITE_PUBLIC_FEATURE_DARKMODE: 'yes',
  VITE_PUBLIC_FEATURE_LIVE_COURSES: 'no',
  VITE_PUBLIC_FEATURE_MOCKIELTS: 'new',
  VITE_PUBLIC_FEATURE_MOCKIELTS_ARMANI: 'soon',
  VITE_PUBLIC_FEATURE_MOCKIELTS_PAID_CORRECTION: 'yes',
  VITE_PUBLIC_FEATURE_MOCKIELTS_SPEAKING: 'no',
  VITE_PUBLIC_FEATURE_MOCKIELTS_WRITING_PDF: 'yes',
  VITE_PUBLIC_FEATURE_MULTILINGUALITY: 'no',
  VITE_PUBLIC_FEATURE_SMARTCORRECTIONS: 'yes',
  VITE_PUBLIC_FEATURE_SPEAKING: 'soon',
  VITE_PUBLIC_FEATURE_STUDYPLAN_PDF_VIEW: 'no',
  VITE_PUBLIC_FEATURE_TICKETING: 'new',
  VITE_PUBLIC_FEATURE_WEBINAR: 'yes',
  VITE_PUBLIC_SHOPSLUG_MOCK_MANUAL_CORRECTION: 'mock-writing-correction',
  VITE_PUBLIC_URL_MOCKIELTS: 'https://mock-ielts.armanienglish.com',
  VITE_PUBLIC_URL_MY: 'https://my.armanienglish.com',
  VITE_PUBLIC_URL_SHOP: 'https://armanienglish.com'
},

mydev.armanienglish.com

panel.armanienglish.com

admin panel

Summary   : HTML5, HTTPServer[ArvanCloud], Script[module], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]

Remix for backend


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

const m = {
  BASE_URL: '/',
  DEV: !1,
  MODE: 'production',
  PROD: !0,
  SSR: !1,
  VITE_PUBLIC_URL_CLUB_API: 'https://club.armanienglish.com/api',
  VITE_PUBLIC_URL_CLUB_API_ADMIN: 'https://club.armanienglish.com/api/admin',
  VITE_PUBLIC_URL_CLUB_BASE: 'https://club.armanienglish.com',
  VITE_PUBLIC_URL_CMS_API: 'https://cms.armanienglish.com/cms/v1',
  VITE_PUBLIC_URL_CMS_API_ADMIN: 'https://cms.armanienglish.com/cms/v1/admin',
  VITE_PUBLIC_URL_CMS_BASE: 'https://cms.armanienglish.com/cms',
  VITE_PUBLIC_URL_MOCK_API: 'https://mock.armanienglish.com/api',
  VITE_PUBLIC_URL_MOCK_API_ADMIN: 'https://mock.armanienglish.com/api/admin',
  VITE_PUBLIC_URL_MOCK_BASE: 'https://mock.armanienglish.com',
  VITE_PUBLIC_URL_MY: 'https://my.armanienglish.com',
  VITE_PUBLIC_URL_MY_MOCK: 'https://my.armanienglish.com/mock-ielts',
  VITE_PUBLIC_URL_SSO: 'https://sso.armanienglish.com',
  VITE_PUBLIC_URL_SSO_API: 'https://sso.armanienglish.com/api',
  VITE_PUBLIC_URL_TICKETING_API_ADMIN: 'https://ticketing.armanienglish.com/ticketing/v1/admin',
  VITE_PUBLIC_URL_TICKETING_BASE: 'https://ticketing.armanienglish.com/ticketing/v1',
  VITE_PUBLIC_URL_WEBINAR_API: 'https://webinar.armanienglish.com/api',
  VITE_PUBLIC_URL_WEBINAR_API_ADMIN: 'https://webinar.armanienglish.com/api/admin',
  VITE_PUBLIC_URL_WEBINAR_BASE: 'https://webinar.armanienglish.com'
};



0: "root"

​​1: "routes/ticketing.categories.edit-order._index"

​​2: "routes/mock.teacher-checked-admin._index"

​​3: "routes/mock.question-groups.edit.$id"

​​4: "routes/mock.question-groups.tree.$id"

​​5: "routes/ticketing.categories.edit.$id"

​​6: "routes/speaking.userpackages._index"

​​7: "routes/cms.termic-courses.edit.$id"

​​8: "routes/mock.teacher-checked._index"

​​9: "routes/ticketing.categories._index"

​​10: "routes/club.packagecodes.edit.$id"

​​11: "routes/cms.ielts-courses.edit.$id"

​​12: "routes/webinar.system-logs._index"

​​13: "routes/cms.termic-courses._index"

​​14: "routes/mock.speaking-time._index"

​​15: "routes/mock.teacher-exams._index"

​​16: "routes/speaking.questions._index"

​​17: "routes/webinar.webinars.edit.$id"

​​18: "routes/club.transactions._index"

​​19: "routes/cms.ielts-courses._index"

​​20: "routes/cms.live-course.edit.$id"

​​21: "routes/mock.file-manager._index"

​​22: "routes/mock.question-groups.$id"

​​23: "routes/mock.question-groups.new"

​​24: "routes/speaking.packages._index"

​​25: "routes/ticketing.categories.$id"

​​26: "routes/ticketing.categories.new"

​​27: "routes/ticketing.tickets._index"

​​28: "routes/ticketing.users.edit.$id"

​​29: "routes/club.companies.edit.$id"

​​30: "routes/mock.check-speaking.$id"

​​31: "routes/mock.questions.edit.$id"

​​32: "routes/speaking.users.edit.$id"

​​33: "routes/ticketing.report._index"

​​34: "routes/webinar.system-logs.$id"

​​35: "routes/webinar.webinars._index"

​​36: "routes/club.categories._index"

​​37: "routes/club.packages.edit.$id"

​​38: "routes/cms.assignments._index"

​​39: "routes/cms.live-course._index"

​​40: "routes/cms.notfication._index"

​​41: "routes/cms.termic-courses.$id"

​​42: "routes/cms.termic-courses.new"

​​43: "routes/mock.check-writing.$id"

​​44: "routes/mock.teacher-exams.$id"

​​45: "routes/ticketing.users._index"

​​46: "routes/webinar.users.edit.$id"

​​47: "routes/club.cashout.edit.$id"

​​48: "routes/club.companies._index"

​​49: "routes/club.packagecodes.$id"

​​50: "routes/club.packagecodes.new"

​​51: "routes/cms.ielts-courses.$id"

​​52: "routes/cms.ielts-courses.new"

​​53: "routes/cms.packages.edit.$id"

​​54: "routes/mock.userexams._index"

​​55: "routes/speaking.users._index"

​​56: "routes/ticketing.tickets.$id"

​​57: "routes/club.packages._index"

​​58: "routes/ticketing.report.new"

​​59: "routes/webinar.users._index"

​​60: "routes/webinar.webinars.$id"

​​61: "routes/webinar.webinars.new"

​​62: "routes/club.cashout._index"

​​63: "routes/club.categories.$id"

​​64: "routes/club.users.edit.$id"

​​65: "routes/cms.live-course.$id"

​​66: "routes/cms.live-course.new"

​​67: "routes/cms.packages._index"

​​68: "routes/cms.teachers._index"

​​69: "routes/mock.check-exam.$id"

​​70: "routes/mock.check-test.$id"

​​71: "routes/mock.exams.edit.$id"

​​72: "routes/mock.exams.tree.$id"

​​73: "routes/mock.parts.edit.$id"

​​74: "routes/mock.parts.tree.$id"

​​75: "routes/mock.tests.edit.$id"

​​76: "routes/mock.tests.tree.$id"

​​77: "routes/mock.users.edit.$id"

​​78: "routes/ticketing.users.$id"

​​79: "routes/club.companies.$id"

​​80: "routes/club.companies.new"

​​81: "routes/club.prizes._index"

​​82: "routes/mock.questions.$id"

​​83: "routes/mock.questions.new"

​​84: "routes/mock.userexams.$id"

​​85: "routes/mock.usertests.$id"

​​86: "routes/speaking.users.$id"

​​87: "routes/club.packages.$id"

​​88: "routes/club.packages.new"

​​89: "routes/club.users._index"

​​90: "routes/cms.mock.edit.$id"

​​91: "routes/cms.orders._index"

​​92: "routes/mock.exams._index"

​​93: "routes/mock.tests._index"

​​94: "routes/mock.users._index"

​​95: "routes/webinar.users.$id"

​​96: "routes/club.cashout.$id"

​​97: "routes/cms.packages.new"

​​98: "routes/cms.users._index"

​​99: "routes/ticketing._index"


100: "routes/cms.mock._index"

​​101: "routes/speaking._index"

​​102: "routes/club.users.$id"

​​103: "routes/cms.orders.$id"

​​104: "routes/mock.exams.$id"

​​105: "routes/mock.exams.new"

​​106: "routes/mock.parts.$id"

​​107: "routes/mock.parts.new"

​​108: "routes/mock.tests.$id"

​​109: "routes/mock.tests.new"

​​110: "routes/mock.users.$id"

​​111: "routes/webinar._index"

​​112: "routes/cms.mock.$id"

​​113: "routes/cms.mock.new"

​​114: "routes/club._index"

​​115: "routes/mock._index"

​​116: "routes/cms._index"

​​117: "routes/_index"

​​118: "routes/login"

​​119: "routes/403"

​​120: "routes/pdf"



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


User data scheme: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{
'role': 'user', 'admin', 'superadmin', 'teacher', '???',
'token': {'token': 'Authorization Bearer ...', }

}


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



JODIT PDF EDITOR
https://xdsoft.net/jodit/
https://panel.armanienglish.com/pdf
paneldev.armanienglish.com
dev version

play.armanienglish.com

GPT Playground

seems to need auth

curl 'https://smartdev.armanienglish.com/api/play-ground' -X POST -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Referer: https://play.armanienglish.com/' -H 'Authorization: Bearer NDE.-d6WcCcOMXMOz5vgveie5pNsCW4ndifVRo6k6CE39ObaKd_1DbEOU80_y-xt' -H 'Content-Type: application/json' -H 'secret: 485tyfyr4CQSR6CKdrtfghjPHVqVUiD5V6JP' -H 'Origin: https://play.armanienglish.com' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-site' -H 'TE: trailers' --data-raw '{"text":"hello","prompt":"","temperature":0,"model":"gpt-4","max_tokens":8192,"stop":[],"top_p":1,"frequency_penalty":0,"presence_penalty":0}'

{"errors":[{"rule":"required","field":"prompt","message":"required validation failed"}]}

Summary   : HTML5, HTTPServer[ArvanCloud], Script[module], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]

radio.armanienglish.com

Podcast hosting

Summary   : Cookies[_buzzsprout_session], HTML5, HTTPServer[Caddy], HttpOnly[_buzzsprout_session], Open-Graph-Protocol[website][58375489563], Script, Strict-Transport-Security[max-age=63072000; includeSubDomains], UncommonHeaders[content-security-policy,referrer-policy,x-content-type-options,x-download-options,x-permitted-cross-domain-policies,x-request-id], X-Frame-Options[SAMEORIGIN], X-XSS-Protection[0]


https://www.buzzsprout.com/



shop.armanienglish.com

Summary   : Frame, HTML5, HTTPServer[ArvanCloud], JQuery[3.7.1], MetaGenerator[WooCommerce 9.2.3,WordPress 6.6.2], Script[importmap,module,text/javascript], UncommonHeaders[referrer-policy,content-security-policy,server-timing,x-request-id,x-sid], WordPress[6.6.2], X-XSS-Protection[1; mode=block]


Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - referrer-policy: no-referrer-when-downgrade
 |  - content-security-policy: upgrade-insecure-requests
 |  - server: ArvanCloud
 |  - server-timing: total;dur=13
 |  - x-request-id: 025ed917b9e5d0f604c23442e12bc64e
 |  - x-sid: 2066
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://shop.armanienglish.com/robots.txt
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://shop.armanienglish.com/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://shop.armanienglish.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://shop.armanienglish.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

Fingerprinting the version - Time: 00:00:33 <===========================================================================================================================================================> (702 / 702) 100.00% Time: 00:00:33
[i] The WordPress version could not be detected.

[+] WordPress theme in use: twentytwentyfour
 | Location: https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/
 | Last Updated: 2024-11-13T00:00:00.000Z
 | Readme: https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/readme.txt
 | [!] The version is out of date, the latest version is 1.3
 | Style URL: https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/style.css
 | Style Name: Twenty Twenty-Four
 | Style URI: https://wordpress.org/themes/twentytwentyfour/
 | Description: Twenty Twenty-Four is designed to be flexible, versatile and applicable to any website. Its collecti...
 | Author: the WordPress team
 | Author URI: https://wordpress.org
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 1.2 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://shop.armanienglish.com/wp-content/themes/twentytwentyfour/style.css, Match: 'Version: 1.2'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] w3-total-cache
 | Location: https://shop.armanienglish.com/wp-content/plugins/w3-total-cache/
 | Last Updated: 2024-11-12T17:00:00.000Z
 | [!] The version is out of date, the latest version is 2.8.0
 |
 | Found By: Comment Debug Info (Passive Detection)
 |
 | Version: 2.7.5 (100% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://shop.armanienglish.com/wp-content/plugins/w3-total-cache/readme.txt
 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
 |  - https://shop.armanienglish.com/wp-content/plugins/w3-total-cache/readme.txt

[+] woocommerce
 | Location: https://shop.armanienglish.com/wp-content/plugins/woocommerce/
 | Last Updated: 2024-11-19T16:31:00.000Z
 | [!] The version is out of date, the latest version is 9.4.2
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By:
 |  Urls In 404 Page (Passive Detection)
 |  Meta Generator (Passive Detection)
 |
 | Version: 9.2.3 (100% confidence)
 | Found By: Query Parameter (Passive Detection)
 |  - https://shop.armanienglish.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=9.2.3
 |  - https://shop.armanienglish.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=9.2.3
 | Confirmed By:
 |  Meta Generator (Passive Detection)
 |   - https://shop.armanienglish.com/, Match: 'WooCommerce 9.2.3'
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - https://shop.armanienglish.com/wp-content/plugins/woocommerce/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:15 <=============================================================================================================================================================> (137 / 137) 100.00% Time: 00:00:15

[i] No Config Backups Found.

  "namespaces": [
    "oembed/1.0",
    "armani/v1",
    "fast-plugin/v1",
    "jwt-auth/v1",
    "wc/v3",
    "jetpack/v4",
    "wc-admin",
    "wc-analytics",
    "wc/store",
    "wc/store/v1",
    "wc/private",
    "wc/v1",
    "wc/v2",
    "wc-telemetry",
    "wccom-site/v3",
    "wp/v2",
    "wp-site-health/v1",
    "wp-block-editor/v1"
  ],
  
  
XMLRPC seems enabled: https://shop.armanienglish.com/xmlrpc.php

Default Login: https://shop.armanienglish.com/wp-admin
Tried usernames: admin, administrator, root

REST API Enabled: https://shop.armanienglish.com/wp-json
shopdev.armanienglish.com
Dev instance
shopold.armanienglish.com
Summary   : HTML5, HTTPServer[ArvanCloud], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-XSS-Protection[1; mode=block]

Apache Server at shopold.armanienglish.com Port 443

smart.armanienglish.com

{"message":"E_ROUTE_NOT_FOUND: Cannot GET:/api","stack":"HttpException: E_ROUTE_NOT_FOUND: Cannot GET:/api\n    at Function.invoke (/home/smart/node_modules/@adonisjs/http-server/build/src/Exceptions/HttpException.js:31:23)\n    at RequestHandler.findRoute (/home/smart/node_modules/@adonisjs/http-server/build/src/Server/RequestHandler/index.js:49:49)\n    at RequestHandler.handle (/home/smart/node_modules/@adonisjs/http-server/build/src/Server/RequestHandler/index.js:65:14)\n    at /home/smart/node_modules/@adonisjs/http-server/build/src/Server/index.js:77:44\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at Server.handleRequest (/home/smart/node_modules/@adonisjs/http-server/build/src/Server/index.js:108:13)","code":"E_ROUTE_NOT_FOUND"}

https://smart.armanienglish.com/api

So the guess for the adonisjs is correct.

/api/users/writing-correction-tokens
/api/tokenlogin
/api/writing/corrections

{"errors":[{"message":"E_UNAUTHORIZED_ACCESS: Unauthorized access"}]}
smartdev.armanienglish.com
Dev version

speaking.armanienglish.com

Status    : 503 Service Unavailable
Title     : <None>
IP        : <Unknown>
Country   : <Unknown>

Summary   : HTTPServer[ArvanCloud], UncommonHeaders[server-timing,x-request-id,x-sid]

sso.armanienglish.com

Main api for registering and logging also managing roles. 
adonisjs

/api/sso/moodle
/api/sso/live/moodle
/api/auth/user
/api/login
/api/otp/call
/api/otp/send
/api/register
/api/profile
/api/mobile/update
ssodev.armanienglish.com
dev version

studydev.armanienglish.com

Interestingly there is no study.armanienglish.com. There is just the dev version. maybe this is a WIP.

HttpException: E_ROUTE_NOT_FOUND: Route not found GET /
Guess: adonisjs

Possible connection to GOALS api.

ticketing.armanienglish.com

unleash.armanienglish.com

Summary   : HTML5, HTTPServer[ArvanCloud], Script[module], UncommonHeaders[content-security-policy,server-timing,x-request-id,x-sid], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
Committed to creating new ways of developing software
https://github.com/Unleash/unleash

armani-chat-test.iran.liara.run

POST /api/chat/messages
POST /api/webinar/users/chat/authenticate

https://liara.ir/

https://armani-chat-test.iran.liara.run/
OK

Status    : 200 OK
Title     : <None>
IP        : <Unknown>
Country   : <Unknown>

Summary   : Access-Control-Allow-Methods[GET, POST, PUT, DELETE, OPTIONS], UncommonHeaders[access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,uwebsockets]


#### webinar.armanienglish.com
POST /api/tokenlogin
POST /api/webinars/join
GET /api/webinar/:id

Seems to be built on Adobe connect platform.

??? /api/webinar/users/enroll

connect.armanienglish.com

https://connect.armanienglish.com/api/xml?action=common-info
https://connect.armanienglish.com/api/xml?action=login&login=${ T1 }&password=123456&session={ G1 }
https://connect.armanienglish.com/ielts-writing-master3?session=${ G1 }

There are 3 types of webinar: live, adobe connect or big blue button

irsafam.com

Seems to be parteners with ArmaniEnglish (or used to)

Email

admin@armanienglish.com

info@armanienglish.com

Phone number

+982144675912

Found in JS source

IPs