quxnow.com

quxnow.com:443  ·  2026-05-19  ·  Pentest FULL SCAN
1 High

Executive Summary

PQC
TLS Classification
TLSv1.3
TLS Version
X25519MLKEM768
Key Exchange
8
Total Findings
30
Risk Score
1 High 1 Medium 5 Low 1 Info

TLS / Cryptographic Findings

MEDIUM ECDSA Certificate on quxnow.com:443

The certificate at quxnow.com:443 uses ECDSA, which is vulnerable to Shor's algorithm on a quantum computer. While more resistant than RSA, ECDSA certificates will become forgeable as quantum computing matures.

Remediation: Migrate to ML-DSA-65 certificates via Qid.
SC-8SC-17 SC.3.177
INFO PQC Key Exchange Confirmed on quxnow.com:443

quxnow.com:443 successfully negotiated X25519MLKEM768, a post-quantum hybrid key exchange. This endpoint is protected against harvest-now-decrypt-later attacks.

Remediation: No action required for key exchange. Verify certificate algorithm.
SC-8SC-13 SC.3.177

Web Application Findings

HIGH Sensitive Path Exposed: /robots.txt

The path https://quxnow.com/robots.txt returned HTTP 200. This may expose configuration files, secrets, or API documentation to unauthorized users.

Remediation: Block public access to /robots.txt. If this is intentional (e.g., robots.txt), ensure no sensitive data is exposed.
AC-3SC-7CM-7 AC.1.004SC.3.177 T1190T1592
LOW SSL Certificate Expires in 33 Days

The SSL certificate for quxnow.com expires on 2026-06-21. Plan renewal to avoid disruption.

Remediation: Schedule certificate renewal. Consider ACME-based auto-renewal.
SC-17 SC.3.177

Network / Port Findings

Open Ports (4)

80 HTTP
HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 03:17
443 HTTPS
HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19
8080 HTTP-Proxy
HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 03:18
8443 HTTPS-Alt
HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19
LOW Service Banner Disclosure on Port 80 (HTTP)

Port 80 (HTTP) reveals a service banner: HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 03:17:34 GMT Content-Type: text/html; charse. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 80.
SI-11SC-7 SI.2.216 T1046
LOW Service Banner Disclosure on Port 443 (HTTPS)

Port 443 (HTTPS) reveals a service banner: HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19 May 2026 03:17:37 GMT Content-Type: tex. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 443.
SI-11SC-7 SI.2.216 T1046
LOW Service Banner Disclosure on Port 8080 (HTTP-Proxy)

Port 8080 (HTTP-Proxy) reveals a service banner: HTTP/1.1 301 Moved Permanently Date: Tue, 19 May 2026 03:18:16 GMT Content-Type: text/html; charse. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 8080.
SI-11SC-7 SI.2.216 T1046
LOW Service Banner Disclosure on Port 8443 (HTTPS-Alt)

Port 8443 (HTTPS-Alt) reveals a service banner: HTTP/1.1 400 Bad Request Server: cloudflare Date: Tue, 19 May 2026 03:18:20 GMT Content-Type: tex. Version information helps attackers identify exploitable vulnerabilities.

Remediation: Suppress or genericize the service banner on port 8443.
SI-11SC-7 SI.2.216 T1046

MITRE ATT&CK Mapping

4 techniques identified across 4 tactics

TechniqueNameTacticFindingsMitigation
T1046 Network Service Discovery Discovery 4 M1030 - Network Segmentation; M1031 - Network Intrusion Prevention
T1190 Exploit Public-Facing Application Initial Access 1 M1048 - Application Isolation and Sandboxing; M1030 - Network Segmentation; M101...
T1557 Adversary-in-the-Middle Credential Access / Collection 1 M1041 - Encrypt Sensitive Information; M1035 - Limit Access to Resource Over Net...
T1592 Gather Victim Host Information Reconnaissance 5 M1056 - Pre-compromise; minimize public information disclosure
← All Engagements