Sunday 28 September 2014

Using On-line Services for Reconnaissance

Ever wanted to use only existing online services to do reconnaissance without having to install or use any other tools. Well, the following URLs will give you a nice starting point. This list is to be expanded and updated with more links. If you believe you know of an online service which can be useful for this purpose do not hesitate to share it with the rest of us. Let me know and I will add it to the list! :)


https://www.virustotal.com/
Use Virus Total and enter the URL you want to check and look into the "additional information". 

http://sitecheck.sucuri.net/
For further information you may also use Site Check. 

http://quttera.com/
Quttera is also a useful on-line service to keep in mind.

https://asafaweb.com
Automated Security Analyser for ASP.NET Websites.

https://securityheaders.io
Assess the security based HTTP response headers

http://urlquery.net

Detecting and analyse web-based malware

https://haveibeenpwned.com
Check if your login credentials have been leaked due to a recent hack

https://www.ssllabs.com/ssltest/
SSL Labs is a very useful on-line service to know. 

https://www.ssllabs.com/ssltest/viewMyClient.html
Test/Check the SSL/TLS capabilities of your browser 

http://cyh.herokuapp.com/cyh
Assess your web application's header information

https://defuse.ca/checksums.htm
Hash ASCII text or a file with many different hash algorithms

Generate and verify the MD5/SHA1 checksum without uploading it
http://onlinemd5.com/

Formatters, Validators, Encoders & Decoders, Converters, Data Generator, etc.
http://www.freeformatter.com/md5-generator.html

Check your hash (string) to find a possible hash type
https://md5hashing.net/hash_type_checker#main

Reverse Lookup of a Hash
http://reverse-hash-lookup.online-domain-tools.com

Reverse Lookup of a Hash
https://isc.sans.edu/tools/reversehash.html

Online Hash Identification (supports 250 hash types) and command line tool
http://www.onlinehashcrack.com/hash-identification.php
http://www.smeegesec.com/2013/11/hashtag-password-hash-identification.html

https://pcapperf.appspot.com
PCAP Web Performance Analyzer

URL Decoder/Encoder
http://meyerweb.com/eric/tools/dencoder/

http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php
A collection of online network tools including ipv6 tools. 

http://mxtoolbox.com/SuperTool.aspx
The MX Toolbox has a number of online tools for you to use.

https://www.wormly.com/test_smtp_server
Test your snmp server

https://www.smtplogic.com/Tools.aspx
A number of online different online tools 

http://dnscheck.pingdom.com
Website speed test and DNS tests

http://www.intodns.com
IntoDNS checks the health and configuration and provides DNS report and mail servers report

Provides a comprehensive test and report on the health of your DNS
http://www.dnssy.com/index.php

Test for open relay
http://www.mailradar.com/openrelay/

Investigate domains and IP addresses
http://centralops.net/co/DomainDossier.aspx

https://testconnectivity.microsoft.com
Microsoft's Remote Connectivity Analyzer 

http://www.feedthebot.com/tools/
A number of useful tools

http://hackertarget.com
Online access to vulnerability scanning tools

https://freakattack.com
Check if you are vulnerable to the SSL/TLS vulnerability called the FREAK attack

http://gfragkos.blogspot.co.uk/2015/05/logjam-attack-diffie-hellman-key.html
Read about Logjam and check if your browser is vulnerable

http://siph0n.in/
Latest Exploits and Vulnerabilities

https://gtmetrix.com
Web Application performance



No comments:

Post a Comment