>

[ clear ] [ Examples & How to? ]

a. Test any website for security vulnerabilities by entering "scan: www.domain.com"
b. Explore our database by using our powerful filters
bot@idyllum:~$ Sorry, your scan failed! Please try again.

Browse by OWASP ZAP

X-Content-Type-Options Header Missing (3261061)
X-Frame-Options Header Not Set (2904725)
Timestamp Disclosure - Unix (2557642)
Information Disclosure - Suspicious Comments (2326402)
Cross-Domain JavaScript Source File Inclusion (2136145)
Absence of Anti-CSRF Tokens (1973332)
Incomplete or No Cache-control and Pragma HTTP Header Set (1721081)
Cookie Without SameSite Attribute (1479772)
Cookie No HttpOnly Flag (1249035)
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (1064004)
Vulnerable JS Library (708409)
Cookie Without Secure Flag (651430)
Charset Mismatch (449775)
CSP: Wildcard Directive (331507)
Cross-Domain Misconfiguration (254879)
Secure Pages Include Mixed Content (227650)
Content Security Policy (CSP) Header Not Set (219846)
Loosely Scoped Cookie (201016)
CSP: Notices (193105)
WSDL File Detection (187786)
Modern Web Application (184630)
Missing Anti-clickjacking Header (182541)
Application Error Disclosure (182379)
Information Disclosure - Sensitive Information in URL (155501)
CSP: style-src unsafe-inline (140985)
Information Disclosure - Debug Error Messages (130163)
CSP: script-src unsafe-inline (123287)
Charset Mismatch (Header Versus Meta Content-Type Charset) (107630)
Re-examine Cache-control Directives (104382)
Secure Pages Include Mixed Content (Including Scripts) (90210)
Web Browser XSS Protection Not Enabled (88878)
X-AspNet-Version Response Header (87794)
Strict-Transport-Security Header Not Set (86559)
Content-Type Header Missing (84413)
Cookie without SameSite Attribute (81388)
Private IP Disclosure (53592)
Viewstate without MAC Signature (Unsure) (50725)
User Controllable HTML Element Attribute (Potential XSS) (49729)
Server Leaks Version Information via "Server" HTTP Response Header Field (49207)
Retrieved from Cache (34590)
Multiple X-Frame-Options Header Entries (25149)
Charset Mismatch (16964)
Information Disclosure - Sensitive Information in HTTP Referrer Header (16539)
Cookie with SameSite Attribute None (16537)
Charset Mismatch (Header Versus Meta Charset) (15479)
CSP: script-src unsafe-eval (11746)
PII Disclosure (11305)
Content Security Policy (CSP) Report-Only Header Found (9047)
CSP: X-Content-Security-Policy (8890)
Weak Authentication Method (8208)
X-Frame-Options Setting Malformed (7952)
Session ID in URL Rewrite (5465)
Cookie Poisoning (5425)
Emails Found in the Viewstate (4473)
Big Redirect Detected (Potential Sensitive Information Leak) (4357)
Strict-Transport-Security Disabled (3959)
CSP: X-WebKit-CSP (3875)
Potential IP Addresses Found in the Viewstate (3568)
Referer Exposes Session ID (3327)
HTTP to HTTPS Insecure Transition in Form Post (2140)
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) (1265)
Hash Disclosure - Mac OSX salted SHA-1 (709)
X-Frame-Options Defined via META (Non-compliant with Spec) (675)
Open Redirect (639)
User Controllable JavaScript Event (XSS) (526)
HTTPS to HTTP Insecure Transition in Form Post (522)
Obsolete Content Security Policy (CSP) Header Found (499)
CSP: Header & Meta (400)
Old Asp.Net Version in Use (348)
Directory Browsing - Apache 2 (298)
X-Debug-Token Information Leak (180)
Split Viewstate in Use (176)
Username Hash Found (118)
X-Backend-Server Header Information Leak (103)
Content-Type Header Empty (89)
Viewstate without MAC Signature (Sure) (74)
User Controllable Charset (38)
Insecure JSF ViewState (34)
Reverse Tabnabbing (23)
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) (13)
Directory Browsing - Microsoft IIS (12)
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) (10)
Hash Disclosure - MD5 Crypt (9)
Hash Disclosure - BCrypt (8)
CSP: script-src unsafe-hashes (7)
Cookie with Invalid SameSite Attribute (6)
CSP: style-src unsafe-hashes (6)
Heartbleed OpenSSL Vulnerability (Indicative) (5)
Strict-Transport-Security Defined via META (Non-compliant with Spec) (4)
X-ChromeLogger-Data (XCOLD) Header Information Leak (3)
CSP: Malformed Policy (Non-ASCII) (3)
Strict-Transport-Security Malformed Content (Non-compliant with Spec) (3)
Hash Disclosure - SHA-512 Crypt (1)
HTTP Parameter Override