10 Free Online Tools to Scan Website Security

Must read:

Ferdian Alfianto

Ferdian Alfianto

Ferdian Alfianto is an Internet enthusiast, Mac Lover; likes using Wordpress, experimenting with Linux (especially Debian and Ubuntu), tinkering with pfSense routers, happy experimenting with LEMP (Linux, Nginx, MariaDB, PHP) and Redis. You can contact me here.

One of the most trending talks in the IT world is Website Security. Did you know, the 96% applications I tested had vulnerabilities.

Below is a chart from Cenzic showing the different types of susceptibility trends found.

Cenzic chart

There are many questions about how to scan a website for security, in this article I will list a free tool to scan a site for security vulnerabilities and malware.

If it turns out to be vulnerable, then we can always protect the website with a Web Application Firewall (WAF) from a cloud-based security provider like Sucuri, Cloudflare or Stackpath.

1. ScanMyServer

ScanMyServer presents the most comprehensive reports on varieties of security tests such as SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and many more.

ScanMyServer display

2. Sucuri

Sucuri is the most popular free website security and malware scanner. We can do a quick test for Malware, blacklisted sites, SPAM and Deface.

Sucuri also cleans and protects websites from online threats and can run on any website platform including WordPress, Joomla, Magento, Drupal, phpBB, etc.

Sucuri Scanner
Sucuri Scanner

3. Qualys SSL Labs, Qualys FreeScan

SSL Labs is one of the most used tools to scan a site's SSL certificate. It provides an in-depth analysis of a site's https URL; including expiration date, rating, Cipher, SSL / TLS version, Handshake simulation, protocol details, BEAST and more.

If your site uses SSL, you should do this SSL test.

Qualys SSL Labs

4. Quttera

Quttera check websites for malware exploits and security vulnerabilities.

Quttera scans the website for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and lists of domains containing Malware.


5. Detectify

Detectify is a SaaS based website security scanner. We will get 100+ automated security tests including OWASP Top 10, malware and more.

Detectify is giving a 14 day free trial, but you'll need to sign up for the scan.

6. SiteGuarding

SiteGuarding Helps to scan domains for malware, blacklisted sites, spam shots, defaces and more.

This scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and other platforms.

SiteGuarding also helps remove malware if the site gets a virus.


7. cWatch Comodo

cWatch scans sites and provides vulnerability reports including Blacklists, Phishing, Malware, Worms, Backdoors, Trojans, suspicious frames, suspicious connections.

8. UpGuard Web Scan

UpGuard Web Scan is risk assessment tool externals use available information to assess various factors including SSL, Clickjack attacks, Cookies, DNSSEC, Headers, etc.


9. Tinfoil Security

Tinfoil Security it will initially audit the website for 10 OWASP vulnerabilities and then further known security vulnerabilities. We'll get an actionable report and an option to re-scan once we're done with the necessary fixes.


10. Mozilla Observatory

Mozilla introduces Observatory yang membantu pemilik situs untuk memeriksa berbagai elemen keamanan. Ini memvalidasi terhadap keamanan header OWASP, TLS dan melakukan tes pihak ketiga dari SSL Labs, High-Tech Bridge, Security Headers,  HSTS Preload, dll.


Latest articles:

MongoDB logo

Easy to Install MongoDB on Ubuntu 20.04

This tutorial explains how to install and configure MongoDB Community Edition on Ubuntu 20.04. MongoDB is a free, open-source document database. Belongs to the so-called database family

Related article:

8 Best Free Password Manager 2019

Password manager is an application that helps us create good and strong passwords, store them with layered security & encrypted, both stored on a local hard disk

11 Places To See Real-Time Cyber Attacks

It is quite exciting to monitor cyber attack activity in real-time around the world. Thousands of websites are hacked every day because of files or plugins

Tips for Securing a Linux Server or VPS

The server or VPS that we use to host our website is connected to the Internet, anyone can access it. To protect against access by ignorant hands, we need to