I have picked this one a while back from website security check post at ghacks, but it managed to get lost in my bookmarks until recently.
Insertion of malicious code into web page is typical outcome of site getting hacked and it is often tricky to catch and figure out. Especially if there is effort spent to hide from site admin. Unmask Parasites is online service that breaks down page into links and scripts to make it easier to spot unwanted additions.
What it does
Site takes URL as input and after snappy analysis gives you report results. There is rough overall verdict (clean or not) but site itself urges to take a look at details. 
Report includes plenty of details, including:
- redirect status, if present;
- page generator tag;
- Google safe browsing estimate about page;
- detailed breakdown of links on page;
- suspicious scripts.
Strong features
List of links makes bulk of report and is most useful part. Links are grouped by domain, are marked with amount and split into anchor texts and actual URLs. It makes it very easy to spot something that shouldn’t be on page.
Service URL has easy format and bookmarklet is also provided, makes it convenient to check multiply pages.
Downsides
While link analysis is comprehensive, script analysis is much less so. Common scripts seem to be skipped without mention. Which doesn’t mean they are harmless – Google AdSense is not included in report, but maliciously added or changed code for it would be nothing good.
I had also noticed that newer asynchronous Google Analytics code is marked as suspicious.
It would make sense to include images. They are commonly used in tracking scripts and spreading malware through images alone is not unheard off.
Overall
Excellent and easy to interpret security report, that slightly lacks in scripts department. It is not absolutely comprehensive, but is excellent place to start.
Speccy – basic system info tool from Piriform
NetSetMan – app for quick changes of network settings
Page2RSS – get web page changes in your RSS
Google Page Speed vs Yahoo YSlow
Bursting security bubble
Secunia OSI – fast in-browser software security check
wasitup.com – simple site downtime alerts
.
Thanx, Rarst !
.
The PC Rat
.
@DataRat
For what? :) You are welcome anyway.
.
“For what?”
.
For providing us with useful info like this on checking for
malicious code in our Web sites.
You publish this stuff, Rarst, and often we don’t have much
to comment specifically on the article. It’s valuable, yet we
just don’t have a question or particular opinion to espouse.
So I just wanted to say “thanx” for all of us who read your
blog and benefit thereby.
.
The DataRat
.
@DataRat
By the way do you run any sites? :) I don’t think you had ever filled URL field or mentioned any.
Thankfully after many months I have long surpassed doubts that there are people who read and appreciate my posts. :) Awesome and active commenters like you don’t let me forget that.
I am considering a button to click and it shows “X readers liked this” or something like that for new theme. On the fence about idea. It gives an option for when comment isn’t really needed but can also be clutter of a function.