Código 5.12–Exemplo de criação de nova CA
5.3 Teste de penetração
6.2.6 Avaliar outras combinações de plataformas de hardware
Apesar de bem fundamentada, a escolha do conjunto Raspberry Pi + TPM foi uma decisão de projeto e não é a única opção existente. Outras combinações podem ser avaliadas, como a utilização de uma BeagleBoard (83), Banana Pi (84) ou mesmo PandaBoard (85), como plataforma principal, assistida por um smartcards ou token criptográfico, como dispositivo seguro, por exemplo.
REFERÊNCIAS
1 SHIREY, R. Rfc 2828: Internet security glossary. The Internet Society, 2000. Citado 3 vezes nas páginas 16, 20e 21.
2 FORCE, I. E. T. Public-Key Infrastructure (X.509) (pkix). 2014. Disponível em: <http://datatracker.ietf.org/wg/pkix>. Citado 2 vezes nas páginas 16e 23.
3 ITU-T. Recommendation x.509: Information technology - open systems interconnection - the directory: Authentication framework. ITU-T Recommendations - X Series, jun 1997.
Citado 2 vezes nas páginas 16 e21.
4 DIERKS, T. The transport layer security (tls) protocol version 1.2. 2008. Citado na página 16.
5 SECFUNET - Security for Future Networks. 2014. Disponível em: <http: //www.secfunet.eu>. Citado na página 16.
6 PRIMEKEY PKI Appliance. 2014. Disponível em: <https://www.primekey.se/ Products/EJBCA+PKI/PKI+Appliance/>. Citado na página 16.
7 COMMERCIAL Proposal (Rev. 01) For Sansay Session Border Controller for Telefonica With optional Hosted Class 5 Services. 2014. Disponível em: <http: //comspheretel.com/wp-content/uploads/2013/04/Proposal-to-Telefonica1.2.pdf>. Citado na página 17.
8 ORDER confirmation. 2014. Disponível em: <http://www.pitc.gov.ph//noas/ 2012-080%20OC%20-%20Primekey.pdf>. Citado na página 17.
9 FOUNDATION, R. P. Raspberry Pi. 2014. Disponível em: <http://www.raspberrypi. org>. Citado 2 vezes nas páginas 18e 51.
10 GROUP, T. C. 2014. Citado 2 vezes nas páginas 18e 32.
11 DIFFIE, W.; HELLMAN, M. E. New directions in cryptography. Information Theory,
IEEE Transactions on, IEEE, v. 22, n. 6, p. 644–654, 1976. Citado na página 19. 12 RIVEST, R. L.; SHAMIR, A.; ADLEMAN, L. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, ACM, v. 21, n. 2, p. 120–126, 1978. Citado na página 19.
13 PAILLIER, P. Public-key cryptosystems based on composite degree residuosity classes. In: SPRINGER. Advances in cryptology—EUROCRYPT’99. [S.l.], 1999. p. 223–238. Citado na página 19.
14 ELGAMAL, T. A public key cryptosystem and a signature scheme based on discrete logarithms. In: SPRINGER. Advances in Cryptology. [S.l.], 1985. p. 10–18. Citado na página 19.
15 CRAMER, R.; SHOUP, V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: SPRINGER. Advances in Cryptology—CRYPTO’98. [S.l.], 1998. p. 13–25. Citado na página 19.
16 MERKLE, R.; HELLMAN, M. E. Hiding information and signatures in trapdoor knapsacks. Information Theory, IEEE Transactions on, IEEE, v. 24, n. 5, p. 525–530, 1978. Citado na página 19.
17 FORD, W.; BAUM, M. S. Secure electronic commerce: building the infrastructure for
digital signatures and encryption. [S.l.]: Prentice Hall PTR, 2000. Citado na página 19. 18 OPPLIGER, R. Security technologies for the world wide web. [S.l.]: Artech House, 2003. Citado na página 20.
19 LOPEZ, J.; OPPLIGER, R.; PERNUL, G. Classifying public key certificates. In:
Public Key Infrastructure. [S.l.]: Springer, 2005. p. 135–143. Citado na página 20. 20 CHOKHANI, S. et al. Rfc 3647: Internet x. 509 public key infrastructure certificate policy and certification practices framework. Obsoletes RFC2527, nov 2003. Citado na página 21.
21 SECTOR, I. T. S. 2014. Citado na página 21.
22 JR, B. S. K.; CITY, C. R. A layman’s guide to a subset of asn. 1, ber, and der. RSA
Data Security, Inc., Redwood City, CA, 1991. Citado na página 21.
23 GROUP, N. W. et al. Internet x. 509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC5280, 2008. Citado 3 vezes nas páginas 22, 31 e 73.
24 MAURER, U. Modelling a public-key infrastructure. In: SPRINGER. Computer
Security—ESORICS 96. [S.l.], 1996. p. 325–350. Citado na página23.
25 GALPERIN, S. et al. X. 509 internet public key infrastructure online certificate status protocol - ocsp. 2013. Citado na página 24.
26 BRASIL. Medida provisória no 2.200-2, de 24 de agosto de 2001. institui a
infra-estrutura de chaves públicas brasileira - icp-brasil, transforma o instituto nacional de tecnologia da informação em autarquia, e dá outras providências. Diário Oficial [da
República Federativa do Brasil], v. 164, p. 65, ago. 2001. ISSN: 1415-1537. Citado na
página 25.
27 ICP-BRASIL, C. G. da. DOC-ICP-04: Requisitos mínimos para as políticas de
certificado na ICP-Brasil. v5.3. [S.l.], 2014. Citado 2 vezes nas páginas 28 e30.
28 COMITê GESTOR DA ICP-BRASIL. DOC-ICP-06: Diretrizes da política tarifária
da autoridade certificadora raiz da ICP-Brasil. v3.0. [S.l.], 2008. Citado na página 28. 29 ICP-BRASIL, C. G. da. DOC-ICP-01.01: Padrões e algoritmos criptográficos da
ICP-Brasil. v2.5. [S.l.], 2014. Citado na página 29.
30 SCHNEIER, B. Applied cryptography: protocols, algorithms, and source code in C. [S.l.]: John Wiley & Sons, 2007. Citado na página 29.
31 PUB, N. F. 197: Advanced encryption standard (aes). Federal Information Processing
32 DWORKIN, M. J. Sp 800-38d. recommendation for block cipher modes of operation: Galois/counter mode (gcm) and gmac. National Institute of Standards & Technology, 2007. Citado na página 29.
33 COMITê GESTOR DA ICP-BRASIL. DOC-ICP-01: Declaração de práticas de
certificação da autoridade certificadora raiz da ICP-Brasil. v4.3. [S.l.], 2013. Citado na
página 30.
34 INFORMATION, T. Abstract syntax notation one (asn.1): Specification of basic notation, itu-t recommendation x.680. International Telecommunication Union, 1997. Citado na página 31.
35 NETWORK, D. Open system communications, directory: Information
technology—open systems interconnection—the directory: Overview of concepts, models, and services, itu-t recommendation x.500. International Telecommunication Union, 1993. Citado na página 31.
36 TRUSTED COMPUTING GROUP. TCG TPM Specification Version 1.2 - Part 3
Commands. [S.l.], 2005. Citado na página 32.
37 CRITERIA, C. Trusted Computing Group (TCG) Personal Computer (PC) Specific
Trusted Building Block (TBB) Protection Profile and TCG PC Specific TBB With Maintenance Protection Profile. [S.l.]. Citado na página 32.
38 TRUSTED COMPUTING GROUP. TCG TPM Specification Version 1.2 - Part 1
Design Principles. [S.l.], 2005. Citado na página 32.
39 FIPS, P. 180-1. secure hash standard. National Institute of Standards and Technology, v. 17, 1995. Citado na página32.
40 TRUSTED COMPUTING GROUP. TCG PC Specific Implementation Specification. [S.l.], 2005. Citado na página 32.
41 SAILER, R. et al. Design and implementation of a tcg-based integrity measurement architecture. In: USENIX Security Symposium. [S.l.: s.n.], 2004. v. 13, p. 223–238. Citado na página 33.
42 AL-RIYAMI, S. S.; PATERSON, K. G. Certificateless public key cryptography. In:
Advances in Cryptology-ASIACRYPT 2003. [S.l.]: Springer, 2003. p. 452–473. Citado na
página 34.
43 GENTRY, C. Certificate-based encryption and the certificate revocation problem. In:
Advances in Cryptology—EUROCRYPT 2003. [S.l.]: Springer, 2003. p. 272–293. Citado
na página 34.
44 SHAMIR, A. Identity-based cryptosystems and signature schemes. In: SPRINGER.
Advances in cryptology. [S.l.], 1985. p. 47–53. Citado na página 34.
45 GIRAULT, M. Self-certified public keys. In: SPRINGER. Advances in
Cryptology—EUROCRYPT’91. [S.l.], 1991. p. 490–497. Citado na página 34.
46 ZHAO, S.; AGGARWAL, A.; KENT, R. D. Pki-based authentication mechanisms in grid systems. In: IEEE. Networking, Architecture, and Storage, 2007. NAS 2007.
47 AMIN, K. et al. Ad hoc grid security infrastructure. In: IEEE COMPUTER SOCIETY. Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing. [S.l.], 2005. p. 69–76. Citado na página 34.
48 URIEN, P.; MARIE, E.; KIENNERT, C. An innovative solution for cloud computing authentication: Grids of eap-tls smart cards. In: IEEE. Digital Telecommunications
(ICDT), 2010 Fifth International Conference on. [S.l.], 2010. p. 22–27. Citado 2 vezes
nas páginas 34 e35.
49 AHSANT, M. et al. Dynamic trust federation in grids. In: Trust Management. [S.l.]: Springer, 2006. p. 3–18. Citado na página 34.
50 BERKET, K.; ESSIARI, A.; MURATAS, A. Pki-based security for peer-to-peer information sharing. In: IEEE. Peer-to-Peer Computing, 2004. Proceedings. Proceedings.
Fourth International Conference on. [S.l.], 2004. p. 45–52. Citado na página 34. 51 HASSINEN, M.; HYPPÖNEN, K.; HAATAJA, K. An open, pki-based mobile payment system. In: Emerging Trends in Information and Communication Security. [S.l.]: Springer, 2006. p. 86–100. Citado na página 35.
52 URIEN, P.; DANDJINOU, M. Introducing smartcard enabled radius server. In: IEEE.
Collaborative Technologies and Systems, 2006. CTS 2006. International Symposium on.
[S.l.], 2006. p. 74–80. Citado na página 35.
53 TORRES, J. et al. Towards self-authenticable smart cards. Computer communications, Elsevier, v. 29, n. 15, p. 2781–2787, 2006. Citado na página 35.
54 PROJECT, T. O. OpenSSL: Documents, Misc. 2013. Disponível em: <https: //www.openssl.org/docs>. Citado na página 35.
55 HOLEK, S. H. Component CA Configuration File. 2014. Disponível em:
<http://pki-tutorial.readthedocs.org/en/latest/expert/component-ca.conf.html>. Citado na página 37.
56 RSA LABORATORIES. PKCS# 12 v1.0: Personal Information Exchange Syntax. [S.l.], 1999. Citado na página 42.
57 HOUSLEY, R.; HOFFMAN, P. Internet x. 509 public key infrastructure operational protocols: Ftp and http. 1999. Citado 5 vezes nas páginas 43,64, 65, 66e 71.
58 LABS, O. R. OpenCA Research Labs. 2014. Disponível em: <https://pki.openca.org>. Citado na página 43.
59 CORPORATION, S. Symantec Managed PKI Service. 2014. Disponível em: <http://www.symantec.com/managed-pki-service>. Citado na página 43.
60 GROUP, I. C. Certificate Manager for Secure SSL Certificate Administration. 2014. Disponível em: <http://www.comodo.com/business-security/pki-management/ certificate-manager.php>. Citado na página 43.
61 SOLUTIONS, C. S. Certificate Management System (CMS). 2014. Disponível em: <http://www.css-security.com/software/certificate-management-system-cms>. Citado
62 ICP-BRASIL, C. G. da. DOC-ICP-05: Requisitos mínimos para as declarações de
práticas de certificação das autoridades certificadoras da ICP-Brasil. v3.7. [S.l.], 2013.
Citado na página 45.
63 ABRAHAM, D. G. et al. Transaction security system. IBM Systems Journal, IBM, v. 30, n. 2, p. 206–229, 1991. Citado na página 49.
64 RUTKOWSKA, J. Why do I miss Microsoft BitLocker. 2009. Citado na página 49. 65 CORPORATION, B. High Definition 1080p Embedded Multimedia Applications
Processor - BCM2835. 2014. Disponível em: <http://www.broadcom.com/products/ BCM2835>. Citado na página 51.
66 INC., A. ARM11 Processor Family. 2014. Disponível em: <http://www.arm.com/ products/processors/classic/arm11/index.php>. Citado na página 51.
67 PROJECT, R. FrontPage - Raspbian. 2014. Disponível em: <http://www.raspbian. org>. Citado na página 52.
68 TECHNOLOGIES, I. Embedded TPM. 2014. Disponível em: <http://www.infineon. com/cms/en/product/security-ic/trusted-computing/embedded-tpm/channel.html? channel=db3a30434422e00e01442555a5f713f5>. Citado na página 52.
69 CORPORATION, A. SAMA5D3 ARM Cortex-A5 Microprocessors. 2014. Disponível em: <http://www.atmel.com/products/microcontrollers/arm/sama5d3.aspx>. Citado na página 52.
70 STMICROELECTRONICS. ST33F1M - 32bit ARM SC300 secure core
with SWP, SPI interfaces and Nescrypt cryptoprocessor. 2014. Disponível em:
<http://www.st.com/web/catalog/mmc/FM143/SC1282/PF215291>. Citado na página 52.
71 CORPORATION, A. Atmel CryptoAuthentication. 2014. Disponível em:
<http://www.atmel.com/products/security-ics/cryptoauthentication/default.aspx>. Citado na página 52.
72 TCG, P. Client specific tpm interface specification (tis) version 1.2. Trusted Computing
Group, 2005. Citado na página 53.
73 SCHELLEKENS, D. Design and Analysis of Trusted Computing Platforms. Tese (Doutorado) — Technische Universität Darmstadt, 2012. Citado na página 53.
74 FIELDING, R. T. Architectural styles and the design of network-based software
architectures. Tese (Doutorado) — University of California, Irvine, 2000. Citado na
página 54.
75 RONACHER, A. Flask - A Python Microframework. 2014. Disponível em: <http://flask.pocoo.org>. Citado na página 56.
76 HAERING, G. pysqlite 2.6.0 documentation. 2014. Disponível em: <https: //pysqlite.readthedocs.org/en/latest/sqlite3.html>. Citado na página 56.
77 CALDERONE, J.-P. pyOpenSSL 0.14 documentation. 2014. Disponível em: <https://pyopenssl.readthedocs.org/en/latest/>. Citado na página 56.
78 SQLALCHEMY. SQLAlchemy - The Database Toolkit for Python. 2014. Disponível em: <http://www.sqlalchemy.org>. Citado na página 56.
79 W3C. World Wide Web Consortium (W3C). 2014. Disponível em: <http: //www.w3.org>. Citado na página 57.
80 DEBIAN - Security Information - DSA-2894-1 openssh. 2014. Disponível em: <https://www.debian.org/security/2014/dsa-2894>. Citado na página 77.
81 NGINX security advisories. 2014. Disponível em: <http://nginx.org/en/security_ advisories.html>. Citado na página 77.
82 ISO/IEC. Iso/iec 18028-3: Information technology - security techniques - it network security - part 3: Securing communications between networks using security gateways. ISO/IEC, 2005. Citado na página 77.
83 BEAGLEBOARD.ORG. 2014. Disponível em: <http://beagleboard.org>. Citado na página 81.
84 PI, B. Banana Pi - A Highend Single-Board Computer. 2014. Disponível em: <http://www.bananapi.org>. Citado na página 81.
APÊNDICE A – TESTE DE
PENETRAÇÃO - AQUISIÇÃO DE
Nmap Scan Report - Scanned at Mon Nov 3 08:08:55 2014
Scan Summary
Nmap 6.46 was initiated at Mon Nov 3 08:08:55 2014 Verbosity: 1; Debug level 0
Nmap done at Mon Nov 3 08:09:04 2014; 1 IP address (1 host up) scanned in 9.56 seconds
192.168.3.51(online) Address
192.168.3.51 (ipv4)
B8:27:EB:B2:A2:AF - Raspberry Pi Foundation (mac)
Ports
The 997 ports scanned but not shown below are in state: closed 997 ports replied with: resets
Port State Service Reason Product Version Extra info
22 tcp open ssh syn-ack OpenSSH 6.0p1 Debian 4+deb7u1 protocol 2.0
ssh- hostkey
1024 2a:5f:41:64:de:c9:07:3e:59:7c:34:43:be:05:84:b1 (DSA) 2048 aa:62:21:23:7a:5f:26:e1:bd:e3:9e:c8:db:bf:c1:63 (RSA) 256 e4:e3:7d:ef:5f:cf:91:e6:89:25:02:a1:a0:48:ce:e6 (ECDSA)
80 tcp open http syn-ack nginx 1.2.1
http-
favicon Unknown favicon MD5: 5B6D74F1453E20C09D6A20D909779AD7 http-
methods No Allow or Public header in OPTIONS response (status code 405) http-
title Welcome to nginx!
443 tcp open http syn-ack nginx 1.2.1
http-
methods No Allow or Public header in OPTIONS response (status code 400) http-
title 400 The plain HTTP request was sent to HTTPS port
ssl-cert
Subject: commonName=upki.cin.ufpe.br/organizationName=UFPE - GPRT/stateOrProvinceName=Pernambuco/countryName=BR
Issuer: commonName=uPKI Root Certification Authority/organizationName=UFPE - GPRT/stateOrProvinceName=Pernambuco/countryName=BR Public Key type: rsa
Public Key bits: 4096
Not valid before: 2014-10-31T00:31:12+00:00 Not valid after: 2042-03-17T00:31:12+00:00 MD5: a6d5 1312 3b1b 03ef 04ea 63c4 e5f0 09a4
SHA-1: f641 ed65 a38a 0e01 0e4c 8418 9523 2318 04d4 94bf ssl-date 2014-11-03T13:09:18+00:00; +14s from local time.
Misc Metrics
Metric Value
APÊNDICE B – TESTE DE
PENETRAÇÃO - AQUISIÇÃO DE
INFORMAÇÕES SOBRE
SERVIÇOS WEB
Nmap Scan Report - Scanned at Mon Nov 3 08:10:13 2014
Scan Summary
Nmap 6.46 was initiated at Mon Nov 3 08:10:13 2014 Verbosity: 0; Debug level 0
Nmap done at Mon Nov 3 09:15:25 2014; 1 IP address (1 host up) scanned in 3911.81 seconds
Pre-Scan Script Output
Script Name Output
http-icloud-findmyiphone ERROR: No username or password was supplied http-icloud-sendmsg ERROR: No username or password was supplied
http-virustotal ERROR: An API key is required in order to use this script (see description)
192.168.3.51(online) Address
192.168.3.51 (ipv4)
B8:27:EB:B2:A2:AF - Raspberry Pi Foundation (mac)
Ports
Port State Service Reason Product Version Extra info
80 tcp open http syn-ack
http-brute Path "/" does not require authentication http-cakephp-
version false
http-chrono Request times for /; avg: 3129.97ms; min: 1752.42ms; max: 5908.82ms http-
comments- displayer
Couldn't find any comments. http-config-
backup ERROR: Script execution failed (use -d to debug) http-csrf Couldn't find any CSRF vulnerabilities.
http-date Mon, 03 Nov 2014 14:12:11 GMT; +1h01m57s from local time. http-
devframework ERROR: Script execution failed (use -d to debug) http-
dombased- xss
Couldn't find any DOM based XSS. http-domino-
enum- passwords
ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password) http-drupal-
modules
http-errors Couldn't find any error pages.
http-favicon Unknown favicon MD5: 5B6D74F1453E20C09D6A20D909779AD7 http-feed Couldn't find any feeds.
http- fileupload- exploiter http-form-
brute ERROR: No passvar was specified (see http-form-brute.passvar) http-
frontpage- login false http-google-
malware [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api http-grep ERROR: Argument http-grep.match was not set
http-headers
Server: nginx/1.2.1
Date: Mon, 03 Nov 2014 14:11:44 GMT Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 04 Oct 2004 15:04:06 GMT Connection: close
Accept-Ranges: bytes
(Request type: HEAD)
http-huawei- hg5xx-vuln false
http-iis- webdav-vuln
ERROR: This web server is not supported. http-
majordomo2- dir-traversal
ERROR: Script execution failed (use -d to debug) http-malware-
host false
http-methods No Allow or Public header in OPTIONS response (status code 405) http-
mobileversion- checker
No mobile version detected. http-referer-
checker Couldn't find any cross-domain scripts.
http-sitemap- generator
Directory structure: /
Other: 1
Longest directory structure: Depth: 0
Dir: /
Total files found (by extension): Other: 1
http-slowloris false http-stored-
xss Couldn't find any stored XSS vulnerabilities. http-title Welcome to nginx!
http-
traceroute Possible reverse proxy detected.
http- useragent- tester
Allowed User Agents: libwww lwp-trivial libcurl-agent/1.0 PHP/ Python-urllib/2.5 GT::WWW Snoopy MFC_Tear_Sample HTTP::Lite PHPCrawl URI::Fetch Zend_Http_Client http client PECL::HTTP Wget/1.13.4 (linux-gnu) WWW-Mechanize/1.34
http-vhosts 127 names had status 200 http-vuln- cve2010- 0738 false http-vuln- cve2011- 3192 VULNERABLE:
Apache byterange filter DoS State: VULNERABLE
IDs: OSVDB:74721 CVE:CVE-2011-3192 Description:
The Apache web server is vulnerable to a denial of service attack when numerous overlapping byte ranges are requested.
Disclosure date: 2011-08-19 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 http://seclists.org/fulldisclosure/2011/Aug/175 http://nessus.org/plugins/index.php?view=single&id=55976 http://osvdb.org/74721 http-vuln- cve2011- 3368
ERROR: Got no answers from pipelined queries http-waf-
detect [ERROR] HTTP request table is empty. This should not ever happen because we at least made one request.
http- wordpress- plugins
nothing found amongst the 100 most popular plugins, use --script-args http-wordpress-plugins.search=<number|all> for deeper analysis)
443 tcp open https syn-ack nginx/1.2.1 http-brute Path "/" does not require authentication
http-chrono Request times for /; avg: 5198.72ms; min: 2461.33ms; max: 11169.08ms http-
comments-
displayer Couldn't find any comments.
http-csrf Couldn't find any CSRF vulnerabilities.
http-date Mon, 03 Nov 2014 13:10:37 GMT; +23s from local time. http-
devframework ERROR: Script execution failed (use -d to debug) http-
dombased- xss
Couldn't find any DOM based XSS. http-domino-
enum- passwords
ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password) http-errors Couldn't find any error pages.
http-feed Couldn't find any feeds. http-
fileupload- exploiter http-form-
brute ERROR: No passvar was specified (see http-form-brute.passvar) http-
frontpage- login
false http-google-
malware [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api http-grep ERROR: Argument http-grep.match was not set
http-headers
Server: nginx/1.2.1
Date: Mon, 03 Nov 2014 13:40:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 13
Connection: close
(Request type: HEAD)
http-iis-
webdav-vuln ERROR: This web server is not supported. http-malware-
host
ERROR: Script execution failed (use -d to debug)
http-methods HEAD OPTIONS GET http-
mobileversion-
checker No mobile version detected. http-referer-
checker Couldn't find any cross-domain scripts.
http-server- header
Software version grabbed from Server header. Consider submitting a service fingerprint. Run with --script-args http-server-header.skip
http-sitemap- generator
Directory structure: /
Other: 1
Longest directory structure: Depth: 0
Dir: /
Total files found (by extension): Other: 1
http-slowloris false http-stored-
xss Couldn't find any stored XSS vulnerabilities. http-title Site doesn't have a title (text/html; charset=utf-8).
Allowed User Agents: libwww
http- useragent- tester libcurl-agent/1.0 PHP/ Python-urllib/2.5 GT::WWW Snoopy MFC_Tear_Sample HTTP::Lite PHPCrawl URI::Fetch Zend_Http_Client http client PECL::HTTP Wget/1.13.4 (linux-gnu) WWW-Mechanize/1.34
http-vhosts 22 names had status 400105 names had status 200 http-vuln-
cve2011-
3368 ERROR: Got no answers from pipelined queries
http-waf- detect
IDS/IPS/WAF detected:
192.168.3.51:443/?p4yl04d3=<script>alert(document.cookie)</script>
http-xssed No previously reported XSS vuln.
Misc Metrics
Metric Value