Sample report
example.com DNSSEC report
This fictional report shows the type of output Krypteon.ai can provide after a lookup.
DNSSEC chain of trust
Step-by-step validation from the root zone down to example.com, similar to the Verisign DNSSEC Debugger.
DS=20326/SHA-256 is now in the chain-of-trust
DS=38696/SHA-256 is now in the chain-of-trust
Found 4 DNSKEY records for .
Found 1 RRSIG over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
Found 1 DS record for com in the . zone
DS=19718/SHA-256 has algorithm ECDSAP256SHA256
Found 1 RRSIG over DS RRset
RRSIG=57780 and DNSKEY=57780 verifies the DS RRset
Found child zone com
Found 3 DNSKEY records for com
Found 1 RRSIG over DNSKEY RRset
RRSIG=19718 and DNSKEY=19718/SEP verifies the DNSKEY RRset
DNSKEY=19718/SEP is now in the chain-of-trust
Found 1 DS record for example.com in the com zone
DS=2371/SHA-256 has algorithm ECDSAP256SHA256
Found 1 RRSIG over DS RRset
RRSIG=27677 and DNSKEY=27677 verifies the DS RRset
Found 2 NS records for example.com
example.com NS RR has value hera.ns.cloudflare.com
example.com NS RR has value elliott.ns.cloudflare.com
Found 4 DNSKEY records for example.com
Found 1 RRSIG over DNSKEY RRset
RRSIG=2371 and DNSKEY=2371/SEP verifies the DNSKEY RRset
DNSKEY=2371/SEP is now in the chain-of-trust
hera.ns.cloudflare.com is authoritative for example.com
example.com A RR has value 104.20.23.154
example.com A RR has value 172.66.147.243
Found 1 RRSIG over A RRset
elliott.ns.cloudflare.com is authoritative for example.com
example.com A RR has value 104.20.23.154
example.com A RR has value 172.66.147.243
Found 1 RRSIG over A RRset
DNSSEC chain validation completed without detected failures
Basic information
Visible in the free report preview.
- Target
- example.com
- Resolved IP
- 93.184.216.34
- TLS status
- Valid certificate
- HTTP status
- 200 OK
- Risk level
- Medium
Asset map
Detected public surfaces and likely service roles.
- example.com
- Static marketing site · Cloud CDN
- www.example.com
- HTTP redirect · Canonical redirect
- app.example.com
- React SPA · Application frontend
- api.example.com
- Express API · Simulated authenticated API
- auth.example.com
- Auth service · Login/session service
- grafana.example.com
- DNS only · Internal service naming leak
Findings
Example vulnerabilities, verification snippets, and business impact.
- Critical — Credentialed CORS misconfiguration
Every API response reflects arbitrary origins while allowing credentials. $ curl -sv -H "Origin: https://malicious.example" \ https://api.example.com/account → Access-Control-Allow-Origin: https://malicious.example → Access-Control-Allow-Credentials: true Impact: Any webpage visited by an authenticated user could make credentialed requests to the API and read the response.- High — DNS internal IP disclosure
A monitoring hostname resolves to RFC1918 private addresses from public DNS. $ dig +short grafana.example.com A 10.3.19.242 10.3.23.228 10.3.15.102 Impact: Exposes internal network structure and may increase impact if combined with SSRF or VPN exposure.- Medium — Framework and platform information disclosure
Responses reveal framework, analytics, and API format metadata useful for attacker fingerprinting. X-Powered-By: Express resourceType: OperationOutcome analytics: self-hosted event collection Impact: Improves reconnaissance quality and makes targeted testing easier.- Low — No public disclosure policy found
No security.txt or public vulnerability disclosure policy was observed for the example target. $ curl -I https://example.com/.well-known/security.txt → 404 Not Found Impact: Security researchers may not have a clear reporting channel for responsible disclosure.
Medium — Information disclosures
Metadata and headers that support attacker reconnaissance.
- Express framework
- X-Powered-By: Express observed on API responses
- Healthcare-style API shape
- OperationOutcome-style error responses in example API
- Analytics identifiers
- Client bundle references analytics and feature flag providers
- Rate limit window
- 600 requests per long sliding window observed in example headers
Exposed endpoints
Example endpoint inventory discovered during the lookup.
- /admin/list-users
- GET · Exists, returns 401
- /auth/me
- GET · Auth required
- /account
- GET · Auth required
- /orders
- GET · Auth required
- /orders/{id}/details
- GET · Auth required
- /profile/biomarkers?category=X
- GET · Auth required
- /protocol-v2/{id}
- GET/POST · Auth required
- /notifications/concierge
- POST · Auth required
- /shop/multipass-url
- GET · Auth bridge
Low — Additional notes
Lower severity observations from the example lookup.
- Disclosure policy
- No security.txt or public vulnerability disclosure policy found.
- Content Security Policy
- No Content Security Policy observed on the example app surface.
- SPA catch-all
- SPA catch-all returns 200 for arbitrary paths, which can aid phishing lookalikes.
- Marketing site
- Marketing site is static and has low dynamic attack surface.
Top priority fixes
Recommended remediation order for this example target.
- 1
- CORS: Replace reflected origins with an explicit allowlist for credentialed endpoints.
- 2
- DNS: Remove public records pointing to RFC1918/internal-only services.
- 3
- Headers: Disable framework disclosure headers such as X-Powered-By.
- 4
- Audit: Confirm referenced auth and admin routes are expected and access controlled.