PenTest yourself. Don't get hacked.

Secureay is an online framework for penetration testing and vulnerability assessment which allows you to quickly assess the security of websites and network infrastructures from a remote location.

Start Now!

Google Hacking

Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.

We will secure your website


Quick Scan Full Scan Test performed
Fingerprint web server software
Analyze HTTP headers for security misconfiguration
Check the security of HTTP cookies
Check the SSL certificate of the server
Check to see whether the web server is at the latest version
Check if the server software is affected by known vulnerabilities
Analyze robots.txt for interesting URLs
Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)
Discover server configuration problems such as Directory Listing
Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words
Check for the presence of known scripts vulnerable to XSS, SQL injection, LFI, RFI and Command injection
Attempt to upload and delete a file through the PUT and DELETE HTTP methods
Test for the Bash Shellshock vulnerability
Find administrative pages
Attempt to find interesting files/functionality
Check for information disclosure issues
Identify which type of web application is running
Enumerate existing CGI directories
Attempt to enumerate users directly from the web server (/~user)
Check for web server XSS in Expect HTTP header
Check for multiple index files
Check the HTTP Options returned by the server

Security with Penetration Testing

Penetration Testing

TCP Port Scan with Nmap

TCP Port Scan with Nmap allows you to discover which TCP ports are open on your target host.

Network ports are the entry points to a machine that is connected to the Internet.
A service that listens on a port is able to receive data from a client application, process it and send a response back.
Malicious clients can sometimes exploit vulnerabilities in the server code so they gain access to sensitive data or execute malicious code on the machine remotely.

That is why testing for all ports is necessary in order to achieve a thorough security verification.

Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. Port scanning is done differently for TCP ports and for UDP ports that's why we have different tools.

  • Target: This is the hostname of IP address(es) to scan
  • Ports to scan - Common: This option tells Nmap to scan only the top 100 most common TCP ports (Nmap -F).
  • Ports to scan - Range: You can specify a range of ports to be scanned. Valid ports are between 1 and 65535.
  • Detect service version: In this case Nmap will try to detect the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.
  • Detect operating system: If enabled, Nmap will try to determine the type and version of the operating system that runs on the target host. The result is not always 100% accurate, depending on the way the target responds to probe requests.
  • Do traceroute: If enabled, Nmap will also do a traceroute to determine the path packets take from our server to the target server, including the ip addresses of all network nodes (routers).
  • Don't ping host: If enabled, Nmap will not try to see if the host is up before scanning it (which is the default behavior). This option is useful when the target host does not respond to ICMP requests but it is actually up and it has open ports.
Your site may be hacked at any moment, Get started now to secure your site