Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
DashlordBetaGouvBot committed Jan 31, 2024
1 parent e759a9a commit f9e5fbc
Show file tree
Hide file tree
Showing 19 changed files with 1,035 additions and 1,891 deletions.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"url":"https://api-datasubvention-preprod.osc-secnum-fr1.scalingo.io","algorithm_version":2,"end_time":"Sun, 21 Jan 2024 20:51:20 GMT","grade":"B+","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Access-Control-Allow-Headers":"sentry-trace, baggage","Access-Control-Allow-Origin":"*","Cache-Control":"max-age 1800","Connection":"keep-alive","Content-Length":"174","Content-Security-Policy":"default-src 'none'","Content-Type":"application/json; charset=utf-8","Date":"Sun, 21 Jan 2024 20:51:19 GMT","ETag":"W/\"ae-aaepo/6j8eK5LAryuhO1tqx1gP0\"","Strict-Transport-Security":"max-age=63072000; includeSubDomains; preload","X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-Powered-By":"Express","X-Request-ID":"ef7c3e8f-d1cd-4c01-a28b-324551e106f6"},"scan_id":46827056,"score":80,"start_time":"Sun, 21 Jan 2024 20:51:17 GMT","state":"FINISHED","status_code":200,"tests_failed":1,"tests_passed":11,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"default-src":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":true,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":false,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-no-unsafe-default-src-none","score_description":"Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'","score_modifier":10},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":"*","clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-implemented-with-public-access","score_description":"Public content is visible via cross-origin resource sharing (CORS) Access-Control-Allow-Origin header","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"http://api-datasubvention-preprod.osc-secnum-fr1.scalingo.io/","redirects":false,"route":["http://api-datasubvention-preprod.osc-secnum-fr1.scalingo.io/"],"status_code":200},"pass":false,"result":"redirection-missing","score_description":"Does not redirect to an HTTPS site","score_modifier":-20},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=63072000; includeSubDomains; preload","includeSubDomains":true,"max-age":63072000,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-response-not-html","score_description":"Subresource Integrity (SRI) is only needed for html resources","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"DENY"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}}
{"url":"https://api-datasubvention-preprod.osc-secnum-fr1.scalingo.io","algorithm_version":3,"end_time":"Wed, 31 Jan 2024 15:28:31 GMT","grade":"D","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Access-Control-Allow-Credentials":"true","Access-Control-Allow-Headers":"sentry-trace, baggage","Cache-Control":"max-age 1800","Connection":"keep-alive","Content-Length":"174","Content-Security-Policy":"default-src 'none'","Content-Type":"application/json; charset=utf-8","Date":"Wed, 31 Jan 2024 15:28:30 GMT","ETag":"W/\"ae-aaepo/6j8eK5LAryuhO1tqx1gP0\"","Strict-Transport-Security":"max-age=63072000; includeSubDomains; preload","Vary":"Origin","X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-Powered-By":"Express","X-Request-ID":"a28db05a-d1ad-4fc9-8205-8dce888e73a7"},"scan_id":47046645,"score":30,"start_time":"Wed, 31 Jan 2024 15:28:29 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":9,"tests_quantity":11,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"default-src":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":true,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":false,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-no-unsafe-default-src-none","score_description":"Content Security Policy (CSP) implemented with default-src 'none' and no 'unsafe'","score_modifier":10},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":"https://http-observatory.security.mozilla.org","clientaccesspolicy":null,"crossdomain":null}},"pass":false,"result":"cross-origin-resource-sharing-implemented-with-universal-access","score_description":"Content is visible via cross-origin resource sharing (CORS) file or headers","score_modifier":-50},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"http://api-datasubvention-preprod.osc-secnum-fr1.scalingo.io/","redirects":false,"route":["http://api-datasubvention-preprod.osc-secnum-fr1.scalingo.io/"],"status_code":200},"pass":false,"result":"redirection-missing","score_description":"Does not redirect to an HTTPS site","score_modifier":-20},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=63072000; includeSubDomains; preload","includeSubDomains":true,"max-age":63072000,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-response-not-html","score_description":"Subresource Integrity (SRI) is only needed for html resources","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"DENY"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-disabled","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-implemented","score_description":"Deprecated X-XSS-Protection header not implemented","score_modifier":0}}}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Nmap 7.92 scan initiated Sun Jan 21 20:58:08 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln api-datasubvention-preprod.osc-secnum-fr1.scalingo.io
Host: 148.253.96.193 (ows-148-253-96-193.cloudgouv-eu-west-1.compute.outscale.com) Status: Up
Host: 148.253.96.193 (ows-148-253-96-193.cloudgouv-eu-west-1.compute.outscale.com) Ports: 80/open/tcp//http///, 443/open/tcp//ssl|https/// Ignored State: filtered (998)
# Nmap done at Sun Jan 21 20:58:56 2024 -- 1 IP address (1 host up) scanned in 48.04 seconds
# Nmap 7.92 scan initiated Wed Jan 31 15:34:59 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln api-datasubvention-preprod.osc-secnum-fr1.scalingo.io
Host: 80.247.12.255 (ows-80-247-12-255.cloudgouv-eu-west-1.compute.outscale.com) Status: Up
Host: 80.247.12.255 (ows-80-247-12-255.cloudgouv-eu-west-1.compute.outscale.com) Ports: 80/open/tcp//http///, 443/open/tcp//ssl|https/// Ignored State: filtered (998)
# Nmap done at Wed Jan 31 15:35:47 2024 -- 1 IP address (1 host up) scanned in 47.98 seconds
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<h1>Scan Report<br><small>Nmap 7.92</small>
</h1>
<pre style="white-space:pre-wrap; word-wrap:break-word;">nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</pre>
<p class="lead">Sun Jan 21 20:58:08 2024 – Sun Jan 21 20:58:56 2024<br>1 hosts scanned.
<p class="lead">Wed Jan 31 15:34:59 2024 – Wed Jan 31 15:35:47 2024<br>1 hosts scanned.
1 hosts up.
0 hosts down.
</p>
Expand All @@ -76,7 +76,7 @@ <h2 id="scannedhosts" class="target">Scanned Hosts</h2>
</tr></thead>
<tbody><tr>
<td><span class="label label-success">up</span></td>
<td>148.253.96.193</td>
<td>80.247.12.255</td>
<td>api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</td>
<td>2</td>
<td>0</td>
Expand All @@ -91,12 +91,12 @@ <h2 id="scannedhosts" class="target">Scanned Hosts</h2>
});
</script><h2 id="onlinehosts" class="target">Online Hosts</h2>
<div class="panel panel-default">
<div class="panel-heading clickable" data-toggle="collapse" data-target="#148-253-96-193"><h3 class="panel-title">148.253.96.193 - api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</h3></div>
<div class="panel-body collapse in" id="148-253-96-193">
<div class="panel-heading clickable" data-toggle="collapse" data-target="#80-247-12-255"><h3 class="panel-title">80.247.12.255 - api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</h3></div>
<div class="panel-body collapse in" id="80-247-12-255">
<h4>Hostnames</h4>
<ul>
<li>api-datasubvention-preprod.osc-secnum-fr1.scalingo.io (user)</li>
<li>ows-148-253-96-193.cloudgouv-eu-west-1.compute.outscale.com (PTR)</li>
<li>ows-80-247-12-255.cloudgouv-eu-west-1.compute.outscale.com (PTR)</li>
</ul>
<h4>Ports</h4>
<div class="table-responsive"><table class="table table-bordered">
Expand Down Expand Up @@ -124,7 +124,7 @@ <h4>Ports</h4>
<pre style="white-space:pre-wrap; word-wrap:break-word;">
GetRequest, HTTPOptions:
HTTP/1.1 404 Not Found
Date: Sun, 21 Jan 2024 20:58:25 GMT
Date: Wed, 31 Jan 2024 15:35:17 GMT
Content-Type: text/html
Content-Length: 15436
Connection: close
Expand All @@ -145,15 +145,15 @@ <h4>Ports</h4>
<pre style="white-space:pre-wrap; word-wrap:break-word;">
GetRequest:
HTTP/1.1 404 Not Found
Date: Sun, 21 Jan 2024 20:58:31 GMT
Date: Wed, 31 Jan 2024 15:35:23 GMT
Content-Type: text/html
Content-Length: 15436
Connection: close
Content-Encoding: identity
&lt;!DOCTYPE html&gt;&lt;html&gt;&lt;head&gt;&lt;meta http-equiv="content-type" content="text/html; charset=UTF-8"&gt;&lt;meta charset="utf-8"&gt;&lt;meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"&gt;&lt;meta content="width=device-width, initial-scale=1.0" name="viewport"&gt;&lt;title&gt;Application doesn't exist - Scalingo&lt;/title&gt;&lt;style&gt;html { height: 100%;}body { -webkit-transform-style: preserve-3d; transform-style: preserve-3d; text-align: center; height: 100%; margin: 0; padding: 0; background: -webkit-gradient(linear, left top, left bottom, from(#1864ab), to(#099ec9)) left top/100% 100% no-repeat #1864ab; background: linear-gradient(to bottom, #1864ab, #099ec9) left top/100% 100% no-repeat #1864ab; color: white;}#wrapper { position: relative; top: 40%; -webkit
HTTPOptions:
HTTP/1.1 404 Not Found
Date: Sun, 21 Jan 2024 20:58:32 GMT
Date: Wed, 31 Jan 2024 15:35:24 GMT
Content-Type: text/html
Content-Length: 15436
Connection: close
Expand All @@ -178,7 +178,7 @@ <h2 id="openservices" class="target">Open Services</h2>
</tr></thead>
<tbody>
<tr>
<td>148.253.96.193 - api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</td>
<td>80.247.12.255 - api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</td>
<td>80</td>
<td>tcp</td>
<td>http</td>
Expand All @@ -188,7 +188,7 @@ <h2 id="openservices" class="target">Open Services</h2>
<td></td>
</tr>
<tr>
<td>148.253.96.193 - api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</td>
<td>80.247.12.255 - api-datasubvention-preprod.osc-secnum-fr1.scalingo.io</td>
<td>443</td>
<td>tcp</td>
<td>https</td>
Expand Down
Loading

0 comments on commit f9e5fbc

Please sign in to comment.