Site evaluation Mini-Howto

Connectivity
- traceroute
  - who is the internet provider (Arin/ripe IP databases)
  - where is the server physically located (country, town, company)
- bandwidth
  - throughput testing or ISP records
- latency
  - ping, traceroute
  - compare to hosts closer to the internet

Server location:
- Colocated. The server is located at an ISP or somesuch.
- Dedicated connection. Usually, this happens when the company behind the site has their own line to the internet.
- Shared server (there are other web sites on the same server).

Network topology
- traceroute: firewall?
- ping: firewall?
- nmap: other live servers
- nsscan
- nslookup: axfr
- other servers
- netscan: is network an ICMP "smurf" amplifier 

Server
- OS, distribution, patch levels
  - queso, netcraft, nmap or observing other sw packages
- services - find out by nmap/telnet or client(such as web browser)
  - web
  - email
  - db
  - dns
  - ftp
  - db
  - finger
  - sun rpc
  - nfs
  - smb

- installed software packages
  - web - netcraft
    - iis
    - apache
    - other
      - web application packages
        - frontpage extensions
        - cold fusion
        - php
        - asp
    - web apps
      - input validation
      - sql overflow
  - email
    - nslookup set type=MX. Multiple hosts? connectivity of these?
    - software
      - telnet: EHLO
        - sendmail
        - exchange
    - open relay
      - orbs / rbl
  - db
    - mysql
    - oracle
    - mssql
  - dns
    - nslookup set type=ns
    - domain info
      - nic handles / contact info
  - nfs
    - showinfo
  - finger
    - find out logged on users on unix systems
  - smb
    - nbtstat
      - list shares
      - samba
      - win machine

- vulnerabilities
  - orbs

The site:
- bandwidth. Dynamic content generation capability
  - ab, wget
- page size
  - bobby, wget, manual inspection
- accessibility
  - bobby, lynx
- standards compliance
  - w3c validation
- browser lockout
- plugin lockout
- navigation
  - manual inspection
- updatedness
  - how well is the site updated?
- link analysis
  - broken internal links?
  - broken external links?
- popularity
  - linked from other sites?

Tools:
nmap
queso
netcraft
bobby
nslookup (standard unix or windows tool)
ab (apache bench - source comes with Apache)
wget
telnet (standard unix tool)
showinfo (standard unix tool)
lynx
finger (standard unix tool)
netscan
traceroute (standard unix, tracert under windows)
nsscan:
#!/bin/bash

baseip=$1

cnt=1
cntend=256

while [ $cnt != $cntend ]
do
    ip=$baseip.$cnt
    name=`/usr/bin/nslookup $ip 2> /dev/null |grep Name`
    if test -n "$name"
    then
        name=`echo $name|cut -d: -f 2`
        echo "$ip:$name"
    fi
    cnt=`expr $cnt + 1`
done