Skip to main content

How Invicti reports vulnerabilities

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

Invicti provides comprehensive vulnerability reporting by utilizing a wide range of security checks available in a scan policy.

A scan policy serves as a collection of web application security scan settings. By attaching a scan policy, you can specify the security tests to be run.

Invicti incorporates an extensive library of thousands of built-in security checks, which have been developed over the course of more than a decade of continuous security research and refinement. This ensures maximum coverage and accuracy in identifying potential vulnerabilities.

Within a scan policy, you can access these security checks. While the default security checks in the Default Scan Policy cannot be modified or removed, you have the flexibility to disable irrelevant security checks when configuring a new scan policy. This customization allows you to focus on the vulnerabilities that are most pertinent to your specific environment.

To aid in understanding the relationship between security checks and vulnerabilities, the following table provides a list of security checks and the corresponding vulnerabilities they report when selected.

Apache Struts RCE

Apache Struts S2-045 RCE
  • [Possible] Code Evaluation (Apache Struts) S2-045
  • Code Evaluation (Apache Struts) S2-045
Apache Struts S2-046 RCE
  • [Possible] Code Evaluation (Apache Struts) S2-046
  • Code Evaluation (Apache Struts) S2-046

Code Evaluation

Code Evaluation
  • [Possible] Code Evaluation (Apache Struts S02-53)
  • [Possible] Code Evaluation (Apache Struts)
  • [Possible] Code Evaluation (Apache Struts) S2-016
  • [Possible] Code Evaluation (ASP)
  • [Possible] Code Evaluation (Node.js)
  • [Possible] Code Evaluation (Perl)
  • [Possible] Code Evaluation (PHP)
  • [Possible] Code Evaluation (Python)
  • [Possible] Code Evaluation (Ruby)
  • Code Evaluation (Apache Struts S02-53)
  • Code Evaluation (Apache Struts)
  • Code Evaluation (Apache Struts) S2-016
  • Code Evaluation (ASP)
  • Code Evaluation (Node.js)
  • Code Evaluation (Perl)
  • Code Evaluation (PHP)
  • Code Evaluation (Python)
  • Code Evaluation (Ruby)
Code Evaluation (IAST)
  • Code Evaluation (PHP) – IAST
Code Evaluation (Out of Band)
  • [Possible] Out of Band Code Evaluation (Apache Struts 2)
  • [Possible] Out of Band Command Injection
  • Out of Band Code Evaluation (Apache Struts 2) S2-053
  • Out of Band Code Evaluation (ASP)
  • Out of Band Code Evaluation (Node.js)
  • Out of Band Code Evaluation (Perl)
  • Out of Band Code Evaluation (PHP)
  • Out of Band Code Evaluation (Python)
  • Out of Band Code Evaluation (RoR – JSON)
  • Out of Band Code Evaluation (RoR)
  • Out of Band Code Evaluation (Ruby)
  • Out of Band Code Execution via SSTI
  • Out of Band Code Execution via SSTI (Java FreeMarker)
  • Out of Band Code Execution via SSTI (Java Velocity)
  • Out of Band Code Execution via SSTI (Node.js Dot)
  • Out of Band Code Execution via SSTI (Node.js EJS)
  • Out of Band Code Execution via SSTI (Node.js Marko)
  • Out of Band Code Execution via SSTI (Node.js Nunjucks)
Log4j Code Evaluation (Out of Band)
  • Out of Band Code Evaluation (Log4j)
Server-Side Template Injection
  • [Possible] Code Execution via SSTI
  • [Possible] Code Execution via SSTI (ASP.NET Razor)
  • [Possible] Code Execution via SSTI (Java FreeMarker)
  • [Possible] Code Execution via SSTI (Java Pebble)
  • [Possible] Code Execution via SSTI (Java Velocity)
  • [Possible] Code Execution via SSTI (JinJava)
  • [Possible] Code Execution via SSTI (Node.js Dot)
  • [Possible] Code Execution via SSTI (Node.js EJS)
  • [Possible] Code Execution via SSTI (Node.js Marko)
  • [Possible] Code Execution via SSTI (Node.js Nunjucks)
  • [Possible] Code Execution via SSTI (Node.js Pug (Jade))
  • [Possible] Code Execution via SSTI (PHP Smarty)
  • [Possible] Code Execution via SSTI (PHP Twig)
  • [Possible] Code Execution via SSTI (Python Jinja)
  • [Possible] Code Execution via SSTI (Python Mako)
  • [Possible] Code Execution via SSTI (Python Tornado)
  • [Possible] Code Execution via SSTI (Ruby ERB)
Spring4Shell Remote Code Execution
  • [Possible] Remote Code Execution (Spring4Shell)

Command Injection (CI)

Command Injection
  • [Possible] Command Injection
  • Bash Command Injection Vulnerability (Shellshock Bug)
  • Command Injection
Command Injection (Blind)
  • Blind Command Injection
Command Injection (IAST)
  • Command Injection (IAST)

Cross Site Scripting (XSS)

Cross-site Scripting
  • [Possible] Cross-site Scripting
  • Cross-site Scripting
  • Stored Cross-site Scripting
Cross-site Scripting (Blind)
  • [Possible] Blind Cross-site Scripting
  • Blind Cross-site Scripting
Cross-site Scripting (DOM Based)
  • Base Tag Hijacking
  • Cross-site Scripting (DOM based)
  • Form Hijacking
  • Open Redirection (DOM based)

File Inclusion

Local File Inclusion
  • [Possible] F5 Big-IP Local File Inclusion (CVE-2020-5902)
  • [Possible] Local File Inclusion
  • [Probable] Local File Inclusion
  • Code Evaluation via Local File Inclusion (PHP)
  • F5 Big-IP Local File Inclusion (CVE-2020-5902)
  • Local File Inclusion
  • Ruby on Rails File Content Disclosure (CVE-2019-5418)
Local File Inclusion (IAST)
  • Local File Inclusion (IAST)
Remote File Inclusion
  • [Possible] Remote File Inclusion
  • Remote File Inclusion
Remote File Inclusion (Out of Band)
  • Out of Band Remote File Inclusion

Header Injection

HTTP Header Injection
  • HTTP Header Injection
  • HTTP Header Injection (IAST)
  • Mail Header Injection (IAST)

NoSQL Injection

MongoDB Injection (Blind)
  • Blind MongoDB Injection
MongoDB Injection (Error Based)
  • [Possible] Error-Based MongoDB Injection
  • Error-Based MongoDB Injection

Server-Side Request Forgery (SSRF)

Server-Side Request Forgery (DNS)
  • [Possible] Server-Side Request Forgery
Server-Side Request Forgery (Pattern Based)
  • [Possible] Server-Side Request Forgery (AWS)
  • [Possible] Server-Side Request Forgery (elmah MVC)
  • [Possible] Server-Side Request Forgery (elmah)
  • [Possible] Server-Side Request Forgery (MySQL)
  • [Possible] Server-Side Request Forgery (Oracle Cloud)
  • [Possible] Server-Side Request Forgery (Packet Cloud)
  • [Possible] Server-Side Request Forgery (SSH)
  • [Possible] Server-Side Request Forgery (Time Based)
  • [Possible] Server-Side Request Forgery (trace.axd)
  • Server-Side Request Forgery (AWS)
  • Server-Side Request Forgery (elmah MVC)
  • Server-Side Request Forgery (elmah)
  • Server-Side Request Forgery (trace.axd)

SQL Injection

SQL Injection
  • [Possible] SQL Injection
  • [Probable] SQL Injection
  • Database Detected (HsqlDb)
  • Database Detected (Microsoft Access)
  • Database Detected (Microsoft SQL Server)
  • Database Detected (MongoDB)
  • Database Detected (MySQL)
  • Database Detected (Oracle)
  • Database Detected (PostgreSQL)
  • Database Detected (SQLite)
  • Out-of-date Version (Microsoft SQL Server)
  • Out-of-date Version (MySQL)
  • Out-of-date Version (Oracle)
  • Out-of-date Version (PostgreSQL)
  • Out-of-date Version (SQLite)
SQL Injection (Blind)
  • Blind SQL Injection
SQL Injection (Boolean)
  • Boolean Based SQL Injection
  • Database User Has Admin Privileges
SQL Injection (IAST)
  • SQL Injection (IAST)
SQL Injection (Out of Band)
  • Out of Band SQL Injection

Static Resources

Static Resources (All Paths)
  • .htaccess File Detected
  • [Possible] WS_FTP Log File Detected
  • Apache Multiple Choices Enabled
  • CVS Detected
  • GIT Detected
  • phpinfo() Output Detected
  • Security.txt Detected
  • Sugar CRM Identified
  • SVN Detected
  • swagger.json Detected
  • Trace.axd Detected
  • Travis CI Configuration File Detected
  • Version Disclosure (Jolokia)
  • ZSH History File Detected
Static Resources (Only Root Path)
  • [Possible] AWStats Detected
  • [Possible] Mint Detected
  • [Possible] WP Engine Configuration File Detected
  • Apache Server-Info Detected
  • Apache Server-Status Detected
  • Apple's App-Site Association (AASA) Detected
  • Crossdomain.xml Detected
  • Default Page Detected (Tomcat)
  • Elmah.axd / Errorlog.axd Detected
  • Open Policy Crossdomain.xml Detected
  • Open Silverlight Client Access Policy
  • OpenSearch.xml Detected
  • phpMyAdmin Detected
  • Robots.txt Detected
  • RoR Development Mode Enabled
  • Silverlight Client Access Policy Detected
  • Sitemap Detected
  • Source Code Disclosure (Tomcat)
  • Webalizer Detected

XML External Entity (XXE)

XML External Entity
  • [Possible] XML External Entity Injection
  • XML External Entity Injection
XML External Entity (Out of Band)
  • Out of Band XML External Entity Injection

Arbitrary Files (IAST)

Arbitrary Files (IAST)
  • Arbitrary File Creation Detected
  • Arbitrary File Deletion Detected

BREACH Attack

BREACH Attack
  • [Possible] BREACH Attack Detected

Configuration Analyzer (IAST)

Configuration Analyzer (IAST)
  • ASP.NET Cookieless Authentication Is Enabled
  • ASP.NET Cookieless Session State Is Enabled
  • ASP.NET CustomErrors Is Disabled
  • ASP.NET Debugging Enabled
  • ASP.NET Login Credentials Stored In Plain Text
  • ASP.NET Tracing Is Enabled
  • ASP.NET ValidateRequest Is Globally Disabled
  • ASP.NET ViewStateUserKey Is Not Set
  • ASP.NET: Failure To Require SSL For Authentication Cookies
  • Axis Development Mode Enabled in WEB-INF/server-config.wsdd
  • Axis system configuration listing enabled in WEB-INF/server-config.wsdd
  • Custom Error Pages Are Not Configured in WEB-INF/web.xml
  • Express Development Mode Is Enabled
  • Express express-session Weak Secret Key Detected
  • Java Verb Tampering Via Misconfigured Security Constraint
  • Node.js Web Application does not handle uncaughtException
  • Node.js Web Application does not handle unhandledRejection
  • Overly Long Session Timeout
  • PHP allow_url_fopen Is Enabled
  • PHP allow_url_include Is Enabled
  • PHP display_errors Is Enabled
  • PHP enable_dl Is Enabled
  • PHP open_basedir Is Not Configured
  • PHP register_globals Is Enabled
  • PHP session.use_trans_sid Is Enabled
  • Spring Boot Misconfiguration: Actuator endpoint security disabled
  • Spring Boot Misconfiguration: Developer tools enabled on production
  • Spring Boot Misconfiguration: H2 console enabled
  • Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
  • Spring Boot Misconfiguration: Overly long session timeout
  • Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
  • Spring Boot Misconfiguration: Unsafe value for session tracking
  • Spring Misconfiguration: HTML Escaping disabled
  • Struts 2 Config Browser plugin enabled
  • Struts 2 Development Mode Enabled
  • Unsafe value for session tracking in WEB-INF/web.xml
  • ViewState MAC Disabled

Content Security Policy

Content Security Policy
  • An Unsafe Content Security Policy (CSP) Directive in Use
  • Content Security Policy (CSP) Contains Out of Scope report-uri Domain
  • Content Security Policy (CSP) Keywords Not Used Within Single Quotes
  • Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
  • Content Security Policy (CSP) Nonce Without Matching Script Block
  • Content Security Policy (CSP) Not Implemented
  • Content Security Policy (CSP) report-uri Uses HTTP
  • Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
  • Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
  • data: Used in a Content Security Policy (CSP) Directive
  • default-src Used in Content Security Policy (CSP)
  • Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
  • Incorrect Content Security Policy (CSP) Implementation
  • Insecure Protocol Detected in Content Security Policy (CSP)
  • Invalid Content Security Policy (CSP) Directive Identified in meta Elements
  • Missing object-src in CSP Declaration
  • Multiple Content Security Policy (CSP) Implementation Detected
  • No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
  • Nonce Usage Detected in Content Security Policy (CSP) Directive
  • Scheme URI Detected in Content Security Policy (CSP) Directive
  • Static Nonce Identified in Content Security Policy (CSP)
  • Unsupported Hash Detected in Content Security Policy (CSP)
  • Weak Nonce Detected in Content Security Policy (CSP) Declaration
  • Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
  • Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive
  • Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive

Content-Type Sniffing

Content-Type Sniffing
  • Missing Content-Type Header
Cookie
  • Cookie Not Marked as HttpOnly
  • Cookie Not Marked as Secure
  • SameSite Cookie Not Implemented
  • SameSite None Cookie Not Marked as Secure
  • Session Cookie Not Marked as Secure
  • User Controllable Cookie

Cross Frame Options Security

Cross Frame Options Security
  • Misconfigured X-Frame-Options Header
  • Missing X-Frame-Options Header
  • Multiple Declarations in X-Frame-Options Header

Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS)
  • Misconfigured Access-Control-Allow-Origin Header

Cross-Site Request Forgery

Cross-Site Request Forgery
  • [Possible] Cross-site Request Forgery
  • [Possible] Cross-site Request Forgery in Login Form
  • Cookie Values Used in Anti-CSRF Token

Drupal Remote Code Execution

Drupal Remote Code Execution
  • Drupal Core – Remote Code Execution (CVE-2019-6340)

Expression Language Injection

Expression Language Injection
  • [Possible] Expression Language Injection
  • Expression Language Injection

File Upload

File Upload
  • Code Execution via File Upload
  • Cross-site Scripting via File Upload
  • Unrestricted File Upload

GraphQL Library Detection

GraphQL Library Detection
  • GraphQL Endpoint Detected
  • GraphQL Library Detected (Apollo)
  • GraphQL Library Detected (Ariadne)
  • GraphQL Library Detected (Dgraph)
  • GraphQL Library Detected (Directus)
  • GraphQL Library Detected (GqlGen)
  • GraphQL Library Detected (Graphene)
  • GraphQL Library Detected (GraphQL API for WordPress)
  • GraphQL Library Detected (Graphql-Go)
  • GraphQL Library Detected (graphql-java)
  • GraphQL Library Detected (graphql-php)
  • GraphQL Library Detected (Hasura)
  • GraphQL Library Detected (Juniper)
  • GraphQL Library Detected (Ruby-graphql)
  • GraphQL Library Detected (Sangria)
  • GraphQL Library Detected (Tartiflette)
  • GraphQL Library Detected (WPGraphQL)

Header Analyzer

Header Analyzer
  • Missing X-XSS-Protection Header
  • HTTP Header Injection
  • HTTP Header Injection (IAST)
  • Mail Header Injection (IAST)

Heartbleed

Heartbleed
  • OpenSSL Heartbleed

HSTS

HSTS
  • HTTP Strict Transport Security (HSTS) Errors and Warnings
  • HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
  • HTTP Strict Transport Security (HSTS) Policy Not Enabled
  • HTTP Strict Transport Security (HSTS) via HTTP
  • Insecure HTTP Usage

HTML Content

HTML Content
  • [Possible] Password Transmitted over Query String
  • [Possible] Phishing by Navigating Browser Tabs
  • Autocomplete Enabled (Password Field)
  • Autocomplete is Enabled
  • Critical Form Send to HTTP
  • Critical Form Served over HTTP
  • File Upload Functionality Detected
  • Password Transmitted over HTTP
  • Subresource Integrity (SRI) Hash Invalid
  • Subresource Integrity (SRI) Not Implemented

HTTP Methods

HTTP Methods
  • TRACE/TRACK Method Detected

HTTP Status

HTTP Status
  • Authorization Required
  • Basic Authorization over HTTP
  • Forbidden Resource
  • Internal Server Error
  • Unexpected Redirect Response Body (Too Large)
  • Unexpected Redirect Response Body (Two Responses)
  • Weak Basic Authentication Credentials

HTTP.sys (CVE-2015-1635)

HTTP.sys (CVE-2015-1635)
  • Remote Code Execution and DoS in HTTP.sys (IIS)

IFrame Security

IFrame Security
  • Insecure Frame (External)
  • Misconfigured Frame

Insecure JSONP Endpoint

Insecure JSONP Endpoint
  • [Possible] Insecure JSONP Endpoint

Insecure Reflected Content

Insecure Reflected Content
  • [Possible] Insecure Reflected Content

JavaScript Libraries

JavaScript Libraries
  • Out-of-date Version (AngularJS)
  • Out-of-date Version (axios)
  • Out-of-date Version (Backbone.js)
  • Out-of-date Version (bluebird)
  • Out-of-date Version (Bootbox.js)
  • Out-of-date Version (Bootstrap 3 Date/Time Picker)
  • Out-of-date Version (Bootstrap Toggle)
  • Out-of-date Version (Bootstrap)
  • Out-of-date Version (Chart.js)
  • Out-of-date Version (CKEditor)
  • Out-of-date Version (D3.js)
  • Out-of-date Version (DataTables)
  • Out-of-date Version (DOMPurify)
  • Out-of-date Version (DWR)
  • Out-of-date Version (easyXDM)
  • Out-of-date Version (ef.js)
  • Out-of-date Version (Ember.js)
  • Out-of-date Version (Ext JS)
  • Out-of-date Version (Fabric.js)
  • Out-of-date Version (FancyBox)
  • Out-of-date Version (Fingerprintjs2)
  • Out-of-date Version (Flickity)
  • Out-of-date Version (FooTable)
  • Out-of-date Version (Foundation)

JSON Web Token

JSON Web Token
  • JWT Forgery via Chaining Jku Parameter with Open Redirect
  • JWT Forgery via Path Traversal
  • JWT Forgery via SQL Injection
  • JWT Forgery via unvalidated jku parameter
  • JWT Signature Bypass via None Algorithm
  • JWT Signature is not Verified
  • Weak Secret is Used to Sign JWT

Login Page Identifier

Login Page Identifier
  • [Possible] Login Page Identified

Malware Analyzer

Malware Analyzer
  • Malware Identified

Mixed Content

Mixed Content
  • Active Mixed Content over HTTPS
  • Passive Mixed Content over HTTPS

Open Redirection

Open Redirection
  • Frame Injection
  • Open Redirection
  • Open Redirection in POST method

Oracle WebLogic Remote Code Execution

Oracle WebLogic Remote Code Execution
  • Oracle WebLogic Authentication Bypass (CVE-2020-14883)
  • Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Referrer Policy

Referrer Policy
  • Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
  • Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
  • Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
  • Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
  • Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
  • Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
  • Referrer-Policy Needs Proper Fallback
  • Referrer-Policy Not Implemented
  • Unknown Option Used In Referrer-Policy

Reflected File Download

Reflected File Download
  • [Possible] Reflected File Download

Signatures

Signatures
  • .DS_Store File Found
  • [Possible] Administration Page Detected
  • [Possible] Backup File Disclosure
  • [Possible] Configuration File Detected
  • [Possible] Credit Card Disclosure
  • [Possible] Database Connection String Detected
  • [Possible] HTTP Header Injection
  • [Possible] Internal IP Address Disclosure
  • *[Possible] Internal Path Disclosure (nix)
  • [Possible] Internal Path Disclosure (Windows)
  • [Possible] Laravel Debug Mode Enabled
  • [Possible] Laravel Environment Configuration File Detected
  • [Possible] Piwik Detected
  • [Possible] Source Code Disclosure (ASP.NET)
  • [Possible] Source Code Disclosure (ColdFusion)
  • [Possible] Source Code Disclosure (Generic)
  • [Possible] Source Code Disclosure (Java Servlet)
  • [Possible] Source Code Disclosure (Java)
  • [Possible] Source Code Disclosure (JSP)
  • [Possible] Source Code Disclosure (Perl)
  • [Possible] Source Code Disclosure (PHP)
  • [Possible] Source Code Disclosure (Python)
  • [Possible] Source Code Disclosure (Ruby)
  • [Possible] SQL File Detected
  • [Possible] Stored Cross-site Scripting
  • [Possible] Sublime SFTP Config File Detected
  • [Possible] Test File Detected

Software Composition Analysis (SCA)

Software Composition Analysis (SCA)
  • Out-of-date Component

SSL

SSL
  • Anonymous Ciphers Supported
  • Certificate is Signed Using a Weak Signature Algorithm
  • Expired SSL Certificate
  • Insecure Transportation Security Protocol Supported (SSLv2)
  • Insecure Transportation Security Protocol Supported (SSLv3)
  • Insecure Transportation Security Protocol Supported (TLS 1.0)
  • Insecure Transportation Security Protocol Supported (TLS 1.1)
  • Intermediate Certificate is Signed Using a Weak Signature Algorithm
  • Invalid SSL Certificate
  • Revoked SSL Certificate
  • ROBOT Attack Detected (Strong Oracle)
  • ROBOT Attack Detected (Weak Oracle)
  • SSL Certificate Is About To Expire
  • SSL Certificate Name Hostname Mismatch
  • SSL Untrusted Root Certificate
  • SSL/TLS Not Implemented
  • Weak Ciphers Enabled

Unicode Transformation (Best-Fit Mapping)

Unicode Transformation (Best-Fit Mapping)
  • Unicode Transformation (Best-Fit Mapping)

WAF Identifier

Reverse Proxy Detection
  • Reverse Proxy Detected (Apache Traffic Server)
  • Reverse Proxy Detected (Citrix Netscaler)
  • Reverse Proxy Detected (Envoy)
  • Reverse Proxy Detected (F5 BIG-IP)
  • Reverse Proxy Detected (HAProxy)
  • Reverse Proxy Detected (Skipper)
  • Web Application Firewall Detected

Web App Fingerprint

Web App Fingerprint
  • AbanteCart Detected
  • Ampache Detected
  • ATutor Detected
  • b2evolution Detected
  • Chamilo Detected
  • Claroline Detected
  • ClipBucket Detected
  • Collabtive Detected
  • Concrete5 Detected
  • contao Detected
  • Coppermine Detected
  • CubeCart Detected
  • Dolibarr Detected
  • Dolphin Detected
  • DotClear Detected
  • Drupal Detected
  • e107 Detected
  • Elgg Detected
  • EspoCRM Detected
  • Family Connections Detected
  • FluxBB Detected
  • Form Tools Detected
  • Front Accounting Detected
  • GibbonEdu Detected
  • Hesk Detected
  • Joomla Detected
  • LimeSurvey Detected
  • Magento Identified
  • MediaWiki Detected
  • Mibew Messenger Detected
  • MODX Detected
  • Moodle Detected
  • Movable Type Detected
  • MyBB Detected
  • Omeka Detected
  • OpenCart Detected
  • osClass Detected
  • osCommerce Detected
  • osTicket Detected

Web Cache Deception

Web Cache Deception
  • Web Cache Deception

WebDAV

WebDAV
  • Code Execution via WebDAV
  • Directory Listing (WebDAV)
  • OPTIONS Method Enabled
  • WebDAV Directory Has Write Permissions
  • WebDAV Enabled

Windows Short Filename

Windows Short Filename
  • Windows Short Filename

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?