Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
DashlordBetaGouvBot committed Dec 22, 2024
1 parent 50b17ea commit e9e4eed
Show file tree
Hide file tree
Showing 11 changed files with 37 additions and 67 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@
"width": 1920,
"height": 1080,
"url": "https://sirius.apprentissage.beta.gouv.fr/",
"size": 2221.341,
"size": 2223.016,
"nodes": 278,
"requests": 38,
"requests": 39,
"grade": "C",
"score": 70.0,
"ges": 1.6,
"water": 2.4,
"ecoindex_version": "5.4.2",
"date": "2024-12-15 18:58:06.793763",
"date": "2024-12-22 18:45:06.402361",
"page_type": null
}
]
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Nmap 7.92 scan initiated Sun Dec 15 19:11:26 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln sirius.apprentissage.beta.gouv.fr
# Nmap 7.92 scan initiated Sun Dec 22 18:57:31 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln sirius.apprentissage.beta.gouv.fr
Host: 141.94.126.187 () Status: Up
Host: 141.94.126.187 () Ports: 22/open/tcp//ssh//OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)/, 80/open/tcp//http//nginx (reverse proxy)/, 443/open/tcp//ssl|http//nginx (reverse proxy)/ Ignored State: filtered (997)
# Nmap done at Sun Dec 15 19:12:04 2024 -- 1 IP address (1 host up) scanned in 37.96 seconds
# Nmap done at Sun Dec 22 18:58:02 2024 -- 1 IP address (1 host up) scanned in 30.54 seconds
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<h1>Scan Report<br><small>Nmap 7.92</small>
</h1>
<pre style="white-space:pre-wrap; word-wrap:break-word;">nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln sirius.apprentissage.beta.gouv.fr</pre>
<p class="lead">Sun Dec 15 19:11:26 2024 – Sun Dec 15 19:12:04 2024<br>1 hosts scanned.
<p class="lead">Sun Dec 22 18:57:31 2024 – Sun Dec 22 18:58:02 2024<br>1 hosts scanned.
1 hosts up.
0 hosts down.
</p>
Expand Down Expand Up @@ -122,8 +122,6 @@ <h4>Ports</h4>
cpe:/a:openbsd:openssh:8.9p1:
95499236-C9FE-56A6-9D7D-E943A24B633A 10.0 https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A *EXPLOIT*
2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT*
CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408
CVE-2023-28531 9.8 https://vulners.com/cve/CVE-2023-28531
PACKETSTORM:179290 8.1 https://vulners.com/packetstorm/PACKETSTORM:179290 *EXPLOIT*
FB2E9ED1-43D7-585C-A197-0D6628B20134 8.1 https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134 *EXPLOIT*
FA3992CE-9C4C-5350-8134-177126E0BD3F 8.1 https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F *EXPLOIT*
Expand Down Expand Up @@ -202,9 +200,7 @@ <h4>Ports</h4>
PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 *EXPLOIT*
F0979183-AE88-53B4-86CF-3AF0523F3807 7.5 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 *EXPLOIT*
1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 *EXPLOIT*
CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385
CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795
CVE-2023-51384 5.5 https://vulners.com/cve/CVE-2023-51384
PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 *EXPLOIT*
B8190CDB-3EB9-5631-9828-8064A1575B23 0.0 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 *EXPLOIT*
8FC9C5AB-3968-5F3C-825E-E8DB5379A623 0.0 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 *EXPLOIT*
Expand Down

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
# Nmap 7.92 scan initiated Sun Dec 15 19:11:26 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln sirius.apprentissage.beta.gouv.fr
# Nmap 7.92 scan initiated Sun Dec 22 18:57:31 2024 as: nmap -sV --script vulners --script-args mincvss=5.0 -oA /data/nmapvuln sirius.apprentissage.beta.gouv.fr
Nmap scan report for sirius.apprentissage.beta.gouv.fr (141.94.126.187)
Host is up (0.16s latency).
Host is up (0.087s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:8.9p1:
| 95499236-C9FE-56A6-9D7D-E943A24B633A 10.0 https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A *EXPLOIT*
| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT*
| CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408
| CVE-2023-28531 9.8 https://vulners.com/cve/CVE-2023-28531
| PACKETSTORM:179290 8.1 https://vulners.com/packetstorm/PACKETSTORM:179290 *EXPLOIT*
| FB2E9ED1-43D7-585C-A197-0D6628B20134 8.1 https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134 *EXPLOIT*
| FA3992CE-9C4C-5350-8134-177126E0BD3F 8.1 https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F *EXPLOIT*
Expand Down Expand Up @@ -88,9 +86,7 @@ PORT STATE SERVICE VERSION
| PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 *EXPLOIT*
| F0979183-AE88-53B4-86CF-3AF0523F3807 7.5 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 *EXPLOIT*
| 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 *EXPLOIT*
| CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385
| CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795
| CVE-2023-51384 5.5 https://vulners.com/cve/CVE-2023-51384
| PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 *EXPLOIT*
| B8190CDB-3EB9-5631-9828-8064A1575B23 0.0 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 *EXPLOIT*
| 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 0.0 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 *EXPLOIT*
Expand All @@ -103,4 +99,4 @@ PORT STATE SERVICE VERSION
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun Dec 15 19:12:04 2024 -- 1 IP address (1 host up) scanned in 37.96 seconds
# Nmap done at Sun Dec 22 18:58:02 2024 -- 1 IP address (1 host up) scanned in 30.54 seconds

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"cert_trust","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","HIGH","certificate does not match supplied URI (same w/o SNI)","",""
"cert_chain_of_trust","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","passed.","",""
"cert_certificatePolicies_EV","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","no","",""
"cert_expirationStatus","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","48 >= 30 days","",""
"cert_expirationStatus","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","41 >= 30 days","",""
"cert_notBefore","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","2024-11-04 16:39","",""
"cert_notAfter","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","2025-02-02 16:39","",""
"cert_extlifeSpan","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","certificate has no extended life time according to browser forum","",""
Expand All @@ -72,13 +72,13 @@
"intermediate_cert_badOCSP","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","intermediate certificate(s) is/are ok","",""
"HTTP_status_code","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","200 OK ('/')","",""
"HTTP_clock_skew","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","0 seconds from localtime","",""
"HTTP_headerTime","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","1734289843","",""
"HTTP_headerTime","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","1734893820","",""
"HSTS","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","LOW","not offered","",""
"HPKP","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","No support for HTTP Public Key Pinning","",""
"banner_server","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","No Server banner line in header, interesting!","",""
"banner_application","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","No application banner found","",""
"cookie_count","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","0 at '/'","",""
"Content-Security-Policy","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","frame-ancestors 'self' *.onisep.fr *.onisep.fr:8000 *.beta.gouv.fr *.incubateur.net","",""
"Content-Security-Policy","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","OK","frame-ancestors 'self' *.onisep.fr *.onisep.fr:8000 *.onisep-preprod.fr http://www-krifa.onisep.fr:8000 *.beta.gouv.fr *.incubateur.net","",""
"Access-Control-Allow-Origin","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","*","",""
"Cache-Control","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","max-age=0","",""
"banner_reverseproxy","sirius.apprentissage.beta.gouv.fr/141.94.126.187","443","INFO","--","","CWE-200"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@
#####################################################################</span>

Using <i>OpenSSL 1.0.2-bad </i> [~183 ciphers]
on fv-az568-910:/home/testssl/bin/openssl.Linux.x86_64
on fv-az573-725:/home/testssl/bin/openssl.Linux.x86_64

<span style="color:white;background-color:black;"> Start 2024-12-15 19:09:46 --&gt;&gt; 141.94.126.187:443 (sirius.apprentissage.beta.gouv.fr) &lt;&lt;--</span>
<span style="color:white;background-color:black;"> Start 2024-12-22 18:56:38 --&gt;&gt; 141.94.126.187:443 (sirius.apprentissage.beta.gouv.fr) &lt;&lt;--</span>

rDNS (141.94.126.187): --
Service detected: HTTP
Expand Down Expand Up @@ -103,7 +103,7 @@
<span style="font-weight:bold;"> Trust (hostname) </span><span style="color:#e52207;">certificate does not match supplied URI</span> (same w/o SNI)
<span style="font-weight:bold;"> Chain of trust</span> <span style="color:#008817;">Ok </span><span style="color:#cd00cd;"></span>
<span style="font-weight:bold;"> EV cert</span> (experimental) no
<span style="font-weight:bold;"> Certificate Validity (UTC) </span><span style="color:#008817;">48 &gt;= 30 days</span> (2024-11-04 16:39 --&gt; 2025-02-02 16:39)
<span style="font-weight:bold;"> Certificate Validity (UTC) </span><span style="color:#008817;">41 &gt;= 30 days</span> (2024-11-04 16:39 --&gt; 2025-02-02 16:39)
<span style="font-weight:bold;"> ETS/&quot;eTLS&quot;</span>, visibility info not present
<span style="font-weight:bold;"> Certificate Revocation List </span>--
<span style="font-weight:bold;"> OCSP URI </span>http://e5.o.lencr.org
Expand All @@ -127,7 +127,9 @@
<span style="font-weight:bold;"> Application banner </span>--
<span style="font-weight:bold;"> Cookie(s) </span>(none issued at &quot;/&quot;)
<span style="font-weight:bold;"> Security headers </span><span style="color:#008817;">Content-Security-Policy</span>: frame-ancestors &apos;self&apos;
*.onisep.fr *.onisep.fr:8000 *.beta.gouv.fr
*.onisep.fr *.onisep.fr:8000
*.onisep-preprod.fr
http://www-krifa.onisep.fr:8000 *.beta.gouv.fr
*.incubateur.net
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expand Down Expand Up @@ -212,7 +214,7 @@
Grade capped to
A. HSTS is not offered

<span style="color:white;background-color:black;"> Done 2024-12-15 19:11:24 [ 101s] --&gt;&gt; 141.94.126.187:443 (sirius.apprentissage.beta.gouv.fr) &lt;&lt;--</span>
<span style="color:white;background-color:black;"> Done 2024-12-22 18:57:30 [ 55s] --&gt;&gt; 141.94.126.187:443 (sirius.apprentissage.beta.gouv.fr) &lt;&lt;--</span>


</pre>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,7 @@
"ip" : "sirius.apprentissage.beta.gouv.fr/141.94.126.187",
"port" : "443",
"severity" : "OK",
"finding" : "48 >= 30 days"
"finding" : "41 >= 30 days"
}
, {
"id" : "cert_notBefore",
Expand Down Expand Up @@ -521,7 +521,7 @@
"ip" : "sirius.apprentissage.beta.gouv.fr/141.94.126.187",
"port" : "443",
"severity" : "INFO",
"finding" : "1734289843"
"finding" : "1734893820"
}
, {
"id" : "HSTS",
Expand Down Expand Up @@ -563,7 +563,7 @@
"ip" : "sirius.apprentissage.beta.gouv.fr/141.94.126.187",
"port" : "443",
"severity" : "OK",
"finding" : "frame-ancestors 'self' *.onisep.fr *.onisep.fr:8000 *.beta.gouv.fr *.incubateur.net"
"finding" : "frame-ancestors 'self' *.onisep.fr *.onisep.fr:8000 *.onisep-preprod.fr http://www-krifa.onisep.fr:8000 *.beta.gouv.fr *.incubateur.net"
}
, {
"id" : "Access-Control-Allow-Origin",
Expand Down Expand Up @@ -1098,6 +1098,6 @@
"ip" : "sirius.apprentissage.beta.gouv.fr/141.94.126.187",
"port" : "443",
"severity" : "INFO",
"finding" : "101"
"finding" : "55"
}
]
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
"access-control-allow-origin": "*",
"cache-control": "max-age=0",
"content-encoding": "gzip",
"content-security-policy": "frame-ancestors 'self' *.onisep.fr *.onisep.fr:8000 *.beta.gouv.fr *.incubateur.net",
"content-security-policy": "frame-ancestors 'self' *.onisep.fr *.onisep.fr:8000 *.onisep-preprod.fr http://www-krifa.onisep.fr:8000 *.beta.gouv.fr *.incubateur.net",
"content-type": "text/html; charset=utf-8",
"date": "Sun, 15 Dec 2024 19:09:25 GMT",
"etag": "W/\"3fc-193bb983de8\"",
"last-modified": "Thu, 12 Dec 2024 15:58:57 GMT",
"date": "Sun, 22 Dec 2024 18:56:19 GMT",
"etag": "W/\"3fc-193cffbb198\"",
"last-modified": "Mon, 16 Dec 2024 14:59:59 GMT",
"vary": "Accept-Encoding\nOrigin"
},
"endpoints": [
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"token":"rs6j","url":"https://sirius.apprentissage.beta.gouv.fr","alias":null,"last_status":200,"uptime":100,"down":false,"down_since":null,"up_since":"2024-11-20T01:41:02Z","error":null,"period":3600,"apdex_t":0.5,"string_match":"","enabled":true,"published":false,"disabled_locations":[],"recipients":["slack_compatible:4124784183"],"last_check_at":"2024-12-15T18:37:46Z","next_check_at":"2024-12-15T19:37:30Z","created_at":"2021-04-22T21:34:16Z","mute_until":"forever","favicon_url":"https://sirius.apprentissage.beta.gouv.fr/dsfr/favicon/favicon.ico?v=1.12.1","custom_headers":{},"http_verb":"GET/HEAD","http_body":"","ssl":{"tested_at":"2024-12-15T17:37:54Z","expires_at":"2025-02-02T16:39:25Z","valid":false,"error":"error code 62: hostname mismatch"},"metrics":{},"uptimeGrade":"A"}
{"token":"rs6j","url":"https://sirius.apprentissage.beta.gouv.fr","alias":null,"last_status":200,"uptime":100,"down":false,"down_since":null,"up_since":"2024-11-20T01:41:02Z","error":null,"period":3600,"apdex_t":0.5,"string_match":"","enabled":true,"published":false,"disabled_locations":[],"recipients":["slack_compatible:4124784183"],"last_check_at":"2024-12-22T18:48:17Z","next_check_at":"2024-12-22T19:48:06Z","created_at":"2021-04-22T21:34:16Z","mute_until":"forever","favicon_url":"https://sirius.apprentissage.beta.gouv.fr/dsfr/favicon/favicon.ico?v=1.12.1","custom_headers":{},"http_verb":"GET/HEAD","http_body":"","ssl":{"tested_at":"2024-12-22T18:48:18Z","expires_at":"2025-02-02T16:39:25Z","valid":false,"error":"error code 62: hostname mismatch"},"metrics":{},"uptimeGrade":"A"}

0 comments on commit e9e4eed

Please sign in to comment.