Sample report
example.com DNSSEC report
This fictional report shows the type of output Krypteon.ai can provide after a lookup.
DNSSEC chain of trust
Step-by-step validation from the root zone down to example.com, similar to the Verisign DNSSEC Debugger.
DS=20326/SHA-256 is now in the chain-of-trust
DS=38696/SHA-256 is now in the chain-of-trust
No DNSKEY records found for .
No RRSIGs found
No DS records found for com in the . zone
No DNSKEY records found for com
No RRSIGs found
No DS records found for example.com in the com zone
No DNSKEY records found for example.com
No RRSIGs found
Basic information
Visible in the free report preview.
- Target
- example.com
- Resolved IP
- 93.184.216.34
- TLS status
- Valid certificate
- HTTP status
- 200 OK
- Risk level
- Medium
Asset map
Detected public surfaces and likely service roles.
- example.com
- Static marketing site · Cloud CDN
- www.example.com
- HTTP redirect · Canonical redirect
- app.example.com
- React SPA · Application frontend
- api.example.com
- Express API · Simulated authenticated API
- auth.example.com
- Auth service · Login/session service
- grafana.example.com
- DNS only · Internal service naming leak
Findings
Example vulnerabilities, verification snippets, and business impact.
- Critical — Credentialed CORS misconfiguration
Every API response reflects arbitrary origins while allowing credentials. $ curl -sv -H "Origin: https://malicious.example" \ https://api.example.com/account → Access-Control-Allow-Origin: https://malicious.example → Access-Control-Allow-Credentials: true Impact: Any webpage visited by an authenticated user could make credentialed requests to the API and read the response.- High — DNS internal IP disclosure
A monitoring hostname resolves to RFC1918 private addresses from public DNS. $ dig +short grafana.example.com A 10.3.19.242 10.3.23.228 10.3.15.102 Impact: Exposes internal network structure and may increase impact if combined with SSRF or VPN exposure.- Medium — Framework and platform information disclosure
Responses reveal framework, analytics, and API format metadata useful for attacker fingerprinting. X-Powered-By: Express resourceType: OperationOutcome analytics: self-hosted event collection Impact: Improves reconnaissance quality and makes targeted testing easier.- Low — No public disclosure policy found
No security.txt or public vulnerability disclosure policy was observed for the example target. $ curl -I https://example.com/.well-known/security.txt → 404 Not Found Impact: Security researchers may not have a clear reporting channel for responsible disclosure.
Medium — Information disclosures
Metadata and headers that support attacker reconnaissance.
- Express framework
- X-Powered-By: Express observed on API responses
- Healthcare-style API shape
- OperationOutcome-style error responses in example API
- Analytics identifiers
- Client bundle references analytics and feature flag providers
- Rate limit window
- 600 requests per long sliding window observed in example headers
Exposed endpoints
Example endpoint inventory discovered during the lookup.
- /admin/list-users
- GET · Exists, returns 401
- /auth/me
- GET · Auth required
- /account
- GET · Auth required
- /orders
- GET · Auth required
- /orders/{id}/details
- GET · Auth required
- /profile/biomarkers?category=X
- GET · Auth required
- /protocol-v2/{id}
- GET/POST · Auth required
- /notifications/concierge
- POST · Auth required
- /shop/multipass-url
- GET · Auth bridge
Low — Additional notes
Lower severity observations from the example lookup.
- Disclosure policy
- No security.txt or public vulnerability disclosure policy found.
- Content Security Policy
- No Content Security Policy observed on the example app surface.
- SPA catch-all
- SPA catch-all returns 200 for arbitrary paths, which can aid phishing lookalikes.
- Marketing site
- Marketing site is static and has low dynamic attack surface.
Top priority fixes
Recommended remediation order for this example target.
- 1
- CORS: Replace reflected origins with an explicit allowlist for credentialed endpoints.
- 2
- DNS: Remove public records pointing to RFC1918/internal-only services.
- 3
- Headers: Disable framework disclosure headers such as X-Powered-By.
- 4
- Audit: Confirm referenced auth and admin routes are expected and access controlled.