Logo MitraScan

Informe de Auditoría Web Automatizada

Generado por MitraScan

Auditoría realizada por: Valentina Mendoza
Identificador único del reporte:
891c70f285b691a689e7ffe69cd23d4a07123967226ae6b125be586a006e05e9

Resumen Ejecutivo

Fecha del informe: 2025-12-04 19:53

Total hallazgos: 3

Nivel de riesgo global: 77.8%

Descripción Técnica del Escaneo

Descripción Técnica del Escaneo

El análisis utiliza Nmap, Nikto y Nuclei para identificar vulnerabilidades relacionadas con configuración, exposición de archivos, cabeceras de seguridad y servicios accesibles. Los hallazgos se presentan en una tabla consolidada para facilitar una lectura ejecutiva y clara.

Severidad Vulnerabilidad Recomendación
Alta hsts missing Habilitar Strict-Transport-Security.
Media x-frame-options Configurar X-Frame-Options o Frame-Ancestors.
Media x-content-type-options Habilitar X-Content-Type-Options: nosniff.
Baja No se identificaron hallazgos en esta categoría.

Resumen Gráfico

Distribución de Riesgos

0%

Clasificación Normativa

Vulnerabilidad MITRE ISO 27001 ISO 27002 OWASP Ley 21.459
hsts missing T1557 – Man-in-the-Middle A.8.23 – Gestión de redes 8.24 – Comunicación segura A02:2021 – Cryptographic Failures Art. 3 – Seguridad de comunicaciones
x-frame-options T1189 – Drive-by Compromise A.8.8 – Gestión de vulnerabilidades técnicas 8.28 – Pruebas de seguridad regulares A05:2021 – Security Misconfiguration Art. 2 – Prevención y gestión de incidentes
x-content-type-options T1059 – Command Script Execution A.8.8 – Gestión de vulnerabilidades 8.28 – Pruebas de seguridad A03:2021 – Injection Art. 3 – Seguridad de información

Resultados Detallados

Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-04 19:35 -03
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.25 seconds

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 142.251.0.153, 2800:3f0:4003:c02::99
+ Target IP:          142.251.0.153
+ Target Hostname:    google-gruyere.appspot.com
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=*.appspot.com
                   Ciphers:  TLS_AES_256_GCM_SHA384
                   Issuer:   /C=US/O=Google Trust Services/CN=WR2
+ Start Time:         2025-12-04 19:35:17 (GMT-3)
---------------------------------------------------------------------------
+ Server: Google Frontend
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: Uncommon header 'x-cloud-trace-context' found, with contents: b2f7e801fcc194ce520214cdb9e06db1.
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ Scan terminated: 0 error(s) and 5 item(s) reported on remote host
+ End Time:           2025-12-04 19:35:58 (GMT-3) (41 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

[weak-cipher-suites:tls-1.0] [ssl] [low] google-gruyere.appspot.com:443 ["[tls10 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA]"]
[weak-cipher-suites:tls-1.1] [ssl] [low] google-gruyere.appspot.com:443 ["[tls11 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA]"]