online / endpoints 18 / categories 4 / rate 60/min/ip /
catastrophic.io /bots

GET /.well-known/security.txt

GET /.well-known/security.txt

An RFC 9116 security.txt with broken required fields: an Expires date in the past, dead Contact URLs, total nonsense in every field, or a Canonical that doesn't include the served URL.

mode expired (default; Expires: 1999-12-31, well in the past), dead-contact (Contact URLs that 404), nonsense (gibberish in every field), unsigned-canonical (Canonical claims a URL we don't actually serve from, with no signature).
build a request:

expect: 200 OK with Content-Type: text/plain. Validators following RFC 9116 strictly will reject these. Lenient consumers will accept them and trust the bad fields.

bash
curl -i 'https://bots.catastrophic.io/.well-known/security.txt?mode=expired'

import urllib.request
resp = urllib.request.urlopen("https://bots.catastrophic.io/.well-known/security.txt?mode=expired")
print(resp.status, resp.headers["X-Chaos-Security-Mode"])
print(resp.read().decode())

const res = await fetch("https://bots.catastrophic.io/.well-known/security.txt?mode=expired");
console.log(res.status, res.headers.get("x-chaos-security-mode"));
console.log(await res.text());

package main

import (
    "fmt"
    "io"
    "net/http"
)

func main() {
    resp, _ := http.Get("https://bots.catastrophic.io/.well-known/security.txt?mode=expired")
    defer resp.Body.Close()
    body, _ := io.ReadAll(resp.Body)
    fmt.Println(resp.StatusCode, resp.Header.Get("X-Chaos-Security-Mode"))
    fmt.Println(string(body))
}

// Cargo.toml: reqwest = { version = "0.12", features = ["blocking"] }
fn main() -> Result<(), Box> {
    let resp = reqwest::blocking::get("https://bots.catastrophic.io/.well-known/security.txt?mode=expired")?;
    println!("{} {:?}", resp.status(), resp.headers().get("x-chaos-security-mode"));
    println!("{}", resp.text()?);
    Ok(())
}

import java.net.URI;
import java.net.http.*;

public class BotsSecurity {
    public static void main(String[] args) throws Exception {
        var client = HttpClient.newHttpClient();
        var req = HttpRequest.newBuilder(URI.create("https://bots.catastrophic.io/.well-known/security.txt?mode=expired")).build();
        var resp = client.send(req, HttpResponse.BodyHandlers.ofString());
        System.out.println(resp.statusCode() + " " +
            resp.headers().firstValue("X-Chaos-Security-Mode").orElse(""));
        System.out.println(resp.body());
    }
}

using var client = new HttpClient();
var resp = await client.GetAsync("https://bots.catastrophic.io/.well-known/security.txt?mode=expired");
resp.Headers.TryGetValues("X-Chaos-Security-Mode", out var mode);
Console.WriteLine($"{(int)resp.StatusCode} {mode?.FirstOrDefault()}");
Console.WriteLine(await resp.Content.ReadAsStringAsync());

require "net/http"
res = Net::HTTP.get_response(URI("https://bots.catastrophic.io/.well-known/security.txt?mode=expired"))
puts "#{res.code} #{res['X-Chaos-Security-Mode']}"
puts res.body

$r = Invoke-WebRequest -Uri 'https://bots.catastrophic.io/.well-known/security.txt?mode=expired'
$r.Headers['X-Chaos-Security-Mode']
$r.Content