One of the best ways to learn more about Linux security is to test your server with reputable cybersecurity tools. This makes you more invested in the results as you gain an unique perspective on your brand and personally identifiable information (PII).
Much of the information each scanner below provides is rarely shown by the average internet user, though it affects our online activity every day. Graphical user interface (GUI) software such as the Firefox web browser and Thunderbird email client aim for a comfortable user experience (UX), hiding more advanced features in the background for power users. Meanwhile, command-line interface (CLI), or terminal, applications provide more detailed information.
Below we cover some cybersecurity tools to protect your email and websites, free to download or use online.
Need a stable, bare-bones web server? Check out our cheap Cloud Server Hosting.
1. Have I Been Pwnd Data Breach Scanner
HaveIBeenPwned.com (HIBP) tells you if your email address was included in a data breach tracked by the website. HIBP accomplishes this by consolidating the data to a searchable database for online queries. If so, HIBP tells you what data breaches included your email address per the collected data sets.
You can also view all data sets that the site has collected and sign up for notifications if your email address is included in a future attack.
2. Mail-Tester Email Authentication Tester
Mail-Tester.com helps you ensure your emails aren’t delivering to recipients marked as junk or spam. You’ll be prompted to send an email to the address on the webpage. Then check your score. The test results include recommendations for your email authentication records (e.g. DMARC and SPF) and whether your domain is on a list of commonly used blacklists.
3. WhyNoPadLock SSL Checker
WhyNoPadlock.com checks your server SSL certificate for information on its domains, expiration date (useful for ensuring your SSL meets upcoming lifetime requirements), and issues resulting in mixed content errors (usually from images).
SSL Shopper SSL Checker shows similar info in a simpler format.
4. Mozilla Observatory Header Scanner
Observatory.Mozilla.org tests your website’s settings for cookies, SSL certificate, SSH access, and many security HTTP headers: Feature Policy, HTTP Strict Transport Security (HSTS), and Referrer Policy to name a few. It also checks Subresource Integrity (SRI) for validating external packages.
Observatory goes in-depth on how to create a strong, proper Content Security Policy (CSP) to truly protect your customers and viewers from man-in-the-middle (MITM) attacks. This is especially helpful when securing content management systems (CMSs) such as WordPress and Drupal.
SecurityHeaders.com shows similar information in a more condensed format.
5. WPScan WordPress Scanner
The WPScan WordPress security scanner is a CLI application that inspects your website code for a variety of information:
- Primary directories for plugins and themes
- Versions of WordPress core, plugins, and themes
- User enumeration to see what usernames exist
And the list goes on. It can also show vulnerabilities for discovered plugins and themes. WPvulndb.com compiles this information using WordPress vulnerability reports from various sources including Common Vulnerabilities and Exposures (CVE).
Learn more about how to secure WordPress with the Cerber Security plugin.
6. Nmap Port Scanner
Nmap (Network Mapper) is a CLI port scanner capable of gathering detailed information on a system and services running on it. This cybersecurity tool helps you see what information malicious users can discover about your system to exploit vulnerabilities. The port scanner comes bundled with Ncat which can quickly scan a single port in a more secure manner than Telnet, Ndiff to compare scan results, and more. If you need something for ping tests, check out MTR.
For more ease of use on desktop systems, you can use the Zenmap desktop GUI application that often comes packaged with Nmap.
7. Talos Intelligence for IP and Domain Reputation
TalosIntelligence.com allows you to check the online reputation for a domain or server IP address, whether it’s listed on a real-time blackhole list (RBL), and more. This is helpful when troubleshooting issues with email authentication and spoofing.
ThreatCrowd.org shows similar information but with more focus on DNS history, visualizing connections between domains that share(d) an IP address.
8. ShotSherpa Website Viewer
ShotSherpa.com, built to simplify the abilities of WheresItUp.com, shows you how your website displays in different countries and regions. This is helpful if you use content delivery networks (CDNs) such as Cloudflare or external packages (e.g. Bootstrap and JQuery) as you can check for possible cross-site scripting (XSS) and related man-in-the-middle (MITM) attacks. Another popular alternative is GeoPeeker.com.
What are your favorite cybersecurity tools?