Web Security Tools
Tools that may help you find vulnerabilities in your code, server, or website.
|Observatory||Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.||X|
|haveibeenpwned||The term ‘pwned’ is slang for ‘owned’ which in the security industry means “to have your data or system compromised”.||X|
|Metasploit||A collaboration of the open source community and Rapid7. Our penetration testing software, Metasploit, helps verify
vulnerabilities and manage security assessments.
|Theme Check||Themecheck.org is a quick service that lets you verify WordPress themes for security and code quality.
This service is free and compatible with Joomla templates.
|VirusTotal||VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. (files, url, ip)||X|
|FOCA||FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.
It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files, for instance.
|Cymon||Cymon is the largest open tracker of malware, phishing, botnets, spam, and more. Brought to you by eSentire.||X|
|Mnemonic||PassiveDNS service lets you look up domains and IPs and what they've recently resolved to without performing an actual DNS query.||X|
|Lnav||It automatically detects your log file formats, provides syntax highlighting and a host of other features to view and analyze log files. It can be invaluable when analyzing a compromised website.||X|
|UnPHP||UnPHP is a free service for analyzing obfuscated and malicious PHP code.||X|
|Openvas||The world's most advanced Open Source vulnerability scanner and manager||X|
|SQLmap||An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.||X|
|BeEF||BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.||X|
|FireFox HackBar||This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.||X|
|Nmap||Network Mapper is a security scanner, used to discover hosts and services on a computer network, thus building a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host(s) and then analyzes the responses.||X|