Informe de Auditoría Web Automatizada

Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-04 19:57 -03
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.21 seconds

- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 54.220.192.176, 46.137.15.86, 54.73.53.134
+ Target IP:          54.220.192.176
+ Target Hostname:    juice-shop.herokuapp.com
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=*.herokuapp.com
                   Ciphers:  ECDHE-RSA-AES128-GCM-SHA256
                   Issuer:   /C=US/O=Amazon/CN=Amazon RSA 2048 M02
+ Start Time:         2025-12-04 19:57:11 (GMT-3)
---------------------------------------------------------------------------
+ Server: Heroku
+ /: Retrieved via header: 1.1 heroku-router.
+ /: Retrieved access-control-allow-origin header: *.
+ /: Uncommon header 'x-recruiting' found, with contents: /#/jobs.
+ /: Uncommon header 'reporting-endpoints' found, with contents: heroku-nel="https://nel.heroku.com/reports?s=a0MhSCeHm3IgLGo%2FuSgpqKNN6TSuUT8JLGRf%2FCjY52c%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1764889112".
+ /: The site uses TLS and the Strict-Transport-Security HTTP header is not defined. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ Scan terminated: 0 error(s) and 5 item(s) reported on remote host
+ End Time:           2025-12-04 19:57:54 (GMT-3) (43 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

[prometheus-metrics] [http] [medium] https://juice-shop.herokuapp.com/metrics