JLLeitschuh · November 1, 2018 15:24
diff --git a/Nikto Gradle Plugin Portal b/Nikto Gradle Plugin Portal
 nikto -h https://plugins.gradle.org/
 - Nikto v2.1.6
 ---------------------------------------------------------------------------
 + Target IP:          104.16.174.166
 + Target Hostname:    plugins.gradle.org
 + Target Port:        443
 ---------------------------------------------------------------------------
 + SSL Info:        Subject:  /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=ssl473435.cloudflaressl.com
                   Altnames: ssl473435.cloudflaressl.com, *.gradle.org, gradle.org
                   Ciphers:  ECDHE-ECDSA-CHACHA20-POLY1305
                   Issuer:   /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
 + Start Time:         2018-10-20 12:13:30 (GMT-4)
 ---------------------------------------------------------------------------
 + Server: cloudflare
 + Retrieved via header: 1.1 vegur
 + The anti-clickjacking X-Frame-Options header is not present.
 + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
 + Uncommon header 'cf-ray' found, with contents: 46ccc5bf2d9f9a1c-EWR
 + Uncommon header 'expect-ct' found, with contents: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
 + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
 + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
 + Cookie __cfduid created without the secure flag
 + Uncommon header 'cf-cache-status' found, with contents: MISS
 + No CGI Directories found (use '-C all' to force check all possible dirs)
 + Entry '/m2/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
 + "robots.txt" contains 1 entry which should be manually viewed.
 + Server is using a wildcard certificate: *.gradle.org
 + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
 + Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
 + Uncommon header 'x-amz-version-id' found, with contents: 4CuDbNLw3ZyTEYAmFHvtPU.P25twrUJH
 + Uncommon header 'x-amz-error-code' found, with contents: NoSuchKey
 + Uncommon header 'x-amz-error-message' found, with contents: The specified key does not exist.
 + Uncommon header 'x-amz-request-id' found, with contents: 5C1075D723B3C9D2
 + Uncommon header 'x-amz-error-detail-key' found, with contents: 11207779/head/cart32.exe
 + Uncommon header 'x-amz-id-2' found, with contents: fbYSEo6uojolLGL8uQZaGT6pmtW/DW5+s/aUxy2rOzep8qV+f8z1tBilEpZugMVKTUfuSJMPPIc=
 + OSVDB-3092: : This might be interesting... possibly a system shell found.
 + 9123 requests: 0 error(s) and 20 item(s) reported on remote host
 + End Time:           2018-10-20 12:32:52 (GMT-4) (1162 seconds)
 ---------------------------------------------------------------------------
 + 1 host(s) tested
	nikto -h https://plugins.gradle.org/
	- Nikto v2.1.6
	---------------------------------------------------------------------------
	+ Target IP: 104.16.174.166
	+ Target Hostname: plugins.gradle.org
	+ Target Port: 443
	---------------------------------------------------------------------------
	+ SSL Info: Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=ssl473435.cloudflaressl.com
	Altnames: ssl473435.cloudflaressl.com, *.gradle.org, gradle.org
	Ciphers: ECDHE-ECDSA-CHACHA20-POLY1305
	Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
	+ Start Time: 2018-10-20 12:13:30 (GMT-4)
	---------------------------------------------------------------------------
	+ Server: cloudflare
	+ Retrieved via header: 1.1 vegur
	+ The anti-clickjacking X-Frame-Options header is not present.
	+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
	+ Uncommon header 'cf-ray' found, with contents: 46ccc5bf2d9f9a1c-EWR
	+ Uncommon header 'expect-ct' found, with contents: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
	+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
	+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
	+ Cookie __cfduid created without the secure flag
	+ Uncommon header 'cf-cache-status' found, with contents: MISS
	+ No CGI Directories found (use '-C all' to force check all possible dirs)
	+ Entry '/m2/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
	+ "robots.txt" contains 1 entry which should be manually viewed.
	+ Server is using a wildcard certificate: *.gradle.org
	+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
	+ Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
	+ Uncommon header 'x-amz-version-id' found, with contents: 4CuDbNLw3ZyTEYAmFHvtPU.P25twrUJH
	+ Uncommon header 'x-amz-error-code' found, with contents: NoSuchKey
	+ Uncommon header 'x-amz-error-message' found, with contents: The specified key does not exist.
	+ Uncommon header 'x-amz-request-id' found, with contents: 5C1075D723B3C9D2
	+ Uncommon header 'x-amz-error-detail-key' found, with contents: 11207779/head/cart32.exe
	+ Uncommon header 'x-amz-id-2' found, with contents: fbYSEo6uojolLGL8uQZaGT6pmtW/DW5+s/aUxy2rOzep8qV+f8z1tBilEpZugMVKTUfuSJMPPIc=
	+ OSVDB-3092: : This might be interesting... possibly a system shell found.
	+ 9123 requests: 0 error(s) and 20 item(s) reported on remote host
	+ End Time: 2018-10-20 12:32:52 (GMT-4) (1162 seconds)
	---------------------------------------------------------------------------
	+ 1 host(s) tested