Webv2

The Webv2 module attempts to connect to an HTTP server and extract HTTP headers, redirects, page title, favicon, HTML source code, the web technologies being used and take a screenshot of the web page. It combines and upgrades upon the functionality of http, https and web.

Webv2 Request Example

curl -v -L https://api.binaryedge.io/v1/tasks -d '{"type":"scan", "options":[{"targets":["X.X.X.X"], "ports":[{"port":80, "protocol":"tcp", "modules":["webv2"], "config":{}}]}]}' -H "X-Token:<Token>"

Webv2 Request Options

These are optional parameters that can alter the behaviour of the module. These options can be inserted into the "config" object on the request.

  • https - Whether to use HTTPS instead of HTTP
    • "config":{"https":true}
  • http_path - Set HTTP path
    • "config":{"http_path":"/robots.txt"}
  • http_method - Set HTTP method
    • "config":{"http_method":"PROPFIND"}
  • user_agent - Change HTTP User Agent
    • "config":{"user_agent":"Mozilla /5.0 (Compatible MSIE 9.0;Windows NT 6.1;WOW64; Trident/5.0)"}
  • host_header - Change HTTP Host header
    • "config":{"host_header":"www.w3.org"}
  • custom_http_headers - Set custom HTTP header
    • "config":{"custom_http_headers": "Accept: /\r\nContent-Length: 186"}
  • follow_meta - Whether or not to follow meta refresh tags
    • "config":{"follow_meta":true}
  • body_inline - Display body on the JSON event instead of a link for a file with the content
    • "config":{"body_inline":true}
  • webapps - Scan the target for known web technologies
    • "config":{"webapps":true}
  • render - Render the website, take a screenshot and extract the rendered body content
    • "config":{"render":true}

Schema

Webv2 Event Schema

{
  ...
  "result": {
    "data":{
        "request":{
            "url":"string",
            "path":"string",
            "method":"string",
            "headers":"object"
        },
        "response":{
            "title":"string",
            "url":"string",
            "path":"string",
            "protocol_version":"int",
            "redirects":"list",
            "status":{
                "code":"int",
                "message":"string"
            },
            "headers":{
                "headers":"object",
                "header_order":"string",
                "header_order_md5_hash":"string"
            },
            "favicon":{
                "link":"string",
                "mmh3_hash":"string",
                "md5_hash":"string"
            },
            "body":{
                "sha256_hash":"string",
                "ssdeep_hash":"string",
                "link":"string",
                "content":"string"
            },
            "rendered":{
                "screenshot":"string",
                "sha256_hash":"string",
                "ssdeep_hash":"string",
                "link":"string",
                "content":"string"
            }
        },
        "apps":[
            {
                "name":"string",
                "confidence":"string",
                "version":"string",
                "cpe":"string",
                "categories":"list"
            }
        ]
    }
}

Contents of the fields:

  • request - Request made by the module
    • url - Requested URL
    • path - Requested path (present in URL)
    • method - Request HTTP method
    • headers - HTTP headers used in the request
  • response - Response from server
    • title - Title of the web page
    • url - Final response URL
    • path - Final response path (present in URL)
    • protocol_version - HTTP version
    • redirects - List of redirects before reaching final response
    • status - Status information about the final response
      • code - Status code
      • message - Status message
    • headers - Header information from the web server
      • headers - HTTP headers received from the server
      • header_order - Fingerprint used to identify the server based on the headers
      • header_order_md5_hash - MD5 hash of the fingerprint
    • favicon - Favicon information from the web page
      • link - URL of the favicon
      • mmh3_hash - MMH3 hash of the favicon content (for compliance with other platforms)
      • md5_hash - MD5 hash of the favicon content
    • body - HTML body response
      • link - URL of the extracted HTML content (if not inline)
      • content - Full HTML content (if not uploaded)
      • sha256_hash - SHA256 hash of the HTML content
      • ssdeep_hash - SSDeep hash of the HTML content (allows for similarity comparison)
    • rendered - Rendered content of the webpage (optional, only present if render option is used)
      • link - URL of the extracted HTML content (if not inline)
      • content - Full HTML content (if not uploaded)
      • sha256_hash - SHA256 hash of the HTML content
      • ssdeep_hash - SSDeep hash of the HTML content (allows for similarity comparison)
      • screenshot - URL of the screenshot of the rendered webpage
    • apps - Web technologies identified on the server (optional, only present if webapps options is used)
      • name - Name of the technology
      • confidence - Confidence level for the match
      • version - Version of the technology
      • cpe - CPE of the technology
      • categories - Categories of the technology

Webv2 Event Example

{
...
  "result": {
    "data":{
        "request":{
            "url":"https://badssl.com:443/",
            "path":"/",
            "method":"GET",
            "headers":{
                "accept-encoding":"gzip, deflate",
                "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36"
            }
        },
        "response":{
            "title":"badssl.com",
            "url":"https://badssl.com:443/",
            "path":"/",
            "protocol_version":11,
            "redirects":[

            ],
            "status":{
                "code":200,
                "message":"OK"
            },
            "headers":{
                "headers":{
                    "server":"nginx/1.10.3 (Ubuntu)",
                    "date":"Wed, 12 Feb 2020 00:44:38 GMT",
                    "content-type":"text/html",
                    "last-modified":"Wed, 22 Jan 2020 16:30:37 GMT",
                    "transfer-encoding":"chunked",
                    "connection":"keep-alive",
                    "etag":"W/\"5e2878ad-2e05\"",
                    "cache-control":"no-store",
                    "content-encoding":"gzip"
                },
                "header_order":"server,date,content_type,last_modified,transfer_encoding,connection,etag,cache_control,content_encoding",
                "header_order_md5_hash":"88fd27a2cc374832f4963cf936619d6a"
            },
            "favicon":{
                "link":"https://badssl.com:443/icons/icon-blue.png",
                "mmh3_hash":"1853485295",
                "md5_hash":"669e28337772e81efa05c2c6b00d6e95"
            },
            "body":{
                "sha256_hash":"4a3a21c94f926815893b1cdcb1edf15ccbb8b6cf00bd8ac45ec529f26e618508",
                "ssdeep_hash":"3139323a305449586c627961624b5a637546494d414f726e7545664a78516f674963416c2b555a466e4f4e72495246642f646a6d7a636542653a30697943754a5a7a454434334272",
                "link":"https://s3-eu-west-1.amazonaws.com/be-webshots-clients/c36ce70af0d5c0af68cc571d063870f007e21da94bbd10386e80aa56b365231d3b77.html",
                "content":"<!doctype html>\n<html>\n<head>\n  <meta charset=\"utf-8\" />\n  <title>badssl.com</title>\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n  <link rel=\"shortcut icon\" href=\"/icons/favicon-blue.ico\"/>\n  <link rel=\"apple-touch-icon\" href=\"/icons/icon-blue.png\"/>\n  <link rel=\"stylesheet\" href=\"index.css\">\n  <link rel=\"stylesheet\" href=\"github-ribbon.css\">\n  <script src=\"index.js\"></script>\n\n  <!-- fUnKy -->\n  <link rel=\"stylesheet\" href=\"funky/funky.css\">\n  <script src=\"funky/funky.js\"></script>\n</head>\n<body>\n\n<div class=\"title-bar\" title=\"badssl.com - a memorable site for HTTPS misconfiguration\">\n  badssl.com\n</div>\n\n<div id=\"links\">\n\n<div class=\"column\">\n  <div class=\"group\">\n    <h2 id=\"dashboard\"><span class=\"emoji\">\ud83c\udf9b</span>Dashboard</h2>\n    <a href=\"/dashboard/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Dashboard</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"certificate\"><span class=\"emoji\">\ud83c\udfab</span>Certificate</h2>\n    <a href=\"https://expired.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>expired</a>\n    <a href=\"https://wrong.host.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>wrong.host</a>\n    <a href=\"https://self-signed.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>self-signed</a>\n    <a href=\"https://untrusted-root.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>untrusted-root</a>\n    <a href=\"https://revoked.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>revoked</a>\n    <a href=\"https://pinning-test.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>pinning-test</a>\n    <hr>\n    <a href=\"https://no-common-name.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-common-name</a>\n    <a href=\"https://no-subject.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-subject</a>\n    <a href=\"https://incomplete-chain.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>incomplete-chain</a>\n    <hr>\n    <a href=\"https://sha1-intermediate.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-intermediate</a>\n    <a href=\"https://sha256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha256</a>\n    <a href=\"https://sha384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha384</a>\n    <a href=\"https://sha512.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha512</a>\n    <hr>\n    <a href=\"https://1000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>1000-sans</a>\n    <a href=\"https://10000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>10000-sans</a>\n    <hr>\n    <a href=\"https://ecc256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc256</a>\n    <a href=\"https://ecc384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc384</a>\n    <hr>\n    <a href=\"https://rsa2048.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa2048</a>\n    <a href=\"https://rsa4096.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa4096</a>\n    <a href=\"https://rsa8192.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>rsa8192</a> \n    <hr>\n    <a href=\"https://extended-validation.badssl.com/\" class=\"good\"><span class=\"icon\"></span>extended-validation</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"client-certificate\"><span class=\"emoji\">\ud83c\udf9f</span>Client Certificate</h2>\n    <a href=\"/download/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Certificate Downloads</a>\n    <a href=\"https://client.badssl.com/\" class=\"good\"><span class=\"icon\"></span>client</a>\n    <a href=\"https://client-cert-missing.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>client-cert-missing</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"mixed-content\"><span class=\"emoji\">\ud83d\uddbc</span>Mixed Content</h2>\n    <a href=\"https://mixed-script.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mixed-script</a>\n    <a href=\"https://very.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>very</a>\n    <hr>\n    <a href=\"https://mixed.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed</a>\n    <a href=\"https://mixed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-favicon</a>\n    <a href=\"https://mixed-form.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-form</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"http\"><span class=\"emoji\">\u270f\ufe0f</span>HTTP</h2>\n    <a href=\"http://http.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http</a>\n    <a href=\"http://http-textarea.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-textarea</a>\n    <a href=\"http://http-password.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-password</a>\n    <a href=\"http://http-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-login</a>\n    <a href=\"http://http-dynamic-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-dynamic-login</a>\n    <a href=\"http://http-credit-card.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-credit-card</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"cipher-suite\"><span class=\"emoji\">\ud83d\udd00</span>Cipher Suite</h2>\n    <a href=\"https://cbc.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>cbc</a>\n    <a href=\"https://rc4-md5.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4-md5</a>\n    <a href=\"https://rc4.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4</a>\n    <a href=\"https://3des.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>3des</a>\n    <a href=\"https://null.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>null</a>\n    <hr>\n    <a href=\"https://mozilla-old.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mozilla-old</a>\n    <a href=\"https://mozilla-intermediate.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mozilla-intermediate</a>\n    <a href=\"https://mozilla-modern.badssl.com/\" class=\"good\"><span class=\"icon\"></span>mozilla-modern</a>\n  </div>\n</div><!-- class=\"column\" -->\n\n<div class=\"column\">\n  <div class=\"group\">\n    <h2 id=\"key-exchange\"><span class=\"emoji\">\ud83d\udd11</span>Key Exchange</h2>\n    <a href=\"https://dh480.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh480</a>\n    <a href=\"https://dh512.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh512</a>\n    <a href=\"https://dh1024.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh1024</a>\n    <a href=\"https://dh2048.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>dh2048</a>\n    <hr>\n    <a href=\"https://dh-small-subgroup.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-small-subgroup</a>\n    <a href=\"https://dh-composite.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-composite</a>\n    <hr>\n    <a href=\"https://static-rsa.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>static-rsa</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"protocol\"><span class=\"emoji\">\u2194\ufe0f</span>Protocol</h2>\n    <a href=\"https://tls-v1-0.badssl.com:1010/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-0</a>\n    <a href=\"https://tls-v1-1.badssl.com:1011/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-1</a>\n    <a href=\"https://tls-v1-2.badssl.com:1012/\" class=\"good\"><span class=\"icon\"></span>tls-v1-2</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"certificate-transparency\"><span class=\"emoji\">\ud83d\udd0d</span>Certificate Transparency</h2>\n    <a href=\"https://invalid-expected-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>invalid-expected-sct</a>\n    <a href=\"https://no-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>no-sct</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"upgrade\"><span class=\"emoji\">\u2b06\ufe0f</span>Upgrade</h2>\n    <a href=\"https://hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>hsts</a>\n    <a href=\"https://upgrade.badssl.com/\" class=\"good\"><span class=\"icon\"></span>upgrade</a>\n    <hr>\n    <a href=\"https://preloaded-hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>preloaded-hsts</a>\n    <a href=\"https://subdomain.preloaded-hsts.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>subdomain.preloaded-hsts</a>\n    <hr>\n    <a href=\"https://https-everywhere.badssl.com/\" class=\"good\"><span class=\"icon\"></span>https-everywhere</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"ui\"><span class=\"emoji\">\ud83d\udc40</span>UI</h2>\n    <a href=\"https://spoofed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>spoofed-favicon</a>\n    <a href=\"https://lock-title.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>lock-title</a>\n    <hr>\n    <a href=\"https://long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com/\" class=\"good\"><span class=\"icon\"></span>long-extended-subdomain-name-containing-many-letters-and-dashes</a>\n    <a href=\"https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com/\" class=\"good\"><span class=\"icon\"></span>longextendedsubdomainnamewithoutdashesinordertotestwordwrapping</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"known-bad\"><span class=\"emoji\">\u274c</span>Known Bad</h2>\n    <a href=\"https://superfish.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Lenovo) Superfish</a>\n    <a href=\"https://edellroot.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) eDellRoot</a>\n    <a href=\"https://dsdtestprovider.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) DSD Test Provider</a>\n    <a href=\"https://preact-cli.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>preact-cli</a>\n    <a href=\"https://webpack-dev-server.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>webpack-dev-server</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"chrome\"><span class=\"emoji\"><img class=\"chrome-icon\" src=\"front-page-icons/chrome.svg\"></span>Chrome Tests</h2>\n    <a href=\"https://captive-portal.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>captive-portal</a>\n    <a href=\"https://mitm-software.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mitm-software</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"defunct\"><span class=\"emoji\">\u2620\ufe0f</span>Defunct</h2>\n    <a href=\"https://sha1-2016.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>sha1-2016</a>\n    <a href=\"https://sha1-2017.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-2017</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"test-suites\"><span class=\"emoji\">\ud83d\udee0</span>Test Suites</h2>\n    <a href=\"https://testsafebrowsing.appspot.com/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>Safe Browsing Tests</a>\n    <a href=\"https://www.ssllabs.com/ssltest/viewMyClient.html\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>SSL Labs Client Test</a>\n    <a href=\"https://mitm.watch/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>mitm.watch</a>\n  </div>\n  <div id=\"preload\" style=\"width: 0; height: 0;\">\n    <!-- <link rel=preload> results in warnings in Chrome: https://crbug.com/661055 -->\n    <!-- Workaround: Load the images in bogus elements. -->\n    <script>\n      window.addEventListener(\"load\", function() {\n        var parent = document.querySelector(\"#preload\");\n        var names = [\"bad-white\",\"dubious-white\",\"good-white\",\"page-white\",\"bullet-list-white\",\"external-white\"]\n        for (var i = 0; i < names.length; i++) {\n          var elem = document.createElement(\"span\");\n          elem.style.backgroundImage = \"url(front-page-icons/\" + names[i] + \".svg)\";\n          parent.appendChild(elem);\n        }\n      });\n    </script>\n  </div>\n</div><!-- class=\"column\" -->\n\n</div><!-- id=\"links\" -->\n\n<h2 class=\"your-browser\">Your Browser:\n  <div id=\"browser-info\">\n    <span class=\"highlight\">\n      <span id=\"ua\"></span><br>\n      <span id=\"os\"></span><br>\n    </span>\n    <span id=\"click-to-copy\">\ud83d\udccb Click to copy</span>\n  </div>\n</h2>\n\n<!-- Start of GitHub ribbon. -->\n<div class=\"github-fork-ribbon-wrapper right-top-bottom\">\n    <div class=\"github-fork-ribbon\">\n        <a href=\"https://github.com/chromium/badssl.com\"><span class=\"icon\"></span>On GitHub</a>\n    </div>\n</div>\n<!-- End of GitHub ribbon. -->\n\n</body>\n</html>\n"
            },
            "rendered":{
                "screenshot":"https://s3-eu-west-1.amazonaws.com/be-webshots-clients/c36ce70af0d5c0af68cc571d063870f007e21da94bbd10386e80aa56b365231d3b77.png",
                "sha256_hash":"d909dbec62ab07c57d721bb59520f3f0275ce348caf6cd9c039d076ee728b7d8",
                "ssdeep_hash":"3139323a376a49586c627961624b5a637546494d414f726e7545664a78516f674963416c2b555a46444f4e72495246642f646a6d6c314a42473a37537943754a5a7a4544346a424c",
                "link":"https://s3-eu-west-1.amazonaws.com/be-webshots-clients/c36ce70af0d5c0af68cc571d063870f007e21da94bbd10386e80aa56b365231d3b77c6f2401f1882dcd997.html",
                "content":"<html><head>\n  <meta charset=\"utf-8\">\n  <title>badssl.com</title>\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n  <link rel=\"shortcut icon\" href=\"/icons/favicon-blue.ico\">\n  <link rel=\"apple-touch-icon\" href=\"/icons/icon-blue.png\">\n  <link rel=\"stylesheet\" href=\"index.css\">\n  <link rel=\"stylesheet\" href=\"github-ribbon.css\">\n  <script src=\"index.js\"></script>\n\n  <!-- fUnKy -->\n  <link rel=\"stylesheet\" href=\"funky/funky.css\">\n  <script src=\"funky/funky.js\"></script>\n</head>\n<body>\n\n<div class=\"title-bar\" title=\"badssl.com - a memorable site for HTTPS misconfiguration\">\n  badssl.com\n</div>\n\n<div id=\"links\">\n\n<div class=\"column\">\n  <div class=\"group\">\n    <h2 id=\"dashboard\"><span class=\"emoji\">\ud83c\udf9b</span>Dashboard</h2>\n    <a href=\"/dashboard/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Dashboard</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"certificate\"><span class=\"emoji\">\ud83c\udfab</span>Certificate</h2>\n    <a href=\"https://expired.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>expired</a>\n    <a href=\"https://wrong.host.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>wrong.host</a>\n    <a href=\"https://self-signed.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>self-signed</a>\n    <a href=\"https://untrusted-root.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>untrusted-root</a>\n    <a href=\"https://revoked.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>revoked</a>\n    <a href=\"https://pinning-test.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>pinning-test</a>\n    <hr>\n    <a href=\"https://no-common-name.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-common-name</a>\n    <a href=\"https://no-subject.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>no-subject</a>\n    <a href=\"https://incomplete-chain.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>incomplete-chain</a>\n    <hr>\n    <a href=\"https://sha1-intermediate.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-intermediate</a>\n    <a href=\"https://sha256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha256</a>\n    <a href=\"https://sha384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha384</a>\n    <a href=\"https://sha512.badssl.com/\" class=\"good\"><span class=\"icon\"></span>sha512</a>\n    <hr>\n    <a href=\"https://1000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>1000-sans</a>\n    <a href=\"https://10000-sans.badssl.com/\" class=\"good\"><span class=\"icon\"></span>10000-sans</a>\n    <hr>\n    <a href=\"https://ecc256.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc256</a>\n    <a href=\"https://ecc384.badssl.com/\" class=\"good\"><span class=\"icon\"></span>ecc384</a>\n    <hr>\n    <a href=\"https://rsa2048.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa2048</a>\n    <a href=\"https://rsa4096.badssl.com/\" class=\"good\"><span class=\"icon\"></span>rsa4096</a>\n    <a href=\"https://rsa8192.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>rsa8192</a> \n    <hr>\n    <a href=\"https://extended-validation.badssl.com/\" class=\"good\"><span class=\"icon\"></span>extended-validation</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"client-certificate\"><span class=\"emoji\">\ud83c\udf9f</span>Client Certificate</h2>\n    <a href=\"/download/\" target=\"_blank\" class=\"bullet-list\"><span class=\"icon\"></span>Certificate Downloads</a>\n    <a href=\"https://client.badssl.com/\" class=\"good\"><span class=\"icon\"></span>client</a>\n    <a href=\"https://client-cert-missing.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>client-cert-missing</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"mixed-content\"><span class=\"emoji\">\ud83d\uddbc</span>Mixed Content</h2>\n    <a href=\"https://mixed-script.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mixed-script</a>\n    <a href=\"https://very.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>very</a>\n    <hr>\n    <a href=\"https://mixed.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed</a>\n    <a href=\"https://mixed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-favicon</a>\n    <a href=\"https://mixed-form.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mixed-form</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"http\"><span class=\"emoji\">\u270f\ufe0f</span>HTTP</h2>\n    <a href=\"http://http.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http</a>\n    <a href=\"http://http-textarea.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-textarea</a>\n    <a href=\"http://http-password.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-password</a>\n    <a href=\"http://http-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-login</a>\n    <a href=\"http://http-dynamic-login.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-dynamic-login</a>\n    <a href=\"http://http-credit-card.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>http-credit-card</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"cipher-suite\"><span class=\"emoji\">\ud83d\udd00</span>Cipher Suite</h2>\n    <a href=\"https://cbc.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>cbc</a>\n    <a href=\"https://rc4-md5.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4-md5</a>\n    <a href=\"https://rc4.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>rc4</a>\n    <a href=\"https://3des.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>3des</a>\n    <a href=\"https://null.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>null</a>\n    <hr>\n    <a href=\"https://mozilla-old.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mozilla-old</a>\n    <a href=\"https://mozilla-intermediate.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>mozilla-intermediate</a>\n    <a href=\"https://mozilla-modern.badssl.com/\" class=\"good\"><span class=\"icon\"></span>mozilla-modern</a>\n  </div>\n</div><!-- class=\"column\" -->\n\n<div class=\"column\">\n  <div class=\"group\">\n    <h2 id=\"key-exchange\"><span class=\"emoji\">\ud83d\udd11</span>Key Exchange</h2>\n    <a href=\"https://dh480.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh480</a>\n    <a href=\"https://dh512.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh512</a>\n    <a href=\"https://dh1024.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh1024</a>\n    <a href=\"https://dh2048.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>dh2048</a>\n    <hr>\n    <a href=\"https://dh-small-subgroup.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-small-subgroup</a>\n    <a href=\"https://dh-composite.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>dh-composite</a>\n    <hr>\n    <a href=\"https://static-rsa.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>static-rsa</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"protocol\"><span class=\"emoji\">\u2194\ufe0f</span>Protocol</h2>\n    <a href=\"https://tls-v1-0.badssl.com:1010/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-0</a>\n    <a href=\"https://tls-v1-1.badssl.com:1011/\" class=\"dubious\"><span class=\"icon\"></span>tls-v1-1</a>\n    <a href=\"https://tls-v1-2.badssl.com:1012/\" class=\"good\"><span class=\"icon\"></span>tls-v1-2</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"certificate-transparency\"><span class=\"emoji\">\ud83d\udd0d</span>Certificate Transparency</h2>\n    <a href=\"https://invalid-expected-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>invalid-expected-sct</a>\n    <a href=\"https://no-sct.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>no-sct</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"upgrade\"><span class=\"emoji\">\u2b06\ufe0f</span>Upgrade</h2>\n    <a href=\"https://hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>hsts</a>\n    <a href=\"https://upgrade.badssl.com/\" class=\"good\"><span class=\"icon\"></span>upgrade</a>\n    <hr>\n    <a href=\"https://preloaded-hsts.badssl.com/\" class=\"good\"><span class=\"icon\"></span>preloaded-hsts</a>\n    <a href=\"https://subdomain.preloaded-hsts.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>subdomain.preloaded-hsts</a>\n    <hr>\n    <a href=\"https://https-everywhere.badssl.com/\" class=\"good\"><span class=\"icon\"></span>https-everywhere</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"ui\"><span class=\"emoji\">\ud83d\udc40</span>UI</h2>\n    <a href=\"https://spoofed-favicon.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>spoofed-favicon</a>\n    <a href=\"https://lock-title.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>lock-title</a>\n    <hr>\n    <a href=\"https://long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com/\" class=\"good\"><span class=\"icon\"></span>long-extended-subdomain-name-containing-many-letters-and-dashes</a>\n    <a href=\"https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com/\" class=\"good\"><span class=\"icon\"></span>longextendedsubdomainnamewithoutdashesinordertotestwordwrapping</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"known-bad\"><span class=\"emoji\">\u274c</span>Known Bad</h2>\n    <a href=\"https://superfish.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Lenovo) Superfish</a>\n    <a href=\"https://edellroot.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) eDellRoot</a>\n    <a href=\"https://dsdtestprovider.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>(Dell) DSD Test Provider</a>\n    <a href=\"https://preact-cli.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>preact-cli</a>\n    <a href=\"https://webpack-dev-server.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>webpack-dev-server</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"chrome\"><span class=\"emoji\"><img class=\"chrome-icon\" src=\"front-page-icons/chrome.svg\"></span>Chrome Tests</h2>\n    <a href=\"https://captive-portal.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>captive-portal</a>\n    <a href=\"https://mitm-software.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>mitm-software</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"defunct\" class=\"hover-link\"><span class=\"emoji\">\u2620\ufe0f</span>Defunct</h2>\n    <a href=\"https://sha1-2016.badssl.com/\" class=\"dubious\"><span class=\"icon\"></span>sha1-2016</a>\n    <a href=\"https://sha1-2017.badssl.com/\" class=\"bad\"><span class=\"icon\"></span>sha1-2017</a>\n  </div>\n  <div class=\"group\">\n    <h2 id=\"test-suites\"><span class=\"emoji\">\ud83d\udee0</span>Test Suites</h2>\n    <a href=\"https://testsafebrowsing.appspot.com/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>Safe Browsing Tests</a>\n    <a href=\"https://www.ssllabs.com/ssltest/viewMyClient.html\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>SSL Labs Client Test</a>\n    <a href=\"https://mitm.watch/\" target=\"_blank\" class=\"external\"><span class=\"icon\"></span>mitm.watch</a>\n  </div>\n  <div id=\"preload\" style=\"width: 0; height: 0;\">\n    <!-- <link rel=preload> results in warnings in Chrome: https://crbug.com/661055 -->\n    <!-- Workaround: Load the images in bogus elements. -->\n    <script>\n      window.addEventListener(\"load\", function() {\n        var parent = document.querySelector(\"#preload\");\n        var names = [\"bad-white\",\"dubious-white\",\"good-white\",\"page-white\",\"bullet-list-white\",\"external-white\"]\n        for (var i = 0; i < names.length; i++) {\n          var elem = document.createElement(\"span\");\n          elem.style.backgroundImage = \"url(front-page-icons/\" + names[i] + \".svg)\";\n          parent.appendChild(elem);\n        }\n      });\n    </script>\n  <span style=\"background-image: url(&quot;front-page-icons/bad-white.svg&quot;);\"></span><span style=\"background-image: url(&quot;front-page-icons/dubious-white.svg&quot;);\"></span><span style=\"background-image: url(&quot;front-page-icons/good-white.svg&quot;);\"></span><span style=\"background-image: url(&quot;front-page-icons/page-white.svg&quot;);\"></span><span style=\"background-image: url(&quot;front-page-icons/bullet-list-white.svg&quot;);\"></span><span style=\"background-image: url(&quot;front-page-icons/external-white.svg&quot;);\"></span></div>\n</div><!-- class=\"column\" -->\n\n</div><!-- id=\"links\" -->\n\n<h2 class=\"your-browser\">Your Browser:\n  <div id=\"browser-info\">\n    <span class=\"highlight\">\n      <span id=\"ua\" title=\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/79.0.3945.79 HeadlessChrome/79.0.3945.79 Safari/537.36\">Chrome 79.0.3945.79</span><br>\n      <span id=\"os\">Linux</span><br>\n    </span>\n    <span id=\"click-to-copy\">\ud83d\udccb Click to copy</span>\n  </div>\n</h2>\n\n<!-- Start of GitHub ribbon. -->\n<div class=\"github-fork-ribbon-wrapper right-top-bottom\">\n    <div class=\"github-fork-ribbon\">\n        <a href=\"https://github.com/chromium/badssl.com\"><span class=\"icon\"></span>On GitHub</a>\n    </div>\n</div>\n<!-- End of GitHub ribbon. -->\n\n\n\n</body></html>"
            }
        },
        "apps":[
            {
                "name":"Nginx",
                "confidence":"100",
                "version":"1.10.3",
                "cpe":"cpe:/a:nginx:nginx:1.10.3",
                "categories":[
                    "web servers",
                    "reverse proxy"
                ]
            },
            {
                "name":"Ubuntu",
                "confidence":"100",
                "categories":[
                    "operating systems"
                ]
            }
        ]
    }
  }  
}