Online Kali Linux programs (FREE)
Table of contents
2. Web Application Vulnerability Scanners
2.1 WordPress vulnerability scanner
2.2 Detecting SQL injection flaws
2.3 Drupal and SilverStripe Vulnerability Scanner
3. Web Server Vulnerability Scanners
3.1 Free and online web server scanner Nikto
3.2 Online Testing TLS/SSL encryption
3.3 Open ports and running services scanner
4.2 IPv6 Information Gathering
4.4 IP or Websites Information Gathering (WhoIs)
4.6 WebApp Information Gatherer
4.7 Domain names typos and variations
4.10 Trace URL's jumps across the rel links to obtain the last URL
5.2 List all metadata of a file
6. Information about phone numbers
6.1 International Calling Codes and Area Codes
7. Getting Information on MAC Addresses
7.1 Determine the device manufacturer by MAC address
8.1 All IP of locality (region, city)
10. How to help with translation
11. Very cheap, but reliable VPS hosting
Introduction
If you need to check a web site for vulnerabilities or collect information about a web server or a web site, you can use Kali Linux Tools. By the way, some of Kali Linux application you can use online without any charge.
In this article, I will introduce online service, which lets you to use some of the most popular Kali Linux programs absolutely free, without any restrictions and conditions.
All tools are groups according to their main aim:
- Web Application Vulnerability Scanners
- Web Server Vulnerability Scanners
- Information Gathering
- Images and Metadata
- Information about phone numbers
- Getting Information on MAC Addresses
- IP Ranges Composing
- E-mail Analysis
I will guide you through all the groups and explain how to use these hacking tools.
All results will be composed in report, you will get permanent link to your report. In addition you are able to download your reports in PDF format.
Web Application Vulnerability Scanners
Web Application and Web Sites are usually available through the Internet and everyone can get access to them. So it is extremely important to sure your web sites have no any vulnerabilities. Because soon or later the vulnerabilities will be discovered and exploited by hackers.
WordPress vulnerability scanner
This free and online scanner tests your WordPress installation, in other words, your web sites powered by WordPress. Available plug-ins and themes will be scanned. If among them there are vulnerable, they will be listed.
The scanning is performed by WPScan. Here you will find more information about WPScan and WPScan reports analyzation.
To scan you WordPress web site right now just hit the link.
Enter your web site URL and press the Submit button.
If you want to see the color output, follow the link (the results will not arrive in real time, but with a delay, but the total scan time will not change).
Detecting SQL injection flaws
SQL injections are serious flaws of websites and applications, they are caused by insufficient filtering of user input data, or errors in the logic of the program. If there is an exploitable SQL injection, this always results in data leakage (sometimes not only for a vulnerable site, but for other databases too), and in some cases, allows an attacker to access the file system.
It is necessary to enter not the main site address, but an example of a page in which there is "user input". For example, if we want to check the site zalinux.ru, then we are looking for a page with a variable parameter. For example, this is the page zalinux.ru/?p=411, here the parameter p= is a variable and allows you to transfer data to the server. For the site relax-nk.ru an example of such a page can become relax-nk.ru/rub.php?id=5
Drupal and SilverStripe Vulnerability Scanner
https://suip.biz/?act=droopescan
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
The scanning requires time. Please wait for a while.
Web Server Vulnerability Scanners
Free and online web server scanner Nikto
Web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Examine a web server to find potential problems and security vulnerabilities, including:
- Server and software misconfigurations
- Default files and programs
- Insecure files and programs
- Outdated servers and programs
The scanning requires time (up to some hours). Please wait for a while.
Online Testing TLS/SSL encryption
Online tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Key features:
- Clear output: you can tell easily whether anything is good or bad
- Ease of installation: It works for Linux, Darwin, FreeBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
- Toolbox: Several command line options help you to run YOUR test and configure YOUR output
- Reliability: features are tested thoroughly
- Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
- Privacy: It's only you who sees the result, not a third party
- Free and online: you do not need to install any software, the tool is implemented as a free online service.
Open ports and running services scanner
This scan is performed by the famous Nmap program. This program will scan IP address or website address, show open ports and running services. You can specify multiple IPs, their range or one website address. But the maximum run time per session is 60 minutes and it can be reduced if the server is overloaded.
If you have specified only one site / IP address, then the results you will get pretty quickly. If you have specified a large range, it may take several minutes for the first results to be obtained.
The input field for ports can be left blank. Then in this case the most frequently used ports will be scanned. You can enter a single port, a range of ports through a dash, multiple ports or ranges separated by commas. Spaces do not need to be set, all symbols except digits, hyphens and commas are filtered.
You do not need to enter too large ranges or too many addresses, because scanning is done through Tor (i.e. slowly), and the maximum scan execution time is limited. If the scan does not finish within that time, it will be reset, and the results already received are lost.
Information Gathering
IP Information Gathering
https://suip.biz/?act=lookupip
Here you can enter the IP and get the following information:
- country to which it is attached
- city
- geographical coordinates
- company to which it is allocated (IPS)
You can also enter web site addresses and the same information will be displayed (if available).
IPv6 Information Gathering
https://suip.biz/?act=geoiplookup6
Here you can enter the IPv6 and get the following information:
- country to which it is attached
- city
- geographical coordinates
- company to which it is allocated (IPS)
You can also enter web site addresses and the same information will be displayed (if available and if the web site is using IPv6).
How to check my IP
Just visit the web page: https://suip.biz/?act=myip
You will see your IP and extra information about your location and Internet provider:
In addition, you can get to know your IP in command line:
curl suip.biz/ip/
IP or Websites Information Gathering (WhoIs)
Here you can find out whois information about IP and site addresses (domains). Whois information very often contains information about the range to which the IP belongs, about the company to which the IP belongs, information for contacting the contact person (phone numbers, e-mail addresses, postal addresses). Information about domain names (about sites) includes name, phone numbers, postal and email addresses of the site owner. Sometimes the information is hidden.
Determine CMS of Websites
If you wonder what CMS and web technologies a web site uses, you can
Here, with whatweb, you will see such information about websites as:
- server response status code
- country of site location
- content management system
- used technologies
- server and PHP versions
- some other information
WebApp Information Gatherer
This is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The scanning requires time. Please wait for a while. Powered by Wig.
Here, using the wig program, you can collect such information about the site as:
- CMS type and version
- The used platform (OS and software)
- Interesting files on the site
- Subdomains
- List of tools for further research on this site
- Search for known vulnerabilities for this site
Domain names typos and variations
https://suip.biz/?act=urlcrazy
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Registration of similar domain names is one of the stages of phishing attacks, social engineering. If for a site of your company, your site are registered similar domain names, and these web sites have similar to adjacency design, it is an obvious sign of attempt to mislead users.
For a similar domain name you can get a valid SSL certificate, which is even more capable of confusing site visitors and recipients of e-mail.
Web sites on a single IP
This online free service discovers hostnames that resolve to the target's IP address. Here you can find hostnames that resolve to the target's IP address (web sites on a single IP).
Enter the domain name of the site or IP.
IP address of a web-site
This online free service discovers IP address of any web-site. Here you can find IP address of any web-site.
Trace URL's jumps across the rel links to obtain the last URL
If you want to know where the link leads, which redirects through one or more redirects (for example, the so-called short links), then this service will help you. It will go through all the intermediate points and show you both the final destination and the entire path that you had to go through.
Images and Metadata
Geotagging
https://suip.biz/?act=locatepicture
Here you can find the location where a picture was taken.
Almost all phones and many digital cameras (if the setting is not disabled) add, along with other metainformation, the geographic location where the picture was taken.
These data are easily read and you can find out the location of the survey. ATTENTION: these data are easily replaced (spoofed), therefore information received from metadata (both on this and other services) can not be guaranteed to be true.
Many editors and web applications, when saving a photo, discard the GPS data, so it's useless to check photos from popular social networks (because the web application clamps them to save space).
List all metadata of a file
Metadata within a file can tell a lot about you. Cameras record data about when and where a picture was taken and what camera was used. Office documents like pdf or Office automatically add author and company information to documents and spreadsheets. Maybe you don't want to disclose this information on the web.
The service fully supports the following formats:
- Portable Network Graphics (.png)
- JPEG (.jpg, .jpeg, …)
- TIFF (.tif, tiff, …)
- Open Documents (.odt, .odx, .ods, …)
- Office OpenXml (.docx, .pptx, .xlsx, …)
- Portable Document Fileformat (.pdf)
- Tape ARchives (.tar, .tar.bz2, …)
- MPEG AUdio (.mp3, .mp2, .mp1, …)
- Ogg Vorbis (.ogg, …)
- Free Lossless Audio Codec (.flac)
- Torrent (.torrent)
Web-site screenshots
https://suip.biz/?act=screenshot
Here you can make and immediately download a screenshot of the website. IMPORTANT: the address must be specified with the protocol. Examples of input:
Information about phone numbers
International Calling Codes and Area Codes
Here you can find out the country, and sometimes the region (city) of a phone number. The more digits you enter, the more accurate the information will be. The minimum number of entered digits is one. All symbols except digits are filtered out.
Please note that you need to enter the number in the international format. For example, take the Russian number 89051432963. Its international format is 79051432963 (you do not need to enter a plus). Let's take another number 0944177914. This number can belong to several countries at once, because it is recorded in the internal format. Therefore, this is the wrong input format. Correct, for example, will be 66944177914
The names of countries and cities are displayed in English. The word "Cellular" means that the number belongs to the mobile communication. If nothing is found, then "nothing found" is displayed, which means that an incorrect number or number is entered in the wrong format (possibly in the internal format).
Getting Information on MAC Addresses
Determine the device manufacturer by MAC address
The MAC address, or as it is also called the hardware address, is the identifier of the network interface, i.e. unique for each device. The MAC address contains information that allows you to find out the manufacturer. It should be remembered that the MAC address can be changed, so there is no guarantee that the vendor is actually the one who is found in the database.
Enter the MAC address to find the device manufacturer.
You can enter full MAC addresses, as well as a part (the first octets). The register of the letters does not mattert.
IP Ranges Composing
All IP of locality (region, city)
Enter the geographical name in English letters to get all the IPs attached to it. The register is not important.
All IP of any country
https://suip.biz/?act=ipcountry
To get all the IP addresses of a country, you need to enter the two-letter code (ISO 3166-1 alpha-2) of the state of interest.
All IP of ISPs
Provide an IP belongs to a ISP or website address of a ISP.
Donation
Your donations can help to add new services. All services are free of charge, but it is still necessary to pay for the server. You can donate for renting a more powerful server, which lets to add new services and helps to avoid some issues concerned to lack of system resources.
https://suip.biz/?act=donation
How to help with translation
Thank you Yong for translation the service in Thai: suip.biz/th. By the way, if you like the service and you want to contribute via translation it to your language, please contact me here in the comment section – I will send you the set of string in English to translate.
Very cheap, but reliable VPS hosting
If you want to have your virtual private server (VPS) like I have, here is the link where I keep my one. The price started from $1.51. And for ~$7.55 you can have there:
- 2 cores CPU
- 2 GB RAM
- 30 GB Disk SSD
- ∞ 100 Mbit/s
It is fantastic!
Related articles:
- Best Kali Linux tools in WSL (Windows Subsystem for Linux) (Part 1) (76.1%)
- How to Install and run WPScan on Windows (50.9%)
- Anonymous scanning through Tor with Nmap, sqlmap or WPScan (48.3%)
- How to find out hostnames for many IP addresses (47.6%)
- How to bypass Cloudflare, Incapsula, SUCURI and another WAF (47.6%)
- Active Directory comprehensive guide, from installation and configuration to security auditing. Part 1: Introduction to Active Directory (concepts, usage, difference from Workgroup) (RANDOM - 7.8%)
Thank you for the awesome recourses. I hope you continue to keep this maintained and still use Arch Linux =).
Hi , the WordPress black box scan isn’t working , thought I would let you know
Hello! Thanks a lot for your report!
I investigated the problem, everything is working as it should, except WPScan.
On the server it fails with the error:
Evidently, the web server is out of resources. In the developing environment it works well.
Since I have no budget to upgrade my hosting tariff plan, so we have two options:
Server hardware upgrade
Good news everyone: added one more processor core (became 3) and one more gigabyte of RAM (became also 3), plus the swap file added yesterday.
As a result, now:
If you want to have your virtual private server (VPS) like I have, here is the link where I keep my one. The price started from $1.51. And for ~$7.55 you can have there:
It is fantastic!
Hey, so "amass" is not working since some time now, can you take a look at it?
(https://suip.biz/?act=amass)
Thanks, and keep up the good work!
The bug is fixed already. Just wait for changes will come from upstream repositories.
Any chance we could get update to 3.7.9 wpscan? Thanks
Sure it will! But I don't know when.
Right now you can use WPScan 3.7.8 on w-e-b.site: https://w-e-b.site/?act=wpscan&color=on
See also ‘w-e-b.site is a mirror of SuIP.biz’.
Thank you!
Hello Alex instead of Amass add assetfinder and add some arguments in sqlmap
Are you updating tools?(Amass,Subfinder,Findomain,Wpscan,SQLMAP vs)
Sure!
http://hd.tamilanda.net/album/kulirudha-pulla-oththa-seruppu-2019/
bypassing social content locker doesn't work
Please consider this my answer: https://miloserdov.org/?p=2730#comment-14283
amass dont work.can you amass update?
Hello! Until it is fixed on suip.biz, you can use it here: https://w-e-b.site/?act=amass
the problem persists.amass dont work.can you amass update?
Hello! I've just fixed it.
Hi,
Your online scanners do not seem to work with Tor-Browser.
I get a blank screen after every submit.
Thought i let you know.
Hello! I guess it could be because this browser cannot pass reCAPTCHA.
Hi Thanks for the tools they are very helpful.
Can i ask if someone uses a DNS wildcard entry is the subdomain ip adress correct or could it be changed manually from the hosting site to hide the real IP?
Thank you
Tim
Hello! Sorry, I don't understand what exactly you are asking.
If you want to use wildcard DNS records and DNS records for subdomains at the same time, then this is possible. First of all, DNS records will be used by exact match with the domain name, if they are not found, then DNS with wildcards will be used.
Can you please add a tool to find xss and another for subdomain takeovers?
Hello! Thank you for your suggestion. I will consider this idea and try to add some related tools.
SUB DOMAIN LOOKUP NOT WORK FROM FEW DAY AGO
Please be more specific. Three tools for searching subdomains have been implemented:
Which one do you mean?
I just tested them and each one worked for me.
New online services (absolutely free):
New online services:
New online services:
New services with IPv6 support:
Hi Alex,
Thank you very much for your resources.
Can you please explain what data you use for "domainiphistory"?
I can't find data anywhere else besides SecurityTrials and I need an alternative source.
Thank you.
Hello, from virustotal.com.