Top server security analysis tools

There are many server analysis tools available today and we will see some tools/websites which scan server/hostname for various security testing which I usually use.

Sometimes we ignore small security points, but those points motivate hackers to hack sites. There are some concepts which secure the user (End user) data security. We can make our server/domain secure by HTTP/HTTPS, SSL/TLS, SMTP/PoP3, SSH, FTP, etc.. various tests on the site below which will list your vulnerabilities.

1. Observatory.mozilla.org

This is one of the best sites to test server vulnerability. I always use this to scan first to check various security. It has other observatories testing HTTP, TLS, SSH, Third-Party. HTTP Observatory show various list of scans like:

• Content Security Policy (CSP)
• Cookie testing
• Cross-origin resource sharing (CORS)
• HTTP Public Key Pinning
• HTTP Strict Transport Security
• Referrer-Policy     header
• Sub resource Integrity (SRI)
• X-Content-Type-Options header
• X-Frame-Options (XFO) header
• X-XSS-Protection header

2. Pentest-Tools

Pentest tools is one of the great sources to test server vulnerability. This tool will give you an analysis on which point your server/domain is not secure with a free account. This tool is my second lead to test my server/domain.

• It will give you all-in-all review of server risk
• how many tests can be performed, in how much time
• will list the vulnerabilities found for server-side software
• which directory listing can be enabled on the server
• scan server software or tech used or installed on your server/domain
• will give you the list of tips on missing headers
• show if robot.txt exists or not

3. sslshopper.com

Sslshopper tool will check/return your domain certificates details. You will get the data like the below:

• Resolver IP address
• Server basic information ex. server type
• Who is CA ( certification authority)
• Certificate expiration time and other certificate info.

4. digicert.com

Will give you information about your server and DNS resolver and about TLS/SSl certificate authorities details.

5. wormly.com

This site has different free tools to examine your server/domain for tests like: domain security (HTTP/HTTPS), SMTP Mail server, PoP3 mail server, FTP server test, Remote ping. domain test result will give you results like the below:

• If it is a genuine host or not and when is it going to lapse
• Encryption cipher, public key details, which protocols are used,
• which encryption cipher is used, cipher strength, algo, key, bad handshake time

6. Geekflare

Geekflare has 25+ tools to examine and test your domain/server security and other stuff like SEO, DNS, security, performance, etc. You can test your website from every aspect using these tools. These tools help you to get in every tiny detail like server missing headers, SEO, search engine optimization, web performance, and will score your domain. This site has many good tools so I can’t give you a deep idea about this. It’s better if you test them by yourself.

7. Immuniweb

Immuniweb has many security tests which identify holes in your server-client communication. It has asset discovery management and dark web constant examination. It offers various types of packages for mobile, web, server, etc. Simple domain security check will give a list of results which are below:

• Check various tests: CMS security analysis, GDPR test, PCI DSS security analysis, CSP     analysis, HTTP header security
• give enable methods on server, check if the directory listing is enabled or not,
• sub domain discovery
• If your site is WordPress like CMS, then this one is advisable to test first
• Also shares cookie security test and third party content survey

8. Ssllabs

Ssllabs is a totally free service to perform various tests or analysis of configuration of your SSL based web server on the public internet. This site also shows you recently scanned sites, worst site, best site.  Ssllabs has many other tools which you can use for free from here. Ssllabs test result will give analysis of the below:

• Deep details about installed certificates
• Additional certificates details if supplied
• Certificate path
• Enable/disable protocol
• List of Cipher suites
• Handshake simulation report
• Protocol details

9. Cryptcheck

Crypt check is a simple tool to list all ciphers with details enabled TLS version certificates. It has HTTPS/SMTP/XMPP test, SSH test, TLS test.  This site has a significant amount of details of various cipher suites.

Conclusion:

I hope you enjoy these tools. Most of them are free which will give many more detailed traces which you left behind for hackers. If you find other tools than listed above then mention it in the comment section and I will add those tools with special mention.