← Dashboard / Scan #1

https://linens.brubai.net

🕐 Mar 05, 2026 10:09 ● completed Modules: ssl, headers, stack, nikto, zap, nmap, infra Stack: python

Risk Score

100 /100

Critical Risk

Findings Breakdown

critical

high

medium

low

info

📋 Executive Summary

Security scan of https://linens.brubai.net completed on March 05, 2026. A total of 24 finding(s) were identified across 7 scan module(s).

⛔ 5 critical issue(s) require immediate attention — these represent active security risks that could lead to data breach or system compromise.

⚠️ 3 high-severity issue(s) should be remediated within 24–72 hours.

🔶 3 medium-severity issue(s) should be addressed in the next sprint.

CRITICAL Cloud Metadata Reachable: GCP Metadata API infra ▼

CRITICAL Cloud Metadata Reachable: GCP Metadata (internal) infra ▼

CRITICAL Exposed: /.git/HEAD infra ▼

CRITICAL Exposed: /.git/config infra ▼

CRITICAL Exposed: /.env infra ▼

HIGH Missing Header: Strict-Transport-Security headers ▼

HIGH Missing Header: Content-Security-Policy headers ▼

HIGH ReDoc API Docs Found: /redoc infra ▼

MEDIUM Missing Header: X-Frame-Options headers ▼

MEDIUM Missing Header: X-Content-Type-Options headers ▼

MEDIUM Information Disclosure: Server headers ▼

LOW Missing Header: Referrer-Policy headers ▼

LOW Missing Header: Permissions-Policy headers ▼

LOW Port 80/tcp Open: HTTP nmap ▼

LOW Port 8443/tcp Open: HTTPS-Alt nmap ▼

INFO SSL/TLS Configuration Looks Good ssl ▼

INFO Target Unreachable stack ▼

INFO Nikto: No Issues Found nikto ▼

INFO ZAP Scan Error zap ▼

INFO Port 22/tcp Open: SSH nmap ▼

INFO Port 443/tcp Open: HTTPS nmap ▼

INFO Host: linens.brubai.net → 34.1.129.53 infra ▼

INFO GCP IP Range Detected infra ▼

INFO SSH Port 22 Open infra ▼