| .env Information Leak |
|
| .htaccess Information Leak |
|
| Absence of Anti-CSRF Tokens |
|
| Advanced SQL Injection |
|
| Anti-CSRF Tokens Check |
|
| Application Error Disclosure |
|
| Authentication Credentials Captured |
|
| Backup File Disclosure |
|
| Big Redirect Detected (Potential Sensitive Information Leak) |
|
| Buffer Overflow |
|
| Bypassing 403 |
|
| Charset Mismatch |
|
| Cloud Metadata Potentially Exposed |
|
| Content Security Policy (CSP) Header Not Set |
|
| Content Security Policy (CSP) Report-Only Header Found |
|
| Content-Type Header Empty |
|
| Content-Type Header Missing |
|
| Cookie No HttpOnly Flag |
|
| Cookie Poisoning |
|
| Cookie Slack Detector |
|
| Cookie with Invalid SameSite Attribute |
|
| Cookie with SameSite Attribute None |
|
| Cookie without SameSite Attribute |
|
| Cookie Without Secure Flag |
|
| CORS Header |
|
| CORS Misconfiguration |
|
| CORS Misconfiguration |
|
| CRLF Injection |
|
| Cross Site Scripting (Persistent) |
|
| Cross Site Scripting (Persistent) - Prime |
|
| Cross Site Scripting (Persistent) - Spider |
|
| Cross Site Scripting (Reflected) |
|
| Cross-Domain JavaScript Source File Inclusion |
|
| Cross-Domain Misconfiguration |
|
| Cross-Domain Misconfiguration - Adobe - Read |
|
| Cross-Domain Misconfiguration - Adobe - Send |
|
| Cross-Domain Misconfiguration - Silverlight |
|
| CSP: Failure to Define Directive with No Fallback |
|
| CSP: Header & Meta |
|
| CSP: Malformed Policy (Non-ASCII) |
|
| CSP: Meta Policy Invalid Directive |
|
| CSP: Notices |
|
| CSP: script-src unsafe-eval |
|
| CSP: script-src unsafe-hashes |
|
| CSP: script-src unsafe-inline |
|
| CSP: style-src unsafe-hashes |
|
| CSP: style-src unsafe-inline |
|
| CSP: Wildcard Directive |
|
| CSP: X-Content-Security-Policy |
|
| CSP: X-WebKit-CSP |
|
| Dangerous JS Functions |
|
| Deprecated Feature Policy Header Set |
|
| Directory Browsing |
|
| Directory Browsing |
|
| ELMAH Information Leak |
|
| Emails Found in the Viewstate |
|
| Exponential Entity Expansion (Billion Laughs Attack) |
|
| Expression Language Injection |
|
| External Redirect |
|
| External Redirect |
|
| External Redirect |
|
| External Redirect |
|
| Format String Error |
|
| Generic Padding Oracle |
|
| GET for POST |
|
| Hash Disclosure - MD4 / MD5 |
|
| Heartbleed OpenSSL Vulnerability |
|
| Heartbleed OpenSSL Vulnerability (Indicative) |
|
| Hidden File Found |
|
| HTTP Only Site |
|
| HTTP Parameter Override |
|
| HTTP Parameter Pollution |
|
| HTTP to HTTPS Insecure Transition in Form Post |
|
| Httpoxy - Proxy Header Misuse |
|
| HTTPS Content Available via HTTP |
|
| HTTPS to HTTP Insecure Transition in Form Post |
|
| In Page Banner Information Leak |
|
| Information Disclosure - Debug Error Messages |
|
| Information Disclosure - Sensitive Information in HTTP Referrer Header |
|
| Information Disclosure - Sensitive Information in URL |
|
| Information Disclosure - Suspicious Comments |
|
| Insecure HTTP Method |
|
| Insecure JSF ViewState |
|
| Insufficient Site Isolation Against Spectre Vulnerability |
|
| Insufficient Site Isolation Against Spectre Vulnerability |
|
| Insufficient Site Isolation Against Spectre Vulnerability |
|
| Integer Overflow Error |
|
| Java Serialization Object |
|
| Log4Shell (CVE-2021-44228) |
|
| Log4Shell (CVE-2021-45046) |
|
| Loosely Scoped Cookie |
|
| Missing Anti-clickjacking Header |
|
| Modern Web Application |
|
| Multiple HREFs Redirect Detected (Potential Sensitive Information Leak) |
|
| Multiple X-Frame-Options Header Entries |
|
| Non-Storable Content |
|
| Obsolete Content Security Policy (CSP) Header Found |
|
| Old Asp.Net Version in Use |
|
| Open Redirect |
|
| Out of Band XSS |
|
| Parameter Tampering |
|
| Path Traversal |
|
| Path Traversal |
|
| Path Traversal |
|
| Path Traversal |
|
| Path Traversal |
|
| Permissions Policy Header Not Set |
|
| PII Disclosure |
|
| Possible Username Enumeration |
|
| Potential IP Addresses Found in the Viewstate |
|
| Private IP Disclosure |
|
| Properties File Disclosure - /WEB-INF folder |
|
| Proxy Disclosure |
|
| Re-examine Cache-control Directives |
|
| Referer Exposes Session ID |
|
| Relative Path Confusion |
|
| Remote Code Execution - CVE-2012-1823 |
|
| Remote Code Execution - Shell Shock |
|
| Remote Code Execution - Shell Shock |
|
| Remote File Inclusion |
|
| Remote OS Command Injection |
|
| Retrieved from Cache |
|
| Retrieved from Cache |
|
| Reverse Tabnabbing |
|
| Script Served From Malicious Domain (polyfill) |
|
| Script Served From Malicious Domain (polyfill) |
|
| Secure Pages Include Mixed Content |
|
| Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
|
| Server Leaks its Webserver Application via "Server" HTTP Response Header Field |
|
| Server Leaks Version Information via "Server" HTTP Response Header Field |
|
| Server Side Code Injection - ASP Code Injection |
|
| Server Side Code Injection - PHP Code Injection |
|
| Server Side Include |
|
| Server Side Request Forgery |
|
| Server Side Template Injection |
|
| Server Side Template Injection (Blind) |
|
| Session Fixation |
|
| Session ID in URL Rewrite |
|
| Session ID in URL Rewrite |
|
| SOAP Action Spoofing |
|
| SOAP XML Injection |
|
| Source Code Disclosure - /WEB-INF Folder |
|
| Source Code Disclosure - CVE-2012-1823 |
|
| Source Code Disclosure - File Inclusion |
|
| Source Code Disclosure - Git |
|
| Source Code Disclosure - PHP |
|
| Source Code Disclosure - SVN |
|
| Split Viewstate in Use |
|
| Spring Actuator Information Leak |
|
| Spring4Shell |
|
| SQL Injection |
|
| SQL Injection - Hypersonic SQL |
|
| SQL Injection - MsSQL |
|
| SQL Injection - MySQL |
|
| SQL Injection - Oracle |
|
| SQL Injection - PostgreSQL |
|
| SQL Injection - SQLite |
|
| Storable and Cacheable Content |
|
| Storable but Non-Cacheable Content |
|
| Strict-Transport-Security Defined via META (Non-compliant with Spec) |
|
| Strict-Transport-Security Disabled |
|
| Strict-Transport-Security Header Not Set |
|
| Strict-Transport-Security Header on Plain HTTP Response |
|
| Strict-Transport-Security Malformed Content (Non-compliant with Spec) |
|
| Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) |
|
| Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) |
|
| Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) |
|
| Sub Resource Integrity Attribute Missing |
|
| Text4shell (CVE-2022-42889) |
|
| Timestamp Disclosure - Unix |
|
| Trace.axd Information Leak |
|
| User Agent Fuzzer |
|
| User Controllable Charset |
|
| User Controllable HTML Element Attribute (Potential XSS) |
|
| User Controllable JavaScript Event (XSS) |
|
| Username Hash Found |
|
| Viewstate without MAC Signature (Sure) |
|
| Viewstate without MAC Signature (Unsure) |
|
| Vulnerable JS Library |
|
| Weak Authentication Method |
|
| WSDL File Detection |
|
| X-AspNet-Version Response Header |
|
| X-Backend-Server Header Information Leak |
|
| X-ChromeLogger-Data (XCOLD) Header Information Leak |
|
| X-Content-Type-Options Header Missing |
|
| X-Debug-Token Information Leak |
|
| X-Frame-Options Defined via META (Non-compliant with Spec) |
|
| X-Frame-Options Setting Malformed |
|
| XML External Entity Attack |
|
| XPath Injection |
|
| XSLT Injection |
|