ZAP Full Scan Report

- Site: [https://localhost](https://localhost) 
 	 **New Alerts** 
	- **HTTP Only Site** [10106] total: 1:  
		- [http://localhost:8000](http://localhost:8000) 


- Site: [http://localhost:8000](http://localhost:8000) 
 	 **New Alerts** 
	- **Relative Path Confusion** [10051] total: 20:  
		- [http://localhost:8000/vendor/slick/slick.min.js](http://localhost:8000/vendor/slick/slick.min.js) 
		- [http://localhost:8000/assets/vendor/venobox/venobox.css](http://localhost:8000/assets/vendor/venobox/venobox.css) 
		- [http://localhost:8000/assets/vendor/bootstrap/js/bootstrap.bundle.min.js](http://localhost:8000/assets/vendor/bootstrap/js/bootstrap.bundle.min.js) 
		- [http://localhost:8000/vendor/chartjs/Chart.bundle.min.js](http://localhost:8000/vendor/chartjs/Chart.bundle.min.js) 
		- [http://localhost:8000/vendor/font-awesome-4.7/css/font-awesome.min.css](http://localhost:8000/vendor/font-awesome-4.7/css/font-awesome.min.css) 
		- .. 
	- **Cookie Slack Detector** [90027] total: 20:  
		- [http://localhost:8000/static/css/2.591db2b6.chunk.css](http://localhost:8000/static/css/2.591db2b6.chunk.css) 
		- [http://localhost:8000/vendor](http://localhost:8000/vendor) 
		- [http://localhost:8000/static/js](http://localhost:8000/static/js) 
		- [http://localhost:8000/vendor/mdi-font/css/material-design-iconic-font.min.css](http://localhost:8000/vendor/mdi-font/css/material-design-iconic-font.min.css) 
		- [http://localhost:8000/assets/js](http://localhost:8000/assets/js) 
		- .. 
	- **Modern Web Application** [10109] total: 7:  
		- [http://localhost:8000/static/js/2.edd1bc10.chunk.js](http://localhost:8000/static/js/2.edd1bc10.chunk.js) 
		- [http://localhost:8000/assets/vendor/jquery/jquery.min.js](http://localhost:8000/assets/vendor/jquery/jquery.min.js) 
		- [http://localhost:8000](http://localhost:8000) 
		- [http://localhost:8000/assets/vendor/venobox/venobox.min.js](http://localhost:8000/assets/vendor/venobox/venobox.min.js) 
		- [http://localhost:8000/sitemap.xml](http://localhost:8000/sitemap.xml) 
		- .. 
	- **X-Content-Type-Options Header Missing** [10021] total: 11:  
		- [http://localhost:8000/sitemap.xml](http://localhost:8000/sitemap.xml) 
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 
		- [http://localhost:8000/favicons/apple-icon-114x114.png](http://localhost:8000/favicons/apple-icon-114x114.png) 
		- [http://localhost:8000/favicons/apple-icon-76x76.png](http://localhost:8000/favicons/apple-icon-76x76.png) 
		- [http://localhost:8000](http://localhost:8000) 
		- .. 
	- **Content Security Policy (CSP) Header Not Set** [10038] total: 3:  
		- [http://localhost:8000/](http://localhost:8000/) 
		- [http://localhost:8000](http://localhost:8000) 
		- [http://localhost:8000/sitemap.xml](http://localhost:8000/sitemap.xml) 
	- **Cookie without SameSite Attribute** [10054] total: 2:  
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 
	- **X-Frame-Options Header Not Set** [10020] total: 3:  
		- [http://localhost:8000](http://localhost:8000) 
		- [http://localhost:8000/](http://localhost:8000/) 
		- [http://localhost:8000/sitemap.xml](http://localhost:8000/sitemap.xml) 
	- **Server Leaks Version Information via "Server" HTTP Response Header Field** [10036] total: 11:  
		- [http://localhost:8000/favicons/apple-icon-120x120.png](http://localhost:8000/favicons/apple-icon-120x120.png) 
		- [http://localhost:8000/](http://localhost:8000/) 
		- [http://localhost:8000/favicons/apple-icon-57x57.png](http://localhost:8000/favicons/apple-icon-57x57.png) 
		- [http://localhost:8000](http://localhost:8000) 
		- [http://localhost:8000/robots.txt](http://localhost:8000/robots.txt) 
		- .. 
	- **Information Disclosure - Suspicious Comments** [10027] total: 12:  
		- [http://localhost:8000/assets/vendor/bootstrap/js/bootstrap.bundle.min.js](http://localhost:8000/assets/vendor/bootstrap/js/bootstrap.bundle.min.js) 
		- [http://localhost:8000/vendor/chartjs/Chart.bundle.min.js](http://localhost:8000/vendor/chartjs/Chart.bundle.min.js) 
		- [http://localhost:8000/vendor/perfect-scrollbar/perfect-scrollbar.js](http://localhost:8000/vendor/perfect-scrollbar/perfect-scrollbar.js) 
		- [http://localhost:8000/assets/vendor/jquery/jquery.min.js](http://localhost:8000/assets/vendor/jquery/jquery.min.js) 
		- [http://localhost:8000/vendor/perfect-scrollbar/perfect-scrollbar.js](http://localhost:8000/vendor/perfect-scrollbar/perfect-scrollbar.js) 
		- .. 
	- **Cloud Metadata Potentially Exposed** [90034] total: 1:  
		- [http://localhost:8000/latest/meta-data/](http://localhost:8000/latest/meta-data/) 
	- **Hidden File Found** [40035] total: 2:  
		- [http://localhost:8000/.git/config](http://localhost:8000/.git/config) 
		- [http://localhost:8000/.svn/entries](http://localhost:8000/.svn/entries) 
	- **Timestamp Disclosure - Unix** [10096] total: 15:  
		- [http://localhost:8000/static/js/2.edd1bc10.chunk.js](http://localhost:8000/static/js/2.edd1bc10.chunk.js) 
		- [http://localhost:8000/static/js/2.edd1bc10.chunk.js](http://localhost:8000/static/js/2.edd1bc10.chunk.js) 
		- [http://localhost:8000/static/js/2.edd1bc10.chunk.js](http://localhost:8000/static/js/2.edd1bc10.chunk.js) 
		- [http://localhost:8000/static/js/2.edd1bc10.chunk.js](http://localhost:8000/static/js/2.edd1bc10.chunk.js) 
		- [http://localhost:8000/static/js/2.edd1bc10.chunk.js](http://localhost:8000/static/js/2.edd1bc10.chunk.js) 
		- .. 
	- **Cookie No HttpOnly Flag** [10010] total: 2:  
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 
	- **Loosely Scoped Cookie** [90033] total: 1:  
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 
	- **Vulnerable JS Library** [10003] total: 3:  
		- [http://localhost:8000/assets/vendor/jquery/jquery.min.js](http://localhost:8000/assets/vendor/jquery/jquery.min.js) 
		- [http://localhost:8000/vendor/bootstrap-4.1/bootstrap.min.js](http://localhost:8000/vendor/bootstrap-4.1/bootstrap.min.js) 
		- [http://localhost:8000/vendor/jquery-3.2.1.min.js](http://localhost:8000/vendor/jquery-3.2.1.min.js) 
	- **.htaccess Information Leak** [40032] total: 1:  
		- [http://localhost:8000/.htaccess](http://localhost:8000/.htaccess) 
	- **Cross-Domain Misconfiguration** [10098] total: 1:  
		- [http://localhost:8000/api/config](http://localhost:8000/api/config) 



View the [following link](https://github.com/wehackpurple/brokencrystals/actions/runs/1285060683) to download the report.
RunnerID:1285060683

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ZAP Full Scan Report #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ZAP Full Scan Report #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions