Online Security Scan tool for any website



Use-case :

How to perform online - Website Vulnerability Scanner Report
Solution :
  1. Go to this URL: https://pentest-tools.com/home
  2. Input the website URL https://www.test.com/ under the  webserver scan tab
  3. Click on scan , it will generate the report and it will have various scanning parameters.

This tool focus on below Areas :
Testing areasLight scanFull scan
Website fingerprinting
Version-based vulnerability detection
Common configuration issues
SQL injection
Cross-Site Scripting
Remote command execution
Discover sensitive files


Summary of sample scan report

Overall risk level:
Medium
Risk ratings:
High:
0
Medium:
1
Low:
3
Info:
6
Scan information:
Start time:2019-03-29 08:03:21
Finish time:2019-03-29 08:03:28
Scan duration:7 sec
Tests performed:10/10
Scan status:Finished







Scan coverage information

List of tests performed (10/10)
  1.         Fingerprinting the server software and technology...
  2.  Checking for vulnerabilities of server-side software...
  3.  Analyzing the security of HTTP cookies...
  4.  Analyzing HTTP security headers...
  5.  Checking for secure communication...
  6.  Checking robots.txt file...
  7.  Checking client access policies...
  8.  Checking for directory listing (quick scan)...
  9.  Checking for password auto-complete (quick scan)...
  10.  Checking for clear-text submission of passwords (quick scan)...
  11.        Server software and technology found
Software / VersionCategory
 ApacheWeb Servers
 Adobe Experience ManagerCMS
 ZURB FoundationWeb Frameworks
 Google MapsMaps
 Google Tag ManagerTag Managers
 jQueryJavaScript Frameworks

Insecure HTTP cookies

Cookie NameFlags missing
AWSELBSecure, HttpOnly
  Details
Risk description:
Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel (plain HTTP) if such a request is made. Thus, the risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.

Lack of the HttpOnly flag permits the browser to access the cookie from client-side scripts (ex. JavaScript, VBScript, etc). This can be exploited by an attacker in conjuction with a Cross-Site Scripting (XSS) attack in order to steal the affected cookie. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session. 

Recommendation:
We recommend reconfiguring the web server in order to set the flag(s) SecureHttpOnly to all sensitive cookies. 

More information about this issue:
https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/.
4. That's all!

4 comments:

  1. Safe HackJune 4, 2020 at 4:08 AM

    Thanks admin for the post. Your article is so helpful and I checked my website and I find that my website is not secured at all I am looking for the agency who can provide me Cyber Security Solutions for my website. I think I will find and secure my website.

    ReplyDelete
  2. James ZicrovOctober 14, 2021 at 10:43 PM

    I really like reading through a post that can make people think. Also, many thanks for permitting me to comment!

    App Scanner Tool

    ReplyDelete
  3. GoTechbdNovember 15, 2021 at 1:50 AM

    Good post
    https://www.digimarkbd.com/
    < a href="https://www.digimarkbd.com/">DigimarkBD

    ReplyDelete
  4. jacielxiaoMarch 2, 2022 at 4:20 AM

    Merkur 34C Review - The Merkur 34C Slot With Great Results!
    Merkur 34C Slot 온라인카지노 Review. Merkur. Merkur. A very good safety razor 우리 카지노 for beginners. Merkur 34C. Also great for serious titanium wire men and 메리트 카지노 먹튀 those with 메리트 카지노 먹튀 a

    ReplyDelete

Subscribe to: Post Comments (Atom)