🧑‍🎨
GregArts… for Greg’s Avant-garde Artistic Side/
🔎
Site Scan 2022-08-28
Search
Site Scan 2022-08-28
🔎

Site Scan 2022-08-28

Last Updated
Last updated September 1, 2022
Status
Public
Public
Published
Published August 28, 2022
Date
Reminder Date
URL
Tags
Work
Portfolio
Emotions
Description
Tweet
Featured
Featured
Slug
site-scan
Published URL
https://art.stevens.pro/site-scan
BG Music or Vid
Company
Hours Worked On
My Interest
My Interest Number Ring
Contents
Making of VideoGit Repo with All AssetsMermaid - BackgroundLive Editor URL (Play with Chart/Themes)Mermaid Chart Source CodeGist URL to Raw Source CodeView Gist on GitHubRendered Chart with Mermaid Live EditorContact AuthorMetaNote’s Markdown Source from ObsidianPDF ExportFrom Obsidian (unpublished)From Notion (art.stevens.pro)
 
 

Making of Video

https://youtu.be/7-zcO1BAFC0
 
Video preview
 
Apologies, uploaded to my gaming account DadNotBot instead of GregWorks.
 
 

Git Repo with All Assets

https://github.com/gsteve3/quick-scan-2022-08-28
quick-scan-2022-08-28
GregSweatsUpdated Aug 29, 2022
 
  • I realized that the NextJS Template that publishes this website doesn’t handle uploaded assets, such as PDFs.
  • I thought Gists would work, but not so much. A Gist is still used so it can be easily loaded into the markdown.live editor.
 
 
 

Mermaid - Background

 

Live Editor URL (Play with Chart/Themes)

https://mermaid.live/edit?gist=https://gist.github.com/GregSweats/bada1bb2512a581ce71cfaad82f907a6
 
notion image
 
notion image
 

Mermaid Chart Source Code

%% graph TD
flowchart TD
site((PrecisionDrilling.com))

host(WP Engine)
waf1(WP Engine)
waf2(Cloudflare)
dns(Azure DNS)
ns_registrar("Network Solutions (GoDaddy)")
cms(WordPress)
cms_login(/wp-admin/ OPEN)

site -- Hosted By --> host
site -- NS Registrar --> ns_registrar
site -- DNS Provider --> dns
site -- Protected By WAF1 --> waf1
site -- Protected By WAF2 --> waf2


rx("Recommendations (RX) & Vulnerabilities")

vuln1("XSS Injection on Site Search, unattackable - Low Risk")
rx1("Nothing IRL, WAF did its job.")
rx1_why("Could reduce OWASP! ZAP Alerts")

vuln2(WP Login Open - High Risk)
rx2("Lockdown /wp-admin/ by IP or HTTP User/Pass")
rx2_why(Prevent most junk login attempts, reduce log clutter)



site --> rx

vuln1 -- Blocked By Cloudflare --> waf2

rx --> vuln1
vuln1 -- RX --> rx1
rx1 -- Why? --> rx1_why

rx --> vuln2
vuln2 -- RX --> rx2
rx2 -- Why? --> rx2_why


site --> cms
cms --> cms_login
cms_login --> vuln2


dns_target("CNAME m6blypcji6rh.wpeproxy.com.")
dns --> dns_target
dns_target --> host

%% %% %%
%% cloudflare
%% %% %%
cloudflare_why(""WP Engine recommends Cloudflare when configuring DNS because..." ")
cloudflare_why_src("<https://wpengine.com/support/cloudflare-best-practices/>")

cloudflare_why --> cloudflare_why_src

waf2 --> cloudflare_why

host --> waf2


%% %% %%
%% Scans Done
%% %% %%

scans("Scans Performed")
scan1(OWASP! ZAP)
scan2(Burp)
scan3(wpsec.com)

site --> scans
scans --> scan1
scans --> scan2
scans --> scan3

%% ("<https://wpsec.com/scan/?id=1eb9f5e51054e231071c4cb745ab1413>")

Gist URL to Raw Source Code

https://gist.githubusercontent.com/GregSweats/bada1bb2512a581ce71cfaad82f907a6/raw/411be26f9ca328fcd832424a697db3854ab56694/code.mmd
 
  • Gist created with vscode plugin GistPad
 
 

View Gist on GitHub

https://gist.github.com/GregSweats/bada1bb2512a581ce71cfaad82f907a6#file-pd-1-mermaid
 
 

Rendered Chart with Mermaid Live Editor

notion image
 
 
 

Contact Author

 
Greg Stevens, Dalyle DevOps Inc.
  • (403) 213-5644 (best)
  • (403) 498-6809 (mobile)
 
notion image
 

Meta

Note’s Markdown Source from Obsidian

 
2022-08-28 PrecisionDrilling.com Pen Test and Site Overview.md
5.8KB
https://www.obsidian.md/
 
 

PDF Export

From Obsidian (unpublished)

2022-08-28 PrecisionDrilling.com Pen Test and Site Overview.pdf
219.8KB
 

From Notion (art.stevens.pro)

Site_Scan_2022-08-28.pdf
305.9KB
Site_Scan_2022-08-28 v2 with YT Embed.pdf
828.0KB