Security Scanner: Detect network vulnerabilities, manage updates and patches, automatically fix problems, audit software and hardware. GFI Network Security">Network Security 2080

Network security scanner and centralized update management

GFI LanGuard works as a virtual security consultant:

- Manages updates for Windows ® , Mac OS ® and Linux ®

- Detects vulnerabilities on computers and mobile devices

— Audits network devices and software

GFI Languard - security scanner for networks of any scale: network port and vulnerability scanner, security scanner, finds holes in the network automatically

What is GFI LanGuard

More than a vulnerability scanner!

GFI LanGuard is a network security scanner: detect, identify and fix vulnerabilities in the network. Full port scanning, network protection software updates, and software and hardware audits are all available from a single control panel.

Port Scanner

Several preset scan profiles allow you to perform a full scan of all ports, as well as quickly check only those that are commonly used by unwanted and malicious software. GFI LanGuard scans multiple hosts at the same time, significantly reducing the required time, and then compares the found software on busy ports with the expected one.

Updates and patches

Before installation latest updates your nodes are completely unprotected, since it is the latest vulnerabilities that are covered by current patches and updates that are used by hackers to penetrate your network. Unlike tools built into the OS, GFI LanGuard will check not only the OS itself, but also popular software, the vulnerabilities of which are usually used for hacking: Adobe Acrobat/Reader, Flash Player, Skype, Outlook, browsers, instant messengers.

Node Audit

GFI LanGuard will prepare for you a detailed list of installed software and hardware on each of your computers, detect prohibited or missing programs, as well as extra connected devices. The results of multiple scans can be compared to identify changes in the software and hardware mix.

Latest Threat Data

Each scan is carried out after updating data on vulnerabilities, the number of which in the GFI LanGuard database has already exceeded 50,000. Threat intelligence is provided by the software vendors themselves, as well as the established SANS and OVAL lists, so you're always protected from the latest threats, including heartbleed, clandestine, shellshock, poodle, sandworm and more.

Automatic fix

After you receive a detailed scan report with a description of each vulnerability and links to additional literature, you can fix most threats with one click on the "Remediate" button: ports will be closed, registry keys fixed, patches installed, software updated, prohibited programs removed, and the missing programs will be installed.

Vulnerability scanners automate security auditing and can play an important role in your IT security by scanning your network and websites for various security risks. These scanners can also generate a prioritized list of the ones you need to fix, as well as describe vulnerabilities and provide remedial actions. It is also possible that some of them can automate the process of fixing vulnerabilities
Top 10 Vulnerability Assessment Tools

• Comodo HackerProof
• OpenVAS
• Nexpose Community
• Nikto
• Tripwire IP360
• Wireshark
• Aircrack
• Nessus Professional
• Retina CS Community
• Microsoft Baseline Security Analyzer (MBSA)

1. Comodo HackerProof
   Comodo HackerProof is considered to be a revolutionary vulnerability scanning tool that allows you to overcome security issues. Below are some of the main benefits you can get from HackerProof:

• Daily Vulnerability Scan
• PCI scan tools included
• Drive-by attack prevention

• OpenVAS supports various operating systems
• The OpenVAS scanning engine is constantly updated with network vulnerability tests
• OpenVAS Scanner is a comprehensive vulnerability assessment tool that identifies security-related issues on servers and other network devices
• OpenVAS services are free and usually licensed under the GNU General Public License (GPL)

• Nexpose can be built into the Metaspoilt framework
• It takes into account the age of the vulnerability, such as what malware suite it uses, what benefits it uses, etc. and fixes the issue based on its priority
• It is able to automatically detect and scan new devices and assess vulnerabilities when accessing the network
• It monitors vulnerabilities in real time, familiarizing itself with the latest dangers with new data
• Most vulnerability scanners typically categorize risks using a medium or high or low scale

• It is also used to check for outdated versions of the server, as well as to check for any particular issue that is affecting the operation of the server.
• Nikto is used to run various tests on web servers to scan various items such as several dangerous files.
• It is not considered a "silent" tool and is used to test a web server in a minimum amount of time.
• It is used to scan various protocols like HTTPS, HTTP, etc. This tool allows you to scan multiple ports of a specific server.

• It uses a wide-ranging view of networks to reveal all vulnerabilities, configurations, applications, network hosts, and more.
• It uses open standards to help integrate risk and vulnerability management across multiple business processes.

• Wireshark is used in various streams such as government agencies, enterprises, educational institutions, etc. to peer into networks at a low level
• It fixes problems online and performs analysis offline
• It runs on different platforms like Linux, masOS, Windows, Solaris, etc.

• Tools used in network audit
• It supports multiple OS such as Linux, OS X, Solaris, NetBSD, Windows, etc.
• It focuses on various areas of WiFi security such as packet and data monitoring, driver and card testing, replay attacks, hacking, etc.
• Aircrack can retrieve lost keys by capturing data packets

• It prevents networks from being infiltrated by hackers by assessing vulnerabilities as soon as possible
• It can scan for vulnerabilities that allow sensitive data to be remotely hacked from the system
• It supports a wide range of OS, Dbs, applications and several other devices among cloud infrastructure, virtual and physical networks
• It has been installed and used by millions of users around the world to assess vulnerabilities, configuration issues, etc.

• With its capabilities such as compliance reporting, patching and configuration compliance, Retina CS provides cross-platform vulnerability assessment
• It includes automatic vulnerability assessment for databases, web applications, workstations and servers
• Retina CS is an open source application that provides full support for virtual environments such as vCenter integration, virtual application scanning, etc.

• MBSA allows you to increase the level of security by examining a group of computers for any misconfiguration, missing updates and any security patches, etc.
• It can only scan for security updates, service packs, and cumulative updates, leaving critical and optional updates aside.
• It is used by medium and small organizations to manage the security of their networks.
• After scanning the system, MBSA will present several solutions or proposals related to the elimination of vulnerabilities

A process called vulnerability scanning is the examination of individual hosts or networks for potential threats.

And the need to check security arises quite often - especially when it comes to large organizations that have valuable information that attackers may need.

Small network administrators should not neglect such scanning, especially since in 2017, hundreds of thousands of computers were subjected to serious attacks by hackers.

Using Vulnerability Scanners

To scan networks for weaknesses in their security systems, information security specialists use the appropriate software.

Such programs are called vulnerability scanners.

The principle of their work is to check applications that work and look for so-called "holes" that outsiders could use to gain access to important information.

Proper use of programs that can detect network vulnerabilities allows IT professionals to avoid problems with stolen passwords and solve such tasks:

• search for malicious code that has entered the computer;
• inventory of software and other system resources;
• creation of reports containing information about vulnerabilities and ways to eliminate them.

The main advantage of the second option is not only the confirmation of those problems that can be detected by a simple scan, but also the detection of problems that cannot be found using a passive technique. The check is performed using three mechanisms - header checks, active probing checks and simulated attacks.

Header check

The mechanism, whose name is English language sounds like "banner check", consists of a number of scans and makes it possible to obtain certain conclusions based on the data transmitted to the scanner program in response to its request.

An example of such a check would be scanning headers using the Sendmail application, which allows you to both determine software versions and verify if there are any problems or not.

The technique is considered the simplest and fastest, but it has a number of disadvantages:

• Not too high verification efficiency. Moreover, attackers can change the information in the headers, removing version numbers and other information that is used by the scanner to obtain outputs. On the one hand, the probability of such a change is not too high, on the other hand, it should not be neglected.
• The inability to accurately determine whether the data contained in the header is evidence of a vulnerability. First of all, this applies to programs that come with the source code. When fixing their vulnerabilities, the version numbers in the headers have to be changed manually - sometimes the developers simply forget to do this.
• AT the likelihood of a vulnerability appearing in future versions of the application, even after it was removed from previous modifications.

Meanwhile, despite certain disadvantages and the lack of a guarantee of detecting "holes" in the system, the process of checking headers can be called not only the first, but also one of the main stages of scanning. Moreover, its use does not disrupt the operation of either services or network nodes.

Active probing checks

The technique, also known as “active probing check”, is not based on checks in the headers, but on the analysis and comparison of digital “casts” of programs with information about already known vulnerabilities.

The principle of its work a bit like an algorithm, which involves comparing scanned fragments with virus databases.

The same group of techniques also includes checking the creation date of the scanned software or checksums, which allows you to verify the authenticity and integrity of programs.

To store information about vulnerabilities, specialized databases are used, which also contain information that allows you to fix the problem and reduce the risk of the threat of unauthorized access to the network.

This information is sometimes used both by security analysis systems and by software whose task is to detect attacks. In general, the active probing technique used by large companies such as ISS and , works much faster than other methods - although it is more difficult to implement than header checking.

Imitation of attacks

Another method in English is called "exploit check", which can be translated into Russian as "attack imitation".

The verification performed with its help is also one of the probing options and is based on the search for program defects by amplifying them.

The technique has the following features:

• some security holes cannot be discovered until a real attack is simulated against suspicious services and nodes;
• scanner programs check software headers during a fake attack;
• when scanning data, vulnerabilities are detected much faster than under normal conditions;
• by simulating attacks, you can find more vulnerabilities (if they were originally) than using the two previous methods - while the detection rate is quite high, but using this method is not always advisable;
• situations that do not allow launching "imitation attacks" are divided into two groups - the threat of problems with the maintenance of the software being checked or the fundamental impossibility of attacking the system.

It is undesirable to use the technique if the objects of verification are secure servers with valuable information.

An attack on such computers can lead to serious data loss and failure of important network elements, and the cost of restoring performance may be too serious, even taking into account.

In this case, it is desirable to use other methods of verification - for example, active probing or checking headers.

Meanwhile, in the list of vulnerabilities there are those that cannot be detected without attempts to simulate attacks - they include, for example, susceptibility to "Packet Storm" attacks.

By default, such verification methods are disabled in the system.

The user will have to enable them themselves.

Scanners that use the third method of scanning for vulnerabilities include systems like Internet Scanner and CyberCop Scanner. In the first application, checks are highlighted into a separate category "Denial of service". When using any function from the list, the program warns about the danger of failure or reboot of the scanned node, warning that the user is responsible for starting the scan.

Main steps of vulnerability testing

Most software that performs vulnerability scans works like this:

1 Collects all the necessary information about the network by first identifying all active devices in the system and the software running on them. If the analysis is carried out only at the level of one PC with a scanner already installed on it, this step is skipped.

2 Tries to find potential vulnerabilities, using special databases to compare the received information with already known types of "holes" in security. The comparison is done using active probing or header checking.

3 Confirms found vulnerabilities using special techniques- imitation of a certain type of attack that can prove the presence or absence of a threat.

4 Generates reports based on information collected during scanning describing vulnerabilities.

The final stage of the scan is an automatic fix or an attempt to fix problems. This feature is available in almost every system scanner, and is missing from most network applications for checking vulnerabilities.

Differences in the work of different programs

Some scanners share vulnerabilities.

For example, NetSonar system divides them into network ones that can affect routers, therefore more serious ones, and local ones that affect workstations.

Internet Scanner divides threats into three levels - low, high and medium.

These two scanners have a few more differences.

With their help, reports are not only created, but also divided into several groups, each of which is intended for specific users - from to the heads of the organization.

Moreover, for the first, the maximum number of numbers is issued, for the manual - beautifully designed graphs and diagrams with a small amount of detail.

As part of the reports generated by the scanners, there are recommendations for eliminating the vulnerabilities found.

Most of this information is contained in the data that is issued by the Internet Scanner program, which issues step by step instructions to solve the problem, taking into account the features of different operating systems.

The troubleshooting mechanism is implemented differently in scanners. So, in the System Scanner, there is a special script for this, which is launched by the administrator to solve the problem. At the same time, a second algorithm is being created that can correct the changes made if the first one led to a deterioration in the operation or failure of individual nodes. In most other scanner programs, there is no way to revert changes back.

Administrator steps to detect vulnerabilities

To search for "holes" in security, the administrator can be guided by three algorithms.

The first and most popular option– checking the network for potential vulnerabilities only. It allows you to preview the system data without disrupting the operation of nodes and providing maximum analysis speed.

Second option– scanning with verification and confirmation of vulnerabilities. The technique takes more time and may cause software failures of computers on the network during the implementation of the attack simulation mechanism.

Method number 3 involves the use of all three mechanisms (moreover, with the rights of both the administrator and the user) and an attempt to eliminate vulnerabilities on individual computers. Due to its low speed and the risk of breaking software, this method is rarely used - mainly when there is serious evidence of “holes”.

Capabilities of modern scanners

The main requirements for a scanner program that checks the system and its individual nodes for vulnerabilities are are:

• Cross-platform or support for multiple operating systems. With this feature, you can scan a network consisting of computers with different platforms. For example, with or even with UNIX type systems.
• Ability to scan multiple ports at the same time- this feature significantly reduces the time for verification.
• Scanning all types of software that are usually attacked by hackers. Such software includes the company's products and (for example, the MS Office suite of office applications).
• Checking the network as a whole and its individual elements without the need to run a scan for each node in the system.

Most modern scanning programs have an intuitive menu and are quite easy to configure in accordance with the tasks performed.

So, almost every such scanner allows you to compile a list of scanned nodes and programs, specify applications for which updates will be automatically installed when vulnerabilities are detected, and set the frequency of scanning and reporting.

Once the reports are received, the scanner allows the administrator to run threat remediation.

Among the additional features of the scanners, one can note the possibility of saving traffic, which is obtained by downloading only one copy of the distribution kit and distributing it to all computers on the network. Another important feature involves saving the history of past checks, which allows you to evaluate the operation of nodes in certain time intervals and assess the risks of new security problems.

Network Vulnerability Scanners

The range of scanner programs is quite large.

All of them differ from each other in functionality, effectiveness of finding vulnerabilities and price.

To evaluate the capabilities of such applications, it is worth considering the characteristics and features of the five most popular options.

GFI LanGuard

The manufacturer GFI Software is considered one of the leaders in the global information security market, and its products are included in the ratings of the most convenient and effective programs for checking for vulnerabilities.

One such application that secures the network and individual computers is GFI LanGuard, whose features include:

• quick assessment of the status of ports in the system;
• search for unsafe settings on network computers and programs, add-ons and patches prohibited for installation;
• the ability to scan not only individual computers and servers, but also those included in the system virtual machines and even connected smartphones;
• drawing up a detailed report based on the results of scanning, indicating vulnerabilities, their parameters and ways to eliminate them;
• intuitive control and the ability to configure automatic operation - if necessary, the scanner starts at a certain time, and all corrections are made without administrator intervention;
• the ability to quickly eliminate found threats, change system settings, update allowed software and remove prohibited programs.

The differences between this scanner and most analogues include the installation of updates and patches for almost any operating system.

This feature and other advantages of GFI LanGuard put it at the top of the list of network vulnerability scanning software.

At the same time, the cost of using a scanner is relatively small and affordable even for small companies.

Nessus

The Nessus program was first released 20 years ago, but only since 2003 has it become paid.

The monetization of the project did not make it less popular - due to the efficiency and speed of work, every sixth administrator in the world uses this particular scanner.

The benefits of choosing Nessus include:

• constantly updated database of vulnerabilities;
• simple installation and user-friendly interface;
• effective detection of security problems;
• the use of plugins, each of which performs its own task - for example, provides scanning of the Linux OS or starts checking only headers.

Additional feature of the scanner- the ability to use tests created by users using special software. At the same time, the program has two serious drawbacks. The first is the possibility of failure of some programs when scanning using the “attack imitation” method, the second is a rather high cost.

Symantec Security Check

Security Check is a free scanner from Symantec.

Among its functions, it is worth noting the search not only for vulnerabilities, but also for viruses - including macro viruses, Trojans and Internet worms. In fact, the application consists of 2 parts - a Security Scan scanner that ensures network security, and an antivirus Virus Detection.

The advantages of the program include simple installation and the ability to work through a browser. Among the minuses, low efficiency is noted - the versatility of the product, which allows it to also look for viruses, makes it not very suitable for checking the network. Most users recommend using this scanner only for additional checks.

XSpider

The XSpider scanner is produced by Positive Technologies, whose representatives claim that the program not only detects already known vulnerabilities, but is able to find threats that have not yet been created.

Application features include:

• effective detection of "holes" in the system;
• the ability to work remotely without installing additional software;
• creation of detailed reports with advice on troubleshooting;
• updating the database of vulnerabilities and program modules;
• simultaneous scanning of a large number of nodes and workstations;
• saving the history of checks for further analysis of problems.

It is also worth noting that the cost of using the scanner is more affordable compared to the Nessus program. Although higher than GFI LanGuard.

QualysGuard

The scanner is considered multifunctional and allows you to get a detailed report with an assessment of the level of vulnerability, the time to eliminate them and the level of impact of the "threat" on the business.

The product developer, Qualys, Inc., delivers the software to hundreds of thousands of customers, including half of the world's largest companies.

conclusions

Given the wide range of applications for scanning the network and its nodes for vulnerabilities, the work of the administrator is greatly facilitated.

Now he is not required to manually launch all the scanning mechanisms on his own - just find the right application, select the scanning method, configure and use the recommendations of the received report.

Choosing the right scanner should be based on the functionality of the application, the effectiveness of the search for threats (which is determined by user feedback) - and, which is also quite important, at a price that should be comparable to the value of the information being protected.

I have introduced you in detail to the different types of vulnerabilities, but now it's time to get acquainted with the scanners of these vulnerabilities.

Vulnerability scanners are software or hardware tools used to diagnose and monitor network computers, allowing you to scan networks, computers and applications for detection possible problems in the security system, assess and eliminate vulnerabilities.

Vulnerability scanners allow you to check various applications in the system for "holes" that can be exploited by attackers. Low-level tools such as a port scanner can also be used to identify and analyze possible applications and protocols running on the system.

Thus, scanners are aimed at solving the following problems:

• identification and analysis of vulnerabilities;
• an inventory of resources such as the operating system, software, and network devices;
• generation of reports containing a description of vulnerabilities and options for their elimination.

How it works?

Vulnerability scanners use two main mechanisms in their work.
The first- sounding - not too fast, but accurate. This is an active analysis mechanism that launches simulated attacks, thereby testing the vulnerability. When probing, methods of implementing attacks are used that help confirm the presence of a vulnerability and detect previously undetected “gaps”.

Second mechanism - scanning - faster, but gives less accurate results. This is a passive analysis, in which the scanner looks for a vulnerability without confirming its presence, using indirect signs. Scanning detects open ports and collects their associated headers. They are further compared with a table of rules for determining network devices, operating system and possible "holes". After comparison, the network security scanner reports the presence or absence of a vulnerability.

Most modern network security scanners work on the following principles:

• collection of information about the network, identification of all active devices and services running on them;
• detection of potential vulnerabilities;
• confirmation of selected vulnerabilities, for which specific methods are used and attacks are simulated;
• generating reports;
• automatic elimination of vulnerabilities. This stage is not always implemented in network security scanners, but is often found in system scanners.

The best vulnerability scanners

Now let's take a look at the most relevant scanners that lead the expert ratings.

Nessus

The project was launched back in 1998, and in 2003 the developer Tenable Network Security made a network security scanner commercial. A regularly updated database of vulnerabilities, ease of installation and use, a high level of accuracy are its advantages over competitors. A key feature is the use of plugins. That is, any penetration test is not tightly sewn into the program, but is made in the form of a plug-in. Addons are divided into 42 different types: to conduct a penetration test, you can activate both individual plugins and all plugins of a certain type - for example, to perform all local checks on an Ubuntu system. An interesting point is that users will be able to write their own tests using a special scripting language.

Nessus is an excellent vulnerability scanner. But it also has two drawbacks. The first is that when the "safe checks" option is disabled, some vulnerability tests can lead to violations in the operation of scanned systems. The second is the price. An annual license can cost 114 thousand rubles.

Symantec Security Check

Free scanner of the same manufacturer. Main functions - detection of viruses and trojans, Internet worms, malware, search for vulnerabilities in the local network. This is an online product consisting of two parts: security scan, which checks the security of the system, and Virus Detection that performs a complete scan of your computer for viruses. Installs quickly and easily, works through the browser. According to recent reviews, this network scanner is best used for additional verification.

XSpider

The XSpider program, which, according to the developer, can reveal a third of the vulnerabilities of tomorrow. Key Feature of this scanner is the ability to detect the maximum number of "failures" in the network even before they are seen by hackers. At the same time, the scanner works remotely without requiring the installation of additional software. After working, the scanner sends a full report to the security specialist and advice on how to eliminate "holes". The cost of a license for this scanner starts from 11 thousand rubles for four hosts per year.

QualysGuard

Multifunctional vulnerability scanner. It provides extensive reports which include:

• assessing the level of criticality of vulnerabilities;
• an estimate of the time required to eliminate them;
• checking the degree of their impact on the business;
• analysis of security trends.

The QualysGuard cloud platform and a built-in set of applications enable enterprises to simplify the security process and reduce the cost of compliance, while providing critical security information and automating the full range of tasks for auditing, monitoring and protecting IT systems and web applications. With this software, you can scan corporate websites and receive automated alerts and reports to detect and eliminate threats in a timely manner.

Rapid 7 NeXpose

Rapid 7 is one of the fastest growing information security companies in the world. It was she who recently acquired the Metasploit Framework project, and it is her handiwork - the NeXpose project. The cost of "entrance" to use the commercial version is almost $3000, but for enthusiasts there is a Community version with slightly reduced features. Such free version easily integrates with Metasploit. The scheme of work is quite tricky: first, NeXpose is launched, then the Metasploit Console (msfconsole), after which you can start the scanning process and configure it using a number of commands (nexpose_connect, nexpose_scan, nexpose_discover, nexpose_dos and others). You can combine the functionality of NeXpose and other Metasploit modules.

X-scan

Outwardly, the X-Scan looks more like a homemade product created by someone for their own needs and put into the public for free swimming. Perhaps it would not have gained such popularity if not for the support of Nessus scripts, which are activated using the Nessus-Attack-Scripts module. On the other hand, it is worth looking at the scan report, and all doubts about the usefulness of the scanner fade into the background. It will not be designed according to one of the official information security standards, but it will definitely tell a lot about the network.

One of the most important issues in the field of information technology is security. Did you know that 96% of tested applications have vulnerabilities?

Below is a diagram from Cenzic showing different types found vulnerabilities.

In this article, I will talk about free tools to scan a website for vulnerabilities and malware.

List of considered tools:

• Scan My Server;
• SUCURI;
• Qualys SSL Labs, Qualys FreeScan;
• Quttera;
• detectify;
• SiteGuarding;
• web inspector;
• Acunetix;
• Asafa Web;
• Netsparker Cloud;
• UpGuard Web Scan;
• Tinfoil Security.

1. Scan My Server

ScanMyServer provides one of the most comprehensive reports on security tests: SQL injection, cross site scripting, PHP code injection, source disclosure, HTTP header setting and more.

The verification report is sent to e-mail with a brief description of the vulnerabilities found.

2.SUCURI

SUCURI is the most popular free malware scanner. You can quickly test the site for malicious code, SPAM injections and its presence in various blacklists.

SUCURI also cleans and protects the site from online threats. The tool works on any CMS, including WordPress, Joomla, Magento, Drupal, phpBB, etc.

3. Qualys SSL Labs, Qualys FreeScan

SSL Labs is one of the popular SSL web server scanning tools. It provides in-depth analysis of https URL, overall rating, cipher, SSL/TLS version, handshake simulation, protocol information, BEAST and more.

FreeScan checks websites for OWASP Top Risks, malware, SCP security settings, and other tests. To perform a scan, you must sign up for a free account.

4. Quttera

Quttera checks the site for malware and vulnerabilities.

This tool scans the site for malicious files, suspicious files, potentially suspicious files, phishTank, as well as presence in the safe browsing lists (Google, Yandex) and malware lists.

5. Detectify

Detectify is a SaaS based site crawler. It allows you to run over 100 automated security tests, including OWASP Top 10, malware, and more.

Detectify provides a 21-day free trial.

6. SiteGuarding

SiteGuarding lets you check a domain for malware, blacklisting, spam injections, and more.

The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and more.

SiteGuarding also helps remove malware from the site.

7.Web Inspector

Web Inspector scans the site and provides reports - "blacklist", "phishing", "malware", "worms", "backdoors", "trojans", "suspicious frames", "suspicious connections".

8. Acunetix

Acunetix checks the entire site for over 500 different vulnerabilities.

The tool provides free trial version for 14 days.

9. Asafa Web

AsafaWeb offers trace scanning, user error, stack trace, Hash DoS patch, EMLAH log, HTTP Only Cookies, Secure Cookies, Clickjacking and more.

10. Netsparker Cloud

Netsparker Cloud is an enterprise web application security scanner capable of detecting over 25 critical vulnerabilities. It is free for open source projects. You can also request a trial version of the tool.

11. UpGuard Web Scan

UpGuard Web Scan is an external risk assessment tool that uses publicly available information on various factors including SSL, Clickjack attacks, Cookies, DNSSEC, headers, etc. It is still in beta, but worth a try.

12. Tinfoil Security

Tinfoil Security first checks the site for 10 OWASP vulnerabilities and then for other known threats. You will eventually receive an activity report and be able to re-crawl the site after making the necessary corrections.

The complete setup will take about 5 minutes. You can crawl a site even if it is secure or registration is required to enter it.