Security of any kind is a hot topic these days, and with good reason.
You hear about hacks involving large business enterprises, major email servers, Social Media, and even the Government where you would assume that their security is at the highest level.
People’s privacy and vital information are at risk here.

Here is a list of 15 web security tool that may help you find vulnerabilities in your code, server or website. Some are simple and online, while others may be more complex involving downloading the software for use.

Hope these tools help!

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

The term “pwned” is slang for “owned” which in the security industry means “to have your data or system compromised.” HaveIbeenPwned is an online tool to check if your account has been compromised.

Metasploit, world’s most used penetration testing software.
A collaboration of the open source community and Rapid7. Our penetration testing software, Metasploit, helps verify vulnerabilities and manage security assessments. is a quick service that lets you verify WordPress themes for security and code quality.
This service is free and compatible with Joomla templates.

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. (files, url, ip)

FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.
It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files, for instance.

Cymon is the largest tracker of open-source security reports about phishing, malware, botnets and other malicious activities. Search for IP addresses or domains in our reputation database. Cymon ingests events and other malicious activities from almost 200 sources daily. On average, more than 15,000 unique IPs and 100,000 events are processed each day.

Mnemonic’s PassiveDNS service lets you look up domains and IPs and what they’ve recently resolved to without performing an actual DNS query.

The Log File Naviator: An advanced log file viewer for the small-scale.
Watch and analyze your log files from a terminal.
No server. No setup. Still featureful.

UnPHP is a free service for analyzing obfuscated and malicious PHP code.

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks’ commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Hackbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.

Network Mapper is a security scanner, used to discover hosts and services on a computer network, thus building a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host(s) and then analyzes the responses.
This is by no means an exhaustive list of security tools, there are others.
If you have a favorite that is not listed here, let me know.

Gerald Watanabe

Share This