Scribd
Upload
14 views

PentestTools-WebsiteScanner-report

The Website Vulnerability Scanner Report indicates a medium overall risk level with two medium and four low risk findings. Key vulnerabilities include insecure cookie settings lacking HttpOnly and Secure flags, and missing security headers such as Content-Security-Policy and Referrer-Policy. Recommendations are provided to enhance security, including setting appropriate cookie flags and configuring security headers.

Uploaded by

waciy70505
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

PentestTools-WebsiteScanner-report

The Website Vulnerability Scanner Report indicates a medium overall risk level with two medium and four low risk findings. Key vulnerabilities include insecure cookie settings lacking HttpOnly and Secure flags, and missing security headers such as Content-Security-Policy and Referrer-Policy. Recommendations are provided to enhance security, including setting appropriate cookie flags and configuring security headers.

Uploaded by

waciy70505
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Website Vulnerability Scanner Report (Light)

Unlock the full capabilities of this scanner

See what the DEEP scanner can do

Perform in-depth website scanning and discover high risk vulnerabilities.

Testing areas Light scan Deep scan

Website fingerprinting  
Version-based vulnerability detection  

Common configuration issues  


SQL injection  
Cross-Site Scripting  

Local/Remote File Inclusion  


Remote command execution  

Discovery of sensitive files  

 https://www.espacodotraco.com.br/

The Light Website Scanner didn't check for critical issues like SQLi, XSS, Command Injection, XXE, etc. Upgrade to run Deep scans with
40+ tests and detect more vulnerabilities.

Summary

Overall risk level: Risk ratings: Scan information:


Medium Critical: 0 Start time: Mar 17, 2025 / 22:52:51 UTC+02
High: 0 Finish time: Mar 17, 2025 / 22:54:01 UTC+02
Medium: 2 Scan duration: 1 min, 10 sec

Low: 4 Tests performed: 19/19

Info: 13 Scan status: Finished

Findings

 Insecure cookie setting: missing HttpOnly flag CONFIRMED

URL Cookie Name Evidence

The server responded with Set-Cookie header(s) that does not specify the HttpOnly flag:
https://www.espacodotraco.com.br/ ssr-caching
Set-Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_84_g

 Details

Risk description:
The risk is that an attacker who injects malicious JavaScript code on the page (e.g. by using an XSS attack) can access the cookie and can
send it to another site. In case of a session cookie, this could lead to session hijacking.

1/5
Recommendation:
Ensure that the HttpOnly flag is set for all cookies.

References:
https://owasp.org/www-community/HttpOnly

Classification:
CWE : CWE-1004
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Insecure cookie setting: missing Secure flag CONFIRMED

URL Cookie Name Evidence

https://www.espacodotraco.com.br/ ssr-caching Set-Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_84_g

 Details

Risk description:
The risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie
of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.

Recommendation:
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel.
Ensure that the secure flag is set for cookies containing such sensitive information.

References:
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/06-
Session_Management_Testing/02-Testing_for_Cookies_Attributes.html

Classification:
CWE : CWE-614
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: Content-Security-Policy CONFIRMED

URL Evidence

https://www.espacodotraco.com.br/ Response does not include the HTTP Content-Security-Policy security header or meta tag

 Details

Risk description:
The risk is that if the target application is vulnerable to XSS, lack of this header makes it easily exploitable by attackers.

Recommendation:
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the
application.

References:
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: Referrer-Policy CONFIRMED

URL Evidence

Response headers do not include the Referrer-Policy HTTP security header as well as the <meta> tag with
https://www.espacodotraco.com.br/
name 'referrer' is not present in the response.

2/5
 Details

Risk description:
The risk is that if a user visits a web page (e.g. "http://example.com/pricing/") and clicks on a link from that page going to e.g.
"https://www.google.com", the browser will send to Google the full originating URL in the Referer header, assuming the Referrer-Policy
header is not set. The originating URL could be considered sensitive information and it could be used for user tracking.

Recommendation:
The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value
no-referrer of this header instructs the browser to omit the Referer header entirely.

References:
https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Robots.txt file found CONFIRMED

URL

https://www.espacodotraco.com.br/robots.txt

 Details

Risk description:
There is no particular security risk in having a robots.txt file. However, it's important to note that adding endpoints in it should not be
considered a security measure, as this file can be directly accessed and read by anyone.

Recommendation:
We recommend you to manually review the entries from robots.txt and remove the ones which lead to sensitive locations in the website
(ex. administration panels, configuration files, etc).

References:
https://www.theregister.co.uk/2015/05/19/robotstxt/

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Server software and technology found UNCONFIRMED 

Software / Version Category

Google Cloud IaaS

Google Cloud CDN CDN

HTTP/3 Miscellaneous

React JavaScript frameworks

Sirvoy Appointment scheduling

HSTS Security

Wix CMS, Blogs

 Details

Risk description:
The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.

3/5
References:
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-
Fingerprint_Web_Server.html

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Security.txt file is missing CONFIRMED

URL

Missing: https://www.espacodotraco.com.br/.well-known/security.txt

 Details

Risk description:
There is no particular risk in not having a security.txt file for your server. However, this file is important because it offers a designated
channel for reporting vulnerabilities and security issues.

Recommendation:
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security
issues they find, improving the defensive mechanisms of your server.

References:
https://securitytxt.org/

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Website is accessible.

 Nothing was found for vulnerabilities of server-side software.

 Nothing was found for client access policies.

 Nothing was found for use of untrusted certificates.

 Nothing was found for enabled HTTP debug methods.

 Nothing was found for enabled HTTP OPTIONS method.

 Nothing was found for secure communication.

 Nothing was found for directory listing.

 Nothing was found for missing HTTP header - Strict-Transport-Security.

 Nothing was found for missing HTTP header - X-Content-Type-Options.

4/5
 Nothing was found for domain too loose set for cookies.

 Nothing was found for unsafe HTTP header Content Security Policy.

Scan coverage information

List of tests performed (19/19)


 Starting the scan...
 Checking for missing HTTP header - Content Security Policy...
 Checking for missing HTTP header - Referrer...
 Checking for HttpOnly flag of cookie...
 Checking for Secure flag of cookie...
 Checking for website technologies...
 Checking for vulnerabilities of server-side software...
 Checking for client access policies...
 Checking for robots.txt file...
 Checking for absence of the security.txt file...
 Checking for use of untrusted certificates...
 Checking for enabled HTTP debug methods...
 Checking for enabled HTTP OPTIONS method...
 Checking for secure communication...
 Checking for directory listing...
 Checking for missing HTTP header - Strict-Transport-Security...
 Checking for missing HTTP header - X-Content-Type-Options...
 Checking for domain too loose set for cookies...
 Checking for unsafe HTTP header Content Security Policy...

Scan parameters
target: https://www.espacodotraco.com.br/
scan_type: Light
authentication: False

Scan stats
Unique Injection Points Detected: 32
URLs spidered: 2
Total number of HTTP requests: 11
Average time until a response was
305ms
received:

5/5

You might also like