зеркало из https://github.com/microsoft/CCF.git
8.9 KiB
8.9 KiB
1 | ALPN | INFO | http/1.1 | |||
---|---|---|---|---|---|---|
2 | BEAST | OK | not vulnerable, no SSL3 or TLS1 | CVE-2011-3389 | CWE-20 | |
3 | BREACH | OK | not vulnerable, no HTTP compression - only supplied '/' tested | CVE-2013-3587 | CWE-310 | |
4 | CCS | OK | not vulnerable | CVE-2014-0224 | CWE-310 | |
5 | CRIME_TLS | OK | not vulnerable | CVE-2012-4929 | CWE-310 | |
6 | DNS_CAArecord | LOW | -- | |||
7 | DROWN | OK | not vulnerable on this host and port | CVE-2016-0800 CVE-2016-0703 | CWE-310 | |
8 | DROWN_hint | INFO | no RSA certificate, can't be used with SSLv2 elsewhere | CVE-2016-0800 CVE-2016-0703 | CWE-310 | |
9 | FREAK | OK | not vulnerable | CVE-2015-0204 | CWE-310 | |
10 | HPKP | INFO | No support for HTTP Public Key Pinning | |||
11 | HSTS | LOW | not offered | |||
12 | HTTP_clock_skew | INFO | Got no HTTP time, maybe try different URL? | |||
13 | HTTP_status_code | INFO | 404 Not Found ('/') | |||
14 | LOGJAM | OK | not vulnerable, no DH EXPORT ciphers, | CVE-2015-4000 | CWE-310 | |
15 | LOGJAM-common_primes | OK | no DH key with <= TLS 1.2 | CVE-2015-4000 | CWE-310 | |
16 | LUCKY13 | OK | not vulnerable | CVE-2013-0169 | CWE-310 | |
17 | NPN | INFO | not offered | |||
18 | OCSP_stapling | INFO | not offered | |||
19 | PFS | OK | offered | |||
20 | PFS_ECDHE_curves | OK | prime256v1 secp384r1 secp521r1 | |||
21 | PFS_ciphers | INFO | TLS_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 | |||
22 | POODLE_SSL | OK | not vulnerable, no SSLv3 | CVE-2014-3566 | CWE-310 | |
23 | RC4 | OK | not vulnerable | CVE-2013-2566 CVE-2015-2808 | CWE-310 | |
24 | ROBOT | OK | not vulnerable, no RSA key transport cipher | CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168 | CWE-203 | |
25 | SSL_sessionID_support | INFO | yes | |||
26 | SSLv2 | OK | not offered | |||
27 | SSLv3 | OK | not offered | |||
28 | SWEET32 | OK | not vulnerable | CVE-2016-2183 CVE-2016-6329 | CWE-327 | |
29 | TLS1 | INFO | not offered | |||
30 | TLS1_1 | INFO | not offered | |||
31 | TLS1_2 | OK | offered | |||
32 | TLS1_3 | OK | offered with final | |||
33 | TLS_extensions | INFO | 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'extended master secret/#23' | |||
34 | TLS_session_ticket | INFO | valid for 7200 seconds only (<daily) | |||
35 | TLS_timestamp | INFO | random | |||
36 | banner_application | INFO | No application banner found | |||
37 | banner_reverseproxy | INFO | -- | CWE-200 | ||
38 | banner_server | INFO | No Server banner line in header, interesting! | |||
39 | cert | INFO | ---------- | |||
40 | cert_caIssuers | INFO | CCF Network | |||
41 | cert_certificatePolicies_EV | INFO | no | |||
42 | cert_chain_of_trust | CRITICAL | failed (chain incomplete). | |||
43 | cert_commonName | OK | CCF Node | |||
44 | cert_commonName_wo_SNI | INFO | CCF Node | |||
45 | cert_crlDistributionPoints | INFO | -- | |||
46 | cert_eTLS | INFO | not present | |||
47 | cert_expirationStatus | HIGH | expires < 30 days (0) | |||
48 | cert_extKeyUsage | INFO | No server extended key usage information | |||
49 | cert_fingerprintSHA1 | INFO | ||||
50 | cert_fingerprintSHA256 | INFO | ||||
51 | cert_keySize | OK | EC 384 bits | |||
52 | cert_keyUsage | INFO | No server key usage information | |||
53 | cert_mustStapleExtension | INFO | -- | |||
54 | cert_notAfter | HIGH | ||||
55 | cert_notBefore | INFO | ||||
56 | cert_numbers | INFO | 1 | |||
57 | cert_ocspURL | INFO | -- | |||
58 | cert_revocation | HIGH | Neither CRL nor OCSP URI provided | |||
59 | cert_serialNumber | INFO | ||||
60 | cert_serialNumberLen | INFO | ||||
61 | cert_signatureAlgorithm | OK | ECDSA with SHA384 | |||
62 | cert_subjectAltName | INFO | ||||
63 | cert_trust | OK | Ok via SAN | |||
64 | cert_validityPeriod | INFO | No finding | |||
65 | certificate_transparency | INFO | -- | |||
66 | certs_countServer | INFO | 1 | |||
67 | certs_list_ordering_problem | INFO | no | |||
68 | cipher_negotiated | OK | TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |||
69 | cipher_order | OK | server | |||
70 | cipher_x1301 | INFO | x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256 | |||
71 | cipher_x1302 | INFO | x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384 | |||
72 | cipher_xc02b | INFO | xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | |||
73 | cipher_xc02c | INFO | xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | |||
74 | cipherlist_3DES_IDEA | INFO | not offered | CWE-310 | ||
75 | cipherlist_AVERAGE | INFO | not offered | CWE-310 | ||
76 | cipherlist_EXPORT | OK | not offered | CWE-327 | ||
77 | cipherlist_LOW | OK | not offered | CWE-327 | ||
78 | cipherlist_NULL | OK | not offered | CWE-327 | ||
79 | cipherlist_STRONG | OK | offered | |||
80 | cipherlist_aNULL | OK | not offered | CWE-327 | ||
81 | cipherorder_TLSv1_2 | INFO | ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 | |||
82 | cipherorder_TLSv1_3 | INFO | TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 | |||
83 | clientsimulation-android_442 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
84 | clientsimulation-android_500 | INFO | TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 | |||
85 | clientsimulation-android_60 | INFO | TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 | |||
86 | clientsimulation-android_70 | INFO | No connection | |||
87 | clientsimulation-android_81 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
88 | clientsimulation-android_90 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
89 | clientsimulation-android_X | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
90 | clientsimulation-apple_ats_9_ios9 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
91 | clientsimulation-chrome_74_win10 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
92 | clientsimulation-chrome_79_win10 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
93 | clientsimulation-edge_15_win10 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
94 | clientsimulation-edge_17_win10 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
95 | clientsimulation-firefox_66_win81 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
96 | clientsimulation-firefox_71_win10 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
97 | clientsimulation-ie_11_win10 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
98 | clientsimulation-ie_11_win7 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
99 | clientsimulation-ie_11_win81 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
100 | clientsimulation-ie_11_winphone81 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
101 | clientsimulation-ie_6_xp | INFO | No connection | |||
102 | clientsimulation-ie_8_win7 | INFO | No connection | |||
103 | clientsimulation-ie_8_xp | INFO | No connection | |||
104 | clientsimulation-java1102 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
105 | clientsimulation-java1201 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
106 | clientsimulation-java_6u45 | INFO | No connection | |||
107 | clientsimulation-java_7u25 | INFO | No connection | |||
108 | clientsimulation-java_8u161 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
109 | clientsimulation-openssl_102e | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
110 | clientsimulation-openssl_110l | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
111 | clientsimulation-openssl_111d | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
112 | clientsimulation-opera_66_win10 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
113 | clientsimulation-safari_10_osx1012 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
114 | clientsimulation-safari_121_ios_122 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
115 | clientsimulation-safari_130_osx_10146 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
116 | clientsimulation-safari_9_ios9 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
117 | clientsimulation-safari_9_osx1011 | INFO | TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 | |||
118 | clientsimulation-thunderbird_68_3_1 | INFO | TLSv1.3 TLS_AES_256_GCM_SHA384 | |||
119 | cookie_count | INFO | 0 at '/' (30x detected, better try target URL of 30x) | |||
120 | fallback_SCSV | OK | no protocol below TLS 1.2 offered | |||
121 | heartbleed | OK | not vulnerable, no heartbeat extension | CVE-2014-0160 | CWE-119 | |
122 | pre_128cipher | INFO | No 128 cipher limit bug | |||
123 | protocol_negotiated | OK | Default protocol TLS1.3 | |||
124 | secure_client_renego | OK | not vulnerable | CVE-2011-1473 | CWE-310 | |
125 | secure_renego | OK | supported | CWE-310 | ||
126 | security_headers | MEDIUM | -- | |||
127 | service | INFO | HTTP | |||
128 | sessionresumption_ID | INFO | not supported | |||
129 | sessionresumption_ticket | INFO | not supported | |||
130 | ticketbleed | OK | not vulnerable | CVE-2016-9244 | CWE-200 |