What we checked Total checks Targets Issues discovered 143,306 3 0 Here are some examples of what we checked your targets and their reachable webpages for. Vulnerable software & hardware Web Application Vulnerabilities ö ù Web servers, e.g. Apache, Nginx Checks for multiple OWASP Top Ten issues Mail servers, e.g. Exim SQL injection Development software, e.g. PHP Cross-site scripting (XSS) Network monitoring software, e.g. Zabbix, Nagios XML external entity (XXE) injection Networking systems, e.g. Cisco ASA Local/remote file inclusion Content management systems, e.g. Drupal, Web server misconfigurations Wordpress Directory/path traversal, directory listing & unintentionally exposed content Other well-known weaknesses, e.g. 'Log4Shell' and 'Shellshock' Attack Surface Reduction Information Leakage ÿ ú Our service is designed to help you reduce your attack Checks for information which your systems are surface and identify systems and software which do reporting to end-users which should remain private. not need to be exposed to the Internet, such as: This information includes data which could be used to assist in the mounting of further attacks, such as: Publicly exposed databases Administrative interfaces Local directory path information Sensitive services, e.g. SMB Internal IP Addresses Network monitoring software Encryption weaknesses Common mistakes & misconfigurations ÿ ý Weaknesses in SSL/TLS implementations, such as: VPN configuration weaknesses 'Heartbleed', 'CRIME', 'BEAST' and 'ROBOT' Exposed SVN/git repositories Weak encryption ciphers & protocols Unsupported operating systems SSL certificate misconfigurations Open mail relays Unencrypted services such as FTP DNS servers allowing zone transfer 2 of 4