Simple perimeter firewall and content scan tests - jan
2012
Online tools that can be used from inside a
company network - most work even through a proxy
These links are provided for legal pen-test use
only - I'm not responsible if you get in trouble
portscan -
vulnscan - nettool - eicar - badfile - email - browser - IP - audio -
blacklist -
virus
- spyware - speed - more
http://linux-sec.net/Audit/nmap.test.gwif.html
- nmap scan + links to more scanners
http://webscan.security-check.ch/test/ - quick and slow (thorough) scan available
http://www.windowsecurity.com/trojanscan/
http://www.pcflank.com/scanner1s.htm - several kinds of "ping" to your machine
http://www.grc.com/ - you have
to click through two screens tot get to the "shields up" scan page
http://www.pcflank.com/scanner1.htm
http://www.pcflank.com/exploits.htm - basic DoS packets
http://searchdns.netcraft.com/?host - look up host/domain info
http://centralops.net/co/DomainDossier.aspx - host/domain info
http://uptime.netcraft.com/up/graph - look up type of webserver
http://networking.ringofsaturn.com/Tools/traceroute.php - traceroute
http://serversniff.net - tcptrace, layer4-traceroute, http-checks, ssl-checks, ip-stack-checks
http://www.all-nettools.com/toolbox,net
- ping, whois, lots of tools
IPv6:
http://ipv6.wcclan.net/portscan/
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php
5 - A few weird file formats - to test the content scanners:
The .exe file contains the unix "sleep" command and doesn't do anything
The encryption key is 1234567890
Executable | Renamed to .txt |
Renamed to .jpg | |
Zipped exe | Renamed to .txt |
Renamed to .jpg | |
Crypted exe | Renamed to .txt |
Renamed to .jpg | |
Exe yencoded | Renamed to .txt |
Exe uuencoded | Renamed to .txt |
http://www.random.org/files/ - random binary data in html file
hello_world.vbs - script pops up msgbox and starts calculator
42.zip - be very careful, this can kill a web/mail-sweeper
http://www.windowsecurity.com/emailsecuritytest/
http://apphelp.clearswift.com/en/policycenter/pctest.htm - clearswift echo service - send an email to receive a test email back
Nice mail checks by c't magazine - you have to reply to
confirmation e-mail first:
http://www.heise.de/security/dienste/HTML-Mails-773971.html - html mail
http://www.heise.de/security/dienste/Mails-mit-Anhaengen-777837.html - attachments
http://www.heise.de/security/dienste/Mails-mit-Viren-Dummies-777839.html - dummy viruses
7 - Browser security check + indirect content scanning check:
http://www.pcflank.com/browser_test1.htm
- browser security check
https://browsercheck.qualys.com/
- browser security check - needs to install a plugin - a nice test
of it's own
http://www.makeuseof.com/tag/7-browser-security-tests-prevent-exploit-attacks/
- list of some browser checks
http://www.heise.de/security/dienste/Browsercheck-2107.html
- content filter tests by c't magazine
Updates:
http://www.heise.de/security/dienste/Der-Scan-1106674.html
- check if your PC is updated
8 - Information about your browser + the IP + proxy you're behind:
http://ip.my-proxy.com/ - show proxy9 - Audio - streaming and non-streaming:
http://www.astalavista.com/ - hacks
http://www.hustler.com/ - erotica
http://www.npd.de/ - strange
german nationalists
More or less work safe:
http://www.geenstijl.nl/ -
cool dutch timewaster blog :-)
http://elcheapo.nl/, http://www.bovag-occasions.nl/
- dutch shopping sites - more timewasters :-)
http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true
http://housecall.trendmicro.com/
http://housecall.trendmicro.com/
http://www.alken.nl/speedtest/speedtest4.php
14 - More lists like this one (some are longer and better) :
http://www.dirk-loss.de/onlinetools.htm
http://linux-sec.net/Audit/nmap.test.gwif.html
Please send new useful links to: uair01 at
xs4all dot nl
Thanks for sending in new links: Ivan, Thomas
Springer, Christophe Herault, Alvin Oga, Holger Heimann, David
Ball
And many thanks to the great mailing list: pen-test
at
securityfocus dot com