Web Monitoring


XSS and SQLi Scanner

Online XSS and SQLi Scanner for PHP projects

Find Monitoring

Website monitoring, shell detector

HTML Validator

Simple HTML Validator, only unclosed tags will be checked

News by tag - news

Service Find-Monitoring

Find-Monitoring     Dear friends! Find-XSS.net is proud to present you our new service called Find-Monitoring. It is designed to bring more peace of mind and confidence to all website owners.
    Using our service you will always be aware of what’s going on with your project.
    Find-Monitoring can answer such important questions as: “Is my site available on the Internet at the moment?”, “Has any file of my site been illegally modified?” or “Did the hackers fill shell on my site?”
    In case of any problem our service will promptly notify you by sending a letter with a very detailed report to your e-mail address.

Add-on for FireFox - Find-XSS-Fire

Add-on There are many scanners selecting parameters in the address bar on the Internet. Most of them are paid and not cheap. But none of them is a browser extension. We decided to fill this gap. Meet the beta version of the scanner Find-XSS-Fire. Certainly it isn’t as powerful as our online scanner, but it is able to find something that could be missed. Besides it is absolutely free. The following is a description of the installation and use:

Download (install) here, version 0.0.4


The question of trust: a Find-Compromise scanner client

Java client Are you afraid to download the source code in the scanner? We understand you but now you should not worry about it. We have developed a client part of scanner. It works in Java. So if you have not installed the Java virtual machine yet, it’s the time to do it. A Find-Compromise Client will analyze your project on your computer and create a file. The file will have pieces of code which require additional testing, by the server part of the scanner now. After downloading of this file the scanner will give the report. So you will not have to worry about your project, and we - for exclusivity of our product.

The first stable version of 1.0.0 Scanner

Stable version A service passed beta testing and switched to the operating mode. And we can surely say that 9 of 10 vulnerabilities found by it exist! This figure is higher than that of any other vulnerability of PHP code scanner. The number of found vulnerabilities is also higher than that of any other PHP code scanner as well as input selection options scanner. The only requirement for scanning is to download the archive which includes all the functions used in the scanned files. The scanner interprets any functions which are not described in a downloadable archive as dangerous. That can cause errors in the report.

A new version of the scanner 0.6.0, what’s new?

new version      The scanner checks the input data received from the user and analyzes their behavior in the code. The analysis of all functions to determine degree of danger or safety which is used in further analysis of the code is produced. Therefore it is very important not to download separate modules (since they use the functions that are described elsewhere), but the entire site (project) as a whole. Otherwise, scan report may be erroneous. In version 0.6.0 the hidden code generated by the function base64_encode and used in conjunction eval (base64_decode ()); is analyzed. This is an example below:
    The simplest code that an attacker can keep in a template or in some module is as follows:
    eval (base64_decode ("JF9HRVRbJ3Rlc3QnXQ =="));

Comprehensive protection of site by find-xss.net tools

Protection    Currently we can provide four utilities for finding vulnerabilities, as well as scanner of PHP code for XSS, SQL injection and other vulnerabilities.
    This is a list of utilities:
    Find-Date - searching shells filled to site by an attacker.
    Find-Port - checking open ports.
    Find-Info - utility for checking folders and files rights.
    Find-Error - mass files checking for syntax errors.
    Each of the utilities makes not big but important contribution to the detection of errors and vulnerabilities. It is recommended to use each of them. The more so that they are easy to use and do not require much time or great knowledge.

A new version of 0.5.0 scanner and how to use it

new version   As it was promised earlier, the status of Warning as well as the status of Error is abolished in a new version of a scanner. Scan report in the new version has changed a lot. Now the report specifies three types of vulnerabilities: XSS, SQL injection and Active script (other vulnerabilities). Scan report in previous versions of the scanner put some in a deadlock, especially vulnerability to the status of Warning. In the new version of scanner everything is done to simplify the understanding of the logic on which the scanner has found a particular vulnerability. The report shows the key lines of code side by side with the vulnerability line. Therefore, we can trace all the chain the scanner used in the analysis. Unsafe option is released in red in the report. For non-experienced website owners, when you hover the mouse on a line with a vulnerability, the prompt with the way to remove appears.

Find Ads - new service of advertising exchange


Five friends had a meeting. The first one juggled, the second sang a song, the third told a joke, the fourth recited a poem and the fifth showed his collection of stamps.What has come of it? It happened that each of them entertained the friends once, in a while enjoyed four times. Our system of advertising exchange works by the same principle.

Advertising exchange service is completely free. For each block of advertisement shown, having the form:


Обмен рекламой
Реклама Реклама Реклама Реклама Реклама


you get up to 5 hits of your own advertisement in the same block. Why to 5? This is a temporary inconvenience, yet the system does not connect with two dozens of sites (besides there are the costs of the system).

In addition, the system provides the transmission of ad impressions from one unit to another, that makes it possible to promote the beginners projects, due to already advanced. You are given an opportunity to create and edit your ad units, personally for your site. The client clicks on your ads as well as advertising in the block on your site are taken into account. It is displayed on the stats page.

According to the experience of showing this system to friends, they all say: “Oh, so it is a pyramid!” No! This is not a pyramid! Here is a good example for 3 users:

The first shows ads:

Ads of the second and ads of the third

The second shows ad:

Ads of the first and ads of the third

The third shows ad:

Ads of the first and ads of the second

Now you can count yourselves how much each advertisement is shown, and how many times his own advertising is demonstrated. As you can see, each showed the ad one 

Copyright © 2010 - 2024 Find-XSS.net