| Purpose: The goal of this tool is to raise security awareness among web owners in order to help decrease the constant rise of compromised websites.
Public resource which will extract metadata from any website (either domain name or IP address, no resource) and will explain it in a brief summary. The extraction will be totally passive just like browsing the website, otherwise the tool couldn't be online for public use. It's based mainly on HTTP headers and metadata. Some features of the tool are:
Easy to use, only enter a website address to see what's behind the scenes
Brief summary about the website configuration
Different report colours to highlight web security awareness
Detection of CMSs and versions (whatweb core)
Warnings about old software being exploited in the wild like joomla-1.5, RoR CVE-2013-0156...
Detection of hardening signs such as WAF, CDN, reverse proxy...
Detection of blacklisted websites by GoogleSafeBrowsing
Detection of suspicious iframes or hidden spam
Detection of defacements, directory listings, private IP address in comments...
Stats about general web security awareness and some details of compromised websites
PoC (Spanish): http://desenmascara.me