Sep 17, 2020 1:57:09 PM com.google.tsunami.main.cli.TsunamiCli main
INFORMATION: Full classpath scan took 2.893 s
Sep 17, 2020 1:57:09 PM com.google.tsunami.common.config.ConfigModule configure
INFORMATION: Found Tsunami config class: com.google.tsunami.plugins.portscan.nmap.NmapPortScannerConfigs
Sep 17, 2020 1:57:09 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFORMATION: Found CliOption: com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiver$Options
Sep 17, 2020 1:57:09 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFORMATION: Found CliOption: com.google.tsunami.main.cli.ScanResultsArchiver$Options
Sep 17, 2020 1:57:09 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFORMATION: Found CliOption: com.google.tsunami.main.cli.option.ScanTargetCliOptions
Sep 17, 2020 1:57:09 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFORMATION: Found CliOption: com.google.tsunami.plugins.portscan.nmap.option.NmapPortScannerCliOptions
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFORMATION: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.jenkins.JenkinsExposedUiDetector
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFORMATION: Plugin class com.google.tsunami.plugins.detectors.exposedui.jenkins.JenkinsExposedUiDetector is registered.
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFORMATION: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.jupyter.JupyterExposedUiDetector
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFORMATION: Plugin class com.google.tsunami.plugins.detectors.exposedui.jupyter.JupyterExposedUiDetector is registered.
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFORMATION: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFORMATION: Plugin class com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector is registered.
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFORMATION: Found plugin class: com.google.tsunami.plugins.portscan.nmap.NmapPortScanner
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFORMATION: Plugin class com.google.tsunami.plugins.portscan.nmap.NmapPortScanner is registered.
Sep 17, 2020 1:57:09 PM com.google.tsunami.main.cli.TsunamiCli run
INFORMATION: TsunamiCli starting...
Sep 17, 2020 1:57:09 PM com.google.tsunami.workflow.DefaultScanningWorkflow runAsync
INFORMATION: Staring Tsunami scanning workflow.
Sep 17, 2020 1:57:09 PM com.google.tsunami.workflow.DefaultScanningWorkflow scanPorts
INFORMATION: Starting port scanning phase of the scanning workflow.
Sep 17, 2020 1:57:09 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner scan
INFORMATION: Starting nmap scan.
Sep 17, 2020 1:57:09 PM com.google.tsunami.common.command.CommandExecutor execute
INFORMATION: Executing the following command: '/usr/bin/nmap --unprivileged -Pn -n -sT -sV --version-intensity 5 -T4 --script banner 10.88.102.140 -oX /tmp/nmap8495930506259655152.report'
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.client.parser.NmapResultHandler startDocument
INFORMATION: Start parsing Nmap result document.
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.client.parser.NmapResultHandler endDocument
INFORMATION: Finished parsing Nmap result document.
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner scan
INFORMATION: Finished nmap scan on target '10.88.102.140' in 30.05 s.
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner extractServicesFromNmapRun
INFORMATION: Building PortScanningReport from Nmap result.
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFORMATION: Nmap identified service: ip 10.88.102.140, port 22, protocol TCP, service ssh, software OpenSSH, version 7.9p1 Debian 10+deb10u2, banner SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFORMATION: Nmap identified service: ip 10.88.102.140, port 80, protocol TCP, service http, software Apache httpd, version 2.4.38
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFORMATION: Nmap identified service: ip 10.88.102.140, port 3306, protocol TCP, service mysql, banner J\x00\x00\x00\x0A8.0.21\x00k\x03\x00\x00>\x09\x1C\x01L<7H\x00\x
FF\xFF\xE0\x02\x00\xFF\xC7\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...

Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFORMATION: Nmap identified service: ip 10.88.102.140, port 8443, protocol TCP, service http, software Jetty, version 9.2.z-SNAPSHOT
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFORMATION: Nmap identified service: ip 10.88.102.140, port 8888, protocol TCP, service http, software Tornado httpd, version 6.0.4
Sep 17, 2020 1:57:39 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFORMATION: Nmap identified service: ip 10.88.102.140, port 50000, protocol TCP, service http, software Jenkins httpd, version 2.60.3
Sep 17, 2020 1:57:39 PM com.google.tsunami.workflow.DefaultScanningWorkflow fingerprintNetworkServices
INFORMATION: Port scanning phase done, moving to service fingerprinting phase with '0' fingerprinter(s) selected.
Sep 17, 2020 1:57:40 PM com.google.tsunami.workflow.DefaultScanningWorkflow detectVulnerabilities
INFORMATION: Service fingerprinting phase done, moving to vuln detection phase.
Sep 17, 2020 1:57:40 PM com.google.tsunami.plugins.detectors.exposedui.jenkins.JenkinsExposedUiDetector detect
INFORMATION: Starting exposed ui detection for Jenkins
Sep 17, 2020 1:57:40 PM com.google.tsunami.plugins.detectors.exposedui.jupyter.JupyterExposedUiDetector detect
INFORMATION: Starting exposed ui detection for Jupyter Notebook
Sep 17, 2020 1:57:40 PM com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector detect
INFORMATION: Starting unfinished install page detection for WordPress.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140/wp-admin/install.php?step=1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140/view/all/newJob'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '302' for request to 'http://10.88.102.140/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140:8443/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '404' for request to 'http://10.88.102.140:8443/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140:8888/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '200' for request to 'http://10.88.102.140:8888/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140:50000/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '404' for request to 'http://10.88.102.140:50000/terminals/1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '200' for request to 'http://10.88.102.140/wp-admin/install.php?step=1'.
Sep 17, 2020 1:57:40 PM com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector responseHasSetupForm
INFORMATION: [WP] trying to determine if responseHasSetupForm
Sep 17, 2020 1:57:40 PM com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector responseHasSetupForm
INFORMATION: [WP] getting installationForm
Sep 17, 2020 1:57:40 PM com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector responseHasSetupForm
INFORMATION: [WP] responseBody: <!DOCTYPE html>
<html lang="en-US" xml:lang="en-US">
<head>
	<meta name="viewport" content="width=device-width" />
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="robots" content="noindex,nofollow" />
	<title>WordPress &rsaquo; Installation</title>
	<link rel='stylesheet' id='dashicons-css'  href='http://10.88.102.140/wp-includes/css/dashicons.min.css?ver=5.5.1' type='text/css' media='all' />
<link rel='stylesheet' id='buttons-css'  href='http://10.88.102.140/wp-includes/css/buttons.min.css?ver=5.5.1' type='text/css' media='all' />
<link rel='stylesheet' id='forms-css'  href='http://10.88.102.140/wp-admin/css/forms.min.css?ver=5.5.1' type='text/css' media='all' />
<link rel='stylesheet' id='l10n-css'  href='http://10.88.102.140/wp-admin/css/l10n.min.css?ver=5.5.1' type='text/css' media='all' />
<link rel='stylesheet' id='install-css'  href='http://10.88.102.140/wp-admin/css/install.min.css?ver=5.5.1' type='text/css' media='all' />
</head>
<body class="wp-core-ui">
<p id="logo">WordPress</p>

	<h1>Welcome</h1>
<p>Welcome to the famous five-minute WordPress installation process! Just fill in the information below and you&#8217;ll be on your way to using the most extendable and powerful personal publishing platform in the world.</p>

<h2>Information needed</h2>
<p>Please provide the following information. Don&#8217;t worry, you can always change these settings later.</p>

		<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
	<table class="form-table" role="presentation">
		<tr>
			<th scope="row"><label for="weblog_title">Site Title</label></th>
			<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="" /></td>
		</tr>
		<tr>
			<th scope="row"><label for="user_login">Username</label></th>
			<td>
							<input name="user_name" type="text" id="user_login" size="25" value="" />
				<p>Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.</p>
							</td>
		</tr>
				<tr class="form-field form-required user-pass1-wrap">
			<th scope="row">
				<label for="pass1">
					Password				</label>
			</th>
			<td>
				<div class="wp-pwd">
										<input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="off" data-reveal="1" data-pw="GMIZVWjD@0lbvfza$h" aria-describedby="pass-strength-result" />
					<button type="button" class="button wp-hide-pw hide-if-no-js" data-start-masked="0" data-toggle="0" aria-label="Hide password">
						<span class="dashicons dashicons-hidden"></span>
						<span class="text">Hide</span>
					</button>
					<div id="pass-strength-result" aria-live="polite"></div>
				</div>
				<p><span class="description important hide-if-no-js">
				<strong>Important:</strong>
								You will need this password to log&nbsp;in. Please store it in a secure location.</span></p>
			</td>
		</tr>
		<tr class="form-field form-required user-pass2-wrap hide-if-js">
			<th scope="row">
				<label for="pass2">Repeat Password					<span class="description">(required)</span>
				</label>
			</th>
			<td>
				<input name="admin_password2" type="password" id="pass2" autocomplete="off" />
			</td>
		</tr>
		<tr class="pw-weak">
			<th scope="row">Confirm Password</th>
			<td>
				<label>
					<input type="checkbox" name="pw_weak" class="pw-checkbox" />
					Confirm use of weak password				</label>
			</td>
		</tr>
				<tr>
			<th scope="row"><label for="admin_email">Your Email</label></th>
			<td><input name="admin_email" type="email" id="admin_email" size="25" value="" />
			<p>Double-check your email address before continuing.</p></td>
		</tr>
		<tr>
			<th scope="row">Search engine visibility</th>
			<td>
				<fieldset>
					<legend class="screen-reader-text"><span>Search engine visibility </span></legend>
											<label for="blog_public"><input name="blog_public" type="checkbox" id="blog_public" value="0"  />
						Discourage search engines from indexing this site</label>
						<p class="description">It is up to search engines to honor this request.</p>
									</fieldset>
			</td>
		</tr>
	</table>
	<p class="step"><input type="submit" name="Submit" id="submit" class="button button-large" value="Install WordPress"  /></p>
	<input type="hidden" name="language" value="" />
</form>
	<script type="text/javascript">var t = document.getElementById('weblog_title'); if (t){ t.focus(); }</script>
	<script type='text/javascript' src='http://10.88.102.140/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp' id='jquery-core-js'></script>
<script type='text/javascript' id='zxcvbn-async-js-extra'>
/* <![CDATA[ */
var _zxcvbnSettings = {"src":"http:\/\/10.88.102.140\/wp-includes\/js\/zxcvbn.min.js"};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.88.102.140/wp-includes/js/zxcvbn-async.min.js?ver=1.0' id='zxcvbn-async-js'></script>
<script type='text/javascript' src='http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4' id='wp-polyfill-js'></script>
<script type='text/javascript' id='wp-polyfill-js-after'>
( 'fetch' in window ) || document.write( '<script src="http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js?ver=3.0.0"></scr' + 'ipt>' );( document.contains ) || document.write( '<script src="http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill-node-contains.min.js?ver=3.42.0"></scr' + 'ipt>' );( window.DOMRect ) || document.write( '<script src="http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill-dom-rect.min.js?ver=3.42.0"></scr' + 'ipt>' );( window.URL && window.URL.prototype && window.URLSearchParams ) || document.write( '<script src="http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill-url.min.js?ver=3.6.4"></scr' + 'ipt>' );( window.FormData && window.FormData.prototype.keys ) || document.write( '<script src="http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill-formdata.min.js?ver=3.0.12"></scr' + 'ipt>' );( Element.prototype.matches && Element.prototype.closest ) || document.write( '<script src="http://10.88.102.140/wp-includes/js/dist/vendor/wp-polyfill-element-closest.min.js?ver=2.0.2"></scr' + 'ipt>' );
</script>
<script type='text/javascript' src='http://10.88.102.140/wp-includes/js/dist/i18n.min.js?ver=bb7c3c45d012206bfcd73d6a31f84d9e' id='wp-i18n-js'></script>
<script type='text/javascript' id='password-strength-meter-js-extra'>
/* <![CDATA[ */
var pwsL10n = {"unknown":"Password strength unknown","short":"Very weak","bad":"Weak","good":"Medium","strong":"Strong","mismatch":"Mismatch"};
/* ]]> */
</script>
<script type='text/javascript' id='password-strength-meter-js-translations'>
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "default", { "locale_data": { "messages": { "": {} } } } );
</script>
<script type='text/javascript' src='http://10.88.102.140/wp-admin/js/password-strength-meter.min.js?ver=5.5.1' id='password-strength-meter-js'></script>
<script type='text/javascript' src='http://10.88.102.140/wp-includes/js/underscore.min.js?ver=1.8.3' id='underscore-js'></script>
<script type='text/javascript' id='wp-util-js-extra'>
/* <![CDATA[ */
var _wpUtilSettings = {"ajax":{"url":"\/wp-admin\/admin-ajax.php"}};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.88.102.140/wp-includes/js/wp-util.min.js?ver=5.5.1' id='wp-util-js'></script>
<script type='text/javascript' id='user-profile-js-translations'>
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "default", { "locale_data": { "messages": { "": {} } } } );
</script>
<script type='text/javascript' src='http://10.88.102.140/wp-admin/js/user-profile.min.js?ver=5.5.1' id='user-profile-js'></script>
<script type="text/javascript">
jQuery( function( $ ) {
	$( '.hide-if-no-js' ).removeClass( 'hide-if-no-js' );
} );
</script>
</body>
</html>

Sep 17, 2020 1:57:40 PM com.google.tsunami.plugin.PluginExecutorImpl buildFailedResult
WARNUNG: Plugin '/Tsunami Team (tsunami-dev@google.com)/VULN_DETECTION/WordPressInstallPageDetector/0.1' failed.
Sep 17, 2020 1:57:46 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '200' for request to 'http://10.88.102.140/wp-admin/install.php'.
Sep 17, 2020 1:57:46 PM com.google.tsunami.common.net.http.HttpClient send
INFORMATION: Sending HTTP 'GET' request to 'http://10.88.102.140:8443/view/all/newJob'.
Sep 17, 2020 1:57:46 PM com.google.tsunami.common.net.http.HttpClient parseResponse
INFORMATION: Received HTTP response with code '200' for request to 'http://10.88.102.140:8443/view/all/newJob'.
Sep 17, 2020 1:57:46 PM com.google.tsunami.plugins.detectors.exposedui.jenkins.JenkinsExposedUiDetector bodyContainsCreateItemForm
INFORMATION: Jenkins-code bodyContainsCreateItemForm.
Sep 17, 2020 1:57:46 PM com.google.tsunami.plugin.PluginExecutorImpl buildFailedResult
WARNUNG: Plugin '/Tsunami Team (tsunami-dev@google.com)/VULN_DETECTION/JenkinsExposedUiDetector/0.1' failed.
Sep 17, 2020 1:57:46 PM com.google.tsunami.workflow.DefaultScanningWorkflow generateScanResults
INFORMATION: Tsunami scanning workflow done. Generating scan results.
Sep 17, 2020 1:57:46 PM com.google.tsunami.workflow.DefaultScanningWorkflow lambda$runAsync$0
INFORMATION: Tsunami scanning workflow traces:
  Port scanning phase (30.13 s) with 1 plugin(s):
    /Tsunami Team (tsunami-dev@google.com)/PORT_SCAN/NmapPortScanner/0.1
  Service fingerprinting phase (249.4 ms) with 0 plugin(s):
    
  Vuln detection phase (6.322 s) with 3 plugin(s):
    /Tsunami Team (tsunami-dev@google.com)/VULN_DETECTION/JenkinsExposedUiDetector/0.1 was selected for the following services: ssh (TCP, port 22), http (TCP, port 80), mysql (TCP, port 3306), http (TCP, port 8443), http (TCP, port 8888), http (TCP, port 50000)
    /Tsunami Team (tsunami-dev@google.com)/VULN_DETECTION/JupyterExposedUiDetector/0.1 was selected for the following services: ssh (TCP, port 22), http (TCP, port 80), mysql (TCP, port 3306), http (TCP, port 8443), http (TCP, port 8888), http (TCP, port 50000)
    /Tsunami Team (tsunami-dev@google.com)/VULN_DETECTION/WordPressInstallPageDetector/0.1 was selected for the following services: ssh (TCP, port 22), http (TCP, port 80), mysql (TCP, port 3306), http (TCP, port 8443), http (TCP, port 8888), http (TCP, port 50000)
  # of detected vulnerability: 1.
Sep 17, 2020 1:57:46 PM com.google.tsunami.main.cli.TsunamiCli run
INFORMATION: Tsunami scan finished, saving results.
Sep 17, 2020 1:57:46 PM com.google.tsunami.common.io.archiving.RawFileArchiver archive
INFORMATION: Archiving data to file system with filename '/tmp/tsunami-output-wp-jk.json'.
Sep 17, 2020 1:57:46 PM com.google.tsunami.main.cli.TsunamiCli run
INFORMATION: TsunamiCli finished...
Sep 17, 2020 1:57:46 PM com.google.tsunami.main.cli.TsunamiCli main
INFORMATION: Full Tsunami scan took 40.82 s.