diff --git a/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/http.json b/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/http.json index 6d43d6d06dc..c2082f9aaa2 100644 --- a/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/http.json +++ b/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/http.json @@ -1 +1 @@ -{"url":"https://www.monservicesecurise.beta.gouv.fr","algorithm_version":2,"end_time":"Thu, 16 Jun 2022 19:40:33 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html; charset=utf-8","Date":"Thu, 16 Jun 2022 19:40:32 GMT","ETag":"W/\"1b03-5gB2gS9vPcQ/VjJPUdXP/nZgZ+0\"","Set-Cookie":"token=eyJtYWludGVuYW50IjoyNzU5MDE0MH0=; path=/; expires=Thu, 16 Jun 2022 20:40:32 GMT; samesite=strict; secure; httponly, token.sig=U418bka-tXHRLferjqgmCxDxHmg; path=/; expires=Thu, 16 Jun 2022 20:40:32 GMT; samesite=strict; secure; httponly","Strict-Transport-Security":"max-age=31536000","Transfer-Encoding":"chunked","X-Request-ID":"bb8cabbb-927b-4414-8f16-6b011a185b83","content-security-policy":"default-src 'self'; img-src 'self' data:; script-src 'self' unpkg.com code.jquery.com cdn.jsdelivr.net","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-frame-options":"deny"},"scan_id":27212059,"score":110,"start_time":"Thu, 16 Jun 2022 19:40:28 GMT","state":"FINISHED","status_code":200,"tests_failed":1,"tests_passed":11,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"default-src":["'self'"],"img-src":["'self'","data:"],"script-src":["code.jquery.com","cdn.jsdelivr.net","'self'","unpkg.com"]},"http":true,"meta":false,"policy":{"antiClickjacking":false,"defaultNone":false,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":false,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-no-unsafe","score_description":"Content Security Policy (CSP) implemented without 'unsafe-inline' or 'unsafe-eval'","score_modifier":5},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":{"token":{"domain":"www.monservicesecurise.beta.gouv.fr","expires":1655412032,"httponly":true,"max-age":null,"path":"/","port":null,"samesite":"Strict","secure":true},"token.sig":{"domain":"www.monservicesecurise.beta.gouv.fr","expires":1655412032,"httponly":true,"max-age":null,"path":"/","port":null,"samesite":"Strict","secure":true}},"sameSite":true},"pass":true,"result":"cookies-secure-with-httponly-sessions-and-samesite","score_description":"All cookies use the Secure flag, session cookies use the HttpOnly flag, and cross-origin restrictions are in place via the SameSite flag","score_modifier":5},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://www.monservicesecurise.beta.gouv.fr/","redirects":true,"route":["http://www.monservicesecurise.beta.gouv.fr/","https://www.monservicesecurise.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer","http":true,"meta":false},"pass":true,"result":"referrer-policy-private","score_description":"Referrer-Policy header set to \"no-referrer\", \"same-origin\", \"strict-origin\" or \"strict-origin-when-cross-origin\"","score_modifier":5},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{"https://code.jquery.com/jquery-3.6.0.min.js":{"crossorigin":null,"integrity":null},"https://unpkg.com/axios/dist/axios.min.js":{"crossorigin":null,"integrity":null}}},"pass":false,"result":"sri-not-implemented-but-external-scripts-loaded-securely","score_description":"Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS","score_modifier":-5},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"deny"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}} \ No newline at end of file +{"url":"https://www.monservicesecurise.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 19 Jun 2022 13:03:21 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html; charset=utf-8","Date":"Sun, 19 Jun 2022 13:03:20 GMT","ETag":"W/\"1b03-5gB2gS9vPcQ/VjJPUdXP/nZgZ+0\"","Set-Cookie":"token=eyJtYWludGVuYW50IjoyNzU5NDA2M30=; path=/; expires=Sun, 19 Jun 2022 14:03:20 GMT; samesite=strict; secure; httponly, token.sig=LHp0pvUjWtP9AOiRjTC7jD7zK80; path=/; expires=Sun, 19 Jun 2022 14:03:20 GMT; samesite=strict; secure; httponly","Strict-Transport-Security":"max-age=31536000","Transfer-Encoding":"chunked","X-Request-ID":"3319c2f7-8564-4ddb-b0bb-598354633cd4","content-security-policy":"default-src 'self'; img-src 'self' data:; script-src 'self' unpkg.com code.jquery.com cdn.jsdelivr.net","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-frame-options":"deny"},"scan_id":27247084,"score":110,"start_time":"Sun, 19 Jun 2022 13:03:17 GMT","state":"FINISHED","status_code":200,"tests_failed":1,"tests_passed":11,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"default-src":["'self'"],"img-src":["'self'","data:"],"script-src":["unpkg.com","'self'","code.jquery.com","cdn.jsdelivr.net"]},"http":true,"meta":false,"policy":{"antiClickjacking":false,"defaultNone":false,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":false,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-no-unsafe","score_description":"Content Security Policy (CSP) implemented without 'unsafe-inline' or 'unsafe-eval'","score_modifier":5},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":{"token":{"domain":"www.monservicesecurise.beta.gouv.fr","expires":1655647400,"httponly":true,"max-age":null,"path":"/","port":null,"samesite":"Strict","secure":true},"token.sig":{"domain":"www.monservicesecurise.beta.gouv.fr","expires":1655647400,"httponly":true,"max-age":null,"path":"/","port":null,"samesite":"Strict","secure":true}},"sameSite":true},"pass":true,"result":"cookies-secure-with-httponly-sessions-and-samesite","score_description":"All cookies use the Secure flag, session cookies use the HttpOnly flag, and cross-origin restrictions are in place via the SameSite flag","score_modifier":5},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://www.monservicesecurise.beta.gouv.fr/","redirects":true,"route":["http://www.monservicesecurise.beta.gouv.fr/","https://www.monservicesecurise.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer","http":true,"meta":false},"pass":true,"result":"referrer-policy-private","score_description":"Referrer-Policy header set to \"no-referrer\", \"same-origin\", \"strict-origin\" or \"strict-origin-when-cross-origin\"","score_modifier":5},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{"https://code.jquery.com/jquery-3.6.0.min.js":{"crossorigin":null,"integrity":null},"https://unpkg.com/axios/dist/axios.min.js":{"crossorigin":null,"integrity":null}}},"pass":false,"result":"sri-not-implemented-but-external-scripts-loaded-securely","score_description":"Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS","score_modifier":-5},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"deny"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}} \ No newline at end of file diff --git a/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/lhr.html b/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/lhr.html index 13ff1d36098..dc55e200c06 100644 --- a/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/lhr.html +++ b/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/lhr.html @@ -7751,7 +7751,7 @@ //# sourceURL=compiled-reportrenderer.js - +

Online Hosts

-

185.21.194.105 - www.monservicesecurise.beta.gouv.fr

-
+

148.253.96.193 - www.monservicesecurise.beta.gouv.fr

+

Hostnames

  • www.monservicesecurise.beta.gouv.fr (user)
  • -
  • ows-185-21-194-105.cloudgouv-eu-west-1.compute.outscale.com (PTR)
  • +
  • ows-148-253-96-193.cloudgouv-eu-west-1.compute.outscale.com (PTR)

Ports

@@ -124,7 +124,7 @@

Ports

   GetRequest, HTTPOptions: 
     HTTP/1.1 404 Not Found
-    Date: Thu, 16 Jun 2022 19:44:54 GMT
+    Date: Sun, 19 Jun 2022 13:09:42 GMT
     Content-Type: text/html
     Content-Length: 15436
     Connection: close
@@ -143,9 +143,17 @@ 

Ports

- + @@ -180,7 +188,7 @@

Open Services

- + diff --git a/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/nmapvuln.nmap b/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/nmapvuln.nmap index b8eed03052c..ba569d14dea 100644 --- a/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/nmapvuln.nmap +++ b/results/aHR0cHM6Ly93d3cubW9uc2VydmljZXNlY3VyaXNlLmJldGEuZ291di5mcg==/nmapvuln.nmap @@ -1,15 +1,15 @@ -# Nmap 7.92 scan initiated Thu Jun 16 19:44:40 2022 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln www.monservicesecurise.beta.gouv.fr -Nmap scan report for www.monservicesecurise.beta.gouv.fr (185.21.194.105) -Host is up (0.080s latency). -Other addresses for www.monservicesecurise.beta.gouv.fr (not scanned): 148.253.96.193 -rDNS record for 185.21.194.105: ows-185-21-194-105.cloudgouv-eu-west-1.compute.outscale.com +# Nmap 7.92 scan initiated Sun Jun 19 13:09:24 2022 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln www.monservicesecurise.beta.gouv.fr +Nmap scan report for www.monservicesecurise.beta.gouv.fr (148.253.96.193) +Host is up (0.16s latency). +Other addresses for www.monservicesecurise.beta.gouv.fr (not scanned): 185.21.194.105 +rDNS record for 148.253.96.193: ows-148-253-96-193.cloudgouv-eu-west-1.compute.outscale.com Not shown: 998 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http | fingerprint-strings: | GetRequest, HTTPOptions: | HTTP/1.1 404 Not Found -| Date: Thu, 16 Jun 2022 19:44:54 GMT +| Date: Sun, 19 Jun 2022 13:09:42 GMT | Content-Type: text/html | Content-Length: 15436 | Connection: close @@ -17,9 +17,17 @@ PORT STATE SERVICE VERSION |_ Application doesn't exist - Scalingo
fingerprint-strings
-  GetRequest, HTTPOptions: 
+  GetRequest: 
+    HTTP/1.1 404 Not Found
+    Date: Sun, 19 Jun 2022 13:09:48 GMT
+    Content-Type: text/html
+    Content-Length: 15436
+    Connection: close
+    Content-Encoding: identity
+    <!DOCTYPE html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta charset="utf-8"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="width=device-width, initial-scale=1.0" name="viewport"><title>Application doesn't exist - Scalingo</title><style>html { height: 100%;}body { -webkit-transform-style: preserve-3d; transform-style: preserve-3d; text-align: center; height: 100%; margin: 0; padding: 0; background: -webkit-gradient(linear, left top, left bottom, from(#1864ab), to(#099ec9)) left top/100% 100% no-repeat #1864ab; background: linear-gradient(to bottom, #1864ab, #099ec9) left top/100% 100% no-repeat #1864ab; color: white;}#wrapper { position: relative; top: 40%; -webkit
+  HTTPOptions: 
     HTTP/1.1 404 Not Found
-    Date: Thu, 16 Jun 2022 19:45:00 GMT
+    Date: Sun, 19 Jun 2022 13:09:49 GMT
     Content-Type: text/html
     Content-Length: 15436
     Connection: close
@@ -170,7 +178,7 @@ 

Open Services

185.21.194.105 - www.monservicesecurise.beta.gouv.fr148.253.96.193 - www.monservicesecurise.beta.gouv.fr 80 tcp http
185.21.194.105 - www.monservicesecurise.beta.gouv.fr148.253.96.193 - www.monservicesecurise.beta.gouv.fr 443 tcp https