Shaw Kaz
24 KiB
Web Tools [TOC]
▪️ Browsers
SSL/TLS Capabilities of Your Browser - test your browser's SSL implementation.
Can I use - provides up-to-date browser support tables for support of front-end web technologies.
Panopticlick 3.0 - is your browser safe against tracking?
Privacy Analyzer - see what data is exposed from your browser.
Web Browser Security - it's all about Web Browser fingerprinting.
How's My SSL? - help a web server developer learn what real world TLS clients were capable of.
sslClientInfo - client test (incl TLSv1.3 information).
▪️ SSL/Security
SSLLabs Server Test - performs a deep analysis of the configuration of any SSL web server.
SSLLabs Server Test (DEV) - performs a deep analysis of the configuration of any SSL web server.
ImmuniWeb® SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST).
SSL Check - scan your website for non-secure content.
SSL Scanner - analyze website security.
CryptCheck - test your TLS server configuration (e.g. ciphers).
urlscan.io - service to scan and analyse websites.
Report URI - monitoring security policies like CSP and HPKP.
CSP Evaluator - allows developers and security experts to check if a Content Security Policy.
Useless CSP - public list about CSP in some big players (might make them care a bit more).
Why No HTTPS? - top 100 websites by Alexa rank not automatically redirecting insecure requests.
TLS Cipher Suite Search- cipher suite search engine.
cipherli.st - strong ciphers for Apache, Nginx, Lighttpd, and more.*
dhtool - public Diffie-Hellman parameter service/tool.
badssl.com - memorable site for testing clients against bad SSL configs.
tlsfun.de - registered for various tests regarding the TLS/SSL protocol.
CAA Record Helper - generate a CAA policy.
Common CA Database - repository of information about CAs, and their root and intermediate certificates.
CERTSTREAM - real-time certificate transparency log update stream.
crt.sh - discovers certificates by continually monitoring all of the publicly known CT.
Hardenize - deploy the security standards.
Cipher suite compatibility - test TLS cipher suite compatibility.
urlvoid - this service helps you detect potentially malicious websites.
security.txt - a proposed standard (generator) which allows websites to define security policies.
ssl-config-generator - help you follow the Mozilla Server Side TLS configuration guidelines.
TLScan - pure python, SSL/TLS protocol and cipher scanner/enumerator.
▪️ HTTP Headers & Web Linters
Security Headers - analyse the HTTP response headers (with rating system to the results).
Observatory by Mozilla - set of tools to analyze your website.
webhint - is a linting tool that will help you with your site's accessibility, speed, security, and more.
▪️ DNS
ViewDNS - one source for free DNS related tools and information.
DNSLookup - is an advanced DNS lookup tool.
DNSlytics - online DNS investigation tool.
DNS Spy - monitor, validate and verify your DNS configurations.
Zonemaster - helps you to control how your DNS works.
Leaf DNS - comprehensive DNS tester.
Find subdomains online - find subdomains for security assessment penetration test.
DNSdumpster - dns recon & research, find & lookup dns records.
DNS Table online - search for DNS records by domain, IP, CIDR, ISP.
intoDNS - DNS and mail server health checker.
DNS Bajaj - check the delegation of your domain.
BuddyDNS Delegation LAB - check, trace and visualize delegation of your domain.
dnssec-debugger - DS or DNSKEY records validator.
PTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records.
xip.io - wildcard DNS for everyone.
nip.io - dead simple wildcard DNS for any IP Address.
dnslookup (ceipam) - one of the best DNS propagation checker (and not only).
What's My DNS - DNS propagation checking tool.
DNSGrep - quickly searching large DNS datasets.
▪️ Mail
smtp-tls-checker - check an email domain for SMTP TLS support.
MX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
Secure Email - complete email test tools for email technicians.
blacklistalert - checks to see if your domain is on a Real Time Spam Blacklist.
MultiRBL - complete IP check for sending Mailservers.
DKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.
▪️ Encoders/Decoders and Regex testing
URL Encode/Decode - tool from above to either encode or decode a string of text.
Uncoder - the online translator for search queries on log data.
Regex101 - online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript.
RegExr - online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
RegEx Testing - online regex testing tool.
RegEx Pal - online regex testing tool + other tools.
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
▪️ Net-tools
Netcraft - detailed report about the site, helping you to make informed choices about their integrity.*
RIPE NCC Atlas - a global, open, distributed Internet measurement platform.
Robtex - uses various sources to gather public information about IP numbers, domain names, host names, etc.
Security Trails - APIs for Security Companies, Researchers and Teams.
Online Curl - curl test, analyze HTTP Response Headers.
Online Tools for Developers - HTTP API tools, testers, encoders, converters, formatters, and other tools.
Ping.eu - online Ping, Traceroute, DNS lookup, WHOIS and others.
Network-Tools - network tools for webmasters, IT technicians & geeks.
BGPview - search for any ASN, IP, Prefix or Resource name.
Is BGP safe yet? - check BGP (RPKI) security of ISPs and other major Internet players.
Riseup - provides online communication tools for people and groups working on liberatory social change.
VirusTotal - analyze suspicious files and URLs to detect types of malware.
▪️ Privacy
privacyguides.org - provides knowledge and tools to protect your privacy against global mass surveillance.
DNS Privacy Test Servers - DNS privacy recursive servers list (with a 'no logging' policy).
▪️ Code parsers/playgrounds
ShellCheck - finds bugs in your shell scripts.
explainshell - get interactive help texts for shell commands.
jsbin - live pastebin for HTML, CSS & JavaScript, and more.
CodeSandbox - online code editor for web application development.
PHP Sandbox - test your PHP code with this code tester.
Repl.it - an instant IDE to learn, build, collaborate, and host all in one place.
vclFiddle - is an online tool for experimenting with the Varnish Cache VCL.
Haskell Dockerfile Linter - a smarter Dockerfile linter that helps you build best practice Docker images.
▪️ Performance
GTmetrix - analyze your site’s speed and make it faster.
Sucuri loadtimetester - test here the
performance of any of your sites from across the globe.
Pingdom Tools - analyze your site’s speed around the world.
PingMe.io - run website latency tests across multiple geographic regions.
PageSpeed Insights - analyze your site’s speed and make it faster.
web.dev - helps developers like you learn and apply the web's modern capabilities to your own sites and apps.
Lighthouse - automated auditing, performance metrics, and best practices for the web.
▪️ Mass scanners (search engines)
Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
Shodan - the world's first search engine for Internet-connected devices.
Shodan 2000 - this tool looks for randomly generated data from Shodan.
GreyNoise - mass scanner such as Shodan and Censys.
ZoomEye - search engine for cyberspace that lets the user find specific network components.
netograph - tools to monitor and understand deep structure of the web.
FOFA - is a cyberspace search engine.
onyphe - is a search engine for open-source and cyber threat intelligence data collected.
IntelligenceX - is a search engine and data archive.
binaryedge - it scan the entire internet space and create real-time threat intelligence streams and reports.
Spyse - Internet assets registry: networks, threats, web objects, etc.
wigle - is a submission-based catalog of wireless networks. All the networks. Found by Everyone.
PublicWWW - find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code.
IntelTechniques - this repository contains hundreds of online search utilities.
hunter - lets you find email addresses in seconds and connect with the people that matter for your business.
GhostProject? - search by full email address or username.
databreaches - was my email affected by data breach?
We Leak Info - world's fastest and largest data breach search engine.
Pulsedive - scans of malicious URLs, IPs, and domains, including port scans and web requests.
Buckets by Grayhatwarfar - database with public search for Open Amazon S3 Buckets and their contents.
Vigilante.pw - the breached database directory.
builtwith - find out what websites are built with.
NerdyData - search the web's source code for technologies, across millions of sites.
zorexeye - search for sites, images, apps, softwares & more.
Mamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here.
OSINT Framework - focused on gathering information from free tools or resources.
maltiverse - is a service oriented to cybersecurity analysts.
Leaked Source - is a collaboration of data found online in the form of a lookup.
We Leak Info - to help everyday individuals secure their online life, avoiding getting hacked.
pipl - is the place to find the person behind the email address, social username or phone number.
abuse.ch - is operated by a random swiss guy fighting malware for non-profit.
malc0de - malware search engine.
Cybercrime Tracker - monitors and tracks various malware families that are used to perpetrate cyber crimes.
shhgit - find GitHub secrets in real time.
searchcode - helping you find real world examples of functions, API's and libraries.
Insecam - the world biggest directory of online surveillance security cameras.
index-of - contains great stuff like: security, hacking, reverse engineering, cryptography, programming etc.
Rapid7 Labs Open Data - is a great resources of datasets from Project Sonar.
Common Response Headers - the largest database of HTTP response headers.
InQuest Labs - InQuest Labs is an open, interactive, and API driven data portal for security researchers.
▪️ Generators
thispersondoesnotexist - generate fake faces in one click - endless possibilities.
AI Generated Photos - 100.000 AI generated faces.
fakenamegenerator - your randomly generated identity.
Intigriti Redirector - open redirect/SSRF payload generator.
▪️ Passwords
have i been pwned? - check if you have an account that has been compromised in a data breach.
dehashed - is a hacked database search engine.
Leaked Source - is a collaboration of data found online in the form of a lookup.
▪️ CVE/Exploits databases
CVE Mitre - list of publicly known cybersecurity vulnerabilities.
CVE Details - CVE security vulnerability advanced database.
Exploit DB - CVE compliant archive of public exploits and corresponding vulnerable software.
0day.today - exploits market provides you the possibility to buy/sell zero-day exploits.
sploitus - the exploit and tools database.
cxsecurity - free vulnerability database.
Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
cveapi - free API for CVE data.
▪️ Mobile apps scanners
ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).
Quixxi - free Mobile App Vulnerability Scanner for Android & iOS.
Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.
▪️ Private Search Engines
Startpage - the world's most private search engine.
searX - a privacy-respecting, hackable metasearch engine.
darksearch - the 1st real Dark Web search engine.
Qwant - the search engine that respects your privacy.
DuckDuckGo - the search engine that doesn't track you.
Swisscows - privacy safe web search
Disconnect - the search engine that anonymizes your searches.
MetaGer - the search engine that uses anonymous proxy and hidden Tor branches.
▪️ Secure Webmail Providers
CounterMail - online email service, designed to provide maximum security and privacy.
Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
Tutanota - is the world's most secure email service and amazingly easy to use.
Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.
Startmail - private & encrypted email made easy.
▪️ Crypto
Keybase - it's open source and powered by public-key cryptography.
▪️ PGP Keyservers
SKS OpenPGP Key server - services for the SKS keyservers used by OpenPGP.