Online Kali Linux programs (FREE)
Table of contents
If you need to check a web site for vulnerabilities or collect information about a web server or a web site, you can use Kali Linux Tools. By the way, some of Kali Linux application you can use online without any charge.
In this article, I will introduce online service, which lets you to use some of the most popular Kali Linux programs absolutely free, without any restrictions and conditions.
All tools are groups according to their main aim:
- Web Application Vulnerability Scanners
- Web Server Vulnerability Scanners
- Information Gathering
- Images and Metadata
- Information about phone numbers
- Getting Information on MAC Addresses
- IP Ranges Composing
- E-mail Analysis
I will guide you through all the groups and explain how to use these hacking tools.
All results will be composed in report, you will get permanent link to your report. In addition you are able to download your reports in PDF format.
Web Application and Web Sites are usually available through the Internet and everyone can get access to them. So it is extremely important to sure your web sites have no any vulnerabilities. Because soon or later the vulnerabilities will be discovered and exploited by hackers.
This free and online scanner tests your WordPress installation, in other words, your web sites powered by WordPress. Available plug-ins and themes will be scanned. If among them there are vulnerable, they will be listed.
The scanning is performed by WPScan. Here you will find more information about WPScan and WPScan reports analyzation.
To scan you WordPress web site right now just hit the link.
Enter your web site URL and press the Submit button.
If you want to see the color output, follow the link (the results will not arrive in real time, but with a delay, but the total scan time will not change).
SQL injections are serious flaws of websites and applications, they are caused by insufficient filtering of user input data, or errors in the logic of the program. If there is an exploitable SQL injection, this always results in data leakage (sometimes not only for a vulnerable site, but for other databases too), and in some cases, allows an attacker to access the file system.
It is necessary to enter not the main site address, but an example of a page in which there is "user input". For example, if we want to check the site zalinux.ru, then we are looking for a page with a variable parameter. For example, this is the page zalinux.ru/?p=411, here the parameter p= is a variable and allows you to transfer data to the server. For the site relax-nk.ru an example of such a page can become relax-nk.ru/rub.php?id=5
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
The scanning requires time. Please wait for a while.
Web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Examine a web server to find potential problems and security vulnerabilities, including:
- Server and software misconfigurations
- Default files and programs
- Insecure files and programs
- Outdated servers and programs
The scanning requires time (up to some hours). Please wait for a while.
Online tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
- Clear output: you can tell easily whether anything is good or bad
- Ease of installation: It works for Linux, Darwin, FreeBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
- Toolbox: Several command line options help you to run YOUR test and configure YOUR output
- Reliability: features are tested thoroughly
- Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
- Privacy: It's only you who sees the result, not a third party
- Free and online: you do not need to install any software, the tool is implemented as a free online service.
This scan is performed by the famous Nmap program. This program will scan IP address or website address, show open ports and running services. You can specify multiple IPs, their range or one website address. But the maximum run time per session is 60 minutes and it can be reduced if the server is overloaded.
If you have specified only one site / IP address, then the results you will get pretty quickly. If you have specified a large range, it may take several minutes for the first results to be obtained.
The input field for ports can be left blank. Then in this case the most frequently used ports will be scanned. You can enter a single port, a range of ports through a dash, multiple ports or ranges separated by commas. Spaces do not need to be set, all symbols except digits, hyphens and commas are filtered.
You do not need to enter too large ranges or too many addresses, because scanning is done through Tor (i.e. slowly), and the maximum scan execution time is limited. If the scan does not finish within that time, it will be reset, and the results already received are lost.
Here you can enter the IP and get the following information:
- country to which it is attached
- geographical coordinates
- company to which it is allocated (IPS)
You can also enter web site addresses and the same information will be displayed (if available).
Here you can enter the IPv6 and get the following information:
- country to which it is attached
- geographical coordinates
- company to which it is allocated (IPS)
You can also enter web site addresses and the same information will be displayed (if available and if the web site is using IPv6).
Just visit the web page: https://suip.biz/?act=myip
You will see your IP and extra information about your location and Internet provider:
In addition, you can get to know your IP in command line:
Here you can find out whois information about IP and site addresses (domains). Whois information very often contains information about the range to which the IP belongs, about the company to which the IP belongs, information for contacting the contact person (phone numbers, e-mail addresses, postal addresses). Information about domain names (about sites) includes name, phone numbers, postal and email addresses of the site owner. Sometimes the information is hidden.
If you wonder what CMS and web technologies a web site uses, you can
Here, with whatweb, you will see such information about websites as:
- server response status code
- country of site location
- content management system
- used technologies
- server and PHP versions
- some other information
This is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The scanning requires time. Please wait for a while. Powered by Wig.
Here, using the wig program, you can collect such information about the site as:
- CMS type and version
- The used platform (OS and software)
- Interesting files on the site
- List of tools for further research on this site
- Search for known vulnerabilities for this site
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Registration of similar domain names is one of the stages of phishing attacks, social engineering. If for a site of your company, your site are registered similar domain names, and these web sites have similar to adjacency design, it is an obvious sign of attempt to mislead users.
For a similar domain name you can get a valid SSL certificate, which is even more capable of confusing site visitors and recipients of e-mail.
This online free service discovers hostnames that resolve to the target's IP address. Here you can find hostnames that resolve to the target's IP address (web sites on a single IP).
Enter the domain name of the site or IP.
This online free service discovers IP address of any web-site. Here you can find IP address of any web-site.
If you want to know where the link leads, which redirects through one or more redirects (for example, the so-called short links), then this service will help you. It will go through all the intermediate points and show you both the final destination and the entire path that you had to go through.
Here you can find the location where a picture was taken.
Almost all phones and many digital cameras (if the setting is not disabled) add, along with other metainformation, the geographic location where the picture was taken.
These data are easily read and you can find out the location of the survey. ATTENTION: these data are easily replaced (spoofed), therefore information received from metadata (both on this and other services) can not be guaranteed to be true.
Many editors and web applications, when saving a photo, discard the GPS data, so it's useless to check photos from popular social networks (because the web application clamps them to save space).
Metadata within a file can tell a lot about you. Cameras record data about when and where a picture was taken and what camera was used. Office documents like pdf or Office automatically add author and company information to documents and spreadsheets. Maybe you don't want to disclose this information on the web.
The service fully supports the following formats:
- Portable Network Graphics (.png)
- JPEG (.jpg, .jpeg, …)
- TIFF (.tif, tiff, …)
- Open Documents (.odt, .odx, .ods, …)
- Office OpenXml (.docx, .pptx, .xlsx, …)
- Portable Document Fileformat (.pdf)
- Tape ARchives (.tar, .tar.bz2, …)
- MPEG AUdio (.mp3, .mp2, .mp1, …)
- Ogg Vorbis (.ogg, …)
- Free Lossless Audio Codec (.flac)
- Torrent (.torrent)
Here you can make and immediately download a screenshot of the website. IMPORTANT: the address must be specified with the protocol. Examples of input:
Here you can find out the country, and sometimes the region (city) of a phone number. The more digits you enter, the more accurate the information will be. The minimum number of entered digits is one. All symbols except digits are filtered out.
Please note that you need to enter the number in the international format. For example, take the Russian number 89051432963. Its international format is 79051432963 (you do not need to enter a plus). Let's take another number 0944177914. This number can belong to several countries at once, because it is recorded in the internal format. Therefore, this is the wrong input format. Correct, for example, will be 66944177914
The names of countries and cities are displayed in English. The word "Cellular" means that the number belongs to the mobile communication. If nothing is found, then "nothing found" is displayed, which means that an incorrect number or number is entered in the wrong format (possibly in the internal format).
The MAC address, or as it is also called the hardware address, is the identifier of the network interface, i.e. unique for each device. The MAC address contains information that allows you to find out the manufacturer. It should be remembered that the MAC address can be changed, so there is no guarantee that the vendor is actually the one who is found in the database.
Enter the MAC address to find the device manufacturer.
You can enter full MAC addresses, as well as a part (the first octets). The register of the letters does not mattert.
Enter the geographical name in English letters to get all the IPs attached to it. The register is not important.
To get all the IP addresses of a country, you need to enter the two-letter code (ISO 3166-1 alpha-2) of the state of interest.
Provide an IP belongs to a ISP or website address of a ISP.
Your donations can help to add new services. All services are free of charge, but it is still necessary to pay for the server. You can donate for renting a more powerful server, which lets to add new services and helps to avoid some issues concerned to lack of system resources.
- Anonymous scanning through Tor with Nmap, sqlmap or WPScan (46.8%)
- testssl.sh: No cipher mapping file found and No TLS data file found (SOLVED) (36.1%)
- How to find out all the sites on the same IP and in the same subnet (34.6%)
- How to check WordPress sites for vulnerabilities (30.8%)
- How to use sqlmap for injection in address of a web site page (URI). Arbitrary injection points (30.8%)
- 3WiFi: open database of Wi-Fi Access Points passwords (RANDOM - 14%)