Webv2
The Webv2 module attempts to connect to an HTTP server and extract HTTP headers, redirects, page title, favicon, HTML source code, the web technologies being used and take a screenshot of the web page. It combines and upgrades upon the functionality of http, https and web.
Webv2 Request Example
curl -v -L https://api.binaryedge.io/v1/tasks -d '{"type":"scan", "options":[{"targets":["X.X.X.X"], "ports":[{"port":80, "protocol":"tcp", "modules":["webv2"], "config":{}}]}]}' -H "X-Token:<Token>"
Webv2 Request Options
These are optional parameters that can alter the behaviour of the module. These options can be inserted into the "config" object on the request.
- https - Whether to use HTTPS instead of HTTP
- "config":{"https":true}
- http_path - Set HTTP path
- "config":{"http_path":"/robots.txt"}
- http_method - Set HTTP method
- "config":{"http_method":"PROPFIND"}
- user_agent - Change HTTP User Agent
- "config":{"user_agent":"Mozilla /5.0 (Compatible MSIE 9.0;Windows NT 6.1;WOW64; Trident/5.0)"}
- host_header - Change HTTP Host header
- "config":{"host_header":"www.w3.org"}
- custom_http_headers - Set custom HTTP header
- "config":{"custom_http_headers": "Accept: /\r\nContent-Length: 186"}
- follow_meta - Whether or not to follow meta refresh tags
- "config":{"follow_meta":true}
- body_inline - Display body on the JSON event instead of a link for a file with the content
- "config":{"body_inline":true}
- favicon_inline - Display favicon Base64 on the JSON event
- "config":{"favicon_inline":true}
- webapps - Scan the target for known web technologies
- "config":{"webapps":true}
- render - Render the website, take a screenshot and extract the rendered body content
- "config":{"render":true}
- no_redirects - Do not follow redirects by default
- "config":{"no_redirects":true}
Schema
Webv2 Event Schema
{
...
"result": {
"data":{
"request":{
"url":"string",
"path":"string",
"method":"string",
"headers":"object"
},
"response":{
"title":"string",
"url":"string",
"path":"string",
"protocol_version":"int",
"redirects":"list",
"status":{
"code":"int",
"message":"string"
},
"headers":{
"headers":"object",
"header_order":"string",
"header_order_md5_hash":"string"
},
"favicon":{
"link":"string",
"mmh3_hash":"string",
"md5_hash":"string",
"content":"string"
},
"body":{
"sha256_hash":"string",
"ssdeep_hash":"string",
"link":"string",
"content":"string"
},
"rendered":{
"screenshot":"string",
"sha256_hash":"string",
"ssdeep_hash":"string",
"link":"string",
"content":"string"
}
},
"apps":[
{
"name":"string",
"confidence":"string",
"version":"string",
"cpe":"string",
"categories":"list"
}
]
}
}
Contents of the fields:
- request - Request made by the module
- url - Requested URL
- path - Requested path (present in URL)
- method - Request HTTP method
- headers - HTTP headers used in the request
- response - Response from server
- title - Title of the web page
- url - Final response URL
- path - Final response path (present in URL)
- protocol_version - HTTP version
- redirects - List of redirects before reaching final response
- status - Status information about the final response
- code - Status code
- message - Status message
- headers - Header information from the web server
- headers - HTTP headers received from the server
- header_order - Fingerprint used to identify the server based on the headers
- header_order_md5_hash - MD5 hash of the fingerprint
- favicon - Favicon information from the web page
- link - URL of the favicon
- mmh3_hash - MMH3 hash of the favicon content (for compliance with other platforms)
- md5_hash - MD5 hash of the favicon content
- content - Full base64 content of the favicon
- body - HTML body response
- link - URL of the extracted HTML content (if not inline)
- content - Full HTML content (if not uploaded)
- sha256_hash - SHA256 hash of the HTML content
- ssdeep_hash - SSDeep hash of the HTML content (allows for similarity comparison)
- rendered - Rendered content of the webpage (optional, only present if render option is used)
- link - URL of the extracted HTML content (if not inline)
- content - Full HTML content (if not uploaded)
- sha256_hash - SHA256 hash of the HTML content
- ssdeep_hash - SSDeep hash of the HTML content (allows for similarity comparison)
- screenshot - URL of the screenshot of the rendered webpage
- apps - Web technologies identified on the server (optional, only present if webapps options is used)
- name - Name of the technology
- confidence - Confidence level for the match
- version - Version of the technology
- cpe - CPE of the technology
- categories - Categories of the technology
Webv2 Event Example
{
...
"result": {
"data":{
"request":{
"url":"https://badssl.com:443/",
"path":"/",
"method":"GET",
"headers":{
"accept-encoding":"gzip, deflate",
"user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36"
}
},
"response":{
"title":"badssl.com",
"url":"https://badssl.com:443/",
"path":"/",
"protocol_version":11,
"redirects":[
],
"status":{
"code":200,
"message":"OK"
},
"headers":{
"headers":{
"server":"nginx/1.10.3 (Ubuntu)",
"date":"Wed, 12 Feb 2020 00:44:38 GMT",
"content-type":"text/html",
"last-modified":"Wed, 22 Jan 2020 16:30:37 GMT",
"transfer-encoding":"chunked",
"connection":"keep-alive",
"etag":"W/\"5e2878ad-2e05\"",
"cache-control":"no-store",
"content-encoding":"gzip"
},
"header_order":"server,date,content_type,last_modified,transfer_encoding,connection,etag,cache_control,content_encoding",
"header_order_md5_hash":"88fd27a2cc374832f4963cf936619d6a"
},
"favicon":{
"link":"https://badssl.com:443/icons/icon-blue.png",
"mmh3_hash":"1853485295",
"md5_hash":"669e28337772e81efa05c2c6b00d6e95"
},
"body":{
"sha256_hash":"4a3a21c94f926815893b1cdcb1edf15ccbb8b6cf00bd8ac45ec529f26e618508",
"ssdeep_hash":"3139323a305449586c627961624b5a637546494d414f726e7545664a78516f674963416c2b555a466e4f4e72495246642f646a6d7a636542653a30697943754a5a7a454434334272",
"link":"https://s3-eu-west-1.amazonaws.com/be-webshots-clients/c36ce70af0d5c0af68cc571d063870f007e21da94bbd10386e80aa56b365231d3b77.html",
"content":"<!doctype html>\n<html>\n<head>\n <meta charset=\"utf-8\" />\n <title>badssl.com</title>\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <link rel=\"shortcut icon\" href=\"/icons/favicon-blue.ico\"/>\n <link rel=\"apple-touch-icon\" href=\"/icons/icon-blue.png\"/>\n <link rel=\"stylesheet\" href=\"index.css\">\n <link rel=\"stylesheet\" href=\"github-ribbon.css\">\n <script src=\"index.js\"></script>\n\n <!-- fUnKy -->\n <link rel=\"stylesheet\" href=\"funky/funky.css\">\n <script src=\"funky/funky.js\"></script>\n</head>\n<body>\n\n<div class=\"title-bar\" title=\"badssl.com - a memorable site for HTTPS misconfiguration\">\n badssl.com\n</div>\n\n<div id=\"links\">\n\n<div class=\"column\">\n <div class=\"group\">\n <h2 id=\"dashboard\"><span class=\"emoji\">\ud83c\udf9b</span>Dashboard</h2>\n <a href=\"/dashboard/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Dashboard</a>\n </div>\n <div class=\"group\">\n <h2 id=\"certificate\"><span class=\"emoji\">\ud83c\udfab</span>Certificate</h2>\n <a href=\"https://expired.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>expired</a>\n <a href=\"https://wrong.host.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>wrong.host</a>\n <a href=\"https://self-signed.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>self-signed</a>\n <a href=\"https://untrusted-root.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>untrusted-root</a>\n <a href=\"https://revoked.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>revoked</a>\n <a href=\"https://pinning-test.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>pinning-test</a>\n <hr>\n <a href=\"https://no-common-name.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-common-name</a>\n <a href=\"https://no-subject.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-subject</a>\n <a href=\"https://incomplete-chain.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>incomplete-chain</a>\n <hr>\n <a href=\"https://sha1-intermediate.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-intermediate</a>\n <a href=\"https://sha256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha256</a>\n <a href=\"https://sha384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha384</a>\n <a href=\"https://sha512.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha512</a>\n <hr>\n <a href=\"https://1000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>1000-sans</a>\n <a href=\"https://10000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>10000-sans</a>\n <hr>\n <a href=\"https://ecc256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc256</a>\n <a href=\"https://ecc384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc384</a>\n <hr>\n <a href=\"https://rsa2048.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa2048</a>\n <a href=\"https://rsa4096.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa4096</a>\n <a href=\"https://rsa8192.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>rsa8192</a> \n <hr>\n <a href=\"https://extended-validation.badssl.com/\" class=\"good\"><span class=\"icon\"></span>extended-validation</a>\n </div>\n <div class=\"group\">\n <h2 id=\"client-certificate\"><span class=\"emoji\">\ud83c\udf9f</span>Client Certificate</h2>\n <a href=\"/download/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Certificate Downloads</a>\n <a href=\"https://client.badssl.com/\" class=\"good\"><span class=\"icon\"></span>client</a>\n <a href=\"https://client-cert-missing.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>client-cert-missing</a>\n </div>\n <div class=\"group\">\n <h2 id=\"mixed-content\"><span class=\"emoji\">\ud83d\uddbc</span>Mixed Content</h2>\n <a href=\"https://mixed-script.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mixed-script</a>\n <a href=\"https://very.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>very</a>\n <hr>\n <a href=\"https://mixed.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed</a>\n <a href=\"https://mixed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-favicon</a>\n <a href=\"https://mixed-form.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-form</a>\n </div>\n <div class=\"group\">\n <h2 id=\"http\"><span class=\"emoji\">\u270f\ufe0f</span>HTTP</h2>\n <a href=\"http://http.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http</a>\n <a href=\"http://http-textarea.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-textarea</a>\n <a href=\"http://http-password.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-password</a>\n <a href=\"http://http-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-login</a>\n <a href=\"http://http-dynamic-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-dynamic-login</a>\n <a href=\"http://http-credit-card.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-credit-card</a>\n </div>\n <div class=\"group\">\n <h2 id=\"cipher-suite\"><span class=\"emoji\">\ud83d\udd00</span>Cipher Suite</h2>\n <a href=\"https://cbc.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>cbc</a>\n <a href=\"https://rc4-md5.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4-md5</a>\n <a href=\"https://rc4.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4</a>\n <a href=\"https://3des.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>3des</a>\n <a href=\"https://null.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>null</a>\n <hr>\n <a href=\"https://mozilla-old.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mozilla-old</a>\n <a href=\"https://mozilla-intermediate.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mozilla-intermediate</a>\n <a href=\"https://mozilla-modern.badssl.com/\" class=\"good\"><span class=\"icon\"></span>mozilla-modern</a>\n </div>\n</div><!-- class=\"column\" -->\n\n<div class=\"column\">\n <div class=\"group\">\n <h2 id=\"key-exchange\"><span class=\"emoji\">\ud83d\udd11</span>Key Exchange</h2>\n <a href=\"https://dh480.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh480</a>\n <a href=\"https://dh512.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh512</a>\n <a href=\"https://dh1024.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh1024</a>\n <a href=\"https://dh2048.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>dh2048</a>\n <hr>\n <a href=\"https://dh-small-subgroup.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-small-subgroup</a>\n <a href=\"https://dh-composite.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-composite</a>\n <hr>\n <a href=\"https://static-rsa.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>static-rsa</a>\n </div>\n <div class=\"group\">\n <h2 id=\"protocol\"><span class=\"emoji\">\u2194\ufe0f</span>Protocol</h2>\n <a href=\"https://tls-v1-0.badssl.com:1010/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-0</a>\n <a href=\"https://tls-v1-1.badssl.com:1011/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-1</a>\n <a href=\"https://tls-v1-2.badssl.com:1012/\" class=\"good\"><span class=\"icon\"></span>tls-v1-2</a>\n </div>\n <div class=\"group\">\n <h2 id=\"certificate-transparency\"><span class=\"emoji\">\ud83d\udd0d</span>Certificate Transparency</h2>\n <a href=\"https://invalid-expected-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>invalid-expected-sct</a>\n <a href=\"https://no-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>no-sct</a>\n </div>\n <div class=\"group\">\n <h2 id=\"upgrade\"><span class=\"emoji\">\u2b06\ufe0f</span>Upgrade</h2>\n <a href=\"https://hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>hsts</a>\n <a href=\"https://upgrade.badssl.com/\" class=\"good\"><span class=\"icon\"></span>upgrade</a>\n <hr>\n <a href=\"https://preloaded-hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>preloaded-hsts</a>\n <a href=\"https://subdomain.preloaded-hsts.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>subdomain.preloaded-hsts</a>\n <hr>\n <a href=\"https://https-everywhere.badssl.com/\" class=\"good\"><span class=\"icon\"></span>https-everywhere</a>\n </div>\n <div class=\"group\">\n <h2 id=\"ui\"><span class=\"emoji\">\ud83d\udc40</span>UI</h2>\n <a href=\"https://spoofed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>spoofed-favicon</a>\n <a href=\"https://lock-title.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>lock-title</a>\n <hr>\n <a href=\"https://long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com/\" class=\"good\"><span class=\"icon\"></span>long-extended-subdomain-name-containing-many-letters-and-dashes</a>\n <a href=\"https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com/\" class=\"good\"><span class=\"icon\"></span>longextendedsubdomainnamewithoutdashesinordertotestwordwrapping</a>\n </div>\n <div class=\"group\">\n <h2 id=\"known-bad\"><span class=\"emoji\">\u274c</span>Known Bad</h2>\n <a href=\"https://superfish.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Lenovo) Superfish</a>\n <a href=\"https://edellroot.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) eDellRoot</a>\n <a href=\"https://dsdtestprovider.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) DSD Test Provider</a>\n <a href=\"https://preact-cli.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>preact-cli</a>\n <a href=\"https://webpack-dev-server.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>webpack-dev-server</a>\n </div>\n <div class=\"group\">\n <h2 id=\"chrome\"><span class=\"emoji\"><img class=\"chrome-icon\" src=\"front-page-icons/chrome.svg\"></span>Chrome Tests</h2>\n <a href=\"https://captive-portal.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>captive-portal</a>\n <a href=\"https://mitm-software.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mitm-software</a>\n </div>\n <div class=\"group\">\n <h2 id=\"defunct\"><span class=\"emoji\">\u2620\ufe0f</span>Defunct</h2>\n <a href=\"https://sha1-2016.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>sha1-2016</a>\n <a href=\"https://sha1-2017.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-2017</a>\n </div>\n <div class=\"group\">\n <h2 id=\"test-suites\"><span class=\"emoji\">\ud83d\udee0</span>Test Suites</h2>\n <a href=\"https://testsafebrowsing.appspot.com/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>Safe Browsing Tests</a>\n <a href=\"https://www.ssllabs.com/ssltest/viewMyClient.html\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>SSL Labs Client Test</a>\n <a href=\"https://mitm.watch/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>mitm.watch</a>\n </div>\n <div id=\"preload\" style=\"width: 0; height: 0;\">\n <!-- <link rel=preload> results in warnings in Chrome: https://crbug.com/661055 -->\n <!-- Workaround: Load the images in bogus elements. -->\n <script>\n window.addEventListener(\"load\", function() {\n var parent = document.querySelector(\"#preload\");\n var names = [\"bad-white\",\"dubious-white\",\"good-white\",\"page-white\",\"bullet-list-white\",\"external-white\"]\n for (var i = 0; i < names.length; i++) {\n var elem = document.createElement(\"span\");\n elem.style.backgroundImage = \"url(front-page-icons/\" + names[i] + \".svg)\";\n parent.appendChild(elem);\n }\n });\n </script>\n </div>\n</div><!-- class=\"column\" -->\n\n</div><!-- id=\"links\" -->\n\n<h2 class=\"your-browser\">Your Browser:\n <div id=\"browser-info\">\n <span class=\"highlight\">\n <span id=\"ua\"></span><br>\n <span id=\"os\"></span><br>\n </span>\n <span id=\"click-to-copy\">\ud83d\udccb Click to copy</span>\n </div>\n</h2>\n\n<!-- Start of GitHub ribbon. -->\n<div class=\"github-fork-ribbon-wrapper right-top-bottom\">\n <div class=\"github-fork-ribbon\">\n <a href=\"https://github.com/chromium/badssl.com\"><span class=\"icon\"></span>On GitHub</a>\n </div>\n</div>\n<!-- End of GitHub ribbon. -->\n\n</body>\n</html>\n"
},
"rendered":{
"screenshot":"https://s3-eu-west-1.amazonaws.com/be-webshots-clients/c36ce70af0d5c0af68cc571d063870f007e21da94bbd10386e80aa56b365231d3b77.png",
"sha256_hash":"d909dbec62ab07c57d721bb59520f3f0275ce348caf6cd9c039d076ee728b7d8",
"ssdeep_hash":"3139323a376a49586c627961624b5a637546494d414f726e7545664a78516f674963416c2b555a46444f4e72495246642f646a6d6c314a42473a37537943754a5a7a4544346a424c",
"link":"https://s3-eu-west-1.amazonaws.com/be-webshots-clients/c36ce70af0d5c0af68cc571d063870f007e21da94bbd10386e80aa56b365231d3b77c6f2401f1882dcd997.html",
"content":"<html><head>\n <meta charset=\"utf-8\">\n <title>badssl.com</title>\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <link rel=\"shortcut icon\" href=\"/icons/favicon-blue.ico\">\n <link rel=\"apple-touch-icon\" href=\"/icons/icon-blue.png\">\n <link rel=\"stylesheet\" href=\"index.css\">\n <link rel=\"stylesheet\" href=\"github-ribbon.css\">\n <script src=\"index.js\"></script>\n\n <!-- fUnKy -->\n <link rel=\"stylesheet\" href=\"funky/funky.css\">\n <script src=\"funky/funky.js\"></script>\n</head>\n<body>\n\n<div class=\"title-bar\" title=\"badssl.com - a memorable site for HTTPS misconfiguration\">\n badssl.com\n</div>\n\n<div id=\"links\">\n\n<div class=\"column\">\n <div class=\"group\">\n <h2 id=\"dashboard\"><span class=\"emoji\">\ud83c\udf9b</span>Dashboard</h2>\n <a href=\"/dashboard/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Dashboard</a>\n </div>\n <div class=\"group\">\n <h2 id=\"certificate\"><span class=\"emoji\">\ud83c\udfab</span>Certificate</h2>\n <a href=\"https://expired.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>expired</a>\n <a href=\"https://wrong.host.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>wrong.host</a>\n <a href=\"https://self-signed.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>self-signed</a>\n <a href=\"https://untrusted-root.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>untrusted-root</a>\n <a href=\"https://revoked.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>revoked</a>\n <a href=\"https://pinning-test.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>pinning-test</a>\n <hr>\n <a href=\"https://no-common-name.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-common-name</a>\n <a href=\"https://no-subject.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-subject</a>\n <a href=\"https://incomplete-chain.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>incomplete-chain</a>\n <hr>\n <a href=\"https://sha1-intermediate.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-intermediate</a>\n <a href=\"https://sha256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha256</a>\n <a href=\"https://sha384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha384</a>\n <a href=\"https://sha512.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha512</a>\n <hr>\n <a href=\"https://1000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>1000-sans</a>\n <a href=\"https://10000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>10000-sans</a>\n <hr>\n <a href=\"https://ecc256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc256</a>\n <a href=\"https://ecc384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc384</a>\n <hr>\n <a href=\"https://rsa2048.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa2048</a>\n <a href=\"https://rsa4096.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa4096</a>\n <a href=\"https://rsa8192.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>rsa8192</a> \n <hr>\n <a href=\"https://extended-validation.badssl.com/\" class=\"good\"><span class=\"icon\"></span>extended-validation</a>\n </div>\n <div class=\"group\">\n <h2 id=\"client-certificate\"><span class=\"emoji\">\ud83c\udf9f</span>Client Certificate</h2>\n <a href=\"/download/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Certificate Downloads</a>\n <a href=\"https://client.badssl.com/\" class=\"good\"><span class=\"icon\"></span>client</a>\n <a href=\"https://client-cert-missing.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>client-cert-missing</a>\n </div>\n <div class=\"group\">\n <h2 id=\"mixed-content\"><span class=\"emoji\">\ud83d\uddbc</span>Mixed Content</h2>\n <a href=\"https://mixed-script.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mixed-script</a>\n <a href=\"https://very.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>very</a>\n <hr>\n <a href=\"https://mixed.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed</a>\n <a href=\"https://mixed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-favicon</a>\n <a href=\"https://mixed-form.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-form</a>\n </div>\n <div class=\"group\">\n <h2 id=\"http\"><span class=\"emoji\">\u270f\ufe0f</span>HTTP</h2>\n <a href=\"http://http.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http</a>\n <a href=\"http://http-textarea.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-textarea</a>\n <a href=\"http://http-password.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-password</a>\n <a href=\"http://http-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-login</a>\n <a href=\"http://http-dynamic-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-dynamic-login</a>\n <a href=\"http://http-credit-card.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-credit-card</a>\n </div>\n <div class=\"group\">\n <h2 id=\"cipher-suite\"><span class=\"emoji\">\ud83d\udd00</span>Cipher Suite</h2>\n <a href=\"https://cbc.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>cbc</a>\n <a href=\"https://rc4-md5.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4-md5</a>\n <a href=\"https://rc4.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4</a>\n <a href=\"https://3des.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>3des</a>\n <a href=\"https://null.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>null</a>\n <hr>\n <a href=\"https://mozilla-old.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mozilla-old</a>\n <a href=\"https://mozilla-intermediate.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mozilla-intermediate</a>\n <a href=\"https://mozilla-modern.badssl.com/\" class=\"good\"><span class=\"icon\"></span>mozilla-modern</a>\n </div>\n</div><!-- class=\"column\" -->\n\n<div class=\"column\">\n <div class=\"group\">\n <h2 id=\"key-exchange\"><span class=\"emoji\">\ud83d\udd11</span>Key Exchange</h2>\n <a href=\"https://dh480.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh480</a>\n <a href=\"https://dh512.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh512</a>\n <a href=\"https://dh1024.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh1024</a>\n <a href=\"https://dh2048.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>dh2048</a>\n <hr>\n <a href=\"https://dh-small-subgroup.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-small-subgroup</a>\n <a href=\"https://dh-composite.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-composite</a>\n <hr>\n <a href=\"https://static-rsa.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>static-rsa</a>\n </div>\n <div class=\"group\">\n <h2 id=\"protocol\"><span class=\"emoji\">\u2194\ufe0f</span>Protocol</h2>\n <a href=\"https://tls-v1-0.badssl.com:1010/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-0</a>\n <a href=\"https://tls-v1-1.badssl.com:1011/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-1</a>\n <a href=\"https://tls-v1-2.badssl.com:1012/\" class=\"good\"><span class=\"icon\"></span>tls-v1-2</a>\n </div>\n <div class=\"group\">\n <h2 id=\"certificate-transparency\"><span class=\"emoji\">\ud83d\udd0d</span>Certificate Transparency</h2>\n <a href=\"https://invalid-expected-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>invalid-expected-sct</a>\n <a href=\"https://no-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>no-sct</a>\n </div>\n <div class=\"group\">\n <h2 id=\"upgrade\"><span class=\"emoji\">\u2b06\ufe0f</span>Upgrade</h2>\n <a href=\"https://hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>hsts</a>\n <a href=\"https://upgrade.badssl.com/\" class=\"good\"><span class=\"icon\"></span>upgrade</a>\n <hr>\n <a href=\"https://preloaded-hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>preloaded-hsts</a>\n <a href=\"https://subdomain.preloaded-hsts.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>subdomain.preloaded-hsts</a>\n <hr>\n <a href=\"https://https-everywhere.badssl.com/\" class=\"good\"><span class=\"icon\"></span>https-everywhere</a>\n </div>\n <div class=\"group\">\n <h2 id=\"ui\"><span class=\"emoji\">\ud83d\udc40</span>UI</h2>\n <a href=\"https://spoofed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>spoofed-favicon</a>\n <a href=\"https://lock-title.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>lock-title</a>\n <hr>\n <a href=\"https://long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com/\" class=\"good\"><span class=\"icon\"></span>long-extended-subdomain-name-containing-many-letters-and-dashes</a>\n <a href=\"https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com/\" class=\"good\"><span class=\"icon\"></span>longextendedsubdomainnamewithoutdashesinordertotestwordwrapping</a>\n </div>\n <div class=\"group\">\n <h2 id=\"known-bad\"><span class=\"emoji\">\u274c</span>Known Bad</h2>\n <a href=\"https://superfish.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Lenovo) Superfish</a>\n <a href=\"https://edellroot.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) eDellRoot</a>\n <a href=\"https://dsdtestprovider.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) DSD Test Provider</a>\n <a href=\"https://preact-cli.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>preact-cli</a>\n <a href=\"https://webpack-dev-server.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>webpack-dev-server</a>\n </div>\n <div class=\"group\">\n <h2 id=\"chrome\"><span class=\"emoji\"><img class=\"chrome-icon\" src=\"front-page-icons/chrome.svg\"></span>Chrome Tests</h2>\n <a href=\"https://captive-portal.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>captive-portal</a>\n <a href=\"https://mitm-software.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mitm-software</a>\n </div>\n <div class=\"group\">\n <h2 id=\"defunct\" class=\"hover-link\"><span class=\"emoji\">\u2620\ufe0f</span>Defunct</h2>\n <a href=\"https://sha1-2016.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>sha1-2016</a>\n <a href=\"https://sha1-2017.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-2017</a>\n </div>\n <div class=\"group\">\n <h2 id=\"test-suites\"><span class=\"emoji\">\ud83d\udee0</span>Test Suites</h2>\n <a href=\"https://testsafebrowsing.appspot.com/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>Safe Browsing Tests</a>\n <a href=\"https://www.ssllabs.com/ssltest/viewMyClient.html\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>SSL Labs Client Test</a>\n <a href=\"https://mitm.watch/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>mitm.watch</a>\n </div>\n <div id=\"preload\" style=\"width: 0; height: 0;\">\n <!-- <link rel=preload> results in warnings in Chrome: https://crbug.com/661055 -->\n <!-- Workaround: Load the images in bogus elements. -->\n <script>\n window.addEventListener(\"load\", function() {\n var parent = document.querySelector(\"#preload\");\n var names = [\"bad-white\",\"dubious-white\",\"good-white\",\"page-white\",\"bullet-list-white\",\"external-white\"]\n for (var i = 0; i < names.length; i++) {\n var elem = document.createElement(\"span\");\n elem.style.backgroundImage = \"url(front-page-icons/\" + names[i] + \".svg)\";\n parent.appendChild(elem);\n }\n });\n </script>\n <span style=\"background-image: url("front-page-icons/bad-white.svg");\"></span><span style=\"background-image: url("front-page-icons/dubious-white.svg");\"></span><span style=\"background-image: url("front-page-icons/good-white.svg");\"></span><span style=\"background-image: url("front-page-icons/page-white.svg");\"></span><span style=\"background-image: url("front-page-icons/bullet-list-white.svg");\"></span><span style=\"background-image: url("front-page-icons/external-white.svg");\"></span></div>\n</div><!-- class=\"column\" -->\n\n</div><!-- id=\"links\" -->\n\n<h2 class=\"your-browser\">Your Browser:\n <div id=\"browser-info\">\n <span class=\"highlight\">\n <span id=\"ua\" title=\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 HeadlessChrome/79.0.3945.79 Safari/537.36\">Chrome 79.0.3945.79</span><br>\n <span id=\"os\">Linux</span><br>\n </span>\n <span id=\"click-to-copy\">\ud83d\udccb Click to copy</span>\n </div>\n</h2>\n\n<!-- Start of GitHub ribbon. -->\n<div class=\"github-fork-ribbon-wrapper right-top-bottom\">\n <div class=\"github-fork-ribbon\">\n <a href=\"https://github.com/chromium/badssl.com\"><span class=\"icon\"></span>On GitHub</a>\n </div>\n</div>\n<!-- End of GitHub ribbon. -->\n\n\n\n</body></html>"
}
},
"apps":[
{
"name":"Nginx",
"confidence":"100",
"version":"1.10.3",
"cpe":"cpe:/a:nginx:nginx:1.10.3",
"categories":[
"web servers",
"reverse proxy"
]
},
{
"name":"Ubuntu",
"confidence":"100",
"categories":[
"operating systems"
]
}
]
}
}
}