Pentest Tools

Introduction

https://binsec.tools provides a collection of free, web-based utilities for penetration testing. The tools support reconnaissance, configuration checks (security settings) and validation (utilities) — the same tools the binsec team uses in real engagements.

Free Online Tools

• SubDomainFinder — Discovers subdomains of a domain (CertWatch, DNS queries, wordlists, search engines).
• WebCompScan — Identifies web technologies via DOM, headers and assets; attempts to detect versions and known issues.
• SSLCheck (TLS/SSL) — Checks TLS/SSL configuration: protocols, cipher suites and certificate metadata; supports StartTLS checks.
• HTTPHeaderCheck — Verifies HTTP security headers (CSP, HSTS, X-Frame-Options) against OWASP recommendations.
• DNSCheck — Tests DNS settings (SOA, AXFR/zone transfer, SPF, DMARC, DNSSEC).
• CertWatch — Searches Certificate Transparency logs to find additional subdomains.
• WhatIsMyIP — Shows public IPv4/IPv6 and traceroute info.
• MailCheck — Validates mail delivery settings (SPF, DKIM, TLS) via reception checks.
• SPFValidator — Validates SPF records for a given sender and sending mail server.
• SSHCheck — Reviews SSH banners, supported KEX/ciphers and fingerprints.
• HashLookup — Reverse-lookup for MD5/SHA1/NTLM hashes against a large database.
• PasswordListCheck — Checks passwords against public password lists (client-side SHA1 hashing).
• Password Quality Check — Rates password complexity/quality.
• CVSS4Calculator — CVSS 4.0 calculator for vulnerability scoring.
• CVSS4VectorDecoder — Decodes CVSS vectors and explains scoring.

Note

These tools are built for information gathering and configuration verification — they do not perform active exploits against targets. Use them only on systems for which you have explicit authorization.