WARNING: This plugin will generate false positive and is purely informative:
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
Severity: info
Fingerprint: 3f43e0ebb5dce37ab8b59eb50006c01bfe916ff6fe916ff6fe916ff6fe916ff6
Found potentially vulnerable SSH version: SSH-2.0-OpenSSH_8.7 WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
MongoDB is currently open without authentication.
This results in all the database data made available publicly.
Severity: medium
Fingerprint: 436d217a47ab4258fc75df94e9b383964ce909204e6f39da5748fae5dae2ada0
Collections: 3, document count: 2, size: 432 B HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ__ME_TO_RECOVER_YOUR_DATA.README with 1 documents (373 B) Found collection admin.system.version with 1 documents (59 B) Found collection config.system.sessions with 0 documents (0 B)
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65227eddc385
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://github.com/wulabing/3DCEList.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master