| Item | Description | |------|-------------| | | The sub‑domain s1.bitdl.ir (appears to be a file‑hosting / download service used by the BitDL network). | | Focus | Authentication mechanisms, password storage, password‑policy enforcement, session management, and related security controls. | | Tools | Open‑source reconnaissance (WHOIS, DNS, SSL Labs, public SSL/TLS certificates, HTTP headers), passive web‑application fingerprinting (Wappalyzer, BuiltWith), and publicly disclosed vulnerability databases (CVE, NVD, Exploit‑DB). No active scanning or credential‑guessing was performed. | | Assumptions | • The service is intended for end‑users who create accounts with a password. • The site follows a typical web‑app stack (NGINX/Apache + PHP/Node.js/Java). • No internal documentation or source‑code is publicly available. |