reddit
facebook
twitter
linkedin

developmentQAsecurity

2 min

8 Must-Have Infrastructure Reconnaissance Tools for Your App Security

Infrastructure reconnaissance tools are essential for any organization that wants to ensure the security of its digital assets. These tools allow businesses to scan their infrastructure for vulnerabilities, including outdated software versions, open ports, and misconfigured security headers.

Eager to discover (even) more security tools?

ebook security cover
Get our free ebook now and discover what else you can use to protect your digital products.

Check out the infrastructure reconnaissance tools that we use and recommend to keep software secure.

crt.sh

  • subdomain reconnaissance tool that provides a list of possible subdomains registered for a particular domain,
  • shows domain IPs, making it a valuable tool for conducting reconnaissance.
Looking for Quality Assurance experts?
case studies

VirusTotal

  • a search engine that can scan any IP address and check open ports, software versions, server location, and other important details,
  • highly recommended to scan your site using VirusTotal to ensure that you do not have any unnecessary open ports or outdated software versions that have CVE.

Censys

  • provides a detailed analysis of IP addresses,
  • lists all domains and provides valuable insights into your network infrastructure.

Phonebook.cz

  • scans for email addresses associated with a particular domain,
  • helps businesses remove unnecessary emails from their website to reduce the risk of phishing attacks against employees.

SSL Labs

  • analyzes SSL certificates and provides valuable insights into the security of your server certificate,
  • checks if your server certificate is trusted, what TLS protocols are supported, and any potential security issues.

Security Headers

  • checks if web apps have the correct security headers configured,
  • scans your page to learn more about each header and understand how to configure them correctly.

Report URI

  • analyzes the CSP header, which specifies the security policy that the client should follow when loading scripts, styles, images, etc.,
  • generates a policy based on existing data.

Mozilla Observatory

  • aggregates several websites and provides an option to check headers, do TLS scans and see third-party analysis,
  • provides businesses with a comprehensive infrastructure reconnaissance solution.

That’s not all!

ebook security cover
Expand your security toolkit by downloading our free ebook today. You will find plenty of useful tools to keep your data safe.
Looking for Quality Assurance experts?
case studies
Previous

read more blog posts