Skip to content

Commit

Permalink
update: http://api.datasubvention.beta.gouv.fr
Browse files Browse the repository at this point in the history
  • Loading branch information
@DashlordBetaGouvBot
DashlordBetaGouvBot committed Jan 31, 2024
1 parent f9e5fbc commit c049312
Show file tree
Hide file tree
Showing 19 changed files with 1,197 additions and 2,167 deletions.
1 change: 0 additions & 1 deletion results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/budget_page.json
View file

This file was deleted.

1 change: 0 additions & 1 deletion results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/declaration-a11y.json
View file

This file was deleted.

1 change: 0 additions & 1 deletion results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/declaration-rgpd.json
View file

This file was deleted.

1 change: 0 additions & 1 deletion results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/dsfr.json
View file

This file was deleted.

2 changes: 1 addition & 1 deletion results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/http.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"url":"http://api.datasubvention.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 21 Jan 2024 18:34:08 GMT","grade":"B+","hidden":true,"likelihood_indicator":"MEDIUM","response_headers":{"Access-Control-Allow-Headers":"sentry-trace, baggage","Access-Control-Allow-Origin":"*","Cache-Control":"max-age 1800","Connection":"keep-alive","Content-Length":"174","Content-Security-Policy":"default-src 'none'","Content-Type":"application/json; charset=utf-8","Date":"Sun, 21 Jan 2024 18:34:07 GMT","ETag":"W/\"ae-aaepo/6j8eK5LAryuhO1tqx1gP0\"","Strict-Transport-Security":"max-age=63072000; includeSubDomains; preload","X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-Powered-By":"Express","X-Request-ID":"a359605d-433c-40b6-b9a4-f9bac1ac4753"},"scan_id":46823955,"score":80,"start_time":"Sun, 21 Jan 2024 18:34:05 GMT","state":"FINISHED","status_code":200,"tests_failed":1,"tests_passed":11,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"default-src":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":true,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":false,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-no-unsafe-default-src-none","score_description":"Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'","score_modifier":10},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":"*","clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-implemented-with-public-access","score_description":"Public content is visible via cross-origin resource sharing (CORS) Access-Control-Allow-Origin header","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"http://api.datasubvention.beta.gouv.fr/","redirects":false,"route":["http://api.datasubvention.beta.gouv.fr/"],"status_code":200},"pass":false,"result":"redirection-missing","score_description":"Does not redirect to an HTTPS site","score_modifier":-20},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=63072000; includeSubDomains; preload","includeSubDomains":true,"max-age":63072000,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-response-not-html","score_description":"Subresource Integrity (SRI) is only needed for html resources","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"DENY"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}}
{"url":"http://api.datasubvention.beta.gouv.fr","algorithm_version":3,"end_time":"Wed, 31 Jan 2024 15:29:48 GMT","grade":"D","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Access-Control-Allow-Credentials":"true","Access-Control-Allow-Headers":"sentry-trace, baggage","Cache-Control":"max-age 1800","Connection":"keep-alive","Content-Length":"174","Content-Security-Policy":"default-src 'none'","Content-Type":"application/json; charset=utf-8","Date":"Wed, 31 Jan 2024 15:29:48 GMT","ETag":"W/\"ae-aaepo/6j8eK5LAryuhO1tqx1gP0\"","Strict-Transport-Security":"max-age=63072000; includeSubDomains; preload","Vary":"Origin","X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-Powered-By":"Express","X-Request-ID":"2bd85c8c-e262-44a2-90b3-4729a771d0bd"},"scan_id":47046673,"score":30,"start_time":"Wed, 31 Jan 2024 15:29:47 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":9,"tests_quantity":11,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"default-src":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":true,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":false,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-no-unsafe-default-src-none","score_description":"Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'","score_modifier":10},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":"https://http-observatory.security.mozilla.org","clientaccesspolicy":null,"crossdomain":null}},"pass":false,"result":"cross-origin-resource-sharing-implemented-with-universal-access","score_description":"Content is visible via cross-origin resource sharing (CORS) file or headers","score_modifier":-50},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"http://api.datasubvention.beta.gouv.fr/","redirects":false,"route":["http://api.datasubvention.beta.gouv.fr/"],"status_code":200},"pass":false,"result":"redirection-missing","score_description":"Does not redirect to an HTTPS site","score_modifier":-20},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=63072000; includeSubDomains; preload","includeSubDomains":true,"max-age":63072000,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-response-not-html","score_description":"Subresource Integrity (SRI) is only needed for html resources","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"DENY"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-disabled","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-implemented","score_description":"Deprecated X-XSS-Protection header not implemented","score_modifier":0}}}
8 changes: 4 additions & 4 deletions results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/nmapvuln.gnmap
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Nmap 7.92 scan initiated Sun Jan 21 21:06:33 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln api.datasubvention.beta.gouv.fr
Host: 80.247.12.255 (ows-80-247-12-255.cloudgouv-eu-west-1.compute.outscale.com) Status: Up
Host: 80.247.12.255 (ows-80-247-12-255.cloudgouv-eu-west-1.compute.outscale.com) Ports: 80/open/tcp//http///, 443/open/tcp//ssl|https/// Ignored State: filtered (998)
# Nmap done at Sun Jan 21 21:07:08 2024 -- 1 IP address (1 host up) scanned in 35.03 seconds
# Nmap 7.92 scan initiated Wed Jan 31 15:36:24 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln api.datasubvention.beta.gouv.fr
Host: 80.247.13.145 (ows-80-247-13-145.cloudgouv-eu-west-1.compute.outscale.com) Status: Up
Host: 80.247.13.145 (ows-80-247-13-145.cloudgouv-eu-west-1.compute.outscale.com) Ports: 80/open/tcp//http///, 443/open/tcp//ssl|https/// Ignored State: filtered (998)
# Nmap done at Wed Jan 31 15:37:12 2024 -- 1 IP address (1 host up) scanned in 47.90 seconds
28 changes: 18 additions & 10 deletions results/aHR0cDovL2FwaS5kYXRhc3VidmVudGlvbi5iZXRhLmdvdXYuZnI=/nmapvuln.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<h1>Scan Report<br><small>Nmap 7.92</small>
</h1>
<pre style="white-space:pre-wrap; word-wrap:break-word;">nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln api.datasubvention.beta.gouv.fr</pre>
<p class="lead">Sun Jan 21 21:06:33 2024 – Sun Jan 21 21:07:08 2024<br>1 hosts scanned.
<p class="lead">Wed Jan 31 15:36:24 2024 – Wed Jan 31 15:37:12 2024<br>1 hosts scanned.
1 hosts up.
0 hosts down.
</p>
Expand All @@ -76,7 +76,7 @@ <h2 id="scannedhosts" class="target">Scanned Hosts</h2>
</tr></thead>
<tbody><tr>
<td><span class="label label-success">up</span></td>
<td>80.247.12.255</td>
<td>80.247.13.145</td>
<td>api.datasubvention.beta.gouv.fr</td>
<td>2</td>
<td>0</td>
Expand All @@ -91,12 +91,12 @@ <h2 id="scannedhosts" class="target">Scanned Hosts</h2>
});
</script><h2 id="onlinehosts" class="target">Online Hosts</h2>
<div class="panel panel-default">
<div class="panel-heading clickable" data-toggle="collapse" data-target="#80-247-12-255"><h3 class="panel-title">80.247.12.255 - api.datasubvention.beta.gouv.fr</h3></div>
<div class="panel-body collapse in" id="80-247-12-255">
<div class="panel-heading clickable" data-toggle="collapse" data-target="#80-247-13-145"><h3 class="panel-title">80.247.13.145 - api.datasubvention.beta.gouv.fr</h3></div>
<div class="panel-body collapse in" id="80-247-13-145">
<h4>Hostnames</h4>
<ul>
<li>api.datasubvention.beta.gouv.fr (user)</li>
<li>ows-80-247-12-255.cloudgouv-eu-west-1.compute.outscale.com (PTR)</li>
<li>ows-80-247-13-145.cloudgouv-eu-west-1.compute.outscale.com (PTR)</li>
</ul>
<h4>Ports</h4>
<div class="table-responsive"><table class="table table-bordered">
Expand Down Expand Up @@ -124,7 +124,7 @@ <h4>Ports</h4>
<pre style="white-space:pre-wrap; word-wrap:break-word;">
GetRequest, HTTPOptions:
HTTP/1.1 404 Not Found
Date: Sun, 21 Jan 2024 21:06:46 GMT
Date: Wed, 31 Jan 2024 15:36:41 GMT
Content-Type: text/html
Content-Length: 15436
Connection: close
Expand All @@ -143,9 +143,17 @@ <h4>Ports</h4>
<tr><td colspan="7">
<a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&amp;cves=on&amp;cpe_version="></a><h5>fingerprint-strings</h5>
<pre style="white-space:pre-wrap; word-wrap:break-word;">
GetRequest, HTTPOptions:
GetRequest:
HTTP/1.1 404 Not Found
Date: Wed, 31 Jan 2024 15:36:47 GMT
Content-Type: text/html
Content-Length: 15436
Connection: close
Content-Encoding: identity
&lt;!DOCTYPE html&gt;&lt;html&gt;&lt;head&gt;&lt;meta http-equiv="content-type" content="text/html; charset=UTF-8"&gt;&lt;meta charset="utf-8"&gt;&lt;meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"&gt;&lt;meta content="width=device-width, initial-scale=1.0" name="viewport"&gt;&lt;title&gt;Application doesn't exist - Scalingo&lt;/title&gt;&lt;style&gt;html { height: 100%;}body { -webkit-transform-style: preserve-3d; transform-style: preserve-3d; text-align: center; height: 100%; margin: 0; padding: 0; background: -webkit-gradient(linear, left top, left bottom, from(#1864ab), to(#099ec9)) left top/100% 100% no-repeat #1864ab; background: linear-gradient(to bottom, #1864ab, #099ec9) left top/100% 100% no-repeat #1864ab; color: white;}#wrapper { position: relative; top: 40%; -webkit
HTTPOptions:
HTTP/1.1 404 Not Found
Date: Sun, 21 Jan 2024 21:06:52 GMT
Date: Wed, 31 Jan 2024 15:36:48 GMT
Content-Type: text/html
Content-Length: 15436
Connection: close
Expand All @@ -170,7 +178,7 @@ <h2 id="openservices" class="target">Open Services</h2>
</tr></thead>
<tbody>
<tr>
<td>80.247.12.255 - api.datasubvention.beta.gouv.fr</td>
<td>80.247.13.145 - api.datasubvention.beta.gouv.fr</td>
<td>80</td>
<td>tcp</td>
<td>http</td>
Expand All @@ -180,7 +188,7 @@ <h2 id="openservices" class="target">Open Services</h2>
<td></td>
</tr>
<tr>
<td>80.247.12.255 - api.datasubvention.beta.gouv.fr</td>
<td>80.247.13.145 - api.datasubvention.beta.gouv.fr</td>
<td>443</td>
<td>tcp</td>
<td>https</td>
Expand Down
Loading

0 comments on commit c049312

Please sign in to comment.