>

[ clear ] [ Examples & How to? ]

a. Test any website for security vulnerabilities by entering "scan: www.domain.com"
b. Explore our database by using our powerful filters
bot@idyllum:~$ Sorry, your scan failed! Please try again.

Browse by OWASP ZAP

----------

X-Content-Type-Options Header Missing (3563315)
X-Frame-Options Header Not Set (2904725)
Timestamp Disclosure - Unix (2646982)
Information Disclosure - Suspicious Comments (2478393)
Cross-Domain JavaScript Source File Inclusion (2304645)
Absence of Anti-CSRF Tokens (2087715)
Incomplete or No Cache-control and Pragma HTTP Header Set (1721081)
Cookie Without SameSite Attribute (1479772)
Cookie No HttpOnly Flag (1358324)
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (1206788)
Vulnerable JS Library (740781)
Cookie Without Secure Flag (709723)
Content Security Policy (CSP) Header Not Set (555148)
Missing Anti-clickjacking Header (475297)
Charset Mismatch (449775)
Modern Web Application (427750)
CSP: Wildcard Directive (382713)
Cross-Domain Misconfiguration (295378)
Secure Pages Include Mixed Content (235654)
Loosely Scoped Cookie (233979)
Re-examine Cache-control Directives (228258)
CSP: Notices (215962)
Strict-Transport-Security Header Not Set (208493)
Application Error Disclosure (192595)
CSP: style-src unsafe-inline (191922)
Cookie without SameSite Attribute (190310)
WSDL File Detection (187793)
Information Disclosure - Sensitive Information in URL (171217)
CSP: script-src unsafe-inline (162149)
Server Leaks Version Information via "Server" HTTP Response Header Field (155403)
Information Disclosure - Debug Error Messages (136946)
Charset Mismatch (Header Versus Meta Content-Type Charset) (118710)
X-AspNet-Version Response Header (98509)
Retrieved from Cache (93266)
Secure Pages Include Mixed Content (Including Scripts) (93110)
User Controllable HTML Element Attribute (Potential XSS) (91667)
Web Browser XSS Protection Not Enabled (88878)
Content-Type Header Missing (87403)
Private IP Disclosure (57055)
Viewstate without MAC Signature (Unsure) (50725)
Cookie with SameSite Attribute None (45279)
Charset Mismatch (31925)
Multiple X-Frame-Options Header Entries (27792)
CSP: script-src unsafe-eval (24473)
PII Disclosure (22495)
Information Disclosure - Sensitive Information in HTTP Referrer Header (22153)
Content Security Policy (CSP) Report-Only Header Found (16824)
Charset Mismatch (Header Versus Meta Charset) (15948)
CSP: X-Content-Security-Policy (10351)
Strict-Transport-Security Disabled (10311)
Big Redirect Detected (Potential Sensitive Information Leak) (9917)
Cookie Poisoning (8570)
X-Frame-Options Setting Malformed (8363)
Weak Authentication Method (8270)
Session ID in URL Rewrite (5526)
Emails Found in the Viewstate (4609)
HTTP to HTTPS Insecure Transition in Form Post (4195)
CSP: X-WebKit-CSP (4039)
Potential IP Addresses Found in the Viewstate (3717)
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) (3486)
Referer Exposes Session ID (3356)
Obsolete Content Security Policy (CSP) Header Found (1931)
Hash Disclosure - Mac OSX salted SHA-1 (1640)
HTTPS to HTTP Insecure Transition in Form Post (1349)
Open Redirect (1324)
CSP: Header & Meta (979)
User Controllable JavaScript Event (XSS) (849)
X-Frame-Options Defined via META (Non-compliant with Spec) (691)
Old Asp.Net Version in Use (363)
Directory Browsing - Apache 2 (313)
Directory Browsing (270)
X-Backend-Server Header Information Leak (236)
X-Debug-Token Information Leak (182)
Split Viewstate in Use (179)
Username Hash Found (118)
User Controllable Charset (93)
Content-Type Header Empty (90)
Viewstate without MAC Signature (Sure) (76)
Reverse Tabnabbing (67)
Insecure JSF ViewState (34)
Hash Disclosure - MD5 Crypt (34)
Strict-Transport-Security Defined via META (Non-compliant with Spec) (33)
CSP: script-src unsafe-hashes (32)
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) (32)
CSP: style-src unsafe-hashes (27)
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) (21)
GraphQL Endpoint Supports Introspection (17)
Cookie with Invalid SameSite Attribute (15)
Hash Disclosure - BCrypt (14)
Directory Browsing - Microsoft IIS (12)
Heartbleed OpenSSL Vulnerability (Indicative) (12)
GraphQL Server Implementation Identified (8)
CSP: Malformed Policy (Non-ASCII) (6)
CSP: Meta Policy Invalid Directive (6)
X-ChromeLogger-Data (XCOLD) Header Information Leak (4)
Hash Disclosure - OpenBSD Blowfish (4)
Strict-Transport-Security Malformed Content (Non-compliant with Spec) (3)
Hash Disclosure - SHA-512 Crypt (2)
Hash Disclosure - SHA-256 Crypt (1)
HTTP Parameter Override