Website Scanning: Uncovering Vulnerabilities and Ensuring Cybersecurity

CONFIDENTIAL: The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this
material is prohibited and subject to legal action under breach of IP and confidentiality clauses.
Name of Capstone Project
WEBSITE SCANNING
PARSHRAM NARVEKAR (AND-JUL2024-CSEH-1)

Agenda
• Abstract
• Deliverables
• Code/tools
• PoC
• References

Abstract
• To understanding what are the open ports in website and it’s function ,benefits and threats.
• The investigation of open ports on a website reveals critical insights into their functions, benefits, and
associated risks. Open ports enable essential communication for various services, such as HTTP, HTTPS,
FTP, and SSH, and are integral to the functionality of web-based systems. Their benefits include
improved connectivity, seamless data transfer, and support for secure communication protocols,
enhancing user experience and operational efficiency
• However, the study highlights that unmanaged or misconfigured open ports can pose significant
threats. These include vulnerabilities to unauthorized access, exploitation by malicious actors, and
susceptibility to cyber attacks such as DDoS, malware distribution, and data theft.
• The final outcome underscores the importance of balancing functionality and security. By identifying
open ports, organizations can implement best practices such as regular port scanning, use of firewalls,
and strict access controls to mitigate risks. This ensures a secure, efficient, and reliable network
environment, safeguarding both the organization’s assets and its users.

Deliverables:
• Site Name: umang.com / 35.212.62.35
• Category : Hosting/Cloud Services. It is a Part of the Google Cloud
Platform which is owned by Google LLC.
• Type : Typically commercial or technical infrastructure.
Hosting websites or applications deployed on Google
Compute Engine.
• Content : Providing endpoints for APIs hosted on Google Cloud.
Backend services like databases, machine learning APIs, or
other hosted resources.
Specifically, it is hosted under Google's Autonomous System
Number (ASN)
• Overall Ranking: Globally Renown

Data Collection:-
www.umang.com website have currently using the following technologies
• CMS:-
WordPress
• CDN:-
Amazon CloudFront
• Domain parking
GoDaddy Parking
• Web Hostin Providers
Google Cloud
• Programming Language:-
jquery
Lazysizes
• Framework
Facebook Domain Verification
ASP.NET
OpenResty
• Web Server
NGINX
IIS
• Name Server
ns1

Code/tools
• Nmap
• Builtwith
• nslookup

Impact Analysis:-
• Open Ports and it’s Protocol and services

Open Ports functions
1. Port 21 (FTP):- It is a File Transfer Protocol.
i. Used for file transfer between client and server.
ii. Typically for administrative use, such as
uploading or updating website files.
2. Port 25 (SMTP):-It is Simple Mail Transmission protocol
i. For email services associated with the website like
contact forms
ii. It Handles outgoing email traffic.
3. Port 80 (HTTP):-It is used as Hyper Text Transfer Protocol
i. Used for standard, unencrypted web traffic.
ii. Common to all websites that provide non-secure content.
4. Port 110 (POP3):- (Post Office Protocol Version 3).
i. Port 110 is used for POP3, which is used by email clients
to retrieve emails from the server. POP3 downloads
messages from the server to the client.

5. Port 143 (IMAP) :-It is Internet Message Access Protocol.
Port 143 is used for IMAP, another protocol for retrieving email from a server. IMAP
allows for better synchronization of messages across multiple devices (e.g., emails remain on
the server).
6. Port 443 (HTTPS):- It is Hyper Text Transfer Protocol.
Port 443 is used for HTTPS, which is the secure version of HTTP. It encrypts data using
SSL/TLS to ensure privacy and security between the client and server.
7. Port 465 (SMTPS):-It is Secure SMTP
Port 465 is used for SMTPS, which is a secure version of the SMTP protocol. It encrypts
email transmission with SSL/TLS.
8.Port 587 (SMTP with Authentication)
Port 587 is used for SMTP with STARTTLS encryption. It’s commonly used for sending email
securely with authentication.

9. Port 993 (IMAPS) :- Secure IMAPS
Port 993 is used for IMAPS, which is the secure version of IMAP. It encrypts email retrieval using
SSL/TLS.
10. Port 995 (POP3S):- Secure POP3S
Port 995 is used for POP3S, the secure version of POP3. It encrypts email retrieval using SSL/TLS.
11. Port 2525:- Alternative SMTP
Port 2525 is often used as an alternative port for SMTP, typically when Port 25 is blocked by ISPs to
prevent spam.
12. Port 3306 :- MySQL Database
Port 2525 is often used as an alternative port for SMTP, typically when Port 25 is blocked by
ISPs to prevent spam.
13. Port 5432 :- PostgreSQL
Port 5432 is used by PostgreSQL, an open-source relational database management system
(RDBMS), for database connections.

Benefits of Open ports.
1. Port 21 (FTP)
i. Simple to set up and use.
ii. Allows large file transfers and directory management.
iii. Widely supported by most devices and applications.
2. Port 25: (SMTP):-
i. Essential for email delivery between mail servers
ii. Well-supported and required for email routing.
3. Port 80 (HTTP):-
i. Widely used for hosting websites and web applications.
ii. Open by default for easy access to public content.
4. Port 110 (POP3):-
i. Allows offline access to emails after downloading.
ii. Simple to set up and use.

Benefits of Open Ports
5. Port 143 (IMAP)
i. Allows multi-device synchronization
ii. Keeps messages on the server, allowing users to access emails from any device.
6. Port 443 (HTTPS) :-
i. Secure data transmission, ensuring that sensitive information (e.g., login details, credit card information) is
protected.
ii. Strong encryption to prevent data interception or tampering.
7. Port 465 (SMTPS - Secure SMTP)
i. Secure email transmission ensures that sensitive data (e.g., credentials and email content) is encrypted during
transit.
ii. Prevents eavesdropping and data modification during email transmission
8. Port 587:- (SMTP with Authentication)
i. Ensures that emails are transmitted securely with encryption (via STARTTLS).
ii. Requires SMTP authentication, preventing unauthorized users from sending emails.
.

Benefits of Open Ports
9. Port 993:- (IMAPS - Secure IMAP)
i. Secure email retrieval protects data (including login credentials and message contents) from being intercepted.
ii. Synchronization of emails across multiple devices without compromising security.
10. Port 995 (POP3S - Secure POP3):-
i. Ensures secure email communication by encrypting credentials and email data during transmission.
ii. Allows offline email access while ensuring privacy.
11. Port 2525 (Alternative SMTP):-
i. Provides a fallback solution for sending emails when Port 25 is restricted by ISPs or firewalls.
ii. It’s often used by email services as an alternative to bypass Port 25 blocking.
12. Port 3306 (MySQL Database):-
i. Allows access to MySQL databases for running queries, managing data, and configuring applications.
ii. Standard port for MySQL database communication.
13. Port 5432 (PostgreSQL Database):-
i. Enables database access and management for applications that use PostgreSQL.
ii. Used by developers and administrators for querying and managing the database.

Threats of Open ports.
1. Port 21 :-
i. Unencrypted data transmission: FTP sends data (including usernames and passwords) in plain text, making it vulnerable to man-in-the-middle attacks and eavesdropping.
ii. Unauthorized access: If port 21 is left open to the public, it could allow hackers to gain unauthorized access to sensitive files on the server.
iii. Brute-force attacks: Attackers can try different combinations of usernames and passwords to break into the system.
2. Port 25:-
i. Spam: Open port 25 is often exploited for sending spam emails, especially if it’s open to the public.
ii. Denial of Service (DoS) attacks: Attackers can flood the mail server, causing service disruption.
iii. Spoofing: Attackers can spoof email addresses if the server is misconfigured.
3. Port 80:-
i. Unencrypted traffic: Data transmitted over HTTP is not encrypted, making it vulnerable to interception.
ii. Man-in-the-middle attacks: Attackers can intercept or modify traffic between client and server.
iii. Content injection: Attackers can inject malicious code (e.g., JavaScript or XSS attacks) into HTTP traffic.
4. Port 110:-
i.Unencrypted transmission: POP3 sends data (including credentials) in plain text, making it vulnerable to eavesdropping.
ii. Phishing: Attackers can spoof POP3 servers and steal user credentials.
5. Port 143:-
i. Unencrypted traffic: Like POP3, IMAP without encryption exposes sensitive data.
ii.Session hijacking: Without encryption, attackers can hijack the session and steal email credentials.

Threats of Open ports.
6. Port 443 (HTTPS - HyperText Transfer Protocol Secure):-
i. SSL/TLS vulnerabilities: If the server is misconfigured or uses outdated SSL/TLS protocols, it can be vulnerable to
attacks (e.g., POODLE, Heartbleed).
ii. Man-in-the-middle attacks: Although less likely, weak encryption or expired certificates can still leave the server
vulnerable.
7. Port 465 (SMTPS - Secure SMTP):-
i. Misconfiguration: Incorrect SSL/TLS configuration can still allow vulnerabilities.
ii. Outdated encryption: Using weak ciphers or expired certificates can expose the server to attacks.
8. Port 587 (SMTP with Authentication)
i. Misconfiguration: If STARTTLS is not correctly implemented, it can still be vulnerable to downgrade attacks.
ii. Open relays: If the mail server is misconfigured, it can allow anyone to send email through it, potentially enabling
spam.
9. Port 993 (IMAPS - Secure IMAP)
i. Weak encryption: If outdated encryption methods or weak ciphers are used, it could still be vulnerable to attacks.
ii. Misconfigured server: Incorrect configuration could lead to data leaks or unauthorized access.

Threats of Open Ports
10. Port 995 (POP3S - Secure POP3)
i. Outdated protocols: If an old version of SSL/TLS is used, the communication could be vulnerable.
ii. Misconfiguration: Like with POP3, improper setup could expose data to interception.
11. Port 2525 (Alternative SMTP)
i. Misuse for spam: Since Port 2525 is often used for bypassing spam filters, open access can sometimes be exploited by spammers.
ii. Security risks: As with any open port, if misconfigured, it can be vulnerable to unauthorized use.
12. Port 3306 (MySQL Database)
i. Unauthorized access: If this port is open to the public, attackers can attempt to exploit vulnerabilities in MySQL to gain unauthorized access
to the database.
ii. SQL injection: Poorly secured websites or applications using MySQL could be susceptible to SQL injection attacks.
iii. Data theft: Open MySQL ports can expose sensitive data stored in the database to unauthorized users.
13. Port 5432 (PostgreSQL Database)
i. Unauthorized access: Exposing this port to the public allows attackers to exploit PostgreSQL vulnerabilities.
ii. Data breaches: Without proper security measures, databases can be exposed to data theft and leakage.
iii. SQL injection: Similar to MySQL, if the application is poorly configured, attackers could exploit vulnerabilities in SQL queries.

Mitigation
• To prevent Unautharised access….
• Close Unnecessary Ports: Conduct regular port scans and close ports that are not needed for
operation.
• Use Firewalls: Configure firewalls to block unwanted traffic to open ports and only allow trusted
sources.
• Access Control: Restrict access to open ports to specific IP addresses or user groups using ACLs
(Access Control Lists).
• Enable Intrusion Detection Systems (IDS): Use IDS/IPS (Intrusion Prevention Systems) to monitor
traffic on open ports and anomalies.
• Implement Port Knocking: Require specific sequences of connection attempts to open ports
dynamically, adding a layer of security.
• Patch Management: Keep software and services listening on open ports up to date with security
patches.
• Regular Auditing: Use tools like Nmap or Nessus to regularly audit open ports and ensure
compliance with security policies.

Conclusion
• Open ports are indispensable for network operations but introduce
security risks. A proactive approach combining mitigation strategies with
regular audits and best practices can balance their utility with security
concerns.
• Open ports are a necessary component for networked systems to
communicate, but improper management can expose systems to risks.
Mitigation strategies include:

Reference
• Kali Linux
• Builtwith.com
• GravityWrite.com
• ChatGpt
• Google Chrome

Questions ?

Thank You!

Website Scanning: Uncovering Vulnerabilities and Ensuring Cybersecurity

More Related Content

Similar to Website Scanning: Uncovering Vulnerabilities and Ensuring Cybersecurity (20)

More from Boston Institute of Analytics (20)

Recently uploaded (20)

Website Scanning: Uncovering Vulnerabilities and Ensuring Cybersecurity