Platform updates

Detect critical CVEs, scan stats + more updates

Publisher
Pentest-Tools.com
Updated at
Article tags

If you’ve had an intense summer, that makes two of us. We worked hard to roll out new and helpful updates, so let’s break them down:

  1. Detect 4 critical & high-risk CVEs with the new Network Scanner modules

  2. Control the delay between requests & recursion options in the URL Fuzzer

  3. Get scan stats with the new Website Scanner

  4. Run scheduled scans on demand

  5. Use the HTTP Request Logger through our API 

  6. Add targets using the CIDR notation

  7. Enable more enumeration options in the WordPress Scanner

Let’s unpack them!

1. Detect 4 crucial CVEs with the new detection modules we built from scratch

When you run our Network Vulnerability Scanner against your targets, they’ll also check them for:

Use the Full Scan option from the Network Vulnerability Scanner with OpenVAS and see the scan results in Findings.

2. Control the delay between requests and use recursive searches with the URL Fuzzer

You now have the option to control the delay between the HTTP requests you make with the URL Fuzzer. To exponentially increase the delay, make sure to add up to 120 retry delays/request.

If you need to validate payloads with the URL Fuzzer, you can now automatically run recursive searches inside all the directories you’ve already discovered.  

Go to URL Fuzzer, add your URL target, select Payload options, and enable Recursion. You can set a maximum of 3 recursion depth levels/payload.

Here’s a snapshot of these two options:

 

3. Get specific scan stats about your targets with the new Website Scanner

Scan results for our new Website Scanner come with a richer summary section! 

When you scan your URL target with our proprietary Website Scanner, you get detailed, specific scan stats such as URLs spidered, the total number of HTTP requests, error count, injection points detected, and more.

Check it out:

 

 4. Run scheduled scans on demand

Another improvement we added is the option to run a scheduled scan whenever you need to.

To keep your work flexible and productive, select Scheduler from the Dashboard, select a Tool name and Run a specific scan.

 

5. API support available for the HTTP Request Logger

This latest platform update allows you to programmatically create HTTP handlers through the API. Using specific parameters, you can automate scanning and save invaluable time.

6. Add targets using the CIDR notation

On Pentest-Tools.com we now support the CIDR (Classless Inter-Domain Routing) notation, which lets you add your IP targets accordingly (e.g: 192.168.1.0/24).

7. More enumeration options available in the WordPress Scanner 

The WordPress Vulnerability Scanner can now search for config backups, database exports, or TimThumbs! 

Add your URL target and select specific enumeration options to uncover juicy findings in WordPress sites.

 

Log in to use the updates

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Suggested articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account

Footer

© 2013-2024 Pentest-Tools.com

Pentest-Tools.com has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn!

Pentest-Tools.com has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge

Pentest-Tools.com recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo

Pentest-Tools.com is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.