Ever find yourself needing to do a quick security scan but are on a computer that doesn’t have the right tools? This happens to me periodically when we need a quick scan done from “outside.” Out of curiosity I searched around and found a few good options that I thought you may find useful.

Nmap-Online.com: Administered by MatouSec.com, a project started in 2006 run by a group of security experts concerned about user desktop security, this service offers almost the full capability of Nmap through a website! The earliest reference I could find was in November of 2006 so they’ve been around for awhile.

To use the service just pick between “Quick Scan” and “Full Scan” that scans your own detected IP address or a “Custom Scan” that gives you almost full access to Nmap’s set of options (including scanning a range of IPs). Finally, agree to their ToS and hit Scan. You have the option of waiting for the results in the browser or entering an email and password to have them emailed to you. Keep the email and password handy as you can use these credentials to retrieve all your recent scans. Note that no registration is required though. It seems to track users with just your specific email and password combination.

Unfortunately, limitations there are… You can only scan IP addresses and ranges within your externally detected class C address space. Additionally, they have rules controlling the amount of scans you are permitted to perform within various time periods (e.g., a max of 8 scan requests from one IP per 24 hours). See their ToS for all the restrictions.

Check out Nmap-Online here.

HackerTarget.com: This is another service that I came across that offers several free online scanners. Currently, they provide 10 scans that include the likes of Nmap, OpenVas, Nikto, and WordPress Security Scan. Just checking out their Nmap service … it only performs a “Fast Scan with Service Identification” (i.e., nmap -sV -F your.ip.address.com). Most of their other services didn’t have any customizable options so I assume it’s just the default scans. For specifics you’d have to research the default scans for these tools. The WordPress scan however mentions 13 specific checks.

Just like Nmap-Online.com there are limitations… You only get four scans per day and can’t use free web email accounts to get the results. Additionally, you can’t scan IP ranges … just individual IPs. HackerTarget does offer a membership program that lifts these restrictions. Prices for individuals are $5 on a month-to-month basis or $30 a year. Corporations are $50 per month or $400 a year. Regardless if you use the free or paid versions, there doesn’t seem to be a way to view sessions online; you must enter an email for them to send results to.

Check out the HackerTarget.com Online Security Scan page here.

#####

Do you know of any other online security scanner for quick one-off assessments? Let us know in the comments below. Today’s post image is from AttackResearch.com.

The folks over at Darknet just threw up a blog post entitled “OpenVAS – Open Vulnerability Assessment System (Nessus is Back!).” Finally! I won’t go into too much detail but was just excited to see this posted. Too bad BackTrack 3 just recently came out. It would have been nice to have this version of Nessus, I mean OpenVAS, on the CD. There’s always the next version…