Your website is scanned using the following modules:

  • Code Injection
  • Code injection (timing)
  • Cross-Site Request Forgery
  • LDAP Injection
  • Operating system command injection
  • Operating system command injection (timing attack)
  • Path Traversal
  • File Inclusion
  • Response splitting
  • Remote file inclusion
  • SQL Injection
  • Blind SQL Injection (timing attack)
  • Unvalidated redirect
  • XPath Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Scripting in event attribute of HTML element
  • Cross-Site Scripting (XSS) in path
  • Misconfiguration in LIMIT directive of .htaccess file
  • HTTP PUT is enabled
  • Cross-Site Scripting in HTML “script” tag
  • Cross-Site Scripting in HTML “vbscript” tag
  • Cross-Site Scripting in HTML tag
  • YAML Injection
  • YAML Injection (timing)
  • Allowed HTTP methods
  • Directory listing is enabled.
  • Found a CAPTCHA protected form
  • Credit card number disclosure
  • CVS/SVN user disclosure
  • Disclosed e-mail address
  • Found an HTML object
  • Non HTTP-Only Cookies
  • Insecure Cookies
  • Private IP address disclosure
  • Disclosed US Social Security Number
  • Mixed Resource
  • Unencrypted password form
  • Unencrypted HTTP Basic Authentication
  • WebDAV
  • The TRACE HTTP method is enabled
  • Spammable contact form
  • Found Robots.txt
  • Password field with autocomplete
  • Found Stacktrace
  • Source Code Disclosure
  • OpenSSL Heartbeat Extension Memory Leak (Heartbleed)
  • Cross-Site Scripting in attribute of HTML element