"Webmasters need to ensure that their websites are running good code that isn't open to exploitation."
Ian Fette «Product Manager with Google's Security Team»
Desenmascara.me is a tool yet in it's early PoC stage but fully functional.
The goal of this tool is to raise security awareness among web owners in order
to help decrease the constant rise of compromised websites.
Compromised websites are often used by attackers to deliver badware or to host
phising pages designed to steal private information from their victims. Unfortunately,
most of the targeted websites are managed by users with little or no security background.
Desenmascara.me will help the webmasters to highlight the importance of keep update, protect
or do some hardening in their websites in order to avoid they become victims of badware.
Usually a no security aware webmaster will left a newly deployed website by default and
normally will pass months or even years without any update on the website. As result cibercriminals
will take advantage of this behaviour and the website will be part of the compromised website statistics.
Web hosting providers -who play a key role in this scene- are not doing any effort to help with this problem.
Desenmascara.me is a public resource which will extract metadata from any website (either domain name or IP address, no resource) and will explain it in a brief summary.
The extraction will be totally passive just like browsing the website, otherwise the tool couldn't be online for public use. It's based mainly on HTTP headers
and metadata. Some features of the tool are:
Easy to use, only enter a website address to see what's behind the scenes
Available in English, Spanish and working in progress for the German version (based on the browser language)
The goal of this tool is: to raise web security awareness among web owners. Please don't confuss it with considering
a website secure or insecure, the tool as is can't reach this conclussion. In order to can verify if a website is secure or insecure,
it would be needed a web security audit performed by security professionals.
You can check out the next presentation for some background of the problem, some real examples, and that I would like to achieve
with this tool.