Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).
Allows you to discover domains associated with a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.
Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.
Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.
This tool allows you to discover the technologies used by a target web application - server-side and client-side. It can also scan multiple virtual hosts on the same IP.
Web Application Testing
Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.
Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.
The online scanner identifies SQL injection vulnerabilities found in web applications by crawling and performing a deep inspection of web pages and parameters. Find below useful examples in which you can use the SQL Injection scanner powered by OWASP ZAP.
This tool helps you discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.
Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.
Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules and templates.
Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.
Since the scanner allows you to detect a wide range of vulnerabilities in network services, operating systems and also in web servers, its use cases are very diverse
The tool scans an IP address or hostname for network services that require authentication (ex. HTTP web forms, SSH, FTP, MYSQL, RDP, etc) and detects weak credentials by trying to login using a set of common usernames and passwords
The scanner detects if the target host is vulnerable to the F5 BIG-IP RCE vulnerability - CVE-2020-5902. This affects multiple F5 products which use the Traffic Management User Interface component (TMUI).
The purpose of this tool is to detect vulnerable Windows 10 and Windows Server machines affected by the SMBGhost vulnerability (CVE-2020-0796). The detection if performed by checking the SMB version of the target host and if the SMB service has compression enabled.
This is a specialized scanner which detects vulnerable Apache Tomcat servers, affected by the GhostCat vulnerability (CVE-2020-1938). The tool attempts to read a common file (WEB-INF/web.xml) from the web root of the server via the AJP Connector. The AJP port (usually 8009) needs to be open for this test to work properly.
This tool detects if the target server is a Citrix device affected by the Remode Code Execution vulnerability CVE-2019-19781. The detection is performed by trying to read a certain file from the disk while using a path traversal technique.
Allows you to discover subdomains of a target organization which point to external services (ex. Amazon S3, Heroku, Github, etc) and are not claimed - leaving them vulnerable to hostile takeover.
Knowing which network services are exposed to the Internet is essential for securing the network perimeter of a company. With a Nmap portscan you can easily obtain a quick view of the network attack surface that includes all open TCP ports and services.
Allows you to discover which UDP ports are open on your target host, identify the service versions and detect the operating system.
Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.
The SSL Scanner connects to the target port and attempts negotiate various cipher suites and multiple SSL/TLS versions in order to determine weak configurations and common vulnerabilities (ex. POODLE, Heartbleed, DROWN, ROBOT etc.). The full version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.).
This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.
Check if a server is live and responds to ICMP Echo requests. This tool can also be used to find the IP address of a hostname.
This tool allows you to perform Whois lookups online and extract information about domain names and IP addresses.