Home / Sample Report
⚡ Sample Security Report

See What a PhantomRed Security Report Looks Like

From reconnaissance to vulnerability findings — PhantomRed turns automated scans into actionable security reports.

Run Your First Scan Generate Your Report
phantomred — report.html SAMPLE OUTPUT

Security Report

target demo.phantomred.com · scan date 2026-06-16 · mode full · autonomous workflow
Security Score
82/100
composite severity
Assets Discovered
143
subdomains + endpoints
Live Hosts
37
responding to probes
Technologies Found
18
fingerprinted stacks
Findings
12
across all severities
AI Analysis

Executive Summary

PhantomRed discovered exposed assets across the attack surface. Several medium-risk findings require review, including outdated technologies and exposed endpoints. One critical issue — an unauthenticated admin interface — should be remediated first, followed by the exposed development host and outdated server software. Overall posture is moderate; prioritising the critical and high findings would meaningfully reduce exploitable surface._

Findings (12 · top 4 shown)
CRITICAL Exposed Admin Interface
Affected
admin.demo.phantomred.com
Evidence
HTTP 200 response detected on admin panel with no authentication challenge.
Recommendation
Restrict access by source IP and enforce authentication on the admin interface immediately.
HIGH Exposed Development Host
Affected
dev.demo.phantomred.com
Evidence
Publicly reachable development environment returning verbose error output.
Recommendation
Move development hosts behind a VPN or IP allow-list and disable verbose errors in non-production.
MEDIUM Outdated Server Software
Affected
api.demo.phantomred.com
Evidence
Server banner reports an outdated web server version with known advisories.
Recommendation
Upgrade the web server to a supported release and suppress version disclosure in response headers.
LOW Missing Security Headers
Affected
demo.phantomred.com
Evidence
Responses missing Content-Security-Policy and X-Frame-Options headers.
Recommendation
Add standard security response headers to reduce clickjacking and content-injection risk.
Attack Surface
HostStatusTechnologyRisk
api.demo.phantomred.com live nginx · Node.js medium
admin.demo.phantomred.com live Apache · PHP high
dev.demo.phantomred.com live Express · staging high
cdn.demo.phantomred.com live Cloudflare low
How This Report Was Generated
Subfinder HTTPX Nuclei AI Analysis Report
Each stage feeds the next — build your own chain in the Workflow Generator, or explore Nuclei automation and autonomous recon workflows.
Available Exports
PDF Report .pdf
JSON .json
CLI Output stdout

Generate your own security report

Point PhantomRed at your scope and get a report like this — recon, findings, AI summary, and export — in minutes.

⚡ Generate Your Own Report
Free tier includes 3 scans/month · no credit card required