Resources
Changelog
These are the latest updates we've made to our platform. If you have any questions about any of the updates you see below, please feel free to contact us!
Filter by
April 2024 Changes
Get far-reaching findings with the Network Scanner
We've introduced crucial detections for security issues that expand your attack surface:
Publicly exposed VNC, MSSQL, and LDAP services - findings now flag if these services are publicly accessible on the Internet, so you can tighten your network's security posture
CVE-2023-3824 (CVSSv3 9.8) - stack buffer overflow in PHP that leads to RCE
CVE-2023-44487 (CVSSv3 7.5) - we enhanced detection accuracy for HTTP/2 Rapid Reset by checking if the target supports the HTTP/2 protocol and the HTTP/2 RST_STREAM directive
Comprehensive DNS records - see a new finding when a target has DNS records available (A, AAAA, MX, NS, SOA, TXT, SPF, CAA, CNAME) and get deeper visibility into the target’s domain structure.
Confirm business risk with Sniper’s new precision strikes
Sniper just got sharper with new exploits for two critical CVEs:
CVE-2024-0204 (CVSSv3 9.8) - assess the business risk of the Authentication Bypass vulnerability in GoAnywhere MFT, which leads to RCE by uploading a webshell
CVE-2024-1212 (CVSSv3 10) - validate the threat of exploiting this Remote Code Execution vulnerability in Progress Kemp LoadMaster
Leave no stone unturned with these Website Scanner upgrades
Our Website Vulnerability Scanner now:
Detects flaws in JWT implementations by checking if web apps that use JWTs for authentication allow them to have a None or random signature, creating security risks
Runs faster light web app scans that also come with detailed requests and responses for each finding
Provides extra information about spidered responses in evidence which now includes the status code, page title, and page size for each URL
Extracts proof of exploitation for Linux OS command injection in the form of hostnames and usernames.
Discover subdomains quicker and more effectively
The Subdomain Finder now uses external APIs tests in light scans to return subdomains faster by accessing online databases. We also increased the list of external APIs so it extracts more subdomains for your targets.
Tool: Subdomain FinderZoom in and out on details across your projects
3 improvements you’ll notice as you log into your account:
Single sign-on with Microsoft - jump straight into action using your existing Microsoft account
View all assets across workspaces - easily search for, identify, and manage duplicate assets from all your workspaces at once.
Unified notifications across integrations: you can now get the same notification through multiple services, in preparation for even more integration options we’ll launch in the future.
Meet the people behind the tools
Want to put a face to these updates?
Our fresh new Teams page is a great way to see who’s behind this email and the entire Pentest-Tools.com toolkit.
March 2024 Changes
Get better results for Light Subdomain Finder scans
We upgraded the reporting limit for Light scans by 10x! The Subdomain Finder now provides up to 1000 entries and includes unresolved results so older subdomains are available.
Tool: Subdomain FinderDon’t miss a thing with new detection modules in the Network Scanner
Thanks to our security research team, you can now detect:
CVE-2024-23897 (CVSSv3 7.5) - Unauthenticated Arbitrary File Read in Jenkins
CVE-2023-41056 (CVSSv3 8.1) - Remote Code Execution in Redis
CVE-2023-5631 (CVSSv3 5.4) - Cross-Site Scripting in Roundcube
Speaking about Roundcube, a couple of months ago we published an analysis - and public exploit - for CVE-2021-44026, an SQL injection vulnerability in the open-source mail client.
The Network Scanner now also generates explicit findings for sensitive services that shouldn't be exposed on the internet (e.g. SMB, RDP, MySQL), which are easier to include in your reports.Network Scanning
CVE
RCE
New home for Scan with Tool
The Scan with Tool button has a fresh look and a new location. It's now called New Scan and you’ll find it at the very top of the sidebar. We are working to make your scanning experience even better in the future!
Services statuses - now online
This is something we promise you’ll always see in our new status page. 🤞The page includes statuses for our public website, the blog, the platform, the API, and more!
Improved evidence for Nuclei findings from the Network Scanner
As some of our customers requested, we enhanced the evidence section of findings that the Nuclei engine generates. Now, you’ll receive more relevant details about how the engine produced a finding.
Network Scanning
A fresh look for the Scan results page
We streamlined the look and feel of the Scan results section, keeping it as valuable as ever. We’re rolling out more visual updates for all our tools in the coming months, so stay tuned!
Is Pentest-Tools.com any good for bug bounty hunting?
See what happens when The XSS Rat combines his methods with our toolkit and features.
PS: Sniper Auto-Exploiter gets a lot of love - and for good reason!
New tool: know your targets better with People Hunter
People Hunter identifies the people associated with the target, using publicly available information from web server responses.
Details such as email addresses (and their patterns) and social media profiles help you identify potential targets for social engineering attacks.
Get more from the Team feature
We introduced a new view in the Team feature: Shared with me to help you identify who has shared which information with you. Additionally, the table view has returned, making visual comparisons easier.
Two new modules in the Website Vulnerability Scanner
Two new modules in the Website Vulnerability Scanner:
Detection for misconfigured CSP Headers - identifies misconfigured content-security-policy headers on your website, enabling you to control resource loading and their allowed URLs.
Enumerable Parameter Detector - explores possible enumerable parameters in your website. Some findings might reveal insecure direct object references after manual examination.
Web app scanning
February 2024 Changes
Start a scan from the Scans section
We noticed some of our customers needed an easier way to start scans from the (obviously named) Scans section, so we added it!
The New scan button makes it easy to jump into action the moment you know where you want to dig deeper.
Know what’s new - right from your dashboard
Until a few days ago, our product updates were a bit hidden from view, which made it harder for you to find out about them and actually use them.
So we added two new sections to your dashboard:
What’s new - that brings product updates (text and video) and fresh pentesting guides
Help - which makes it easier to dip into how-to’s, video tutorials, and FAQs
Nuclei fingerprinting in our Website Scanner
Our Website Vulnerability Scanner gets stronger with each monthly update!
We’ve integrated the fingerprinting capabilities from Nuclei into our proprietary tool - and it’s just the kickoff!
Soon, we’ll start incorporating many more templates. Until then, the 40+ vulnerability checks our Website Scanner runs can surely keep you - and your team - focused and making progress.
More Nuclei detections in the Network Scanner
We’ve also integrated a bunch of new Nuclei category templates on top of the configured ones our Network Scanner is already using (CVE, CNVD, SSL, network, WAF, DNS).
New ones include: default-logins, exposed-panels, exposures, honeypot, IoT, miscellaneous, misconfiguration, takeovers, and vulnerabilities.
Want to refresh your knowledge of what our Network Vulnerability Scanner can do? We just updated its public page:
Network Scanning
January 2024 Changes
Exploit for CVE-2024-21887 (Remote Code Execution in Ivanti Connect Secure)
Sniper can exploit a Remote Code Execution vulnerability found in Ivanti Connect Secure (CVE-2024-21887).
CVE
RCE
New integration: get notifications on a Teams channel
If you (and your team) use Microsoft Teams, set up this integration to get custom notifications for your scan results.
You can also configure different channels for specific notifications, making sure everyone gets alerts about findings that are relevant for them.
Detection for CVE-2022-1471 (Remote Code Execution in SnakeYAML library - Attlassian Confluence)
Network Scanner detects if CVE-2022-1471 (CVSSv3 10), a Remote Code Execution in SnakeYAML library - Atlassian Confluence, impacts your targets.
CVE
RCE
Detection for CVE-2023-46805 (Authentication Bypass in Ivanti Connect Secure)
Network Scanner detects if CVE-2023-46805 (CVSSv3 8.2), an authentication Bypass in Ivanti Connect Secure, affects your targets.
CVE
OpenAPI files detection
And one more thing: we added a method to detect if the Website Scanner spider finds an OpenAPI file. When it does, you can dig deeper with the API Scanner in just one click, right from your finding.
By the way, we love to see customers truly make the most of our tools:
We had a tool to scan our websites and endpoints automatically; the reports were not so good, and each additional URL was charged additionally (this doesn't scale in a micro-services architecture).
Pentest-Tools.com solved all our problems; you can scan up to 1000 targets, the reports are so professional, and you can choose from dozens of different tools to analyze all aspects of an enterprise architecture.
Web app scanning
API security
Session Fixation Detector
We've also introduced a new Session Fixation Detector to help you identify session hijacking risks. Using the mitigation recommendations will help you prevent unauthorized access to user sessions and sensitive data.
Here’s a preview of what the finding looks like:
Web app scanning
Exploit for CVE-2023-46604 (Remote Code Execution in Apache ActiveMQ)
Sniper can exploit a Remote Code Execution vulnerability found in Apache ActiveMQ (CVE-2023-46604).
CVE
RCE
Exploit for CVE-2023-47246 (Remote Code Execution in SysAid)
Sniper can exploit a Remote Code Execution vulnerability found in SysAid (CVE-2023-47246).
RCE
CVE
Input Reflected in DOM
We've implemented Input Reflected in DOM to enhance protection against XSS attacks, ensuring coverage of more vulnerabilities lying in the DOM. It is already implemented in the XSS detector so if you select the XSS detector you are covered.
Here’s what it’ll look like in your report:
Web app scanning
Real-time status for all your VPN Agents
You can now check the status of your VPN Agents in the VPN Profiles section (under Settings).
We update their status in real-time, which makes it easier for you to check if your Agents are still up and running before starting scans against your internal infrastructure.
December 2023 Changes
Service detection in Port Scanner
Service detection is now enabled by default in Light mode for Port Scanner.
Auto spider option in Website Scanner
We added the option to select automatic detection of the spidering approach that the target needs. Auto is the engine option used in the deep scans too.
TCP/UDP Port Scanner unification
We've combined TCP Port Scanner and UDP Port scanner into a single tool called Port Scanner. A protocol parameter was added to the scan config to choose between TCP and UDP.
3 running modes (light, full, custom) for URL Fuzzer
We've changed our URL Fuzzer to support 3 running modes (light, deep, and custom) that allow you to scan targets with a predefined configuration.
Tool: URL FuzzerOpenVAS detections in our Vulnerability & Exploit database
All OpenVAS NVTs that can be detected with Network Scanner are now displayed on our Vulnerability & Exploit database, along with Sniper & Nuclei detections
Exploit for CVE-2023-20273 (RCE in Cisco IOS XE)
Sniper can exploit an authenticated RCE vulnerability found in Cisco IOS XE (CVE-2023-20273), based on an Authentication Bypass vulnerability (CVE-2023-20198).
CVE
RCE
Decluttered the spider results in Website Scanner
We tweaked the spider results table from the Website Scanner so you can focus more on the things that matter the most: the url, the method, the query and body parameters. So, we removed the listing of headers and cookies and made the table more dynamic.
Pentest reporting
Confirmed tag for Sniper and Nuclei engines in Network Scanner
We've added the confirmed tag for findings generated by Sniper & Nuclei scanning engines.
November 2023 Changes
Exploit for CVE-2023-46747 (RCE in BIG-IP)
Sniper can exploit another RCE vulnerability found in F5 BIG-IP (CVE-2023-46747).
BIG-IP
CVE
RCE
Improved logout avoidance
Website Scanner: Fixed a bug in our logout detection mechanism that caused the Spider to sign us out of the session while crawling.
WordPress Scanner real-time output
We came up with a way to show output from WPScan in real-time. This means you are not stuck with a scan running for 4 hours and get the findings as soon as we detect them.
Tool: WordPress ScannerPentest reporting
Free license launched (freemium)
We've just launched our Free license. Use our light tools to do quick assessments, export simple reports with up to 2 parallel scans.
Improved DNS response parsing
Subdomain Finder: We improved our logic for parsing DNS responses. This previously resulted in incorrectly marking domain names as unresolved.
Tool: Subdomain FinderImproved error handling for the tcpwrapped service
We fixed a bug in the Network Scanner that caused some aborted scans when all the open ports were tcpwrapped, although our scanning engines don't scan for this service.
Automatic CVE filter mechanism for the Network Scanner
We created an automatic CVE filtering mechanism for duplicated CVEs. For example, if the Sniper or the Nuclei engines find a CVE, only the Sniper finding will be displayed in the report. We'll show them based on prioritization (Sniper > Nuclei > OpenVAS).
CVE
Port discovery returns only open ports
All network tools will display only the open ports found (we remove the filtered and closed ones from the results).
Pentest reporting
Detection for CVE-2023-44487 (DOS in HTTP/2 - Rapid Reset)
Network Scanner detects if CVE-2023-44487 (DOS in HTTP/2 - Rapid Reset) affects your targets.
CVE
DNS Zone Transfer is now DNS Server Scanner
DNS Zone Transfer is now called DNS Server Scanner and it generates findings for DNS Zone Transfer Information Disclosure vulnerability (AXFR).
Tool: DNS Server ScannerExploit for CVE-2023-0126 (File Read in SonicWall)
Sniper can exploit a File Read vulnerability found in SonicWall (CVE-2023-0126).
CVE
Exploit for CVE-2023-4966 (Information Disclosure in Citrix - Citrix Bleed)
Sniper can exploit an Information Disclosure vulnerability found in Citrix (CVE-2023-4966 - Citrix Bleed).
CVE
Improved error handling in headless browser
Website Scanner: Fixed another bug in the logic driving the headless browser that crashed the page and prevented us from detecting new crawling targets.
Exploit for CVE-2023-20198 (Authentication Bypass in Cisco IOS XE)
Sniper can exploit an Authentication Bypass vulnerability found in Cisco IOS XE (CVE-2023-20198).
RCE
October 2023 Changes
Exploit for CVE-2021-44521 (RCE in Apache Cassandra)
Sniper can exploit another RCE vulnerability found in Apache Cassandra (CVE-2021-44521).
RCE
Exploit for CVE-2023-22515 (Authentication Bypass in Atlassian Confluence)
Sniper can exploit an Authentication Bypass vulnerability in Atlassian Confluence (CVE-2023-22515).
Exploit for CVE-2023-25194 (RCE in Apache Kafka)
Sniper can exploit a RCE vulnerability in Apache Kafka (CVE-2023-25194)
RCE
Exploit for CVE-2023-42793 (RCE in JetBrains TeamCity)
Sniper can exploit a RCE vulnerability found in JetBrains TeamCity (CVE-2023-42793).
RCE
REST API is now publicly available
Our REST API is now available. The old API is now legacy, but we’ll retire on December 31, 2023. The new API keeps all the existing features but adds new ones such as: a proper RESTful interface, cleaner JSON responses, the option to choose your redirect level for fewer connection errors, select the format for your callbacks (no more PDFs!), multiple API keys (with expiration dates for each of them), and more!
API security
Scan techniques added to the TCP Port Scanner
We've added multiple scan techniques (SYN, Connect(), ACK, Window, FIN, Xmas, etc.) to our TCP Port Scanner so you have multiple options to scan networks and find available hosts and their services.
Tool: Port Scanner with NmapAuthentication for the WordPress Scanner
We've added the basic authentication option when using the WordPress Scanner. Choose a custom scan type, enable Authentication, and fill in the credentials.
Tool: WordPress ScannerSpidered URLs list with duplicates
Website Scanner now gives you a complete list of the URLs it spidered, including all the duplicates. Rest assured knowing the scanner thoroughly inspected all paths. You can see them by clicking the details of the Spidered URLs finding and checking the references.
Detection for CVE-2023-42115 (RCE in Exim)
Network Scanner detects if CVE-2023-42115 (RCE in Exim) affects your targets.
CVE
RCE
Exploit for CVE-2023-36845 (RCE in Juniper)
Sniper can exploit a RCE vulnerability discovered in Juniper (CVE-2023-36845).
CVE
RCE
URL Fuzzer in the Recon category
You can now find the URL Fuzzer in the Reconnaissance category.
Tool: URL FuzzerGraphQL Scanner
The API Scanner now performs scans on GraphQL instances. Use it to check for Denial of Service attacks (circular reference, field duplication, alias overloading) or Information disclosure vulnerabilities (field suggestion, introspective enabled, console enabled).
September 2023 Changes
New My account page
My account section is now completely redesigned and easier to use than ever. We divided all the existing settings into specific categories so you can find what you are looking for in a matter of seconds.We've also added two new features: the option to add a profile picture and to see your login history. We'll include more updates soon, so stay tuned.
3 running modes (light, full, custom) for SSL/TLS Scanner
We've changed our SSL/TLS Scanner to support 3 running modes (light, full, and custom) that allow you to scan targets with a predefined configuration.
Tool: SSL/TLS ScannerDetection for CVE-2022-27510 (Authentication Bypass in Citrix ADC & Gateway)
Network Scanner can now detect if CVE-2022-27510 (Authentication Bypass in Citrix ADC & Gateway) affects your targets.
CVE
Exploit for CVE-2023-34039 (RCE in VMware Aria Operations for Networks)
Sniper can exploit a RCE vulnerability discovered in VMware Aria Operations for Networks (CVE-2023-34039).
CVE
RCE
Exploit for CVE-2023-35885 (RCE in CloudPanel)
Sniper can exploit a RCE vulnerability discovered in CloudPanel (CVE-2023-35885).
CVE
RCE
Email hard bounce alert
We've added a warning message in the platform that lets you know whether your email address is unable to receive emails.
Error-based NoSQL Injection detector
Website Scanner: We've added a new detection mechanism for MongoDB injection based on generating errors in the response.
Insecure Deserialization detector
Website Scanner: There's another out-of-band detector available for insecure deserializations. This included passive detection for serialized objects and deserialization attacks for Java serialized objects.
Detection for CVE-2022-27518 (RCE in Citrix ADC & Gateway)
Network Scanner can now detect if CVE-2022-27518 (RCE in Citrix ADC & Gateway) impacts your targets.
CVE
RCE
MySQL Out-of-Band SQL Injection detector
Website Scanner: We've added an out-of-band detector for MySQL injections.
SQL
Scan APIs via Postman collections
API Scanner: You can now scan APIs by uploading Postman collections. We convert the URLs from the Postman into a swagger file and scan it accordingly.
Exploit for CVE-2023-1698 (RCE in WAGO)
Sniper can exploit a RCE vulnerability discovered in Wago (CVE-2023-1698).
RCE
CVE
Exploit for CVE-2023-29300 (RCE in Adobe ColdFusion)
Sniper can exploit this RCE vulnerability found in Adobe ColdFusion (CVE-2023-29300).
RCE
CVE
August 2023 Changes
Pentest-Tools.com is officially listed on the AWS Marketplace
We are happy to announce that Pentest-Tools.com is officially listed on the AWS Marketplace. This listing meets security and compliance standards, allowing you to simplify your purchase flow through your existing AWS account.
Exploit for CVE-2023-25826 (RCE in OpenTSDB)
Sniper can exploit a RCE vulnerability discovered in OpenTSDB (CVE-2023-25826).
RCE
CVE
Exploit for CVE-2023-38646 (RCE in Metabase)
Sniper can exploit a RCE vulnerability discovered in Metabase (CVE-2023-38646).
RCE
CVE
New Handlers page
Our tools that accept requests (XSS Exploiter, HTTP Request Logger, and Sniper Client-side attacks) are now structured and placed into a single page called Handlers.
Nuclei templates improvements
Network Scanner: The Pentest-Tools.com research team contributes to the official Nuclei templates by improving and fixing false positives. We are now ranked among the top 75 contributors on the official repository.
Scan options for our Cloud Scanner
You can now select if you want to detect the cloud provider and/or detect cloud vulnerabilities & misconfigurations in the Cloud Scanner.
New findings page
The Findings page got a fresh look! But that’s not all. With improved filtering and performance, it’s now faster than ever to manage your findings and find exactly what you are looking for. Moreover, the new Finding editor creates an improved writing experience and a more reliable output. Give it a try by creating a manual finding.
Automatic daily update for Nuclei templates configured in Network Scanner
Nuclei templates now receive automatic updates daily, ensuring the scanner Nuclei detections are always up-to-date.
Detection for CVE-2023-3519 (RCE in Citrix ADC & Gateway)
Network Scanner can now detect if CVE-2023-3519 (Citrix ADC & Gateway) affect your targets.
CVE
Exploit for CVE-2023-33246 (RCE in Apache RocketMQ)
Sniper can exploit a RCE vulnerability discovered in Apache RocketMQ (CVE-2023-33246).
RCE
CVE
Exploit for CVE-2023-34960 (RCE in Chamilo)
Sniper can exploit a RCE vulnerability discovered in Chamilo (CVE-2023-34960).
RCE
CVE
Exploit for CVE-2023-35078 (Unauthenticated API Access in Ivanti Endpoint Manager Mobile)
Sniper can exploit an Unauthenticated API Access vulnerability discovered in Ivanti Endpoint Manager Mobile (CVE-2023-35078).
CVE
API security
Pentest Ground: New free resource to test your scanners and skills
Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use it to benchmark your tools and learn new offensive security techniques.
pentesting
July 2023 Changes
Detection for CVE-2023-35078 (Ivanti EPMM) and CVE-2023-38646 (Metabase)
Network Scanner can now detect if CVE-2023-35078 (Ivanti EPMM) and CVE-2023-35078 (Ivanti EPMM) affect your targets.
CVE
HTTP request/response in Nuclei evidence
The HTTP request/response from Network Scanner is now displayed when a finding is generated by the Nuclei scanning engine. This will add more details to the finding and will help validate the generated result.
More GCP tests for the Cloud Vulnerability Scanner
The Cloud Vulnerability Scanner can now detect multiple misconfigurations in GCP using a dedicated Google account set by Pentest-Tools.
Exploit for CVE-2023-3224 (RCE in Nuxt)
Sniper can exploit a RCE vulnerability discovered in Nuxt (CVE-2023-3224).
RCE
CVE
Detection for CVE-2023-29300, CVE-2023-29298 (Adobe Coldfusion), CVE-2023-36934 (MOVEit)
Network Scanner can now detect if CVE-2023-29300, CVE-2023-29298 (Adobe Coldfusion) and CVE-2023-36934 (MOVEit) affect your targets.
CVE
Exploit for CVE-2022-24990 (RCE in TerraMaster NAS)
Sniper can exploit a RCE vulnerability discovered in TerraMaster NAS (CVE-2022-24990).
RCE
CVE
25% faster Website scanner
We added some caching to the Passive Scanner to avoid repeating some heavy computations. The overall scan duration can decrease by up to 25%, according to our testing.
XXE Detector
The Website Scanner can now detect in-band file-inclusion vulnerabilities via XML External Entities and XInclude directives.
Exploit for CVE-2023-2825 (Path Traversal in GitLab)
Sniper can exploit a Path Traversal vulnerability discovered in GitLab (CVE-2023-2825).
CVE