⚔️

Pentest Defense Score — AISeen Docs

AISeen如何模拟渗透测试：CORS、速率限制、服务器信息泄露、SQL错误、暴露路径和WAF检测。

What we check

🌐CORS MisconfigurationCritical

-20 pts

Checks if Access-Control-Allow-Origin is set to wildcard (*) or reflects arbitrary origins. A misconfigured CORS policy lets malicious sites make authenticated requests on behalf of your users.

Fix:Set CORS to specific trusted origins only. Never use * with credentials.

🔄Rate Limiting / Brute ForceHigh

-15 pts

Tests if the server returns HTTP 429 Too Many Requests or enforces any rate limit. Without rate limiting, attackers can brute-force login pages, APIs, and admin panels.

Fix:Implement rate limiting at the reverse proxy (Nginx, Cloudflare) or application level.

🏷️Server Version DisclosureHigh

-12 pts

Checks Server, X-Powered-By, and X-AspNet-Version headers for version numbers. Disclosing exact versions helps attackers find and exploit known CVEs quickly.

Fix:Remove or genericize these headers in your web server config.

💾SQL Error LeakageCritical

-20 pts

Sends a probe with a SQL injection character (') and checks if the response contains database error messages. Even partial SQL errors confirm injection vulnerabilities and reveal DB structure.

Fix:Use parameterized queries, prepared statements, and suppress all database error output in production.

📁Exposed Sensitive PathsCritical

-15 pts

Probes common high-risk URLs: /.git, /.env, /wp-admin, /phpmyadmin, /admin, /backup.zip, /backup.sql, /config.php, /.htaccess, /database.sql. Any accessible path can expose credentials or source code.

Fix:Block these paths at the web server level and never deploy source-control directories to production.

📋security.txt (RFC 9116)Low

-5 pts

Checks for /.well-known/security.txt — the standard file where you disclose how to report security vulnerabilities. Its absence is a minor signal that security is not a priority.

Fix:Create /.well-known/security.txt with contact email, PGP key, and disclosure policy.

Paths we probe

We send a GET request to each path. HTTP 200 or 403 (vs 404) indicates the path is accessible or recognized.

PathRisk if accessibleSeverity

/.git/Full source code exposureCritical

/.envAPI keys, DB credentials, secretsCritical

/backup.zipComplete site archiveCritical

/backup.sqlDatabase dump with all dataCritical

/config.phpDatabase credentialsCritical

/wp-admin/WordPress admin panel exposedHigh

/phpmyadmin/Database admin panelHigh

/admin/Admin panel discoveryHigh

/.htaccessServer config exposureHigh

/database.sqlDatabase dumpCritical

WAF Detection

We detect if a Web Application Firewall (WAF) is in front of your site. A WAF provides an additional layer of protection and reduces the effective deduction of some pentest findings by -10 points (your vulnerabilities are partially mitigated).

Cloudflare

cf-ray header, __cfduid cookie, CF-Cache-Status

Vercel

x-vercel-id header, vercel Edge Network banner

Akamai

akamai-origin-hop header, AkamaiGHost in Server

AWS WAF / CloudFront

x-amz-cf-id header, Via: 1.1 CloudFront

Fastly

Fastly-Request-ID header, X-Fastly-Request-ID

Sucuri

X-Sucuri-ID header, server: Sucuri/Cloudproxy

How scoring works

Score starts at 100. Each vulnerability found deducts points. If a WAF is detected, an additional -10 bonus reduction is applied to total deductions (reflecting partial mitigation).

Starting score100

CORS misconfiguration-20

SQL error leakage-20

Rate limiting missing-15

Exposed paths found-15

Server version disclosed-12

No security.txt-5

WAF detected (bonus)-10 to deductions

Score ranges

80 – 100

Hardened

No obvious pentest entry points. A real attacker would need significant effort. Keep monitoring for new exposures.

50 – 79

Exposed

Some recon-phase vulnerabilities present. Fix CORS, rate limiting, and server disclosure before launch.

0 – 49

Critical Risk

Multiple critical vulnerabilities found. Sensitive files may be exposed. Immediate remediation required.

Pentest Defense Score — AISeen Docs

AISeen如何模拟渗透测试：CORS、速率限制、服务器信息泄露、SQL错误、暴露路径和WAF检测。

免费审计您的网站 →