Default Web Page (Low)
Server Header Info Disclosure (Low) - only on web assessments
curl --head <ip>
ETag?
nikto, e.g.
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Default 404 Info Disclosure (Low)
Weak Ciphers
nmap --script=ssl-enum-ciphers -p 443 <ip>
note the least strength cipher
bruteforce attack on SSH at some point to make sure their SIM catches it
Check SMB for anonymous login
GPP cPassword (Groups.xml)
Last updated 4 years ago