Pentest-Tools Blog

Articles, news, tips and tricks from pentesting and infosec

Common SQL Injection Attacks

SQL Injection attacks are still a threat to current web applications, despite their long history. In this article we discuss the most common SQL Injection attack techniques with concrete examples from DVWA (Damn Vulnerable Web Application).

Read more

Exploiting OGNL Injection in Apache Struts

Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.

Read more

Inside Nmap, the world’s most famous port scanner

This article is a deep dive into how nmap works, in order to understand its internal structure and to master its functionality.

Read more

Pentest report writing in 5 minutes (Defcamp 2018 talk)

Tired of writing pentest reports? Let’s automate this and let you get back to hacking! Slides included.

Read more

Essential HTTP Headers for Securing Your Web Server

In this article we discuss the most important HTTP headers that you should configure on your web server in order to improve its security.

Read more

5 Practical Scenarios for XSS Attacks

Let’s explore a couple of practical attack scenarios that can be implemented as PoCs to prove the real risk of Cross-Site Scripting (XSS) vulnerabilities.

Read more