Web Site Scanner

This is the project page for:
Our Web Site Scanner was launched at the ISFL annual conference in November 2017 after an advanced Beta during summer and autumn 2017.
Aimed at the broader public and voluntary sector, this tool will run a scan to look at web code, web server and web server firewall vulnerabilities and issues therein.
It is based on open source, tools and techniques like our successful digital certificate scanner. Our friends in the NCSC have some excellent tools for this, however, we are happy to scan the things they will not, as long as we have your authority to do so! This could include 3rd party provided websites, community and voluntary sector as well as ALMO type arrangements connected to the broader public sector / local government!
Please use the contact page to sign up!
What do I get? An email, in which we flag up vulnerabilities in the subject line and within the email, so you are aware without evening needing to read it all, although we hope you do! Nonetheless, there will be sufficient detail for you to take up with those who can fix problems!
FYI Stuff:
  • This is currently a free service for you, and part of other works that are open source and so there are some limitations of our liability. These can be found by clicking here – Limitations of Liability
  • FREE for as long as we can sustain free, ie while there is a need, or for as long as this service is useful, or until this service is provided by someone else!
  • The service here is the supply of a suitable updated and upgraded and secure Linux based system. It uses various open source modules to achieve this reporting for you. And the development of the know-how and the skills in running and maintaining this service.
  • Cost of running this is met by 1uglycrazyroboT for the common good for the following organisations: Government domains such as .gov.uk, .police.uk .mod.uk etc, also the voluntarily academic and 3rd sector, others upon application, that said you may wish to contribute.  Our services can also be licensed commercially for other domains.
Coded during late Spring 2015 and reworked during Summer 2017 running on Ubuntu, using Bash, Python and open source tools and libraries work of @cryptomoose.