Scan Report for https://www.aspyx.com/

Overall Scan Score: 37.66%

Low Risk

Minor security issues present; overall, the site is reasonably secure.

Vulnerabilities results

No Vulnerabilities found!

Website security results

Cookie 'PHPSESSID' is missing the 'HttpOnly' attribute.
Cookie 'PHPSESSID' is missing the 'SameSite' attribute.
general:
advanced:
SSL:
- SSL
- Certificate valid until 2025-10-19 23:59:59, issued by Sectigo RSA Domain Validation Secure Server CA.
DNS:
- A Record:
  - - host: aspyx.com
    - class: IN
    - ttl: 3600
    - type: A
    - ip: 66.29.132.53
- MX Record:
  - - host: aspyx.com
    - class: IN
    - ttl: 1200
    - type: MX
    - pri: 10
    - target: mx2.privateemail.com
  - - host: aspyx.com
    - class: IN
    - ttl: 1200
    - type: MX
    - pri: 10
    - target: mx1.privateemail.com
- NS Record:
  - - host: aspyx.com
    - class: IN
    - ttl: 3600
    - type: NS
    - target: dns1.namecheaphosting.com
  - - host: aspyx.com
    - class: IN
    - ttl: 3600
    - type: NS
    - target: dns2.namecheaphosting.com
phishing: No phishing signs detected.

API Scan Results

ApiDocs:
- API documentation
- No detected
ShadowApis:
- - https://www.aspyx.com//api/internal/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/v1/debug/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/admin/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/hidden/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/test/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/staging/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/qa/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/backup/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/api-docs/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/swagger-ui/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/v1/internal/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/v1/private/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/dev/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/sandbox/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/demo/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/old/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/unused/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/archive/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/temp/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/beta/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/custom/endpoint/
  - Potential Shadow API detected
- - https://www.aspyx.com//api/hidden/api/
  - Potential Shadow API detected
InsecureEndpoints:
Authentication:
- - Weak authentication detected. Token
  - Bearer invalid-token
- - Weak authentication detected. Token
  - Basic invalid-credentials
- - Weak authentication detected. Token
  - ApiKey invalid-key
Authentication2:
RateLimiting:
- - Rate Limiting
  - No rate limiting detected
SQLiTest:
- Injection Test SQLi
- No vulnerabilities detected
XSSTest:
- Injection Test XSS
- No vulnerabilities detected
RCETest:
- Injection Test RCE
- No vulnerabilities detected
OutputEncoding:
- - Output Encoding
  - Response is not valid JSON
DynamicEndpoints:
- Dynamic Endpoint Detection
- Not yet implemented

CSR Results

url: https://www.aspyx.com/
PCIDSS: The site may not be PCI DSS compliant.
ISO27001: The site may not align with ISO/IEC 27001 principles.
GDPR: The site is not GDPR compliant.

Header Results

Missing Content-Security-Policy header.
Missing X-Frame-Options header.
Missing Strict-Transport-Security header.
Missing X-Content-Type-Options header.
Missing Referrer-Policy header.

RSM Report

robots.txt:
- robots.txt not found at https://www.aspyx.com/robots.txt.
sitemap:
- Failed to parse sitemap XML.
- Specification mandates value for attribute defer
- Opening and ending tag mismatch: link line 11 and head
- Opening and ending tag mismatch: br line 53 and h2
- Opening and ending tag mismatch: h2 line 53 and div
- Opening and ending tag mismatch: div line 52 and section
- xmlParseEntityRef: no name
- Specification mandates value for attribute required
- Opening and ending tag mismatch: input line 123 and div
- Opening and ending tag mismatch: form line 122 and section
- Entity 'copy' not defined
- Opening and ending tag mismatch: div line 119 and body
- Opening and ending tag mismatch: section line 118 and html
- Premature end of data in tag section line 51

CJ Results

Missing X-Frame-Options header.
Missing Content-Security-Policy header.

CORDS Results

Missing Access-Control-Allow-Origin header.
Missing Access-Control-Allow-Methods header.
Missing Access-Control-Allow-Headers header.

CMS Results

url: https://www.aspyx.com
CMS: WordPress
issues:
- WordPress version could not be detected. Ensure your version is up to date.
- Plugins directory is accessible: /wp-content/plugins/. May expose vulnerabilities.

Blackklis Results

- 66.29.132.53: Blacklist
53.132.29.66.bl.emailbasura.org Listed
53.132.29.66.dnsbl-3.uceprotect.net Listed
53.132.29.66.spam.spamrats.com Listed

Exented Scan Result

last_effective_url: https://www.aspyx.com/
response_headers:
- url: https://www.aspyx.com/
- content_type: text/html; charset=UTF-8
- http_code: 200
- header_size: 401
- request_size: 107
- filetime: -1
- ssl_verify_result: 0
- redirect_count: 0
- total_time: 0.031468
- namelookup_time: 0.000664
- connect_time: 0.000913
- pretransfer_time: 0.015811
- size_upload: 0
- size_download: 3470
- speed_download: 110270
- speed_upload: 0
- download_content_length: 3470
- upload_content_length: 0
- starttransfer_time: 0.031334
- redirect_time: 0
- redirect_url:
- primary_ip: 66.29.132.53
- certinfo:
- primary_port: 443
- local_ip: 66.29.132.53
- local_port: 34200
- http_version: 3
- protocol: 2
- ssl_verifyresult: 0
- scheme: https
- appconnect_time_us: 15686
- connect_time_us: 913
- namelookup_time_us: 664
- pretransfer_time_us: 15811
- redirect_time_us: 0
- starttransfer_time_us: 31334
- total_time_us: 31468
js_links:
- https://www.aspyx.com//js/script.js
- https://www.google.com/recaptcha/api.js
- https://code.jquery.com/jquery-3.7.0.slim.js
css_links:
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
- https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
- https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css
- https://www.aspyx.com/css/styles.css
img_links:
href_links:
js_analysis:
- - url: https://www.aspyx.com//js/script.js
  - analysis:
    - entropy: 4.9822942663736
    - high_entropy:
    - suspicious_functions:
      - setTimeout
      - setInterval
      - Function
      - innerHTML
      - addEventListener
- - url: https://www.google.com/recaptcha/api.js
  - analysis:
    - entropy: 5.5138575221213
    - high_entropy: 1
    - suspicious_functions:
      - Function
- - url: https://code.jquery.com/jquery-3.7.0.slim.js
  - analysis:
    - entropy: 5.0544337104109
    - high_entropy: 1
    - suspicious_functions:
      - eval
      - setTimeout
      - Function
      - unescape
      - innerHTML
      - fetch
      - addEventListener
      - removeEventListener
      - Object.defineProperty
css_analysis:
- - url: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
  - analysis:
- - url: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
  - analysis:
- - url: https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css
  - analysis:
- - url: https://www.aspyx.com/css/styles.css
  - analysis:
img_analysis:
security_headers:
- Missing Content-Security-Policy header.
- Missing X-Frame-Options header.
- Missing or incorrect X-Content-Type-Options header.
- Missing Strict-Transport-Security header.
- Missing X-XSS-Protection header.
- Missing Referrer-Policy header.
- No cookies found; ensure sensitive data is protected.
behavior:
- Potential Base64 Encoded Code Detected
score:
- value: 37.66
- risk: Low Risk
- desc: Minor security issues present; overall, the site is reasonably secure.

Aspyx Security

Scan Report for https://www.aspyx.com/

Overall Scan Score: 37.66%

Vulnerabilities results

Website security results

API Scan Results

CSR Results

Header Results

RSM Report

CJ Results

CORDS Results

CMS Results

Blackklis Results

Exented Scan Result

Output Encoding Results

Rate Limit Results

SQL Injection Results

XSS Injection Results

RCE Injection Results