Scribd
Upload
7 views4 pages

PentestTools WebsiteScanner Report

The Light Website Vulnerability Scanner report indicates a low overall risk level with three low-risk findings, including unsafe security headers and a robots.txt file. Critical vulnerabilities such as SQL injection and cross-site scripting were not checked in this scan, suggesting an upgrade to a Deep scan for comprehensive testing. Recommendations include removing unsafe values from security headers and reviewing the robots.txt file for sensitive entries.

Uploaded by

Vy Hoàng Thi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views4 pages

PentestTools WebsiteScanner Report

The Light Website Vulnerability Scanner report indicates a low overall risk level with three low-risk findings, including unsafe security headers and a robots.txt file. Critical vulnerabilities such as SQL injection and cross-site scripting were not checked in this scan, suggesting an upgrade to a Deep scan for comprehensive testing. Recommendations include removing unsafe values from security headers and reviewing the robots.txt file for sensitive entries.

Uploaded by

Vy Hoàng Thi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Website Vulnerability Scanner Report (Light)

Unlock the full capabilities of this scanner

See what the DEEP scanner can do

Perform in-depth website scanning and discover high risk vulnerabilities.

Testing areas Light scan Deep scan

Website fingerprinting  
Version-based vulnerability detection  

Common configuration issues  


SQL injection  
Cross-Site Scripting  

Local/Remote File Inclusion  


Remote command execution  

Discovery of sensitive files  

 https://owasp.org/www-project-juice-shop/

The Light Website Scanner didn't check for critical issues like SQLi, XSS, Command Injection, XXE, etc. Upgrade to run Deep scans with
40+ tests and detect more vulnerabilities.

Summary

Overall risk level: Risk ratings: Scan information:


Low Critical: 0 Start time: Feb 14, 2025 / 09:46:34 UTC+02
High: 0 Finish time: Feb 14, 2025 / 09:47:11 UTC+02
Medium: 0 Scan duration: 37 sec

Low: 3 Tests performed: 19/19

Info: 16 Scan status: Finished

Findings

 Unsafe security header: Content-Security-Policy CONFIRMED

URL Evidence

1/4
Response headers include the HTTP Content-Security-Policy security header with the following security issues:
script-src: 'unsafe-eval' allows the execution of code injected into DOM APIs such as eval().
script-src: 'self' can be problematic if you host JSONP, Angular or user uploaded files.
base-uri: Missing base-uri allows the injection of base tags. They can be used to set the base URL for al
https://owasp.org/www- l relative (script) URLs to an attacker controlled domain. We recommend setting it to 'none' or 'self'.
script-src: ''unsafe-inline'' allows the execution of unsafe in-page scripts and event handlers.
project-juice-shop/
object-src: We recommend restricting object-src to 'none'.

Request / Response

 Details

Risk description:
For example, if the unsafe-inline directive is present in the CSP header, the execution of inline scripts and event handlers is allowed. This
can be exploited by an attacker to execute arbitrary JavaScript code in the context of the vulnerable application.

Recommendation:
Remove the unsafe values from the directives, adopt nonces or hashes for safer inclusion of inline scripts if they are needed, and explicitly
define the sources from which scripts, styles, images or other resources can be loaded.

References:
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Robots.txt file found CONFIRMED

URL

https://owasp.org/robots.txt

 Details

Risk description:
There is no particular security risk in having a robots.txt file. However, it's important to note that adding endpoints in it should not be
considered a security measure, as this file can be directly accessed and read by anyone.

Recommendation:
We recommend you to manually review the entries from robots.txt and remove the ones which lead to sensitive locations in the website
(ex. administration panels, configuration files, etc).

References:
https://www.theregister.co.uk/2015/05/19/robotstxt/

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Server software and technology found UNCONFIRMED 

Software / Version Category

Amazon Web Services PaaS

Amazon S3 CDN

Google Analytics Analytics

jQuery 3.7.1 JavaScript libraries

Open Graph Miscellaneous

GitHub Pages PaaS

2/4
Cloudflare CDN

Fastly CDN

Google Tag Manager Tag managers

HSTS Security

Varnish Caching

Cart Functionality Ecommerce

 Details

Risk description:
The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.

References:
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-
Fingerprint_Web_Server.html

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Website is accessible.

 Nothing was found for vulnerabilities of server-side software.

 Nothing was found for client access policies.

 Nothing was found for absence of the security.txt file.

 Nothing was found for use of untrusted certificates.

 Nothing was found for enabled HTTP debug methods.

 Nothing was found for enabled HTTP OPTIONS method.

 Nothing was found for secure communication.

 Nothing was found for directory listing.

 Nothing was found for missing HTTP header - Strict-Transport-Security.

 Nothing was found for missing HTTP header - Content Security Policy.

3/4
 Nothing was found for missing HTTP header - X-Content-Type-Options.

 Nothing was found for missing HTTP header - Referrer.

 Nothing was found for domain too loose set for cookies.

 Nothing was found for HttpOnly flag of cookie.

 Nothing was found for Secure flag of cookie.

Scan coverage information

List of tests performed (19/19)


 Starting the scan...
 Checking for unsafe HTTP header Content Security Policy...
 Checking for website technologies...
 Checking for vulnerabilities of server-side software...
 Checking for client access policies...
 Checking for robots.txt file...
 Checking for absence of the security.txt file...
 Checking for use of untrusted certificates...
 Checking for enabled HTTP debug methods...
 Checking for enabled HTTP OPTIONS method...
 Checking for secure communication...
 Checking for directory listing...
 Checking for missing HTTP header - Strict-Transport-Security...
 Checking for missing HTTP header - Content Security Policy...
 Checking for missing HTTP header - X-Content-Type-Options...
 Checking for missing HTTP header - Referrer...
 Checking for domain too loose set for cookies...
 Checking for HttpOnly flag of cookie...
 Checking for Secure flag of cookie...

Scan parameters
target: https://owasp.org/www-project-juice-shop/
scan_type: Light
authentication: False

Scan stats
Unique Injection Points Detected: 6
URLs spidered: 3
Total number of HTTP requests: 12
Average time until a response was
90ms
received:

4/4

You might also like