Recette de cuisine : 63 000 recettes de cuisine française et du monde
HTTPS
타겟 분석
cuisine.journaldesfemmes.fr
IP: 0.0.0.0
ASN: AS0
cuisine.journaldesfemmes.fr에 대한 포괄적인 보안 및 네트워크 분석 보고서.
- 주요 포트
- 443
- 스캔 시간
- 공유 가능한 보고서 링크
- https://sechttp.com/scan/cuisine.journaldesfemmes.fr
상세 보안 분석
공격 경로 및 DDoS 방어 분석
공격자
L4 트래픽
L7 트래픽
AS0 (Unknown POP)
L4 방어됨
L7 우회됨
L4 차단됨
L7 트래픽
귀하의 서버
방어 요약
Unknown는 레이어 4(네트워크 수준) 공격에 대해 강력한 보호를 제공하지만, 표준 CDN 방어를 우회할 수 있는 정교한 레이어 7(애플리케이션 수준) 공격에 대해 서버가 여전히 취약할 수 있습니다. 추가 WAF 규칙과 애플리케이션 측 보안 조치가 권장됩니다.
레이어 4 방어
Unknown 네트워크 엣지에서 SYN 플러드, UDP 증폭 및 대규모 공격에 대한 강력한 보호를 제공합니다.
레이어 7 취약점
5의 노출된 API 엔드포인트를 대상으로 하는 애플리케이션 레벨 공격은 추가 WAF 규칙과 속도 제한이 필요합니다.
HSTS 헤더 누락 또는 유효하지 않음
MEDIUMSEC-001
설명
Strict-Transport-Security 헤더가 올바르게 구성되지 않아 사이트가 중간자 공격에 취약합니다.
권장 사항
HTTPS 연결을 강제하기 위해 적절한 max-age 값으로 Strict-Transport-Security 헤더를 추가하여 HSTS를 구현하십시오.
JavaScript에서 민감 정보 노출
HIGHJS-001
설명
클라이언트 측 JavaScript 코드에서 66개의 잠재적으로 민감한 변수가 노출되었습니다.
권장 사항
클라이언트 측 코드에서 민감한 정보를 검토하고 제거하십시오. 민감한 데이터에는 환경 변수와 서버 측 처리를 사용하십시오.
root@sechttp: /var/log/fuzz
root@sechttp : ~ $
> [Code: 200]
/api/microforum/avis/?id= [민감 정보 유출]
> [Code: 403]
/api/microforum/avis/ [금지됨]
> [Code: 404]
/api/tagconf/ > [Code: 200]
/api/block/ [민감 정보 유출]
> [Code: 403]
/api/contentconf/ [금지됨]
[+] 스캔 완료. 발견된 항목: 2 잠재적 유출.
root@sechttp : ~ $
포트 스캔 결과
| 포트 | 서비스 | 상태 | 버전 |
|---|---|---|---|
| 80 | HTTP | 닫힘 | - |
| 443 | HTTPS | 오픈 | TLS 1.3 |
| 22 | SSH | 필터링됨 | - |
| 3306 | MySQL | 닫힘 | - |
HTTP 헤더 분석
date:
Sun, 12 Apr 2026 17:31:06 GMT
pragma:
no-cache
expires:
Sun, 12 Apr 2026 17:31:06 GMT
x-ccm-lm:
1776014563
connection:
keep-alive
x-served-by:
lxc-varnish-jdf-04
content-type:
text/html; charset=UTF-8
cache-control:
max-age=0, no-cache
last-modified:
Sun, 12 Apr 2026 17:26:28 GMT
content-length:
229085
x-ccm-cache-tag:
jdf_ctag_91
x-frame-options:
sameorigin
x-www-served-by:
vm_k8s_prod_21
content-language:
fr
x-cache-esi-debug:
Forwarded
content-security-policy:
frame-ancestors 'self'
현재 테스트 중
피어링 정보가 분석 중입니다.
현재 테스트 중
인터넷 교환 데이터가 수집 중입니다.
JavaScript 분석
Security Analysis Alert
Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.
노출된 JavaScript 변수
Variables exposed in client-side code that may contain sensitive information
# Security Assessment: Variable Exposure Analysis
LEAK
API
,e)});else{console.warn(
Risk: Information disclosure via client-side exposure
LEAK
dev
null
Risk: Information disclosure via client-side exposure
LEAK
key
getTranslation
Risk: Information disclosure via client-side exposure
LEAK
url
/api/contentconf/
Risk: Information disclosure via client-side exposure
LEAK
code
MODULE_NOT_FOUND
Risk: Information disclosure via client-side exposure
LEAK
keys
n
Risk: Information disclosure via client-side exposure
LEAK
test
\x3c!--@MOD:widget@{
Risk: Information disclosure via client-side exposure
LEAK
email
void
Risk: Information disclosure via client-side exposure
LEAK
keyup
1
Risk: Information disclosure via client-side exposure
LEAK
token
t
Risk: Information disclosure via client-side exposure
LEAK
COOKIE
D, dd M yy
Risk: Information disclosure via client-side exposure
LEAK
access
function
Risk: Information disclosure via client-side exposure
LEAK
author
o
Risk: Information disclosure via client-side exposure
LEAK
client
+e.clientId+
Risk: Information disclosure via client-side exposure
LEAK
domain
null
Risk: Information disclosure via client-side exposure
LEAK
getUrl
function
Risk: Information disclosure via client-side exposure
LEAK
mailto
redac
Risk: Information disclosure via client-side exposure
LEAK
baseUrl
//
Risk: Information disclosure via client-side exposure
LEAK
dataKey
data-channelId
Risk: Information disclosure via client-side exposure
LEAK
fileAPI
+E);var T,S=(j||C)&&!E;!1!==t.iframe&&(t.iframe||S)?t.closeKeepAlive?e.get(t.closeKeepAlive,function(){T=N(y)}):T=N(y):T=(j||C)&&E?M(y):e.ajax(t),p.removeData(
Risk: Information disclosure via client-side exposure
LEAK
keyCode
e
Risk: Information disclosure via client-side exposure
LEAK
keydown
1
Risk: Information disclosure via client-side exposure
LEAK
sitekey
6LfcECcUAAAAANw9v7LQYqYsrkQmseAxos7r8wQP
Risk: Information disclosure via client-side exposure
LEAK
urlHash
window
Risk: Information disclosure via client-side exposure
LEAK
_doKeyUp
function
Risk: Information disclosure via client-side exposure
LEAK
_keydown
function
Risk: Information disclosure via client-side exposure
LEAK
adDomain
null
Risk: Information disclosure via client-side exposure
LEAK
b.domain
<empty_value>
Risk: Information disclosure via client-side exposure
LEAK
charCode
e
Risk: Information disclosure via client-side exposure
LEAK
clientId
breakingnews
Risk: Information disclosure via client-side exposure
LEAK
keypress
function
Risk: Information disclosure via client-side exposure
LEAK
shareUrl
encodeURIComponent
Risk: Information disclosure via client-side exposure
LEAK
snapItem
s
Risk: Information disclosure via client-side exposure
LEAK
urlLabel
m
Risk: Information disclosure via client-side exposure
LEAK
_isNumber
function
Risk: Information disclosure via client-side exposure
LEAK
_keyEvent
function
Risk: Information disclosure via client-side exposure
LEAK
i.keydown
_keydown
Risk: Information disclosure via client-side exposure
LEAK
wrapInner
function
Risk: Information disclosure via client-side exposure
LEAK
_doKeyDown
function
Risk: Information disclosure via client-side exposure
LEAK
_onKeyDown
function
Risk: Information disclosure via client-side exposure
LEAK
b.clientId
<empty_value>
Risk: Information disclosure via client-side exposure
LEAK
contentUrl
a
Risk: Information disclosure via client-side exposure
LEAK
statusCode
function
Risk: Information disclosure via client-side exposure
LEAK
_doKeyPress
function
Risk: Information disclosure via client-side exposure
LEAK
_tabKeydown
function
Risk: Information disclosure via client-side exposure
LEAK
credentials
include
Risk: Information disclosure via client-side exposure
LEAK
facebookUrl
a
Risk: Information disclosure via client-side exposure
LEAK
numberFormat
null
Risk: Information disclosure via client-side exposure
LEAK
pinterestUrl
a
Risk: Information disclosure via client-side exposure
LEAK
_panelKeyDown
function
Risk: Information disclosure via client-side exposure
LEAK
_panelKeydown
function
Risk: Information disclosure via client-side exposure
LEAK
defaultDomain
fc
Risk: Information disclosure via client-side exposure
LEAK
getPublicPath
function
Risk: Information disclosure via client-side exposure
LEAK
maxRatingKeys
100
Risk: Information disclosure via client-side exposure
LEAK
urlParameters
window
Risk: Information disclosure via client-side exposure
LEAK
getResourceUrl
function
Risk: Information disclosure via client-side exposure
LEAK
numberOfMonths
1
Risk: Information disclosure via client-side exposure
LEAK
storageKeyName
ccmratings
Risk: Information disclosure via client-side exposure
LEAK
ratingKeysToDrop
90
Risk: Information disclosure via client-side exposure
LEAK
jPaginationNumber
paginationNumber
Risk: Information disclosure via client-side exposure
LEAK
pinterestMediaUrl
a
Risk: Information disclosure via client-side exposure
LEAK
_getNumberOfMonths
function
Risk: Information disclosure via client-side exposure
LEAK
_closeOnClickOutside
function
Risk: Information disclosure via client-side exposure
LEAK
_intersectsWithSides
function
Risk: Information disclosure via client-side exposure
LEAK
defaultOptions.dataKey
data-channelId
Risk: Information disclosure via client-side exposure
LEAK
getUrlForExternalResource
function
Risk: Information disclosure via client-side exposure
Total: 66 exposed variables found
API 도메인 분석
External API domains discovered in client-side code
EXTERNAL_API_DOMAIN
jqueryui.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
astatic.ccmbg.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
assets-sourcemaps.s3.prod.ccmbg.net
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.ccmbenchmark.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
fonts.googleapis.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.linternaute.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.qlf.linternaute.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.local.linternaute.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.journaldunet.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.qlf.journaldunet.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.local.journaldunet.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
www.facebook.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
e.infogram.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
p.ccmbg.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
static.ccmbg.com
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
EXTERNAL_API_DOMAIN
cdn.jsdelivr.net
Reachable
HTTPS Enabled
Security Note:
External API domains should be validated for proper authentication and rate limiting
발견된 API 엔드포인트
API endpoints identified through static analysis of client-side code
GET
/api/microforum/avis/?id=
Active
Endpoint discovered via client-side code analysis
GET
/api/microforum/avis/
Active
Endpoint discovered via client-side code analysis
GET
/api/tagconf/
Active
Endpoint discovered via client-side code analysis
GET
/api/block/
Active
Endpoint discovered via client-side code analysis
GET
/api/contentconf/
Active
Endpoint discovered via client-side code analysis
JavaScript 리소스
JavaScript files loaded by the application
JS
https://html5shim.googlecode.com/svn/trunk/html5.js
JS
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
JS
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
JS
https://astatic.ccmbg.com/ccmcms_journaldesfemmes/dist/app/js/commons.5af8960e3444b75866cb.js
JS
https://astatic.ccmbg.com/ccmcms_journaldesfemmes/dist/app/js/app.03ad5c43ca7eb1f08c37.js
JS
https://astatic.ccmbg.com/ccmcms_journaldesfemmes/dist/app/js/start.bbf62f01cfd525f576e9.js
JS
"https://html5shim.googlecode.com/svn/trunk/html5.js"
JS
"https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"
JS
"https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"
JS
"https://astatic.ccmbg.com/ccmcms_journaldesfemmes/dist/app/js/commons.5af8960e3444b75866cb.js"
JS
"https://astatic.ccmbg.com/ccmcms_journaldesfemmes/dist/app/js/app.03ad5c43ca7eb1f08c37.js"
JS
"https://astatic.ccmbg.com/ccmcms_journaldesfemmes/dist/app/js/start.bbf62f01cfd525f576e9.js"
보안 권장 사항
- • Avoid exposing sensitive variables in client-side code
- • Implement proper API authentication and rate limiting
- • Use environment variables for sensitive configuration
- • Regularly audit client-side code for information leaks
- • Minimize the amount of sensitive data processed on the client side
과거 스캔 기록 (1)
65/100
4 issues