# Vulnerabilities Checklist

* [ ] Default Web Page (Low)
* [ ] Server Header Info Disclosure (Low) - only on web assessments
  * [ ] `curl --head <ip>`
    * [ ] ETag?
  * [ ] nikto, e.g.
    * [ ] \+ The anti-clickjacking X-Frame-Options header is not present.
    * [ ] \+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
    * [ ] \+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type<br>
* [ ] Default 404 Info Disclosure (Low)
* [ ] Weak Ciphers
  * [ ] `nmap --script=ssl-enum-ciphers -p 443 <ip>`
  * [ ] note the least strength cipher
* [ ] bruteforce attack on SSH at some point to make sure their SIM catches it
* [ ] Check SMB for anonymous login
* [ ] GPP cPassword (Groups.xml)