11款 扫描网站安全的免费在线工具

1. SUCURI

SUCURI  is one of the most popular free website malware and security scanner. You can do a quick test for malware, blacklisting status, injected SPAM, and defacements.

SUCURI also helps to clean and protect your website from online threats and works on any website platforms, including WordPress, Joomla, Magento, Drupal, phpBB, etc.

2. Qualys

SSL Server Test  by Qualys is essential to scan your website for SSL/TLS misconfiguration and vulnerabilities. It provides an in-depth analysis of your https:// URL including expiry day, overall rating, cipher, SSL/TLS version, handshake simulation, protocol details, BEAST, and much more.

As a best practice, you should run the Qualys test after making any SSL/TLS related changes.

3.Quttera

Quttera  check website for malware and vulnerabilities exploits.

It scans your website for malicious files, suspicious files, potentially suspicious files, PhishTank, Safe Browsing (Google, Yandex), and Malware domain list.

4.Intruder

Intruder  is a powerful cloud-based vulnerability scanner to find weaknesses in the entire web application infrastructure. It is enterprise-ready and offers government &bank-level security scanning engine without complexity.

Its robust security checks include identifying:

Missing patches

Misconfigurations

Web application issues such as SQL injection &cross-site scripting

CMS issues

Intruder saves you time by prioritizing results based on their context as well as proactively scanning your systems for the latest vulnerabilities. It also integrates with major cloud providers (AWS, GCP, Azure) as well as Slack &Jira.

You can give Intruder a try for 30 days for free.

5. UpGuard

UpGuard Web Scan  is an external risk assessment tool that uses the publicly available information to grade.

Test results are categorized into the following groups.

Website risks

Email risks

Network security

Phishing and Malware

Brand protection

Good to get a quick security posture of your website.

6.SiteGuarding

SiteGuarding  helps you to scan your domain for malware, website blacklisting, injected spam, defacement, and much more. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin, and another platform.

SiteGuarding also helps you to remove malware from your website, so if you are site is affected by viruses, they will be useful.

7.Observatory

Mozilla recently introduced  observatory , which helps a site owner to check various security elements. It validates against OWASP header security, TLS best practices and performs third-party tests from SSL Labs, High-Tech Bridge, Security Headers, HSTS Preload, etc.

8.Web Cookies Scanner

Web Cookies Scanner  is a free all-in-one security tool suitable for scanning web applications. It is capable of searching vulnerabilities and privacy issues on HTTP cookies, Flash applets, HTML5 localStorage, and sessionStorage, Supercookies, and Evercookies. The tool also offers a free URL malware scanner and an HTTP, HTML, and SSL/TLS vulnerability scanner.

To use this tool, you just need to enter your site’s full domain name and click on Check! After a while, you’ll get a full vulnerabilities report, showing a detail of all issues found and an overall privacy impact score.

You can use the on-demand service for free with no restrictions, or you can subscribe for a free trial of a fully automated RESTful API with different plans, which offer between 100 and unlimited API scans per month.

9.Detectify

Fully supported by ethical hackers, the  Detectify  domain and web application security service offers automated security and asset monitoring, being able to detect more than 1500 vulnerabilities.

Its vulnerability scanning capacity includes OWASP Top 10, CORS, Amazon S3 Bucket, and DNS misconfigurations. The Asset Monitoring service continuously monitors subdomains, searching for hostile takeovers and alerting if anomalies are detected.

Detectify offers three pricing plans: Starter, Professional, and Enterprise. All of them start with a 14-day free trial, which you can take without using a credit card.

10.Probely

Probely  provides a virtual security specialist that you can add to your development crew, security team, DevOps, or SaaS business. This security specialist will scan your web application and find all of its vulnerabilities. You can think of Probely as a family doctor that gives you periodic diagnostics and tells you what to do to fix any issue.

It is a tool mainly built for developers, letting them be more independent when it comes to security testing. Its API-First development approach assures that any features will be first available on the API version of the service. It has many pricing plans, including a free one with basic scanning capacity.

11.Pentest-Tools

The website vulnerability scanner is one of a comprehensive set of tools offered by  Pentest-Tools  that comprise a solution for information gathering, web application testing, CMS testing, infrastructure testing, and SSL testing. In particular, the website scanner is designed to discover common web application vulnerabilities and server configuration issues.

The company offers a Light version of the tool, which performs a passive web security scan. It is capable of detecting many vulnerabilities, including insecure cookie settings, insecure HTTP headers, and outdated server software. You can perform up to 2 free, full scans of your website to get a comprehensive assessment. The results will tell you about vulnerabilities such as local file inclusion, SQL injection, OS command injection, XSS, between others.

This document is mainly from the below URL...Just changed a few picture（from my testing）.

https://geekflare.com/online-scan-website-security-vulnerabilities/

网站漏洞扫描工作分几个层面进行的，分别是：

1、在线添加了域名之后，提交漏洞扫描进行扫描。

2、扫描后发现的漏洞详细信息查看，修复以及加固建议分析根据系统检测的结果，分析系统服务器存在的威胁情况。

3、扫描后的日志汇总，通过多维度的大数据安全漏洞库对比分析，完整的扫描报告分析。

（本回答由网堤安全---网站漏洞扫描--提供）

---