OWASP Unmaskme Project

=Main= Unmaskme: web service whose goal is to raise web security awareness among web owners, webmasters, web designers or even people without security knowledge through the interpretation of all Web-metadata extracted from any website.

Think in this project as a tool which anyone -not only penetration testers- could use to perform a fingerprinting with added capabilities and intelligence.

Description Compromised websites are often used by attackers to deliver badware or to host phising pages designed to steal private information from their victims. Unfortunately, most of the targeted websites are managed by users with little or no security background. Unmaskme will help the webmasters to highlight the importance of keep update, protect or do some hardening in their websites in order to avoid they become victims of badware.

Usually a no security aware webmaster will left a newly deployed website by default and normally will pass months or even years without any update on the website. As result cibercriminals will take advantage of this behaviour and the website will be part of the compromised website statistics. Web hosting providers -who play a key role in this scene- are not doing any effort to help with this problem.

Unmaskme project will be a public resource which will extract metadata from any website (either domain name or IP address, no resource) and will explain it in a brief summary. The extraction will be totally passive just like browsing the website, otherwise the tool couldn't be online for public use. It's based mainly on HTTP headers and metadata.

=Project About=