vtmscan

Stop The Hackers
Before They Stop You Big Savings on Security Scanning!
Get Flat 20% Off on Our PRO Package!
Use Promo Code: SECURITY20

Protection Against All The
Current Threats

  1. Malware Attacks Scan
  2. Reputation Check

The Perfect Port In All Future Web Security Storms

  1. In-Depth Monitoring
  2. 24/7 Incident Monitoring & Response

WHY CHOOSE ESDS VTMScan?

To deliver Exuberant Security Experience to the Millions of Users Using Websites and Web Applications. ESDS VTMScan Keeps Your Web Presence Secure 24x7 and Hackers, at Bay.

Website Security Scanner

Scan Your Website for Malware and Security Issues, Absolutely FREE

vtm

Prevention is better than cure & for web security that is the best way to go. We give you a Deep Scanning solution with instant alerts when a threat looms large. It can’t get simpler & more effective than this!

Fully Compatible with all Platforms and Content Management Systems (CMS)
  1. WordPress
  2. Joomla
  3. Drupal
  4. VBulletin_logo

Feel the Comfort of Knowing That You are Protected

We Assist You With -

Our passionate team provides you with
  1. Quick Responses
  2. A Proactive and Dedicated Team
  3. Deep Scanning
  4. A Through and Through Solution
  5. Next-Generation Security
  6. Superior User Experience
  7. Enhanced Application Protection

Audit Your Website’s Security with ESDS VTMScan & Protect Your Web Assets

 
seo

Search Engine Friendly

Automatic CMS Scans & Agent-Based Server Side Scans

threat

Detects Threats

Proactively Scans Malware, Security Threats, Infections, Botnets, etc.

webserverfit

Keeps Your Web Servers Fit

Open Port Scanning for Security Threats & Checks Mail Server IP

attacks

Prevents Website Attacks

Specialized Defense Against Zero-Day Exploits, Advisory Security Patches, Fully Trusted and Tested Custom Security for Websites

proactive

Anticipates & Spots Flaws Proactively

Provides Instant Email Alerts & Warning Alarms About Infected Web Pages and Codes, Exclusive Scan Reports

intensedet

Specializes in Intense Detection

Remote Web-Shell/Unexpected File-Detection and CMS Specific Scanning (WordPress, Joomla, vBulletin, DNN)

 

Testimonials

We have served multiple website owners by resolving their biggest challenges

Our hard work has paid off, see what our clients had to say

tasec

We are satisfied with the services of ESDS VTMScan. We are definitely going to buy it again and would also be recommending it to others.

Anil Dhingra, TASEC Ltd.
HCL Comnet Ltd

ESDS VTMScan is a very value-for-money product. We particularly like it for malware scan, content change monitoring, reporting and for its really good customer support team.

Vivek Wanelkar, HCL Comnet Ltd.
spangle

Customized reporting as and when requested for the scans is the best feature of this software. We have been using ESDS VTMScan from 2 to 3 years are sure to use it in the future too.

Ajay Kumar Rai, Spangle Technologies Pvt. Ltd.
sidbi

SIDBI has been using VAPT (ESDS VTMScan) services of ESDS for web applications and websites since 2015. ESDS has been prompt and provided VAPT reports along with necessary recommendations. These services have been found to be satisfactory.

Avinash Ambarkhane, Asst. General Manager, SIDBI
Essential Pro Most Popular Business Enterprise
560per month 1120per month 2800per month 5600per month
Scan frequency per month
Reputation and Blacklist Monitoring
Reputation Monitoring
Blacklist Monitoring
Basic assessment
Http security header check
OS Vulnerability detection
Banner grabbing
Standard Malware Detection
SQL Injection
Cross Site Scripting
Malware Detection
Webpage Defacement Detection
Insecure Deserialization
Local File Inclusion
Remote File Inclusion
Advanced Malware Detection
Content Change Monitoring
Phishing Page Detection
Defined scan time
CMS Scan
 Port Scan 
SSL Scan
URL Monitoring
Cross-Site Request Forgery
Additional Functionality
Error reporting including recommendation 
Email Support
Monthly
Buy Yearly & Get 1 month free
4 Scans
-
-
-
-
-
-
-
-
560
6720
Buy Now
4 Scans
1120
13440
Buy Now
4 Scans
2800
33600
Buy Now
8 Scans
5600
67200
Buy Now

OWASP Top 10:

Open Web Application Security Project (OWASP) is an online community in the field of web application security which releases a list of top 10 vulnerabilities every few years. ESDS VTMScan detects those vulnerabilities and follows the rules laid out by OWASP. We scan for Cross-Site Scripting (XSS), SQL Injection, Insecure Deserialization, Sensitive Data Exposure etc. and report the vulnerabilities and provide recommendations to fix these issues.

Content Change Monitoring:

Content Change Monitoring is an important feature provided by ESDS VTMScan. We scan each and every page of the website to detect any changes. Every change is monitored throughout the website along with its percentage with the respective URLs. Here we first create a snapshot of all the web pages and then scan each & every page for changes and report the irregularities found. This feature helps website owners to check whether there are any changes being done on the website without their concern or these are just illegitimate changes.

Malware Scan

Website defacement check: Website defacement is an attack on a website that changes the visual appearance of the site or a webpage.

  1. Forceful redirect injection test
  2. Scans JavaScript code snippets against generic signatures: Checks for JavaScript’s deprecated and vulnerable functions like eval, base64_decode, char etc. Checks for iframes.
  3. A special algorithm developed to detect JavaScript Obfuscation: Obfuscation used to convert vulnerable codes into an unreadable format.
  4. Third-party link checks: It checks third party links with reputation databases.
  5. Malware Monitoring primarily focuses on the detection of- JavaScript, iframe & Defaced keywords. JavaScript is scanned for malicious code. The site is also scanned for deface keywords like- ‘hacked by’, ‘compromised’, etc.

Phishing

Protect your customers and safeguard your website and web application with ESDS VTMScan.

  1. Find similar looking domains
  2. URL hijacking - The URL hijacking can be similar to the victim’s website address (e.g. esds.co.in): and also it may be of the following types -
  3. A common misspelling, or foreign language spelling. Eg- site: eads.com
  4. Misspelling like a typographical error. Eg - site: essd.com
  5. Swapping letters within the name Eg- site: essd.com
  1. Different domain name. Eg - site: esds.org
  2. Homoglyph advance phishing attack detection
  3. Corporate intelligence
  4. Punycode phishing attack detection

CMS Scan

  1. Very few scanners provide this feature
  2. Detect Wordpress, Joomla, vBulletin, Drupal
  3. Scan Themes, Plug-ins, unprotected admin area
  4. User enumeration
  1. Brut forcing for simple password detection
  2. FPD - File Path Disclosure scanning
  3. Detect CMS in all directories

Domain Reputation Check

Domain reputation in Google, SURBL, Malware Patrol, Clean-Mx, Phishtank:

  1. ESDS VTMScan checks whether your domain is listed in these databases - Google, SURBL, Malware Patrol, Clean MX, PhishTank. These organizations have their databases that stores IP addresses and domains which are extracted for malware, spamming, phishing activities.

Mail server IP Check in 58 RBL repositories:

RBL (Real-time Blackhole Lists) have IP addresses whose owners refuse to stop the growth of spams. RBL lists various server IP addresses from multiple ISPs (Internet Service Providers) whose users are responsible for spams. RBL also lists those ISPs whose servers are hijacked for spam relay. ESDS VTMScan check the mail server IPs in 58 such RBL repositories,

Robust Link Crawling

Link crawling is a process of capturing all the webpages (its URLs) present on the website. It helps us understand how many webpages are there in our website and about what are these pages related to. The website owner can also cross-check whether these pages are legitimate or not.

ESDS VTMScan does following things –

  1. Crawls links from web pages, robots.txt, iframes, hacker’s favourite search engines, directory indexes, and directory traversals.
  2. Check admin and directory busters.
  3. Directory access check

Banner Grabbing

Banner grabbing is a collection of information related to your websites such as web server information, header information and open ports. Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. An intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.

ESDS VTMScan checks for following things –

  1. Port scanning
  2. OS detection
  3. WAF detection

SSL Scan

ESDS VTMScan checks for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN etc.

In SSL Check, the following areas are checked:

  1. NULL Cipher used or less than 128 bits.
  2. Domain uses an invalid security certificate.
  3. Domain uses an expired security certificate.
  4. Domain uses a security certificate which expires today (EOD).

LFI & RFI Detection

Local File Inclusion (LFI):

Local File Inclusion (LFI) is a process where a file or a script is injected on a server through a web browser which allows local directory traversals and characters to be injected if the page is not sanitized. This attack leads to sensitive information disclosure.

Remote File Inclusion (RFI):

Remote File Inclusion (RFI) is an attack which looks for vulnerabilities in a web application to include a remote file through a script on the web browser. The perpetrator wants to exploit the functions in an application to upload malware from a different domain.

Q: Does VTMScan scan subdomains of a given domain?

A: Yes, VTMScan will also scan subdomains of your website, but you need to mention those subdomains in the additional domain field while you schedule your scan.

Q: Can VTMScan schedule website scan as per user time frame?

A: Yes, VTMScan can schedule scans as per user time frame so that it won't affect user website during peak time. User will be provided with a custom scan option where he can set his time frame.

Q: What is OS Detection in VTMScan?

A : OS Detection is one of the striking features of VTMScan. Most of the time website is coded very securely and is very hard to crack so, hackers target website server Operating System. VTMScan predicts your Operating System and lists down vulnerabilities regarding that website.

Q: How exactly does VTMScan Ports remotely?

A: VTMScan checks for all ports on the server. It finds out all open ports and services/products running on those ports. It checks those products in vulnerability database and alerts if any product is vulnerable.

Q:Does VTMScan installs any agents on my website?

A : VTMScan does not install any agent. VTMScan also takes care that it sends you harmless requests and payloads which will not affect performance and availability of the user website.

Q : What is WAF?

A : A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Q : What is Content Change Monitoring and it's usage?

A : Content Change Monitoring compares the current state of your website with the snapshot of your website which was taken by you earlier and informs if any changes are observed on the website.

Q : Is Authentication Based Scanning supported by VTMScan?

A : Yes, VTMScan supports authentication based scanning viz. htaccess and web based authentication.

Q : What do you mean by a CSRF vulnerability?

A : Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?

A : Yes, CMS is detected in VTMScan. Types of CMS that are detected and scanned are Wordpress, Joomla, vBulletin and Drupal.

Q : How do I get my domain off the phishtank blacklist?

A : Please visit the following page: http://www.phishtank.com/contact.php and follow the instructions for reporting an incorrect phishing page.

Enquire now!