Pentest Tools
Introduction
https://binsec.tools provides a collection of free, web-based utilities for penetration testing. The tools support reconnaissance, configuration checks (security settings) and validation (utilities) — the same tools the binsec team uses in real engagements.
Free Online Tools
- SubDomainFinder — Discovers subdomains of a domain (CertWatch, DNS queries, wordlists, search engines).
- WebCompScan — Identifies web technologies via DOM, headers and assets; attempts to detect versions and known issues.
- SSLCheck (TLS/SSL) — Checks TLS/SSL configuration: protocols, cipher suites and certificate metadata; supports StartTLS checks.
- HTTPHeaderCheck — Verifies HTTP security headers (CSP, HSTS, X-Frame-Options) against OWASP recommendations.
- DNSCheck — Tests DNS settings (SOA, AXFR/zone transfer, SPF, DMARC, DNSSEC).
- CertWatch — Searches Certificate Transparency logs to find additional subdomains.
- WhatIsMyIP — Shows public IPv4/IPv6 and traceroute info.
- MailCheck — Validates mail delivery settings (SPF, DKIM, TLS) via reception checks.
- SPFValidator — Validates SPF records for a given sender and sending mail server.
- SSHCheck — Reviews SSH banners, supported KEX/ciphers and fingerprints.
- HashLookup — Reverse-lookup for MD5/SHA1/NTLM hashes against a large database.
- PasswordListCheck — Checks passwords against public password lists (client-side SHA1 hashing).
- Password Quality Check — Rates password complexity/quality.
- CVSS4Calculator — CVSS 4.0 calculator for vulnerability scoring.
- CVSS4VectorDecoder — Decodes CVSS vectors and explains scoring.
Note
These tools are built for information gathering and configuration verification — they do not perform active exploits against targets. Use them only on systems for which you have explicit authorization.
Sub Articles
binsec academy GmbH - Online IT Security Training with Practical Focus
binsec academy GmbH is provider of online IT security training, offering practical, lab-based courses for professionals. The academy provides hands-on training in areas such as penetration testing and secure software development. Participants gain practical experience through realistic lab environments, including simulations of company networks and applications. Courses are available in multiple programming languages and align with standards like OWASP Top 10 and PCI DSS. Upon successful completion, participants receive certifications such as the Binsec Academy Certified Pentest Professional (BACPP) and Binsec Academy Certified Secure Coding Professional (BACSCP), demonstrating their ability to identify and remediate security vulnerabilities.
Goto binsec acadmy GmbH

binsec GmbH – Experts in Penetration Testing
binsec GmbH is a German IT security company focused on professional penetration testing. With over 10 years of experience, the team conducts in-depth penetration tests on networks, web applications, APIs, and mobile apps. Certified experts systematically identify and document security vulnerabilities to support organizations in improving their security and meeting compliance requirements.
Goto binsec GmbH