boB Rudis
5 years ago
87 changed files with 102354 additions and 97 deletions
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,969 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "secp256k1 prime256v1 secp384r1 secp521r1" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "RFC3526/Oakley Group 14" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"finding" : "NOT a cipher order configured" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "DHE-RSA-AES256-SHA256, 2048 bit DH (cbc) (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_TLSv1.1", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA at TLSv1.1 (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_TLSv1.2", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 at TLSv1.2 (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (matching cipher in list missing)" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2544949D7D776169E4D153C5A2098026" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DECFA5C8E6229B6CA4EC0EED1AB68BFB6042A3A4" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "467CD69F0E79EF5F9C6190F475EADC904927A4412F043A1A0C1B6914A40315A8" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIG1zCCBb+gAwIBAgIQJUSUnX13YWnk0VPFogmAJjANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0xODA4MzAwMDAwMDBaFw0yMDA4MzAyMzU5NTlaMFQxITAfBgNVBAsTGERv bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGTAX BgNVBAMTEGNyYW4uYmlvdG9vbHMuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDfGZuxfKtN8Tk7oG0NbopNLThTqRPCEQSRPoj0PI7nbp9uA3kzTdoh JW8FbsBxW6nTFNPszluSyvWWzOOUHddwFGGUlB1xKAGv4bl6RujF+YyMAOidM6YV fdODwL5uaxtI+4qOForaD1svMAk6cBo3WllJQyCb9IHJPm8oJ7PZbfB98amDnfgU 0Sv5GUOg3h6PRnhmYP70tLctsZJ8/ImVjjHGRKr3HGGUuGy1gFLTB7tWR6XnP3ub 08+tJIH6WnXeFLamiI555iovi4716xztI6y0qs9z5WaXhJ+Vn0DLLC4L7bKnGTef eKhHjv8e899GFvAAKnKsS0nQaTrspEZPAgMBAAGjggNmMIIDYjAfBgNVHSMEGDAW gBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUOqr4OZVe70XTxYft1I75 fcozT4cwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzAp BggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EM AQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NP TU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsG AQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5jb20v Q09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggr BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMDEGA1UdEQQqMCiCEGNy YW4uYmlvdG9vbHMuZnKCFHd3dy5jcmFuLmJpb3Rvb2xzLmZyMIIBfwYKKwYBBAHW eQIEAgSCAW8EggFrAWkAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9 ywAAAWWKGumvAAAEAwBHMEUCIQDczpq3Ds+4IEkDqpbgGfkT8Ke6K/0umSP2cd70 AWkXawIgVs44jqfCMo5KPq8AwOSpPQsEp6lXGB55pKEK8Zef57kAdwBep3P531bA 57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWWKGunwAAAEAwBIMEYCIQDIghl+ 90chehD/H2bnSi2fFX2WMiiIvn0BK/HLn8xEcgIhANt8b+iEfwL59ja/9i90ybRr ebP9H6dhGwPhZl2A6Z67AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT 0wwAAAFlihrqfgAABAMARzBFAiAI/84XC2sJrf/99JjQbjkGErCk9Sufbg2HC2BZ SeVQ/AIhAIoVOVPP1Z8VOQ//zANccA6pe07Jai/nf5rm+Oe0MuZ/MA0GCSqGSIb3 DQEBCwUAA4IBAQBez3O9my525tZGv7N4YhUgT6cxOeCRipAIWXQAmBE3/Noet/4X vtTMxAZNQXNnai8WStPbePdvbfy/da83DtUwpw9QGleVCx9K6JMRqQby2eDQlo2I gL3IEZOMtRQkQtoXyvRlqVLgyyuSSP6F+BHEnpMAH41IRucW4PiBxy7g5iG64LKo OPKXD/fJ3bfvHy4ZsttqouhF569D3KpA1dn4nc05C431CnmG3fYdM9g4VrMurxEc SXL/zdx46aBMrGcm/PMc0Q7ZKNfNuSt4Pd96uCFegEkXHq1LmQu3u0OX5+B0fEjK KF0l5LOPwKmsEaSVUE9iuBJNQPF2ikrVur11 -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "cran.biotools.fr" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.biotools.fr" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.biotools.fr www.cran.biotools.fr" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "COMODO RSA Domain Validation Secure Server CA (COMODO CA Limited from GB)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "546 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2018-08-29 20:00" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2020-08-30 19:59" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "3" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.comodoca.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially VULNERABLE, uses gzip HTTP compression - only supplied '/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=467CD69F0E79EF5F9C6190F475EADC904927A4412F043A1A0C1B6914A40315A8" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "RFC3526/Oakley Group 14" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "not vulnerable, no SSL3 or TLS1" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 521 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc014", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc014 ECDHE-RSA-AES256-SHA ECDH 521 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9f", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_x6b", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x39", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9e", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "cran.biotools.fr/87.98.155.219", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "95" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,957 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http/1.1" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp256k1 prime256v1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "RFC3526/Oakley Group 16" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15' 'application layer protocol negotiation/#16'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "4096 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "037263D7DC596E718181F53998E4800BFCFD" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "CFCC361D319F3B7A2E3E5845EABA566AB7B18AF7" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "7C00DC768F4615751DEA14520FC22A4B9480ED26BCC98F971450D4CBAD4F2EBD" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIGXDCCBUSgAwIBAgISA3Jj19xZbnGBgfU5mOSAC/z9MA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAyMjUxMDAwMThaFw0x OTA1MjYxMDAwMThaMB0xGzAZBgNVBAMTEmNyYW4uZGNjLnVjaGlsZS5jbDCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJdRVHamL4SQ/C796sDK0j3jpSPh U6l82OOy+X6o4FKF6uKRubeOBzwax4w5/+rUGIIzTlVducGecvoeDt1Mqqimn0rl U5D6jzEPPejA+plX4k6z59FMRXIUNUIp1k5Bz9Lchtf1lsUpS9KGgIf4jy2SntvM mKqD5fSQxV/uPHd0nCgPmjO+Ld5wlHREcpByamU0p71MoRJUVXDgrW0sZL5SaI5T Sp5renGnkwXyuZv2rUchWtfeOJhTUXeqw3T2CIguHkCY9T9ISAn1OdtoMGs7Q7ib 2mWIsfv0SXUQMxMHCgQ5NfxqNgoS/ELHXI07QuSdl7fD5fowbs4A5bk0lqYg6EbS elTdRxIVdMl7wvmi7z3UgDRQNlq+lK/fasLuNmr9pXqmiSQT5NqSO++1c15swVs9 bAuvQ6hjvjQt1ZhrvqnAGY1Mu4MnLUBFgs70/Wdweh54aLlxfh24P/M/mo4beRfY Z3OdnQlcL4UCnDuN1KilpYElZxtitmJRvni1THteOR5oiKQImiuubGjXj04+vK56 DAiYVGQQEbYY1N4FlBpmK+ts1pqPhJwMwfZVc2a6HAhATwbqphyuph7xARDmVCyz jpw5StJzfAs90MLT9mdQpN1NMlij7r4BldbM1d4MDqX750zfI+/7yR7WnrFhfhCC eRxsoV8X52NAF9B3AgMBAAGjggJnMIICYzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE FNLlDrprjBQYDJh3BM0oV0wsrQeVMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wHQYDVR0RBBYwFIISY3Jhbi5kY2MudWNo aWxlLmNsMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHW eQIEAgSB9QSB8gDwAHYAdH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYA AAFpJFAH7wAABAMARzBFAiEAtddE1fU/NbwHh/IA1X0GDiG7Cfb9CpAE6XVlu/Fw YMQCIGySDfuWpoVF74XGMD5YpuozWw7ABiLd1IcSI5SoCe5eAHYAY/Lbzeg7zCzP C3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFpJFAIAgAABAMARzBFAiAvD9KQHTdR XbYz54qM/pW0k5SjUlI+pYfj8h3l+AOtnAIhAOhq25E7p1mTWhxIAPniHLTrJvt9 inSVW8aJWiI+yJjIMA0GCSqGSIb3DQEBCwUAA4IBAQBq+L+MJf2L7F1Bm5iQXWAi lHmxOO3D7IPoVYABGlZw7DoCwrt2xXAx8kUFSVgXtLoMoSBsS+a8V0h06CBjMiB1 4tEI4VZyiX9uXdMMakeNy8Y1XoLu9/z9GN3F8XyMbZaAbhz3xddO90d7fmPw8JSK SadsGdaED155d8bwsNrOU6IgZwPD2Y5PjZEDokbm36mTGcxNredABZFHBld5BFM0 OxYmxxa9WYZrKAiKpRN9XLAz8LuUiceb9151HsS9HwN6Ly3j+Cr7BwZdMK4cfU3g JMHhZXrXyPtLA0mh/JF6bEJ9kZrBAYX3WzziwCl7zEG8rpzKtPhrJnwwxa3uUbPm -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "cran.dcc.uchile.cl" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.dcc.uchile.cl" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.dcc.uchile.cl" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Let's Encrypt Authority X3 (Let's Encrypt from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "83 >= 30 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2019-02-25 05:00" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2019-05-26 06:00" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.int-x3.letsencrypt.org" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.4.25 (Debian)" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially VULNERABLE, uses gzip HTTP compression - only supplied '/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=7C00DC768F4615751DEA14520FC22A4B9480ED26BCC98F971450D4CBAD4F2EBD" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "RFC3526/Oakley Group 16" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc014", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9f", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9f DHE-RSA-AES256-GCM-SHA384 DH 4096 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_x6b", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x6b DHE-RSA-AES256-SHA256 DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x39", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9e", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9e DHE-RSA-AES128-GCM-SHA256 DH 4096 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 DHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 DHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "cran.dcc.uchile.cl/192.80.24.196", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "192" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,985 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"finding" : "TLSv1.1 is not offered, and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "RFC3526/Oakley Group 14" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"finding" : "NOT a cipher order configured" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Default protocol TLS1.0" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "DHE-RSA-AES256-SHA, 2048 bit DH (cbc) (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_TLSv1", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DHE-RSA-AES256-SHA at TLSv1 (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'session ticket/#35'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No lifetime advertised" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "off by -1 seconds from your localtime" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "E3009B7FE7AC02D80A22C93FA4279D83" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "6F0D84709B307507D31FE66A45C554DDC61CCE71" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "B505C5C9CAAAAFE3AE693EC16BF2F65AEBFD6A77FDF06C17699A8482E2C07116" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIHHDCCBgSgAwIBAgIRAOMAm3/nrALYCiLJP6QnnYMwDQYJKoZIhvcNAQELBQAw djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTgwODAzMDAwMDAwWhcNMjAwODAy MjM1OTU5WjCB1TELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTQ5OTMxMQswCQYDVQQI EwJNSTERMA8GA1UEBxMISG91Z2h0b24xHDAaBgNVBAkTEzE0MDAgVG93bnNlbmQg RHJpdmUxKjAoBgNVBAoTIU1pY2hpZ2FuIFRlY2hub2xvZ2ljYWwgVW5pdmVyc2l0 eTE1MDMGA1UECxMsSW5mb3JtYXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlcyBhbmQg U2VjdXJpdHkxFTATBgNVBAMTDGNyYW4ubXR1LmVkdTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAOCvYftwxh1K8uTE/HC0RMB6j4czwJKce6iBu3u6zSlL 6RHQSb2deJaFRmAN/W94cNlEvJhxkSaPkhtpcZSSHv4Dk3dM1jmLLRETnJJmVpLF Zo1OWe1bfQA/vGIgSzl0yHDYeSbKlPtTlrRt+5eTu36cSVRo0PgYlo0gl1xixYys NNqd6v3Obi59Q2DKsglKtHcOFJ/gcb45USuE/+gJMVkxuRCzo/R+oxBDFqgk6xPH wZxjgXQtMcY9uTrfLgshPFaMq+1Oh9uZt0EcFj14pjPDJ4pD3Vaoe3kzp1fRhlGI BSCxdfbrErX+HNvfmWxEiqFl63yIN2AP1YWSKBJcNPUCAwEAAaOCA0MwggM/MB8G A1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBSSa4l41iYZ FH11uc+BAAjXTWrupjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4j AQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2Nl cnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5 oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2Vy dmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2Ny dC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYB BQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wFwYDVR0RBBAwDoIMY3Jh bi5tdHUuZWR1MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwDuS723dc5guuFC aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWUBf//tAAAEAwBIMEYCIQCyoW+zciXn 4Rwvos/AW0LPjsjtlDMgieZw3fvxuHHksgIhAMTP0dSTyDOeh/OqaV3izdioCPMJ oQyUVYgYaoQJz5u7AHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgA AAFlAYAAOgAABAMARzBFAiABLXUg+CrTSp8MkMIU7A++2uaCFlgBzdhbfqaFsVEG twIhAIt5u+rgoTA7shthZZQyO8BUIhQuXHaVD7vJdagm4wDaAHYAVYHUwhaQNgFK 6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFlAYAAEAAABAMARzBFAiAi9K1OtMm7 3vimMjhY9n99zm10D0HzDnQgdJiOaC7/TwIhAKiSe46v+K8gB1rE7LoZ+H1zwC5s 32CLKOzVEAyimQhyMA0GCSqGSIb3DQEBCwUAA4IBAQCHQAQzGrbH0aB02iIXMpj4 302YWxVnOp/U8LqJ6Ehu5Nf/sXjrF8/DQbHgvhU1EiqH6V+McM4gglK9P44RH26L 8tnFukY8jwZ4dvkYthuxREAUvc4Xq5MhnJHj5jYsKTJoIBtXwD+FOtsRw7UEMhFN yBYLujcYjpXbhmXqUW8eTCHQ8MOonvfwiFA5o3c+8oFWfKE0BOXh0Jb3Hoor2kyb 7pUXS6lnpWcMES6DMerAtjocsEd6zBJ4E8x4dCZ+Kb6l3eavtKFCj0EUAxqTlXPX MeXQlYpN9M00+VB35KqFYTYjfgsGEhjbAi/Z4p6mcyouvkaUypSOIW2Zo7mXmzeg -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "cran.mtu.edu" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.mtu.edu" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.mtu.edu" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "InCommon RSA Server CA (Internet2 from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "518 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2018-08-02 20:00" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2020-08-02 19:59" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "5" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://crl.incommon-rsa.org/InCommonRSAServerCA.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.usertrust.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "iodef=mailto:security@mtu.edu, issue=comodoca.com, issue=comodo.com, issue=digicert.com, issue=globalsign.com, issuewild=comodoca.com, issuewild=comodo.com" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable, no heartbeat extension" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable, returned potential memory fragments do not differ" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "no protocol below TLS 1 offered" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "uses 64 bit block ciphers" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=B505C5C9CAAAAFE3AE693EC16BF2F65AEBFD6A77FDF06C17699A8482E2C07116" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "RFC3526/Oakley Group 14" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "DHE-RSA-AES256-SHA AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA AES128-SHA SEED-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- and no higher protocols as mitigation supported" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "VULNERABLE, Detected ciphers: RC4-SHA RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "cipher_x39", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x35", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x33", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9a", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9a DHE-RSA-SEED-SHA DH 2048 SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x2f", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x96", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x05", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x04", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5" |
|||
} |
|||
, { |
|||
"id" : "cipher_x16", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x16 EDH-RSA-DES-CBC3-SHA DH 2048 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x0a", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "cran.mtu.edu/141.219.191.249", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "146" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,999 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered with h2, http/1.1 (advertised)" |
|||
} |
|||
, { |
|||
"id" : "ALPN_HTTP2", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "h2" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http/1.1" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "prime256v1" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Unknown DH group (2048 bits)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15' 'next protocol/#13172' 'application layer protocol negotiation/#16'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment, Data Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2D00028FD7B6787DC4B44EB637000000028FD7" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1DF666EE50F17B365F30EF9697D6FE18BC7C1298" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "5FFA159C93531679BF4815072F784C5EC34119109D6096FAEA7246DADA331A09" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIII4zCCBsugAwIBAgITLQACj9e2eH3EtE62NwAAAAKP1zANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDUw HhcNMTgwNDE0MjEzMjEwWhcNMjAwNDE0MjEzMjEwWjAnMSUwIwYDVQQDExxtcmFu LnJldm9sdXRpb25hbmFseXRpY3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAwBLWhXDBj4pX8hB3nvPmQcQe+8IF/fv5VuuVGyKUKaQpb1p3oI2p 9AKzqkq2yzFXoxGsCkHpmYq3+fn94kRyZSvZklXjrL1fYxUz2b6iwMk+x3MdQtGa Q5dFEDwjxCm5haoy/LvUV9V6Dum6LVcKfYao0FHsVH9OIEqWut10kv/pxhj4j5w0 RrtE7zXvj4ObdOyXVXZK11eK/ymQiElOeALUeUyWVwnrazDtTHTjxeE8pty1WMbo TEXao79pKeLVjUMVQFGlQDC+6Afp5dy3B742yPfU9w4M15yLhq9rtNOPCzCHdpNN ocsdF+dDhlEEYQeMZBCO1WQui4+yY+3v+QIDAQABo4IEoTCCBJ0wggH3BgorBgEE AdZ5AgQCBIIB5wSCAeMB4QB2ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3v i5BeAAABYsYb0sUAAAQDAEcwRQIgUs97XgCdCZXWu/JmnOE4upZ/T2MGZp2CqQie Jxf4aeECIQC4HFhrn7b6p+RypRDz0UqR/Wr7EfNbqw3ucIDYSkfKNQB3AId1v+dZ fPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABYsYb03QAAAQDAEgwRgIhALIp RxKLWqfIxfCE9ZTdVQMaRORrZgpjityM1BgH+dYaAiEAqQgawjRWUM1SWdZyO4nM GPzot79nl5XCYviZF63E++4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJ eqj9ywAAAWLGG9XeAAAEAwBHMEUCIA2RIxRWWIfEsss3KxxqaiAWM4FLI+jRiLHg kyrp/1m8AiEA0vomiVymg89wuqAEdDs0WjMntqXI4gp7DzCQoJjCq0cAdgBvU3as MfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWLGG9YcAAAEAwBHMEUCIH1q Z7/4m2EYF2mLmq9Fh/Bww4Qo6dX1zAtjnseWf+6eAiEAy0KZCAixYwqjA9lUOnw+ oCo3EhmqL9YUtRQXHn7fyJ8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAK BggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJ hRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggr BgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWlj cm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRw Oi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBTJmEOwJeGrpEWa8/FWqqnt9bQL fjALBgNVHQ8EBAMCBLAwRQYDVR0RBD4wPIIcbXJhbi5yZXZvbHV0aW9uYW5hbHl0 aWNzLmNvbYIcY3Jhbi5yZXZvbHV0aW9uYW5hbHl0aWNzLmNvbTCBrAYDVR0fBIGk MIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNj b3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNS5jcmyGSWh0dHA6 Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJ VCUyMFRMUyUyMENBJTIwNS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAz BggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAv Y3BzMB8GA1UdIwQYMBaAFAj+JZ906ocEwry7jqg4XzPG0WxlMB0GA1UdJQQWMBQG CCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAEvEoTPLByN8V K6gdc4DfhuJGecesaoLqcWNnLUpdjRNt50JP/1pJRNppKIXbOkVRfMlb5342LGs9 46qra5rw6q69X6mtSwsBOyA1p1q9vzyq/SV9c+X68OouMch/lXTzKzi21I4Pz3cj U4TB+7uoa5dPa+O4NMN/eMkjPrmiIVxNRjnQk094XGifaKGEs0Gl+D970ZQsPwXK rv+2NriFRgU/AXSUQigtDHDgpBjCulcGapJejDh5blaVlON4RVoKiwQhm0fd46KN kWXeIt/YHuTj2oxJQeUq51GCHAlgbglkU4lv44oKkZUwThgwLuafidvw6IBwMg5Q uw0NaLogMmA2ofzS+koGjcG4O3HzpakVvKZvyss62/pWkCI4FbjpE/dS3BBWDZgv OasHZZBHbUhRgANhE4HZhx3UsvXnRQONa5L+DvBKBmO/2Xb0GttbUEppvp40z4ei d7br6+X1qkKiITpJfHpwKWrPT9Fxk8WVdIT7VcB/6spvPoiONiP/MThsafSmaYiT Yi3abk/QXzpDaanLXwX8ilNI6Y6Dq1kKXbG40XD+MiIHX4HQ7E3jOVvoRuJlbl+S 35mSfRASahVV/DfpD1rTH1bzqqHlPjWBDDszDfMGOtRt8BhESwEwUW57XH51/cyJ pTAuTFdTWN38yJswBPN+CuadsYS0h/c= -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "mran.revolutionanalytics.com" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.microsoft.com" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mran.revolutionanalytics.com cran.revolutionanalytics.com" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Microsoft IT TLS CA 5 (Microsoft Corporation from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN (SNI mandatory)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "408 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2018-04-14 17:32" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2020-04-14 17:32" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "3" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.msocsp.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "nginx/1.10.3 (Ubuntu)" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially VULNERABLE, uses gzip HTTP compression - only supplied '/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "uses 64 bit block ciphers" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=5FFA159C93531679BF4815072F784C5EC34119109D6096FAEA7246DADA331A09" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc014", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9f", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_x6b", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x39", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc027", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc013", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9e", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x67", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x33", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x0a", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "cran.revolutionanalytics.com/13.66.202.75", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "136" |
|||
} |
|||
] |
File diff suppressed because it is too large
@ -0,0 +1,992 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "prime256v1" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA AES256-SHA ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA AES256-SHA ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "off by -1 seconds from your localtime" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "779F1FD9081DF0799C47C0810134B96BD7A6854B" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2B0729326DD7410400ABE543EB920B7EBCACEC38" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "47F0F2AC02C00EFC8116A9342EEF585571C99A279730CB68F7426D807100215B" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIHqjCCBZKgAwIBAgIUd58f2Qgd8HmcR8CBATS5a9emhUswDQYJKoZIhvcNAQEL BQAwTTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxIzAh BgNVBAMTGlF1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBIEczMB4XDTE5MDExNTAwNTMw NFoXDTIxMDExNTAxMDIwMFowgaUxCzAJBgNVBAYTAk5aMREwDwYDVQQIDAhBdWNr bGFuZDERMA8GA1UEBwwIQXVja2xhbmQxIzAhBgNVBAoMGlRoZSBVbml2ZXJzaXR5 IG9mIEF1Y2tsYW5kMSgwJgYDVQQLDB9JbmZvcm1hdGlvbiBUZWNobm9sb2d5IFNl cnZpY2VzMSEwHwYDVQQDDBhjcmFuLnN0YXQuYXVja2xhbmQuYWMubnowggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnGJMKzE3aBLgDk1A5mUuPBICPpU2K CrisxWOvOCOGVuGQq7GVXUnXkS5Iu96pmSX8tmRvljuTapBjvBTZ0gLG4a6AD9/7 kSLOsdL+VZOQ+MhWXoSerlLDa4v7Gpw1ZiqocFzC8ULHvFDJUGjTBaN1eRN6bJQj 4sHW4Edc2rUuoDedQx/rvr6jLuttQ99S6ZjJMlIDRFQvVW0EBzXflst2B7tEbWhK fO3HhPqzEmWQSId3TP9x49ap5IsfOE9Ks8OBJn+AYd9tBlaVjO+qAvLEDq0Ip/Fe lstoG9WIps98wU/Kh/mI43xi40DOAcRraZxW7kAJSz2FH3MjcaLEOgKbAgMBAAGj ggMnMIIDIzAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFLMSibWpSzW8FQDwgOnYeIfx E3x2MHMGCCsGAQUFBwEBBGcwZTA3BggrBgEFBQcwAoYraHR0cDovL3RydXN0LnF1 b3ZhZGlzZ2xvYmFsLmNvbS9xdnNzbGczLmNydDAqBggrBgEFBQcwAYYeaHR0cDov L29jc3AucXVvdmFkaXNnbG9iYWwuY29tMCMGA1UdEQQcMBqCGGNyYW4uc3RhdC5h dWNrbGFuZC5hYy5uejBRBgNVHSAESjBIMEYGDCsGAQQBvlgAAmQBATA2MDQGCCsG AQUFBwIBFihodHRwOi8vd3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9yZXBvc2l0b3J5 MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATA6BgNVHR8EMzAxMC+gLaAr hilodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnNzbGczLmNybDAdBgNV HQ4EFgQUwB+F/Ydl6qDtYXHVCKhlRtkSuR0wDgYDVR0PAQH/BAQDAgWgMIIBfAYK KwYBBAHWeQIEAgSCAWwEggFoAWYAdQBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDv lJhV1onQ3QAAAWhPCISHAAAEAwBGMEQCIEQg6GIJYenKW6+JZSXcXnbREAO7dq4P sUsA999i1ySBAiA5tR21kLix1eAM5NuWxLRNyjNDWF6zgk6e4YKtEJs2EwB1AG9T dqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABaE8IhVkAAAQDAEYwRAIg S6Tc/WjoUMpFz2TZcRCJvLakYPOmVXMHVAQVBcfqyQ8CIAGdYJ3YPy2bkCmPVtNb 5QVa/ilXkjmGSKfrYWKZ6KQUAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7 iXqo/csAAAFoTwiEgwAABAMARzBFAiEAqMolUYU7hX/SaP5bTzybY7VGVF90QjGI PSW/q2rC6ccCIGdtErW+z3VZlT1jFS5vUTyakgoRBIXrn6FHxpISNqGFMA0GCSqG SIb3DQEBCwUAA4ICAQBdlt+Ue30gtSDHJuN/v5zF7SM+v5YTenX2gC4lPTd2vHV5 IVBTxsxlNyezNQvfS5e2SGYmW6CDY1FhSvlwYGwGTGpuk/U7cGQXPuk2fJMCuxMX E3TTu5YRZEjNQMwwoj0+ZMrHzSqx4z2bRyiicdpL0xpa511gLZc9vQfxeiEv5+Xy nxOjNKUuTHFE4HI2QVt9dgI9OTeFSaa6eECzXtWDQahjer+GbkL2w2M3IgEkbXd1 s7cIGCX+Jkg8UCB/mRWjoMrhrfPnN1F0guZcmWuaGV08xv0BSSflQYDhFIFMouiv 1So4RrPi7osp4VITwCvIF9a6YbfL5u5I6ORzOBuYfhPWCMvJgk5awyCvb0pwVNpy zN5+knSRVbpbiowlURfa84dp+HYXR9/aAaUKnBgMLdZcC4yCBAt13vv+LaSAZVii eBDNvfj+8BPSNknrteORoFJjYlhuzHevJBifxNRuhRYF7GSl1ufe6FDXzao4+s57 lhuIJb2R98EIo2BPjY1VfWF9hmdf4mH7eD2UZFT62etZ2+uP/4PGdniXeMAJ76Zd zfyfnm2idmNyJF4TOP76GphgQjlLB0bcxDrc+RLltqlrHhfh8kn1G9iVZVkDT8G3 IVS5uaxCkimgzRHz1K6Z+vSYU0zyZcPBiuGLDL+o+2lT7eotrhIBWaOsnjxrGQ== -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "cran.stat.auckland.ac.nz" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.stat.auckland.ac.nz" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cran.stat.auckland.ac.nz" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "QuoVadis Global SSL ICA G3 (QuoVadis Limited from BM)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "683 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2019-01-14 19:53" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2021-01-14 20:02" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "3" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://crl.quovadisglobal.com/qvsslg3.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.quovadisglobal.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.2.15 (Red Hat)" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable, returned potential memory fragments do not differ" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "uses 64 bit block ciphers" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=47F0F2AC02C00EFC8116A9342EEF585571C99A279730CB68F7426D807100215B" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no DH key with <= TLS 1.2" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-RSA-AES256-SHA AES256-SHA ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc014", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9d", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_x3d", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x35", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc027", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc013", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9c", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x3c", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x2f", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc012", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x0a", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "cran.stat.auckland.ac.nz/130.216.2.235", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "345" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,943 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered with http/1.1 (advertised)" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "secp384r1" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'renegotiation info/#65281' 'EC point formats/#11' 'heartbeat/#15' 'next protocol/#13172'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No lifetime advertised" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1BADB95D3A39B9" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "27A291E308968B073880AD6FB1861D4FF82B22E0" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "9D66C1E08A5C85BC332647C8C9413574A9F907DF55510218AC8FAC70D3D4D47B" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIGXTCCBUWgAwIBAgIHG625XTo5uTANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UE BhMCREUxFjAUBgNVBAgTDU5JRURFUlNBQ0hTRU4xEzARBgNVBAcTCkdPRVRUSU5H RU4xPjA8BgNVBAoTNUdlc2VsbHNjaGFmdCBmdWVyIHdpc3NlbnNjaGFmdGxpY2hl IERhdGVudmVyYXJiZWl0dW5nMQ0wCwYDVQQLEwRHV0RHMRAwDgYDVQQDEwdHV0RH IENBMR4wHAYJKoZIhvcNAQkBFg9nd2RnLWNhQGd3ZGcuZGUwHhcNMTYwNzE5MTQ0 MDE0WhcNMTkwNzA5MjM1OTAwWjCBkTELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5J RURFUlNBQ0hTRU4xEzARBgNVBAcMCkdPRVRUSU5HRU4xPjA8BgNVBAoMNUdlc2Vs bHNjaGFmdCBmdWVyIHdpc3NlbnNjaGFmdGxpY2hlIERhdGVudmVyYXJiZWl0dW5n MRUwEwYDVQQDDAxmdHA2Lmd3ZGcuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDfFNxgwEBFYdFVewOYZReyjfBxC0wyWl0U6aazPYpCEP1GOYmX+qHT FPZwov5nhQfwmEymXsxJG9oS3BqCPiwINrmsAaHH9byREha/ZXTSCZrHJnP9LIRk ph6PxewZ2lhvXklkkmtm9UwtIndZeYqSVyWQAbY70QRreIDk5uifdC7yqCjziLFh TLipJEQmiQEjQcVY56rxQMhpGEO06Tk/X2dIvlSCQnXo++I06rXDeIhwhMjH1a9O RATbLcu1AaGjXj/cY49NP6gINH6j8ebpagAb2HnUEcQeswdJ+bnkHk1y38XU/lJ5 maL6tNdcvQDfP8uSCV82aKhGBk+qseRtAgMBAAGjggKMMIICiDBZBgNVHSAEUjBQ MBEGDysGAQQBga0hgiwBAQQDBTARBg8rBgEEAYGtIYIsAgEEAwEwDwYNKwYBBAGB rSGCLAEBBDANBgsrBgEEAYGtIYIsHjAIBgZngQwBAgIwCQYDVR0TBAIwADAOBgNV HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud DgQWBBRpjFFkh2wkjLZ8JK0iK8XJrxDMNDAfBgNVHSMEGDAWgBSm5P+Y/eVJMn5c dfIWok2MdDXeIjBqBgNVHREEYzBhggtmdHAuZ3dkZy5kZYIMZnRwMS5nd2RnLmRl ggxmdHAyLmd3ZGcuZGWCDGZ0cDMuZ3dkZy5kZYIMZnRwNC5nd2RnLmRlggxmdHA1 Lmd3ZGcuZGWCDGZ0cDYuZ3dkZy5kZTB5BgNVHR8EcjBwMDagNKAyhjBodHRwOi8v Y2RwMS5wY2EuZGZuLmRlL2d3ZGctY2EvcHViL2NybC9jYWNybC5jcmwwNqA0oDKG MGh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZ3dkZy1jYS9wdWIvY3JsL2NhY3JsLmNy bDCByQYIKwYBBQUHAQEEgbwwgbkwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnBj YS5kZm4uZGUvT0NTUC1TZXJ2ZXIvT0NTUDBABggrBgEFBQcwAoY0aHR0cDovL2Nk cDEucGNhLmRmbi5kZS9nd2RnLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDBABggr BgEFBQcwAoY0aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nd2RnLWNhL3B1Yi9jYWNl cnQvY2FjZXJ0LmNydDANBgkqhkiG9w0BAQsFAAOCAQEAe1wkpGnnPQ5E70fpUsWy PcqKgyzWg6ShNG9oSomz1ITBP1pCpgvwGXk7eI3dQ2IphgBUS64p7aXFHWJJ3KoU JmGcqNQzjhllknzz3aCMkB8LqEzZ708U0+p5WlmZv1Fh3TWaSPWTGrfx7Y01rb5c zoOKgd9qp16ggiYoSHOEi3247aTHgEz0cxU9YX4Z5R5DHRLWKNQIJVm+FLUtgt4W fDiQpaZBjZK/V4dlgjEH5pQVwPvb6bFOW8BrIDB6a17ggkWCkX6hog5H6KNAaU0Z 3N4UrxXyY2o7wYvqCBdnUjmDlz/XlvieQ1+w9FAYQfPMiwyDpq6VEM1IXjCeUoM7 NA== -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ftp6.gwdg.de" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ftp6.gwdg.de" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ftp.gwdg.de ftp1.gwdg.de ftp2.gwdg.de ftp3.gwdg.de ftp4.gwdg.de ftp5.gwdg.de ftp6.gwdg.de" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "GWDG CA (Gesellschaft fuer wissenschaftliche Datenverarbeitung from DE)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "128 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2016-07-19 10:40" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2019-07-09 19:59" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "3" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://cdp1.pca.dfn.de/gwdg-ca/pub/crl/cacrl.crl http://cdp2.pca.dfn.de/gwdg-ca/pub/crl/cacrl.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.pca.dfn.de/OCSP-Server/OCSP" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/pub/misc/cran/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-69 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS_time", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "730 days (=63072000 seconds) > 15465600 seconds" |
|||
} |
|||
, { |
|||
"id" : "HSTS_subdomains", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "includes subdomains" |
|||
} |
|||
, { |
|||
"id" : "HSTS_preload", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "domain IS marked for preloading" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "nginx/1.15.9" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/pub/misc/cran/'" |
|||
} |
|||
, { |
|||
"id" : "X-Frame-Options", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SAMEORIGIN" |
|||
} |
|||
, { |
|||
"id" : "X-Content-Type-Options", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "nosniff" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "no session ticket extension" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/pub/misc/cran/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=9D66C1E08A5C85BC332647C8C9413574A9F907DF55510218AC8FAC70D3D4D47B" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no DH key with <= TLS 1.2" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 384 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc014", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc014 ECDHE-RSA-AES256-SHA ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 384 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "ftp.gwdg.de/134.76.12.6", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "111" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,943 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered with http/1.1 (advertised)" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "prime256v1" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'status request/#5' 'heartbeat/#15' 'next protocol/#13172'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "256 EC bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0499DF575990573957ECE8EA437972E75ECE" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "5B25EE1C2C5DE5CFA70B9D9F4910ADDA0FE7B2D8" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DF5D82F5EBB16EF983740A1C5E0774F607FD44C381B07D145F1A1EEDE0E5FFED" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIEizCCA3OgAwIBAgISBJnfV1mQVzlX7OjqQ3ly517OMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAxMTcxNTM4MThaFw0x OTA0MTcxNTM4MThaMBoxGDAWBgNVBAMTD2Z0cC5pZ2guY25ycy5mcjBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABIACMfESW4YAHv0ZTkjB8Ph8MLBtcqL2zW1c+NRv x83igyiMHlSE4SELgbRi2J2OyExDKS58lVoBDFmKhlLH5BOjggJkMIICYDAOBgNV HQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud EwEB/wQCMAAwHQYDVR0OBBYEFNZ5GVIipthJaNzyf7U0aLU7Zx3VMB8GA1UdIwQY MBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEF BQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEF BQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wGgYDVR0R BBMwEYIPZnRwLmlnaC5jbnJzLmZyMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysG AQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQu b3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA4mlLribo6UAJ6IYbtjuD1D7n /nSI+6SPKJMBnd3x2/4AAAFoXK12pgAABAMARzBFAiB3TTKccelagCHt7QBenvTv Df4CWEDEqxwgXnk4K+iDBwIhAMerS5HoTmgKNKzaZfr9WHXDJ91vFgSEMQWWkyCS jvJ3AHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFoXK10pAAA BAMARzBFAiBl7KNUiahDjoYBe+k2H1it8BBYfrS3pcyiYttxwGz+wwIhAOuMkdR5 Kz2qnk6mIy6qam2q6GzOOr6q/d71Rv/E477dMA0GCSqGSIb3DQEBCwUAA4IBAQBw b3+9Q4Hzf+rzJ4CQ7fAOagTBALBOUgGaqZthLMGZvAB9PLzDsmda/cAIDTf9XB0Y NVjWyhib8vGD5f/hbb4O7FJCHELwL8cVOK3bu7ye+JhTzJPRZL6DkHR1wavxO07n SMfrgOrbpBVCbXCuexF8Wc6ERRlnVxGc16wlJmgI8HneKoVGPGvtiiostbt5pUpz KibHKI4RA0gDKQEtL63MqQSl7BoMAmNjvMxieygNU4tPRbKXxi1hP0NDBozUWIFH Ts0c3loBeYHlHQr4qJYJsURGZI6KyY+0gvZ3f5WEw1uKAtWodLqRxvgmij196Hvm bgZl1UT7GAuuHb6x15R0 -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ftp.igh.cnrs.fr" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ftp.igh.cnrs.fr" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ftp.igh.cnrs.fr" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Let's Encrypt Authority X3 (Let's Encrypt from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "45 >= 30 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2019-01-17 10:38" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2019-04-17 11:38" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.int-x3.letsencrypt.org" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspRevoked", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not revoked" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/pub/CRAN/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-31 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "nginx" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/pub/CRAN/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/pub/CRAN/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no RSA certificate, can't be used with SSLv2 elsewhere" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no DH key with <= TLS 1.2" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02c", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc024", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc00a", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02b", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc023", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc009", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "ftp.igh.cnrs.fr/193.50.6.155", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "117" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,934 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "is not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered with final" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "prime256v1 secp384r1 secp521r1 X25519 X448" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.3" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_3", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'encrypt-then-mac/#22' 'extended master secret/#23'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No lifetime advertised" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "4096 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "26356A27ED83CA35E3689BC279FA90389E4DE361" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "B683F6AADCA60F8DD7858A808CD5DD69504408C7" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0471A50FC4D923A9214E902E285AC592B34CE260EE18DFA4B3A753A32D6A9437" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIJfTCCB2WgAwIBAgIUJjVqJ+2DyjXjaJvCefqQOJ5N42EwDQYJKoZIhvcNAQEL BQAwSTELMAkGA1UEBhMCQk0xGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHzAd BgNVBAMMFlF1b1ZhZGlzIEVWIFNTTCBJQ0EgRzMwHhcNMTgwMjIwMDMxOTIyWhcN MjAwMjIwMDMyOTAwWjCB1zETMBEGCysGAQQBgjc8AgEDEwJBVTEeMBwGA1UEDwwV Tm9uLUNvbW1lcmNpYWwgRW50aXR5MRcwFQYDVQQFEw41NCAwODQgNTQwIDUxODEL MAkGA1UEBhMCQVUxGDAWBgNVBAgMD05ldyBTb3V0aCBXYWxlczETMBEGA1UEBwwK Tm9ydGggUnlkZTEXMBUGA1UECgwOQUFSTkVUIFB0eSBMdGQxEzARBgNVBAsMCk9w ZXJhdGlvbnMxHTAbBgNVBAMMFG1pcnJvci5hYXJuZXQuZWR1LmF1MIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtQH9lHljF+yZO+DVoUrMnRztw4/2in5Q LN+Ex8p/fHSlQiKTs0Cst6zWBAz/UD1CfWe+rkVNEZi5dvUx5nL9+DeUMyyXZZ6m T0v4I2Iw9Jxe0xoS5Sj9IVjHphdV73RIHAO/JecZGdTO6T8+U0a0h7SyLxMl73pn NcOH1ZE03uyMkdmcd9VvPYFci+SXXkyPg5lBhTc51kbT6+Ya3i9OwSDfiOl3NO6U n6hBKhqY2rSUmsxSITE4xifyYpNrelRqf3/W9cYumv91uijfGJGEbD4zu7jnv24t f3o0fN9NdD6agjNWcf3Atf+vimURk2Nx1vIjvFZ5Vs9y8NgrkgoRrWGdZQey/4iD bgr4lqt7xjpIWdj3b91PWxhpH2eLra7S8kn+psmiUOVmEQFWyq8Ixm+MBaLAr6SI 7U35JW4Pq9YPsy9PZQDi/tl04/h0NIgRkgYaqgX3dOMmD0K5IqxYbwNA4zPMw+2H vpKJT8DX4jO1DAygE5a3DPntThN3Y30Sno33LPvfGWApXIHBK98qu1BjgIrTFQOd 6mOGxNAHnArJJ+G/jJnaNUvd92n6vDmCSX1R0gLjUirizPQjvYyW4A2w90oZZ40r pfuSrVMDOvyiQhLdpDJCe2DsC1fGLEMzGimv2CNu53oT2e+Qlrm8bXajrwrAQ0Zn rgCKshY1MKMCAwEAAaOCA8wwggPIMHgGCCsGAQUFBwEBBGwwajA5BggrBgEFBQcw AoYtaHR0cDovL3RydXN0LnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmV2c3NsZzMuY3J0 MC0GCCsGAQUFBzABhiFodHRwOi8vZXYub2NzcC5xdW92YWRpc2dsb2JhbC5jb20w HQYDVR0OBBYEFGO3QV9aIxp1Lorp+UV4zBHUl/IKMAwGA1UdEwEB/wQCMAAwHwYD VR0jBBgwFoAU5YRU0JBJnzi68snhKgjFTp+gSD8wWgYDVR0gBFMwUTBGBgwrBgEE Ab5YAAJkAQIwNjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2Jh bC5jb20vcmVwb3NpdG9yeTAHBgVngQwBATA8BgNVHR8ENTAzMDGgL6AthitodHRw Oi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmV2c3NsZzMuY3JsMA4GA1UdDwEB /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwOAYDVR0RBDEw L4IUbWlycm9yLmFhcm5ldC5lZHUuYXWCF2Jpb21pcnJvci5hYXJuZXQuZWR1LmF1 MIIB+QYKKwYBBAHWeQIEAgSCAekEggHlAeMAdwCkuQmQtBhYFIe7E6LMZ3AKPDWY BPkb37jjd80OyA3cEAAAAWGxQjkhAAAEAwBIMEYCIQDhgcXQtoeLKvU0djcb+MDS +rw8vVvHam6A3NC9QtKinwIhANveKldG1N7GGtPNdze9qDtmbEjXNEcCSr8wnc70 GFD8AHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFhsUI47wAA BAMARzBFAiBPHN4ROEDua8mKym/ga1KRdAEG11VCPuflZuZL/imRUgIhAJfpeceN AlgrggmXDZn7z7DJjmlLI/dbSomJCdGEFcNuAHcAb1N2rDHwMRnYmQCkURX/dxUc EdkCwQApBo2yCJo32RMAAAFhsUI7mgAABAMASDBGAiEA/FFEOTSOhfccX+VxVY+8 Bb7mp9zRyzVNQD5I2zFyO/QCIQDctkO21V3OVxzLZ0B68RQhenET6m3WGNWcxm6d CcwpoQB3AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABYbFCPA4A AAQDAEgwRgIhAN5bXeutMBzMHDOoeBwZSMRbrELTvT4cBPpKqbhwk378AiEA1ig8 xW3187O0W4Be01ioryA66e2O3IiZaX3vAcrefGYwDQYJKoZIhvcNAQELBQADggIB AIZQVMusuOWz/gT3Af+ya9E1Vnwmufdf40qtsQOmUh25+Ue6viNYUMQWGgBgOgfY P9EmIFibAGhhotfc36D+C63JwNCR4SjY/ckL8xiLYFqGMHAME7nG9Ux34Fx7YcvU 1rh13r8sU67eHLaieEeRpWFp5Vgwf82ZvVZAOFJlZrW/w4Mvr3r++CzSJWVzdD6w TjDmTthx7qh5IAp1KVaENw6FuEv64PJNVqL12t1U3Gy+TjbHGUg/hSLWswPH+d98 GqtW8CJcdgq7exMhFTAXlTi4mSqg28y3eU2xaRwOQuNby+ZX6SnnA7cY2mqCildI v8urvkPLzaWTaVEkRTKetQ1upxHDSLiRN/vEuJE8w6G0+BEzDgErMmHeMFN/6CZ5 eZ+Tvy+/PFA6bSL4jYryPtEoN7NOLvG7OrhM3JAnx8Ylvm2DfZRyg5S71JbNz1gX ZMiytWXgCyaR16zJ19MeeIgOnaKJT3Qc4ozvmET/RkWt3VUhCzlXz7NhXxiXo7sy h1zm2ctFJkNh2cVZ5HzJy88CM3CFxXlblRh0zV5tOhBE5FT9BqC0nQqJv8YY9p0G 2AlcC44sDEYb6rCkgdiqWtYSnX2qeTjqdT74ksh2umGXCD2ROroSd/jswR7RuaOh cOZToQNOJjltFVbPMu2bIms/Mn1WqzjRaUfO42qwLuZf -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "mirror.aarnet.edu.au" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mirror.aarnet.edu.au" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mirror.aarnet.edu.au biomirror.aarnet.edu.au" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "QuoVadis EV SSL ICA G3 (QuoVadis Limited from BM)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "353 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2018-02-19 22:19" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2020-02-19 22:29" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://crl.quovadisglobal.com/qvevsslg3.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ev.ocsp.quovadisglobal.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/pub/CRAN/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.4.6 (Red Hat Enterprise Linux)" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/pub/CRAN/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable, no heartbeat extension" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "no session ticket extension" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/pub/CRAN/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "no protocol below TLS 1.2 offered" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=0471A50FC4D923A9214E902E285AC592B34CE260EE18DFA4B3A753A32D6A9437" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no DH key with <= TLS 1.2" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "not vulnerable, no SSL3 or TLS1" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_x1302", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_x1303", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xcca8", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x1301", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc027", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.3 TLS_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "mirror.aarnet.edu.au/202.158.214.106", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "242" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,993 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"finding" : "TLSv1.1 is not offered, and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"finding" : "NOT a cipher order configured" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Default protocol TLS1.0" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "DHE-RSA-AES256-SHA, 1024 bit DH (cbc) (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_TLSv1", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DHE-RSA-AES256-SHA at TLSv1 (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'renegotiation info/#65281'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No lifetime advertised" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "off by 0 seconds from your localtime" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "4096 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "04B3B5AAEDA5303A2AD271D002B88C65" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "B4CEDED4E0F11DDF9FF45B40157F3A5F358436CE" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "23594FD62F6E8DBAAB629530A2AC611E66EEABCC920C9224D8FEB06A1FD76A7D" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIH+jCCBuKgAwIBAgIQBLO1qu2lMDoq0nHQAriMZTANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0xODAyMjcwMDAwMDBaFw0yMDAzMjQxMjAwMDBa MIGJMQswCQYDVQQGEwJDQTEZMBcGA1UECBMQQnJpdGlzaCBDb2x1bWJpYTEQMA4G A1UEBxMHQnVybmFieTEgMB4GA1UEChMXU2ltb24gRnJhc2VyIFVuaXZlcnNpdHkx FDASBgNVBAsTC0lUIFNlcnZpY2VzMRUwEwYDVQQDDAwqLml0cy5zZnUuY2EwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm9tT4kc9pIPJJniWynQ/EHxSq mbbTn2X2rav6olI/QuY5YtuSJuKy+jnSzvg8lpWJQYCQMPnKr9CZ8TPLMLWugqks QKB72vWjSlPXTajPKiyALie/mjVQ13YjA/BRwSHd/oWSsRh5ql5umICNnXpdPp1L 3N/FDZUOxbfYREt6hzASIqZuo1E/bR4g4U+c5E1nujr+14Zv4fjNJb2baZ9iuKG5 qfeIC8HEqNfkFP88yxWFpzxPaSN70HvJNFLJMo93oQlYALkHO1x+0iMJqnqInouX VRObSF3pWoogDUOjklIYNNwp8WveiEjdhvq+wQXfJUUI6XfyWc5LqfpPgFhKnOy8 7ciUcqQQ7yBelLrHdawfNG7b0ftqgicIchfSHjDVZQvQBf47Q4SlpC1Tx834o97V VmBIRwnw8IToeqM8G62uHeHiVr1lkwBE763LZhBk7WNCrTpvvHx0MXQYVeZXwttq S5dVaLH4EEFRJxSfeafgj5OqkiGo6qAylUCanHkd6ifxe2ika2mk7OXkq9Ji269i oXGH0ilwTJftDeHeMpdNiR93W5EQ10dmgsfLb0wf2GxRFnp2Apns6UE1VzZH/tmk NkM1UskepPiY0V4fFYyVuLblzNv1CPlmFKaymD9j5w/LpCAVzBRMbSbKNcBWMwAx qLfe9Jxh3WhzDTWE0QIDAQABo4IDdDCCA3AwHwYDVR0jBBgwFoAUUWj/kK8CB3U8 zNllZGKiErhZcjswHQYDVR0OBBYEFPLYHRLSubfARW4fAdgnwj5/EazMMCMGA1Ud EQQcMBqCDCouaXRzLnNmdS5jYYIKaXRzLnNmdS5jYTAOBgNVHQ8BAf8EBAMCBaAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCG Lmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmww NKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1n Ni5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0 cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEB BHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsG AQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEy SGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYB BAHWeQIEAgSCAW8EggFrAWkAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80O yA3cEAAAAWHYjWoSAAAEAwBIMEYCIQCkZVMoLhfE1khxoqtPLvRTU2YMaLw5Dr7k VbfN3ODCZQIhAIAgovHsNf+vExQvdgjNYqTZj1XbJD8aGsEXXy7gqcoUAHYAh3W/ 51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFh2I1q4AAABAMARzBFAiEA 9H++Cm18cXFMzFfJ6hDeMXXpRTFt6N31yP948oxCWlsCIArmmRHv3Ec1mbnnFA6r D078YcrKTecMjSYS63nW4RjYAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk No4e0YUAAAFh2I1q4wAABAMARzBFAiAIzKs8Q5X4IrDv8CTU9M/LF38f3VtKZfiJ X5HSNn82BAIhANhwAPkA0xJDaQYCFBmatOLSc4Ya5Z4Q56FvkfQlW/YpMA0GCSqG SIb3DQEBCwUAA4IBAQBm8143C+8BSJgRZXCqb+C4AGdzJPYffSHmxGsN2+DLwwuP Cg5ccy5ZScacR9ay58tPrTYJMi8QEbhltjZVzYu+ga+2BuwTgLFQZ437M43AOIXl mdxY2iGe6C28iAwZ34ikAAi07W3oFIXq2gSzBpDHMavIcNt3b2C1ro4UjVOly8vR fk/ULAFsWzC+pvw0V483uMoyrUqy43/8nIiImh9RHEgHRCbLGkyG0II2kKYlv9/Z U58KoyGWxrDkPvcwKF0CFwLNtYZXxAq8w+YIxGya9AL8VoPwZV98DAZcL29Dzdba TTEwEshTBKq8TcO+4yqoGRqOd8+hdVVamO3Iw9Or -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "*.its.sfu.ca" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "*.its.sfu.ca" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "*.its.sfu.ca its.sfu.ca" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DigiCert SHA2 High Assurance Server CA (DigiCert Inc from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN wildcard and CN wildcard (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "386 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2018-02-26 19:00" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2020-03-24 08:00" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://crl3.digicert.com/sha2-ha-server-g6.crl http://crl4.digicert.com/sha2-ha-server-g6.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.digicert.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/mirror/CRAN/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "ipv4_in_header", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cwe" : "CWE-212", |
|||
"finding" : "Server: Apache/2.2.3 (Red Hat) DAV/2 mod_auth_kerb/5.1 mod_auth_pgsql/2.0.3 mod_nss/2.2.3 NSS/3.14.3.0 Basic ECC PHP/5.1.6 mod_python/3.2.8 Python/2.4.3 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 SVN/1.6.11 mod_perl/2.0.4 Perl/v5.8.8 (check if it's your IP address or e.g. a cluster IP)" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.2.3 (Red Hat) DAV/2 mod_auth_kerb/5.1 mod_auth_pgsql/2.0.3 mod_nss/2.2.3 NSS/3.14.3.0 Basic ECC PHP/5.1.6 mod_python/3.2.8 Python/2.4.3 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 SVN/1.6.11 mod_perl/2.0.4 Perl/v5.8.8" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/mirror/CRAN/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable, no heartbeat extension" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "no session ticket extension" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/mirror/CRAN/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "no protocol below TLS 1 offered" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "uses 64 bit block ciphers" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=23594FD62F6E8DBAAB629530A2AC611E66EEABCC920C9224D8FEB06A1FD76A7D" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "DHE-RSA-AES256-SHA AES256-SHA DHE-RSA-AES128-SHA AES128-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA EDH-RSA-DES-CBC-SHA DES-CBC-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- and no higher protocols as mitigation supported" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "VULNERABLE, Detected ciphers: RC4-SHA RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "cipher_x39", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x35", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x33", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x2f", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x05", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x04", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5" |
|||
} |
|||
, { |
|||
"id" : "cipher_x16", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x16 EDH-RSA-DES-CBC3-SHA DH 1024 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x0a", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x15", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x15 EDH-RSA-DES-CBC-SHA DH 1024 DES 56 TLS_DHE_RSA_WITH_DES_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x09", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "mirror.its.sfu.ca/142.58.101.156", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "191" |
|||
} |
|||
] |
File diff suppressed because it is too large
@ -0,0 +1,957 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered with h2, http/1.1 (advertised)" |
|||
} |
|||
, { |
|||
"id" : "ALPN_HTTP2", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "h2" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http/1.1" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "prime256v1 secp384r1 secp521r1" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'status request/#5' 'heartbeat/#15' 'next protocol/#13172' 'application layer protocol negotiation/#16'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 86400 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "384 EC bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "03CF672F3C5CE5720C8C71882FC037EAC743" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "3D39DEB3A8E797DFD7F01B42482937F78630ED5B" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "A289DE9E48E12C7B11C25F6B2C1561CFC6DAB8564AC5BCB281BB50EBB97905DC" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIErDCCA5SgAwIBAgISA89nLzxc5XIMjHGIL8A36sdDMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAyMTAxNTExMDNaFw0x OTA1MTExNTExMDNaMBwxGjAYBgNVBAMTEW1pcnJvci5senUuZWR1LmNuMHYwEAYH KoZIzj0CAQYFK4EEACIDYgAEaiT1bSlqLJvhScUpnQFRWDdK7EZcZAaaro0vCpaw YoUNgQ3FsgprQZTQWct7VWnCaZ/kTyiaBscDUDlNzBqkebE2/G2yaCqMnkPWSCk4 TtZ8dabOAXRdXZ3KQ/0RpDuyo4ICZjCCAmIwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW BBRS9ZTNvKGXegK6RbmxvBKf5nQTpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObem RWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3Nw LmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0 LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBwGA1UdEQQVMBOCEW1pcnJvci5senUu ZWR1LmNuMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHW eQIEAgSB9QSB8gDwAHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgA AAFo2C0kSAAABAMARzBFAiApGBg0O1RPjVkYgwOJ7hTWq9aJTK+QGFZzmkbWm1gV CgIhAO0bVUre1hq9aS4d4clSxfEODYXTOezhmO+QqvbpsgdUAHYAdH7agzGtMxCR IZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFo2C0mjQAABAMARzBFAiEApqmX+ggr W0l4NwSaktFnoRfA7DcFPxZWo+vfq2XPUMUCIAxsKdxcRxGOJ3o0A3lByHhLzgX0 ZZdZ5D9nnYLuIoisMA0GCSqGSIb3DQEBCwUAA4IBAQAHm56WDTQmVzc41g1y7P+e XSXKGLrpOUp9A5Bmhz15vpaFjUrl166iQ0bPzP0VJG0gxn0i86wO/HJY4+bCCvtB Qh5PtAt9r886k7rq2TSi9pjxApPYQIzVkUMRQhGrYwe9lhdJvhTicJSl8osmsVdx wB/sF7FCKd4laN2a3vmXwOpwpLX3i2xCh1GUupxhoymqKL/eZdwD6HaK/72cNDmy 9ZiagRyaOwiI2MNDGrVDUWbQJ8O40MGtqKRTVjSTEsVfHXnDDo/9wsop9JvUUxFL o4xCQfldS8cry4BgkqshQgT8ZEjE/7fTTFrJV0TuB5mtEQftrkP+0O8PqRU7v7PF -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "mirror.lzu.edu.cn" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mirror.lzu.edu.cn" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mirror.lzu.edu.cn" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Let's Encrypt Authority X3 (Let's Encrypt from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "69 >= 30 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2019-02-10 10:11" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2019-05-11 11:11" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.int-x3.letsencrypt.org" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspRevoked", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not revoked" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/CRAN/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-529 (± 1.5) seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "nginx" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/CRAN/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "likely not vulnerable (timed out)" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no HTTP compression - only supplied '/CRAN/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "uses 64 bit block ciphers" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no RSA certificate, can't be used with SSLv2 elsewhere" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no DH key with <= TLS 1.2" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02c", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc024", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc00a", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02b", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc023", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc009", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc008", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc008 ECDHE-ECDSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-ECDSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "mirror.lzu.edu.cn/202.201.0.160", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "449" |
|||
} |
|||
] |
File diff suppressed because it is too large
@ -0,0 +1,992 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http/1.1" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp256k1 prime256v1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA AES128-SHA CAMELLIA128-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA AES128-SHA CAMELLIA128-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15' 'application layer protocol negotiation/#16'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "062EAA095325C48DEBCA686D706A2F8E" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "F47E1CF7B0701AF7E044BBE080425EE3CCB7FCB3" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "9ECD20D34B58129EE3C625893E37B782EF002FC9350B5B74F0242B2D2D5199B7" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIFrzCCBJegAwIBAgIQBi6qCVMlxI3rymhtcGovjjANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRSYXBpZFNTTCBSU0EgQ0EgMjAxODAe Fw0xODA5MDYwMDAwMDBaFw0xOTEwMDYxMjAwMDBaMBYxFDASBgNVBAMMCyouZWxp dGV1LmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUWxNR+YSH1B zyHADxgCr1C3Q1Uc1ReyMbinjgBFBOrmRxqSRkg4ogQmOP5Yy7eK2/lhNFNbyInD vJTdYzaVZ/FYP9hn/D0EErLiMGf0TZalyKySTllFcFjFMuHmGpWMLOWyGUzRr/X8 dUnecS25Jb1p+KkZs1wEYP2kdbkGbbuZy14ZofZUsmkYm0a5+6ZZMu9G1LJh1rgw OqI194IyRZxIfH2Yrh68Q0sMh+5cshtOBanCnJGj2yid1c9zd+VmkZdvGL4yA9RE Ul39vNuyC9Gpqw84wYW3pBP/pnI6jFysaZQs4N3ejoVubZx7qtfE/EOuLzPGc323 hZTWhwD47QIDAQABo4ICrzCCAqswHwYDVR0jBBgwFoAUU8oXWfxrwAMhLxqu5Kqo HIJW2nUwHQYDVR0OBBYEFCgm2QFwlr+6ogjyCldkr4R38zIkMCEGA1UdEQQaMBiC CyouZWxpdGV1LmNuggllbGl0ZXUuY24wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8v Y2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFJTQUNBMjAxOC5jcmwwTAYDVR0gBEUw QzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl cnQuY29tL0NQUzAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMCYGCCsGAQUFBzAB hhpodHRwOi8vc3RhdHVzLnJhcGlkc3NsLmNvbTA9BggrBgEFBQcwAoYxaHR0cDov L2NhY2VydHMucmFwaWRzc2wuY29tL1JhcGlkU1NMUlNBQ0EyMDE4LmNydDAJBgNV HRMEAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcApLkJkLQYWBSHuxOizGdw Cjw1mAT5G9+443fNDsgN3BAAAAFlrLlIPgAABAMASDBGAiEAgbzUnYwa5G3Uz+JY fa5UjLG36HsjZ1nu0uL/C43tOKYCIQCnjZlUAO5YKqYrqHkwha3EJfnUPgVaiD3b /8nZyrVkAwB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZay5 SR4AAAQDAEcwRQIgKFxHK40Gr1KDdUTvQ63PhrsrXGywqJgTPFD+13bY6kkCIQCg 7bxoac00Urg0v9frAF6cULzuF0OBbhSmNbyIQw1FdjANBgkqhkiG9w0BAQsFAAOC AQEASF9LawY0jkfWwMy0dItq0VHfMWudE6TOeConN4hf20m8cHG24zfd47j5U7l0 CEtoHbyiCPMniUAhdHqoBDDNLRG89DzE2Uu5G9ew7LnHPEyjVzunl869ykExY8r4 vGupDFLZ14C91s7htk3+Qqg8QiKMSTA2lvwPmLMuD1Ir5hgC8gofrElN6YdiiGU1 HR+ZPya8Cjda4360mTZuZ+Y0n8ecB/9YBSv9ZKpsc1WXE5kVh8MkjsIIlbDq9VLK nk1QF80d+57MBpg8JmZG/c8zXz/oP2x0DkH6e2yMkS1TJNQf68YySpGnnmPEsNTo aymTVtf2nVPGRs5QfEzB5subRQ== -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "*.eliteu.cn" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "*.eliteu.cn" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "*.eliteu.cn eliteu.cn" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "RapidSSL RSA CA 2018 (DigiCert Inc from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN wildcard and CN wildcard (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "216 >= 60 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2018-09-05 20:00" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2019-10-06 08:00" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://cdp.rapidssl.com/RapidSSLRSACA2018.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://status.rapidssl.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/CRAN/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.4.18 (Ubuntu)" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/CRAN/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially VULNERABLE, uses gzip HTTP compression - only supplied '/CRAN/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=9ECD20D34B58129EE3C625893E37B782EF002FC9350B5B74F0242B2D2D5199B7" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "no DH key with <= TLS 1.2" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-RSA-AES256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA AES128-SHA CAMELLIA128-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc030", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc028", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc014", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9d", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384" |
|||
} |
|||
, { |
|||
"id" : "cipher_x3d", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x35", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x84", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc027", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc013", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9c", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x3c", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x2f", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x41", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "mirrors.eliteu.cn/119.29.56.102", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "369" |
|||
} |
|||
] |
@ -0,0 +1,950 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered with http/1.1 (advertised)" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "PFS_ECDHE_curves", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "prime256v1" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Unknown DH group (4096 bits)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "server" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Default protocol TLS1.2" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_1", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "cipherorder_TLSv1_2", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'status request/#5' 'heartbeat/#15' 'next protocol/#13172'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "valid for 300 seconds only (<daily)" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "random" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "4096 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "030ADFDA4470F7C8D1923CCB4E9E4D126A2B" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "B1ABE8E09080C6571B2BB99387C7267952B5F36D" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "3FC3CC13B3FBABAFC5DD186F15BBCBF5133DB9559275B0E027A8DBE54AB13F40" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIGZjCCBU6gAwIBAgISAwrf2kRw98jRkjzLTp5NEmorMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAyMTAwNDI5MDZaFw0x OTA1MTEwNDI5MDZaMBkxFzAVBgNVBAMTDm1pcnJvcnMubmljLmN6MIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsC1cEpVGMcWT7GLKNm6LEqLREYXhalJK 3jQFrPDOBeaub1JKZY/IAA+s1cBB5SCA3I+DJoQIeW2+yeIAXqWfsaFt4s4xnEYq JK/IJSVc3XWwhfY/m7KiJMqZ2pEngA3Tj8PSML4n4AKEp/5Mn6TKX6l/ekN/UQjc J0KsDlQN9TdThmZqc3bly4UfObf3Jz7tS1R5E2glfmMlJ1ZuryTWhbv6BBuoxOxy zc0c7SgcEPDGNpD4WD2w5E8QB3A17t2LrZHnsV//roqVrlVUsPVZ/1SQzRht4myX UWj2bAlZq0oyoY2eCLOS97h+0DVy82HOkRt/QdTME9LxbMcRHH555ZN1C/RQGxJe TuoGjh8EMLqOqHSKGuKA8fDFWlet+GgPQcMxmXp+FzSVAg2kMSJhqmWfSGKCKstX SPIeuNd0UA02aZn5TjR/ZeCWUrWlBWYjyFV5fJViv5Ws8AulpekKWNKFaREEiYjz Ty10OclNWEL11eAdq8DV3mj7tVWuFq3TqJvvgpE5KtG/0S5ds8ZjDSl0NTELdZoE R2uzWMWvOkDcFA6iu0UTy4aQadpkKLBULBaP1Pw4a8FzUknRck9ZmYSOtg65LrB4 lobz3eE/F44n0+MO+104w8t4Zr2Rqasgf4GyETEwcsE2HPTKLaOaDesqo5cOEmL6 yQbPdtKVwD0CAwEAAaOCAnUwggJxMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUcS49 W0vLeBIjvgCgA0wSAjYFAdEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo 7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQt eDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQt eDMubGV0c2VuY3J5cHQub3JnLzAtBgNVHREEJjAkghJtaXJyb3Itci0wMS5uaWMu Y3qCDm1pcnJvcnMubmljLmN6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQB gt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3Jn MIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAdH7agzGtMxCRIZzOJU9CcMK//V5C IAjGNzV55hB7zFYAAAFo1eFr7AAABAMARjBEAiBYGfZAWprmh4xWbeDpYuQCuK/y VWG3CjMl/nq2/PSZwgIgTjrN86EhKH4cs4JGyPPSIqNb/M788qD4zFAzXRrRm3EA dQBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAAAWjV4WpjAAAEAwBG MEQCIEpbkPclfWOezZwxH0KS/mpso1mBcDtb7L2eydP1BGODAiB+MsmDNiFRNx4h F6oiDdrZv0lCLEGPkWVUhouoYeS+/jANBgkqhkiG9w0BAQsFAAOCAQEAU8YM53IW zA611Zn+kg0EN/0LpQlR38+fUYv2EIjC7csxs+1Nw11vsy4wSJaJOX+hjVJBqjL2 /sRQjc7QH2+NlVHE3/pZTY2FK0TIeutkFw9SolPGN+uUwruWVjNMyhzCJFgW6yPO wrqyYIOnr5OJTs0KVdN2vA+yqUbU4H8VqsEAEdZuEwNkg9nyy9Xgleyi5MOLbMCo W6bJHuYWgMVh8ZxdpTJxr5CW6RmeXss2rcYr+g+mDLWm5TgNNUk5wAaPMeLQcBYA +MwM6wqFB6WIQoGu9XSmbriM9Cq4ReK7P2iaw7JS32kXD8cnwh3QlNvnMm4IWeEJ uXSoImWwnpdFig== -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "mirrors.nic.cz" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mirrors.nic.cz" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "mirror-r-01.nic.cz mirrors.nic.cz" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Let's Encrypt Authority X3 (Let's Encrypt from US)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (same w/o SNI)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "68 >= 30 days" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2019-02-09 23:29" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "2019-05-11 00:29" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.int-x3.letsencrypt.org" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspRevoked", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not revoked" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "yes (certificate extension)" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/R/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "nginx/1.9.4" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/R/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable , timed out" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable, no RSA key transport cipher" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially VULNERABLE, uses gzip HTTP compression - only supplied '/R/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=3FC3CC13B3FBABAFC5DD186F15BBCBF5133DB9559275B0E027A8DBE54AB13F40" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc02f", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc027", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_xc013", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x9e", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x9e DHE-RSA-AES128-GCM-SHA256 DH 4096 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x67", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x67 DHE-RSA-AES128-SHA256 DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" |
|||
} |
|||
, { |
|||
"id" : "cipher_x33", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "mirrors.nic.cz/217.31.202.63", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "358" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,971 @@ |
|||
[ |
|||
{ |
|||
"id" : "service", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "HTTP" |
|||
} |
|||
, { |
|||
"id" : "SSLv2", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "SSLv3", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "TLS1_1", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"finding" : "TLSv1.1 is not offered, and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "TLS1_2", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "TLS1_3", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered and downgraded to a weaker protocol" |
|||
} |
|||
, { |
|||
"id" : "NPN", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "ALPN", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_NULL", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_aNULL", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_EXPORT", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_LOW", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_3DES_IDEA", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_AVERAGE", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "cipherlist_STRONG", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "PFS", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "offered" |
|||
} |
|||
, { |
|||
"id" : "PFS_ciphers", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "DH_groups", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus" |
|||
} |
|||
, { |
|||
"id" : "cipher_order", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"finding" : "NOT a cipher order configured" |
|||
} |
|||
, { |
|||
"id" : "protocol_negotiated", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Default protocol TLS1.0" |
|||
} |
|||
, { |
|||
"id" : "cipher_negotiated", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "DHE-RSA-AES256-SHA, 1024 bit DH (cbc) (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_TLSv1", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "DHE-RSA-AES256-SHA at TLSv1 (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "cipher_order_", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "at (limited sense as client will pick)" |
|||
} |
|||
, { |
|||
"id" : "TLS_extensions", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "'server name/#0' 'renegotiation info/#65281' 'session ticket/#35'" |
|||
} |
|||
, { |
|||
"id" : "TLS_session_ticket", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No lifetime advertised" |
|||
} |
|||
, { |
|||
"id" : "SSL_sessionID_support", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "yes" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ticket", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "sessionresumption_ID", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "supported" |
|||
} |
|||
, { |
|||
"id" : "TLS_timestamp", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "off by +7544 seconds from your localtime" |
|||
} |
|||
, { |
|||
"id" : "cert_numbers", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "1" |
|||
} |
|||
, { |
|||
"id" : "cert_signatureAlgorithm", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "SHA256 with RSA" |
|||
} |
|||
, { |
|||
"id" : "cert_keySize", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2048 bits" |
|||
} |
|||
, { |
|||
"id" : "cert_keyUsage", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Digital Signature, Key Encipherment" |
|||
} |
|||
, { |
|||
"id" : "cert_extKeyUsage", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "cert_ext_keyusage" |
|||
} |
|||
, { |
|||
"id" : "cert_serialNumber", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "E1B32FAB75A7B651B2951A0F0C0DF979" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA1", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2E7A0D306C752B866F72AD01032A508930D51DA6" |
|||
} |
|||
, { |
|||
"id" : "cert_fingerprintSHA256", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "87E657AFAF8FE0532E57BFF8F5A1EE686BCC0C63E77489C36F59E6466E659190" |
|||
} |
|||
, { |
|||
"id" : "cert", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "-----BEGIN CERTIFICATE----- MIIFTzCCBDegAwIBAgIRAOGzL6t1p7ZRspUaDwwN+XkwDQYJKoZIhvcNAQELBQAw gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg Q0EwHhcNMTYwMzI3MDAwMDAwWhcNMTkwMzI3MjM1OTU5WjBSMSEwHwYDVQQLExhE b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRcw FQYDVQQDEw53YmMudXBtLmVkdS5teTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAKnGyg/Le/f39QlbK3xD0d+2K0t0XJkopOXjNWG1AdeyvIXwTrnUP/fT WQLn3qFma38MpqoHXLzjqJIOq3UZkRn0oTh7h9lowo7ya+4YsTRs6sQbyJNG1IYY oztD1gVrYa6gTb7WG6uAAWtwdxhTZXLywGLKHUvW6A2ocgQRTpTVHiDjEIwueJcp Z1teFbAzo+Jcza5s200GosAqrAkpGFF+i0Cv9ETFtI5u13FIjiWxB9kPNf8yuQZ4 RfN5oARNAmahcJIZsCgoL8feTXiYVgxM3OQismo28cIzobRlw3vxgFFpn7bUc/iJ ab4AspGJr1sI0OHlDjWyPjy3iPlvOBUCAwEAAaOCAd8wggHbMB8GA1UdIwQYMBaA FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBR9snS/z/2Yq4bdO1/c0x72 zZHOpjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIOd2Jj LnVwbS5lZHUubXmCEnd3dy53YmMudXBtLmVkdS5teTANBgkqhkiG9w0BAQsFAAOC AQEAbxVA/VeRIjggz0VaxBw4uF6CAIk99EZmqNtQZUsIgxghcCK9rqKc/jMoRSKP 95kQwR+ustrnybBkwXI6jQEmnpXjOoiB5RFwnzDaVLe5/ef4N5Z3WBLgrcXVhUfY M+EHSnGD4gqssCSGwrjnlD4QqjzU/xSU2YBP2mBVO3bi4+zEymPzJEQ7JUdGIumQ 8v+NcfeZY+w03SVXmW4tiBmm22QtjWbi1pNqx2Jt/u4sMR8CaoWOpUkcg8PZWqX/ lQTyH6pioQ5b+80I11+2TA427h3iz0pLZKbEoRikj2Uwzz/SQ/M6vmepKp8Pvqd0 2xKeBPkbGzwDyd4G9bO0hAH2TA== -----END CERTIFICATE-----" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "wbc.upm.edu.my" |
|||
} |
|||
, { |
|||
"id" : "cert_commonName_wo_SNI", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "ngkengyap.com" |
|||
} |
|||
, { |
|||
"id" : "cert_subjectAltName", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "wbc.upm.edu.my www.wbc.upm.edu.my" |
|||
} |
|||
, { |
|||
"id" : "cert_caIssuers", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "COMODO RSA Domain Validation Secure Server CA (COMODO CA Limited from GB)" |
|||
} |
|||
, { |
|||
"id" : "cert_trust", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "Ok via SAN and CN (SNI mandatory)" |
|||
} |
|||
, { |
|||
"id" : "cert_chain_of_trust", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "passed." |
|||
} |
|||
, { |
|||
"id" : "cert_certificatePolicies_EV", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_eTLS", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "not present" |
|||
} |
|||
, { |
|||
"id" : "cert_expiration_status", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"finding" : "expires < 30 days (24)" |
|||
} |
|||
, { |
|||
"id" : "cert_notBefore", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "2016-03-26 20:00" |
|||
} |
|||
, { |
|||
"id" : "cert_notAfter", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"finding" : "2019-03-27 19:59" |
|||
} |
|||
, { |
|||
"id" : "certs_countServer", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "4" |
|||
} |
|||
, { |
|||
"id" : "certs_list_ordering_problem", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "no" |
|||
} |
|||
, { |
|||
"id" : "cert_crlDistributionPoints", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl" |
|||
} |
|||
, { |
|||
"id" : "cert_ocspURL", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "http://ocsp.comodoca.com" |
|||
} |
|||
, { |
|||
"id" : "OCSP_stapling", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "cert_mustStapleExtension", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "DNS_CAArecord", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "certificate_transparency", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "HTTP_status_code", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "200 OK ('/cran/')" |
|||
} |
|||
, { |
|||
"id" : "HTTP_clock_skew", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "+7546 seconds from localtime" |
|||
} |
|||
, { |
|||
"id" : "HSTS", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"finding" : "not offered" |
|||
} |
|||
, { |
|||
"id" : "HPKP", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No support for HTTP Public Key Pinning" |
|||
} |
|||
, { |
|||
"id" : "banner_server", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "Apache/2.2.16 (Debian)" |
|||
} |
|||
, { |
|||
"id" : "banner_application", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No application banner found" |
|||
} |
|||
, { |
|||
"id" : "cookie_count", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "0 at '/cran/'" |
|||
} |
|||
, { |
|||
"id" : "security_headers", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "banner_reverseproxy", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "--" |
|||
} |
|||
, { |
|||
"id" : "heartbleed", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-0160", |
|||
"cwe" : "CWE-119", |
|||
"finding" : "not vulnerable, no heartbeat extension" |
|||
} |
|||
, { |
|||
"id" : "CCS", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "CRITICAL", |
|||
"cve" : "CVE-2014-0224", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "VULNERABLE" |
|||
} |
|||
, { |
|||
"id" : "ticketbleed", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-9244", |
|||
"cwe" : "CWE-200", |
|||
"finding" : "not vulnerable, returned potential memory fragments do not differ" |
|||
} |
|||
, { |
|||
"id" : "ROBOT", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168", |
|||
"cwe" : "CWE-203", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_renego", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "secure_client_renego", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2009-3555", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "CRIME_TLS", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2012-4929", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "BREACH", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-3587", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially VULNERABLE, uses gzip HTTP compression - only supplied '/cran/' tested" |
|||
} |
|||
, { |
|||
"id" : "POODLE_SSL", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2014-3566", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "fallback_SCSV", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"finding" : "no protocol below TLS 1 offered" |
|||
} |
|||
, { |
|||
"id" : "SWEET32", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2016-2183 CVE-2016-6329", |
|||
"cwe" : "CWE-327", |
|||
"finding" : "uses 64 bit block ciphers" |
|||
} |
|||
, { |
|||
"id" : "FREAK", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-0204", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable to DROWN on this host and port" |
|||
} |
|||
, { |
|||
"id" : "DROWN", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"cve" : "CVE-2016-0800 CVE-2016-0703", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=87E657AFAF8FE0532E57BFF8F5A1EE686BCC0C63E77489C36F59E6466E659190" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM-common_primes", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus" |
|||
} |
|||
, { |
|||
"id" : "LOGJAM", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "OK", |
|||
"cve" : "CVE-2015-4000", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "not vulnerable, no DH EXPORT ciphers," |
|||
} |
|||
, { |
|||
"id" : "BEAST_CBC_TLS1", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "DHE-RSA-AES256-SHA AES256-SHA DHE-RSA-AES128-SHA AES128-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA" |
|||
} |
|||
, { |
|||
"id" : "BEAST", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "MEDIUM", |
|||
"cve" : "CVE-2011-3389", |
|||
"cwe" : "CWE-20", |
|||
"finding" : "VULNERABLE -- and no higher protocols as mitigation supported" |
|||
} |
|||
, { |
|||
"id" : "LUCKY13", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "LOW", |
|||
"cve" : "CVE-2013-0169", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "potentially vulnerable, uses TLS CBC ciphers" |
|||
} |
|||
, { |
|||
"id" : "RC4", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "HIGH", |
|||
"cve" : "CVE-2013-2566 CVE-2015-2808", |
|||
"cwe" : "CWE-310", |
|||
"finding" : "VULNERABLE, Detected ciphers: RC4-SHA RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "cipher_x39", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x35", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x33", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x2f", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x05", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x04", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5" |
|||
} |
|||
, { |
|||
"id" : "cipher_x16", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x16 EDH-RSA-DES-CBC3-SHA DH 1024 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "cipher_x0a", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_422", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_442", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_500", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_60", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-android_70", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_65_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-chrome_70_win10", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_59_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-firefox_62_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_6_xp", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_7_vista", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_8_xp", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win81", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_winphone81", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-ie_11_win10", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_win10", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_13_winphone10", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-edge_15_win10", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-opera_17_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_ios9", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_9_osx1011", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-safari_10_osx1012", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-apple_ats_9_ios9", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "No connection" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-tor_1709_win7", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_6u45", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 RC4-MD5" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_7u25", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES128-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_8u161", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-java_904", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_101l", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "clientsimulation-openssl_102e", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "TLSv1.0 DHE-RSA-AES256-SHA" |
|||
} |
|||
, { |
|||
"id" : "scanTime", |
|||
"ip" : "wbc.upm.edu.my/119.40.117.175", |
|||
"port" : "443", |
|||
"severity" : "INFO", |
|||
"finding" : "266" |
|||
} |
|||
] |
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because it is too large
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
After Width: | Height: | Size: 90 KiB |
After Width: | Height: | Size: 111 KiB |
After Width: | Height: | Size: 388 KiB |
After Width: | Height: | Size: 72 KiB |
After Width: | Height: | Size: 53 KiB |
After Width: | Height: | Size: 650 KiB |
Loading…
Reference in new issue