primumterminus.com

primumterminus.com:443  ·  2026-05-19  ·  Pentest FULL SCAN
2 Critical

Executive Summary

PQC
TLS Classification
TLSv1.3
TLS Version
X25519MLKEM768
Key Exchange
18
Total Findings
240
Risk Score
2 Critical 7 High 2 Medium 6 Low 1 Info

TLS / Cryptographic Findings

MEDIUM ECDSA Certificate on primumterminus.com:443

The certificate at primumterminus.com:443 uses ECDSA, which is vulnerable to Shor's algorithm on a quantum computer. While more resistant than RSA, ECDSA certificates will become forgeable as quantum computing matures.

Remediation: Migrate to ML-DSA-65 certificates via Qid.
SC-8SC-17 SC.3.177
INFO PQC Key Exchange Confirmed on primumterminus.com:443

primumterminus.com:443 successfully negotiated X25519MLKEM768, a post-quantum hybrid key exchange. This endpoint is protected against harvest-now-decrypt-later attacks.

Remediation: No action required for key exchange. Verify certificate algorithm.
SC-8SC-13 SC.3.177

Web Application Findings

CRITICAL Sensitive Path Exposed: /.env

The path https://primumterminus.com/.env returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /.env. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
CRITICAL Sensitive Path Exposed: /.git/config

The path https://primumterminus.com/.git/config returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /.git/config. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
HIGH Missing Content-Security-Policy Header

No CSP header found. The application is vulnerable to cross-site scripting (XSS) and data injection attacks.

Remediation: Implement a strict Content-Security-Policy header. Start with default-src 'self' and progressively allow required sources.
SI-10SC-18 SI.2.216 T1059.007
HIGH Missing HSTS Header

No Strict-Transport-Security header found. Users can be downgraded from HTTPS to HTTP via man-in-the-middle attacks.

Remediation: Add Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
SC-8SC-23 SC.3.177 T1557
HIGH Sensitive Path Exposed: /backup

The path https://primumterminus.com/backup returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /backup. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
HIGH Sensitive Path Exposed: /api/docs

The path https://primumterminus.com/api/docs returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /api/docs. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
HIGH Sensitive Path Exposed: /swagger.json

The path https://primumterminus.com/swagger.json returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /swagger.json. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
HIGH Sensitive Path Exposed: /openapi.json

The path https://primumterminus.com/openapi.json returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /openapi.json. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
HIGH Sensitive Path Exposed: /robots.txt

The path https://primumterminus.com/robots.txt returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /robots.txt. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
MEDIUM Missing X-Frame-Options Header

No X-Frame-Options header found. The application may be vulnerable to clickjacking attacks.

Remediation: Add X-Frame-Options: DENY or SAMEORIGIN header.
SI-10SC-18 SI.2.216 T1189
LOW Missing Permissions-Policy Header

No Permissions-Policy header found. Browser features like camera, microphone, and geolocation are not explicitly restricted.

Remediation: Add a Permissions-Policy header restricting unused browser features.
SC-7AC-4 SC.3.177 T1592
LOW SSL Certificate Expires in 48 Days

The SSL certificate for primumterminus.com expires on 2026-07-06. Plan renewal to avoid disruption.

Remediation: Schedule certificate renewal. Consider ACME-based auto-renewal.
SC-17 SC.3.177

Network / Port Findings

Open Ports (4)

80 HTTP
HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 02:54
443 HTTPS
HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19
8080 HTTP-Proxy
HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 02:54
8443 HTTPS-Alt
HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19
LOW Service Banner Disclosure on Port 80 (HTTP)

Port 80 (HTTP) reveals a service banner: HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 02:54:16 GMT Content-Type: text/html; charse. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 80.
SI-11SC-7 SI.2.216 T1046
LOW Service Banner Disclosure on Port 443 (HTTPS)

Port 443 (HTTPS) reveals a service banner: HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19 May 2026 02:54:19 GMT Content-Type: tex. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 443.
SI-11SC-7 SI.2.216 T1046
LOW Service Banner Disclosure on Port 8080 (HTTP-Proxy)

Port 8080 (HTTP-Proxy) reveals a service banner: HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 02:54:58 GMT Content-Type: text/html; charse. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 8080.
SI-11SC-7 SI.2.216 T1046
LOW Service Banner Disclosure on Port 8443 (HTTPS-Alt)

Port 8443 (HTTPS-Alt) reveals a service banner: HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19 May 2026 02:55:01 GMT Content-Type: tex. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 8443.
SI-11SC-7 SI.2.216 T1046

MITRE ATT&CK Mapping

6 techniques identified across 5 tactics

TechniqueNameTacticFindingsMitigation
T1046 Network Service Discovery Discovery 4 M1030 - Network Segmentation; M1031 - Network Intrusion Prevention
T1059.007 Command and Scripting Interpreter: JavaScript Execution 1 M1038 - Execution Prevention; M1040 - Behavior Prevention on Endpoint
T1189 Drive-by Compromise Initial Access 1 M1048 - Application Isolation and Sandboxing; M1050 - Exploit Protection
T1190 Exploit Public-Facing Application Initial Access 11 M1048 - Application Isolation and Sandboxing; M1030 - Network Segmentation; M101...
T1557 Adversary-in-the-Middle Credential Access / Collection 2 M1041 - Encrypt Sensitive Information; M1035 - Limit Access to Resource Over Net...
T1592 Gather Victim Host Information Reconnaissance 15 M1056 - Pre-compromise; minimize public information disclosure
← All Engagements