Scantrics helps protect websites and web applications from malicious attacks. Website Scanner Online will show you exactly what is vulnerable about your website so that you can fix it before hackers exploit it. For more information, visit: https://scantrics.io

1. ScantricsTools
S c a n t r i c s o ff e r 11 s e c u r i t y t e s t i n g t o o l s t h a t s c a n s
a n d i d e n t i f i e s v u l n e r a b i l i t i e s i n we b s i t e s
a n d we b a p p l i c a t i o n s .

2. Website
Scanner
How it works?
A target URL is the parameter to be scanned by the Website
Vulnerability Scanner. The tool needs the full URL of the
target that includes http:// or https:// as the protocol. Since
the tool does not follow any redirects, the exact URL will be
scanned.
The Website Vulnerability Scanner scans a web application
by sending multiple HTTP requests to the particular web
application. Quick Scan generates up to 20 HTTP requests
to the server, while Full Scan can generate more than
10,000 HTTP requests to the server.
As Full Scan does a more comprehensive website
assessment than Quick Scan, several hours are needed to
complete the task. During this period, the tool crawls the
entire web application, performs multiple security tests,
analyses the responses from the web application, finds the
security vulnerabilities, and gathers all results in the report.
In order to run the Full Scan, the Website Vulnerability
Scanner has lots of plugins with a specific capability. For
example, the SQL Injection plugin is built purposely to run
SQL Injection query and to find if such vulnerability exists
within the web application. Depending on the complexity of
the web application itself, each plugin may generate a lot of
requests and take time to complete the Full Scan.

3. TCP Port
Scanner
TCP Port Scanner is based on the most powerful port scanner, Nmap. Nmap is known
as the de-facto tool for finding open ports and services, allowing users to run a
set of scans against the target host.
As such, TCP Port scanner functions the same way as Nmap does. Users only need to
define the target IP/Hostname and the tool will do DNS resolution before sending
the request to the target.
Firstly, it will perform host discovery in order to check if the host is live
before probing the ports on the target. Then, the tool will run open port
detection script in order to detect the listening port on the target and it will
also perform service detection for the particular port. For example, when TCP Port
Scanner finds there is port 80/443 open on the target, it will check what services
are running, such as Apache, Nginx along with other versions.
How it works?

4. Subdomain
Scanner
How it works?
• A target domain name is the parameter to be
scanned by the Subdomain Scanner. The tool
uses multiple techniques to discover
subdomains such as:
• Gathering the DNS Records (NS, MX, TXT,
AXFR)
• DNS Records consist of the IP address
associated to each subdomain. Therefore, this
tool will try to request DNS Zone Transfer of the
target to gather all the records from the DNS
server.
• Performing DNS enumeration based on a
specially chosen wordlist
• The wordlist contains all the common name of
subdomains that is usually used. The tool will
brute-force the subdomain by trying each name
listed on the wordlist one by one to see if any of
the list returns a response when requested.
• Querying on public search engines
• The Subdomain Scanner will run queries on
public search engines, such as Google or Bing,
and gain the subdomains based on the results.
For instance, if we type “site:example.com” on
Google Search, we may find any associated
subdomains in the search results.
• Applying word mutation techniques
• The tool will mutate the common name of subdomain
by changing some of the letters within the wording or
by changing the order of the subdomain name.
• Searching in SSL certificates
• Websites that use wildcard SSL certificates allow this
tool to find the associated subdomain. By scanning
the SSL certificate, the tool will be able to gather the
subdomains that use the same wildcard SSL
certificate.
• Parsing HTML links
• This tool performs website crawling on the target
domain to find if any HTML links (href) are pointing to
another hostname instead of the same hostname. For
example, www.example.com might have an HTML
link to admin.example.com. However, this technique
will only find the subdomain if it is inside the HTML
href attribute.
• Reverse DNS lookup on target IP ranges
• The Subdomain Scanner will perform reverse DNS
lookup on the target IP ranges to find the subdomains
that might be residing on the target IP range and get
the subdomains through the PTR record in the DNS.

5. XSS
Scanner
How it works?
A target URL is the parameter to be scanned by the
XSS Vulnerability Scanner. The tool needs the full
URL of the target that includes http:// or https://
as the protocol. Since the tool does not follow any
redirects, the exact URL will be scanned.
This tool runs a security check by replacing the
original parameters of a test step with harmless
strings, which resemble the malicious strings that
are used in real attacks. It injects these strings
to both XML elements and JSON fields.
The XSS scanner then uses assertions to validate
requests and responses and check if they include any
information about potential web application
vulnerabilities. ‘PASS’ will be logged for all

6. How it works?
Users of Virtual Host Scanner only need to insert either the IP address or Hostname as the
target parameter. This tool should find the virtual host if it resides on the same IP address
as the apex/root domain.
The tool will then perform the scan by using multiple discovery techniques such as:
Querying on public search engines
The query itself is usually a Google Dork query, such as “site:example.com” that will return
a list of subdomains indexed on Google Search Engine.
DNS resolutions
By translating the IP address into the hostname. This task usually will need to contact the
DNS server and request the PTR record of a specific IP that can give responses in
hostname form as responses.
Analysing web redirects
Some of websites might have a link that will redirect the user to another subdomain when
clicked by the user. Hence, the Virtual Host Scanner also crawls websites and check for
any web redirects contained in the HTML page through certain HTML tags, such as href.
Searching in SSL certificates
By finding the subdomains associated with the SSL certificate. Any subdomain that uses
the same SSL certificate (wildcard) can be found by scanning through the information in the
SSL certificate. Most of the time, the web developer/network administrator will apply the
same SSL certificate for the domain and subdomains associated for the purpose of
manageability.
Virtual Host Scanner

7. SQL Injection
Scanner
How it works?
It’s important to secure your web applications
from SQL injection attacks by implementing
proper security mechanisms, such as query
sanitization before hackers find out.
Our SQL injection scanner is based on the
OWASP ZAP engine. OWASP ZAP is
currently one of the most popular open-
source vulnerability assessment tools that is
supported by hundreds of developers and
other community members.
This tool conducts SQL injection testing by
inserting special characters in all form fields
of the target web application and affects the
webpage behaviour to be observed. In most
cases, database errors showing in the
webpage indicates that the web application
might be vulnerable to SQL injection attacks.

8. Reach Us
Contact Us
We are here to help.
• Get in touch to learn more about how we can help you.
• Whether you have a question about our products, services, pricing, need a consultation
session, or anything else, our team is ready to answer all your questions.
• We want to ensure that we are reachable to you whenever you need help. Reach us from
any channel below at your convenience.
 Sales Inquiries
 sales@primaryguard.com
 Partnerships
 corporatePR@primaryguard.com
 Technical Support
 techdev@primaryguard.com
Our Offices
CYBERJAYA, MALAYSIA (Headquarter)
Blok 4805-02-08, Jalan Flora CBD
Perdana 2,​ Cyber 12, Cyberjaya,
Selangor 63000, Malaysia
Tel: +603 8601 0561

9. Thank
you