1. SUCURI – SUCURI is a widely used free website security scanner offering malware, blacklisting, SPAM, and defacement checks, and it provides protection and cleaning services for websites across various platforms, such as WordPress, Joomla, Magento, Drupal, and phpBB.
2. Criminal IP – Criminal IP’s Domain Search serves as a real-time URL Scanner that extracts crucial data, including network logs, technologies, subdomains, and certificate info, aiding developers and cybersecurity teams in assessing website security and vulnerability status; it also offers AI-based insights into HTML structure, JavaScript variables, and phishing risks, complemented by both free features and customizable subscription plans.
3. HostedScan Security – HostedScan Security is an automated online service offering a range of scanners for vulnerability assessment, including network, web application, port, and TLS/SSL, allowing businesses to manage risks through dashboards, reporting, and alerts; it also offers a free tier of 10 monthly scans for easy initiation of scanning and business security.
4. Intruder – Intruder is a potent cloud-based vulnerability scanner designed for web application infrastructures, offering an enterprise-ready, government and bank-level security scanning engine with comprehensive checks including patching, misconfigurations, web app vulnerabilities, and CMS issues, while also providing contextual result prioritization, proactive scanning, and integrations with major cloud providers and collaboration platforms like Slack and Jira, available for a free 30-day trial.
5. Qualys – Utilizing Qualys’ SSL Server Test is crucial for thorough scanning of websites to detect SSL/TLS misconfigurations and vulnerabilities, offering detailed analysis of HTTPS URLs including expiration, rating, cipher, SSL/TLS version, handshake simulation, protocol details, and more; it’s recommended to run the test after any SSL/TLS-related changes.
6. Quttera – Quttera performs comprehensive scans for malware and vulnerability exploits on websites, examining malicious, suspicious, and potentially harmful files, while also checking against PhishTank, Safe Browsing (Google, Yandex), and Malware domain list databases.
7. Upguard – UpGuard Web Scan is an external risk assessment tool that evaluates websites using publicly available data, categorizing test results into areas like website, email, network security, phishing, malware, and brand protection risks, offering a swift assessment of website security posture.
8. SiteGuarding – SiteGuarding offers comprehensive domain scanning for malware, blacklisting, injected spam, and defacement, supporting various platforms including WordPress, Joomla, Drupal, Magento, and more, and provides malware removal services for affected websites.
9. Observatory – Mozilla’s Observatory is a security tool enabling site owners to assess multiple security aspects, validating against OWASP header security, TLS best practices, and conducting third-party tests from sources like SSL Labs, High-Tech Bridge, Security Headers, and HSTS Preload.
10. Web Cookies Scanner – Web Cookies Scanner is a comprehensive and free security tool for web application scanning, capable of detecting vulnerabilities and privacy concerns in HTTP cookies, Flash applets, HTML5 storage, Supercookies, and Evercookies, also featuring a URL malware scanner and HTTP, HTML, and SSL/TLS vulnerability scanning, accessible through an on-demand service or a subscription-based RESTful API with varying plans and scan limits.
11. Detectify – Detectify, backed by ethical hackers, provides a domain and web application security service with automated monitoring that identifies over 1500 vulnerabilities, including OWASP Top 10, CORS, Amazon S3 Bucket, and DNS misconfigurations, alongside continuous subdomain monitoring for hostile takeover detection, and offers three pricing plans with a 14-day credit card-free trial.
12. Probely – Probely offers a virtual security specialist to your development, security, or DevOps teams, scanning web applications for vulnerabilities and providing guidance, functioning as a developer-oriented tool with an API-First approach, featuring various pricing plans including a free option with limited scanning capabilities.
13. Pentest-Tools – Pentest-Tools provides a comprehensive website vulnerability scanner, offering information gathering, application, CMS, infrastructure, and SSL testing, including a free Light version capable of detecting common vulnerabilities like insecure cookies, headers, and outdated server software, enabling up to 2 full scans for a comprehensive assessment of issues such as SQL injection, XSS, and more.
14. ImmuniWeb – ImmuniWeb, a well-known website security scanner, assesses sites for PCI DSS, GDPR compliance, HTTP headers, CMS-specific tests, and front-end library vulnerabilities, with an additional focus on WordPress security if applicable.

Source: 14 Online Free Tools for Scanning Website Security Vulnerabilities & Malware