Free external public Internet Pen test website

Posted on 2014-08-12
Last Modified: 2014-11-12
I have a public Internet portal but have not purchased a security Penetration
test tool or VA tool yet.

Is there any free public Internet website that I can run to direct towards my
portal to get an initial Pen test results for my hardening in advanced?

Ideally one that can VA Pen test not only for Http (ie Tcp 80) but for vulnerable
SSL as well & for various injections (SQL etc)
Question by:sunhux

    Author Comment

    Is the above a reliable (ie it's not a malicious site) free pen test?

    Does Nessus still offer free online scan (to a website) ?

    Does metaspoilt & wireshark offer online scan too ?
    LVL 38

    Assisted Solution

    by:Rich Rumble
    It's best to hire a professional, many of us on EE are for hire:
    You can also try soe free tools like XSS-me or SQl-Inject me:
    Wireshark is not the tool you're looking for:
    LVL 60

    Accepted Solution

    online service is not available and most of it due to licencing challenges but they offer remote driven scanning which can still be remote based and w/o s/w installation per is driven by web portal login by user and launch scan to target where most it is cloud based e.g.

    Nessus Perimeter Service -
    (Due to a change of Nessus Licensing the online Nessus service has been discontinued.)

    Metasploit wise, not that I know there is an online version though but most probably we may consider looking at Amazon AWS's "Free Tier" and install Metasploit there and do note these are subjected to AWS AUP (includes descriptions of prohibited security violations and network abuse) and Authorisation

    Qualys FreeScan service is another candidate and it includes other scan - you need to register and agreed on the service which include using their online service only to scan Site(s) owned by and registered to You.

    Hackertarget also run such service @ with various means but limit user to run #number of scan per days based on your membership
    LVL 22

    Expert Comment

    What noboby has bothered to add is the fact that you get what you pay for.  The "free" tools are about as useful as two left shoes.Your best bet is with one of the EE experts.  After you spend many wasted hours playing with the free tools, I guarantee you will come to the same conclusion.

    Author Comment

    Thanks, but I don't have the budget as the actual security scanning team
    is in progress of procuring a licence (which I heard may take 5-6 weeks).

    Just found that Qualys don't accept IP address
    LVL 60

    Assisted Solution

    Either use dynamic DNS to host temp your server IP to include in Qualys

    ...else have to use the free tools to run then for internal staging or even production (I advised not to if you are not savvy on it) server.. not public IP addresses
    LVL 9

    Assisted Solution


    Author Comment


    I've seen that link earlier;  most of the tools there like Nmap & Wireshark
    are not suitable for Pen test like what Richrumble said above
    LVL 60

    Assisted Solution

    indeed pentest is not only about tools, i hope the below can help and of course there is corresponding kit to facilitate the activities required - if it is own take up or internal resource expertise startoff to do it

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now