There are many server analysis tools available. today , we will see some tools/website which scan server/hostname for various security testing. which i used mostly. Sometime we ignore small security points, but those points motivate hacker to hack site. there are some concept which secure user (End user) data security. we can make our server/domain secure by HTTP/HTTPS, SSL/TLS, SMTP/PoP3, SSH, FTP, etc.. various test on below site. which will list your vulnerabilities.
This is one of the best site to test server vulnerability. i always use this scan first to check various security. it has other Observatory testing HTTP, TLS, SSH, Third-Party. HTTP Observatory show various list of scan like:
- Content Security Policy (CSP)
- Cookie testing
- Cross-origin resource sharing (CORS)
- HTTP Public Key Pinning
- HTTP Strict Transport Security
- Referrer-Policy header
- Sub resource Integrity (SRI)
- X-Content-Type-Options header
- X-Frame-Options (XFO) header
- X-XSS-Protection header
Pentest tools is one of great source to test server vulnerability. this tool will give you analysis on which point your server/domain in not secure with free account. this tool is my second priority to test my server/domain after that i choose other tools.
- Will give you overall rating of server risk
- how many test perform , in how much time
- will list Vulnerabilities found for server-side software
- which directory listing enable on server
- scan server software or tech used or install on your server/domain
- will give you list of tips on missing headers
- show robot.txt exist or not
Sslshopper tool will check/return your domain certificates details. this site has tools like, SSL Check, CSR Decoder, Certificate Decoder, Certificate key match, SSL Converter
you will get information like
- Resolver IP address
- Server basic info ex. server type
- Who is CA ( certification authority)
- Certificate expiration time and other certificate info.
- Will give you info about your server and DNS resolver and info about TLS/SSl certificate authorities details and it self
this site has various free tool to scan your server/domain for test like: domain security (HTTP/HTTPS), SMTP Mail server, PoP3 mail server, FTP server test, Remote ping. domain test result will give you results like:
- is valid host or not, when it’s going to expire
- Encryption cipher, public key details, which protocols used,
- which encryption cipher used, cipher strength, algo, key, nad handshake time
Geekflare has various 25+ tools to scan and test your domain/server security and other stuff like seo, dns, security, performance, etc.. you can test your website from every angle using this tools. this tools help/get you in every tiny details like server missing headers, seo, search engine optimization, web performance, will score your domain. this site has many good tools so i can’t get you deep idea about this. it’s better you test by your self.
Immuniweb has many security test which identify holes on your server-client communication. it has attack surface management and dark web continuous monitoring. it offers various type of package for mobile, web, server, etc.. . simple domain security check will give list of result which are below:
- Check various test: CMS security analysis, GDPR test, PCI DSS security analysis, CSP analysis, HTTP header security
- give enable methods on server, is directory listing enable or not,
- sub domain discovery
- if your site is wordpress like cms then this one is best to test first
- also give cookie security test, Third party content analysis
Ssllabs is totally free service to perform various test or analysis of configuration of your ssl based web server on public internet. site also sows you recently scanned site, worst site, best site. ssllabs has many other tools which you can use free from here. ssllab test result will give analysis of,
- Deep details about installed certificates
- Additional certificates details if supplied
- Certificate path
- Enable/disabled protocol
- List of Cipher suites
- Handshake simulation report
- Protocol details
crypt check is simple tools to list all cipher with details enabled TLS version certificates. has HTTPS/SMTP/XMPP test, SSH test, TLS test. this site has significant amount of details of various cipher suites.
I hope you enjoy these tools most of them are free which give much more details traces which you left behind for hackers. if you found other tools then listed above then mention it in comment will add that tools with special mention.