Online Malware & Vulnerability Scanner to Secure Your Online Presence

Protection Against All The
Current Threats

Malware Attacks Scan
Reputation Check

The Perfect Port In All Future Web Security Storms

In-Depth Monitoring
24/7 Incident Monitoring & Response

Why Choose bodHOST VTMScan?

bodHOST VTMScan provides an exuberant delivery experience to the users and their websites as well as their web applications. With VTMScan, you can protect your online presence at all points of time.

In web security, it has now become important to understand the meaning of prevention. bodHOST VTMScan helps you provide a deep scanning solution that are backed by instant alerts.

Fully Compatible with all Platforms and Content Management Systems (CMS)

Be at comfort when you leverage your protection.

Get assistance with -

Faster responses
Dedicated and proactive team
Thorough Scanning
Through and thorough solution
Advanced Security
Enhanced UX
Advanced and Secured Application Protection

Leverage your website security with bodHOST VTMScan to secure your digital assets

Search Engine Friendly

Auto scanning for CMS with an agent-based server-side scanning

Threat Detection

Proactively scanning for presence of any malware, security threats, infections, botnets, etc.

Keeps the Web Servers Fit

Carry out open port scanning against all security threats and validating mail server IP

Website Attacks Prevention

Specialized and secured defence against all types of exploits, advisory security patches with a complete trusted and tested security for websites

Proactive Flaw Detection

Quick mail alerts and warning alarms for web pages and codes

Specialization in Intense Detection

Remote web-shell and unexpected file detection along with CMS specific scanning like- WordPress and Joomla.

Features of Scan Plans	Standard Scan	Enterprise Scan
Domains	2 Domains	2 Domains
Total No. of Scans	4	4
Per Month Cost	$2.99	$3.99
Per Scan Cost	0.75	1.00
	Buy Now	Buy Now

Features of Scan Plans	Standard Scan	Enterprise Scan
Domains	4 Domains	4 Domains
Total No. of Scans	8	8
Per Month Cost	$4.99	$6.99
Per Scan Cost	0.62	0.87
Features of Scan Plans	Buy Now	Buy Now

Features of Scan Plans	Standard Scan	Enterprise Scan
Domains	10 Domains	10 Domains
Total No. of Scans	20	20
Per Month Cost	$9.99	$13.99
Per Scan Cost	0.50	0.70
	Buy Now	Buy Now

Features of Scan Plans	Standard Scan	Enterprise Scan
Domains	50 Domains	50 Domains
Total No. of Scans	100	100
Per Month Cost	$44.99	$59.99
Per Scan Cost	0.50	0.59
	Buy Now	Buy Now

Reputation and Blacklist Monitoring
Reputation Monitoring
Blacklist Monitoring
Basic assessment
Http security header check
OS Vulnerability detection
Banner grabbing
Standard Malware Detection
SQL Injection
Cross Site Scripting
Malware Detection
Webpage Defacement Detection
Insecure Deserialization
Local File Inclusion
Remote File Inclusion
Advanced Malware Detection
Content Change Monitoring	-
Phishing Page Detection	-
Defined scan time	-
CMS Scan	-
Port Scan	-
SSL Scan	-
URL Monitoring	-
Cross-Site Request Forgery	-
Additional Functionality
Error reporting including recommendation
Email Support

OWASP Top 10:

Open Web Application Security Project (OWASP) refers to an online community that works in the domain of web application security. It releases the list of top-10 vulnerabilities after every few years. VTMScan identifies these vulnerabilities and complies with the rules laid by OWASP. VTMScan scans for Cross-site Scripting, SQL Injections, etc. and report these vulnerabilities along with recommendations to cure these issues.

Content Change Monitoring:

VTMScan provides Content Change Monitoring and is an important feature. It scans every page of the website for detecting if any change has occurred. Every change is observed across the entire website along with the respective percentage in the URLs. Here, a snapshot is generated of all the webpages and then each page is scanned for any modifications and changes. Once this is done, irregularities are reported, if any. This feature is of great benefit for the website owners for checking if any changes are being done on the website without their concern.

Malware Scan

Website defacement refers to an attack on a website that can the visual appearance of a webpage.

Forced redirected test for injections
Scanning JavaScript code snippets for generic signatures. Checking for any iframes
Special algorithm devised for detecting JavaScript Obfuscation. Obfuscation is used for converting vulnerable codes into a format that can’t be read easily
Checking for third-party links from reputed databases
Malware monitoring is mostly done for the detection of JavaScript, iframe & Defaced keywords. JavaScript is checked for malicious code. The website is also scanned for any defaced keywords

Phishing

Protecting the customers and safeguarding the website as well as web applications with VTMScan

Look for similar domains
Common misspelling or use of foreign language
Misspelling such as typographical error
Swapping letters in the URL
Using different domain names

Detection of any Punycode phishing attacks

CMS Scan

Very less number of scanners are provided in this feature
Detects CMS tools such as- WordPress, Joomla, Drupal, etc.
Scanning is done for themes, plugins and unprotected admin area

Enumerating users
Use of brute-force for detection of simple passwords
Scanning of File Path Disclosures or FPDs
Detecting CMS across all directories

Domain Reputation Check

Domain reputation check done in Google, SURBL, Malware Patrol, Clean-MX and Phishtank

VTMScan performs checking of the user domain across popular domain databases like- Google, SURBL, Malware Patrol, Clean-MX and Phishtank. These have an in-house database that contains the IP addresses and domains that might be extracted for malware, spamming and other phishing activities

Mail server IP check-in 58 RBL Repositories

RBL or Real-time Blackhole Lists contain IP addresses of all those owners who’ve declined to stop the growth of spams. RBL lists all such IP address from several ISPs and identifies users who’re responsible for all these spams. RBL can also form the list of all ISPs whose servers have been hijacked for serving the purpose of spam relay. VTMScan performs checking of mail server IPs in 58 RBL repositories.

Robust Link Crawling

Link crawling refers to a process of capturing all the URLs of a website. It can be useful for VTMScan to understand how many webpages are existing at a given time instance on websites and what are all these webpages relating to. The website owner can perform cross-checking of his webpages to identify whether they are legitimate or not.

VTMScan performs following tasks under link crawling-

Crawling links from various sources such as- web pages, robots.txt, iframes, hacker’s favorite search engines, directory indexes, and directory traversals.
Checking admin and directory busters
Checking the directory access

Banner Grabbing

Banner grabbing refers to collecting information related to the user website such as- web server information, header info as well as open ports. Banner grabbing is a technique that is used for gaining information regarding a computer system over a network and the associated services that are running on its open ports. Any intruder can use the banner grabbing for finding network hosts running different versions of applications and OS by using the most-known exploits.

VTMScan performs checks for following-

Scanning of ports
Detecting operating systems
Detection of Web Application Firewall (WAF)

SSL Scan

VTMScan validates checking for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN, etc.

Under SSL Check, the following checks are performed by VTMScan-

NULL Cipher used or is less than 128 bits
Domain is using an invalid security certificate
Domain is using an expired security certificate
Domain using security that is going to expire by the end-of-day

LFI & RFI Detection

Local File Inclusion (LFI):

Local File Intrusion refers to a process where the file or a script has been injected on a server using a web browser, allowing traversals in local directories to be injected in case the page is not ‘sanitized’. This attack can give rise to the disclosure of user-sensitive information.

Remote File Inclusion (RFI):

Remote File Intrusion depicts an attack that can explore for vulnerabilities in a web application for including a remote file using a script on the web browser. The intruder might want to exploit the functionalities in an application for uploading malware from different domains.

Q: Does VTMScan scan subdomains of a given domain?

A: Yes, VTMScan will also scan subdomains of your website, but you need to mention those subdomains in the additional domain field while you schedule your scan.

Q: Can VTMScan schedule website scan as per user time frame?

A: Yes, VTMScan can schedule scans as per user time frame so that it won't affect user website during peak time. User will be provided with a custom scan option where he can set his time frame.

Q: What is OS Detection in VTMScan?

A : OS Detection is one of the striking features of VTMScan. Most of the time website is coded very securely and is very hard to crack so, hackers target website server Operating System. VTMScan predicts your Operating System and lists down vulnerabilities regarding that website.

Q: How exactly does VTMScan Ports remotely?

A: VTMScan checks for all ports on the server. It finds out all open ports and services/products running on those ports. It checks those products in vulnerability database and alerts if any product is vulnerable.

Q:Does VTMScan installs any agents on my website?

A : VTMScan does not install any agent. VTMScan also takes care that it sends you harmless requests and payloads which will not affect performance and availability of the user website.

Q : What is WAF?

A : A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Q : What is Content Change Monitoring and it's usage?

A : Content Change Monitoring compares the current state of your website with the snapshot of your website which was taken by you earlier and informs if any changes are observed on the website.

Q : Is Authentication Based Scanning supported by VTMScan?

A : Yes, VTMScan supports authentication based scanning viz. htaccess and web based authentication.

Q : What do you mean by a CSRF vulnerability?

A : Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?

A : Yes, CMS is detected in VTMScan. Types of CMS that are detected and scanned are Wordpress, Joomla, vBulletin and Drupal.

Q : How do I get my domain off the phishtank blacklist?

A : Please visit the following page: http://www.phishtank.com/contact.php and follow the instructions for reporting an incorrect phishing page.