- Updated at
What you're about to see is a blend of worn-out keyboards, stubborn research, gallons of coffee, and a dash of frustration, all catalyzed by listening closely to what you, our customers, really want.
Mix all of these and you get more than a product, more than a team that’s growing a company on its own terms.
You get a sidekick who wants to see you succeed, whether you’re looking to get a promotion, build your own business, or learn the ropes as a new member of the team.
Let’s see what was good in 2023!
Top 5 launches on Pentest-Tools.com in 2023
We rolled out hundreds of improvements through our monthly updates this year, but let’s boil them down to our top five:
1. New tool: the API Vulnerability Scanner
In April, the powerful API Vulnerability Scanner went live - a tool our team developed to help you analyze and optimize API endpoints for reliability, and security.
Built on the success of our custom Website Vulnerability Scanner, this tool delivers precise vulnerability detection and actionable insights for your APIs.
Here’s our colleague, Mihai, who worked on the API Scanner, unpacking what it does - and how:
2. New tool: the Cloud Vulnerability Scanner
In June, we launched the Cloud Vulnerability Scanner, which uses proprietary, up-to-date detectors developed in-house to assess targets across multi-cloud environments (AWS, GCP, Azure) – both from the outside and from within.
Hundreds of customers have used it since to discover and report exploitable vulnerabilities and misconfigs, bucket owners and users, interesting files in AWS S3 buckets (wp-config, backup, keys, etc.), and more.
Carina and Ioana, who also presented the research behind this tool at DefCamp 2023, explain how it works:
3. New detections: 50 custom exploitation modules
In 2023, our research team developed 50 new exploitation modules for critical, complex CVEs that affect key technologies used worldwide.
These modules both provide precise detection through our Network Vulnerability Scanner and extract proof for validation through Sniper Auto-Exploiter.
This list of vulnerabilities includes exploits for:
CVE-2023-4966 aka Citrix Bleed, the Citrix NetScaler Memory Leak
CVE-2023-22515 - the Atlassian Confluence authentication bypass
CVE-2023-20273 - the RCE in Cisco IOS XE
CVE-2023-0669 - the RCE in GoAnywhere MFT
CVE-2023-46747 - the BIG-IP RCE
CVE-2023-29357 - the Microsoft Sharepoint authentication bypass, and many more.
Here’s David showcasing how one of these automatic exploits work vs manual exploitation:
4. New detection engine: the Network Scanner also uses Nuclei
Our security research team also gives back: it contributes to official Nuclei templates by improving and adding descriptions, as well as fixing false positives.
The Network Vulnerability Scanner also got a lot stronger this year with detectors we developed in-house for Rapid Reset, the MOVEit Transfer SQL Injection (CVE-2023-34362 ), and the notorious Exim RCE (CVE-2023-42115), and many others.
5. New free resource: vulnerable apps to test on Pentest-Ground.com
We know how difficult it is to find vulnerable apps you can hit again and again. So we built one - and launched it in August!
Pentest Ground simulates a realistic vulnerable system exposed to the internet, so you can use it to:
test your tools against vulnerable web apps and network services
try out your skills in detecting and exploiting CVEs in various technologies
teach others offensive security techniques.
Pentest Ground is free to use without authentication and deliberately includes vulnerabilities in technologies such as GraphQL, Redis, WebLogic, and more.
There’s one more, BIG bonus update at the end of the article. But don’t skip to it just yet!
1 scan every 6s in 2023 (and more Pentest-Tools.com numbers)
In 2023, our customers got over 7.5 million findings from more than 5 million scans. That’s 1 scan every 6 seconds!
They saved invaluable time with over 1.5 million scheduled scans and by running almost 680.000 scans through our API.
And they also enjoyed focused automation with over 470.000 scans executed with pentest robots. They preferred the:
Website Scanner - All Ports pentest robot
Network Scanner - Full (domain) pentest robot
Log4Shell Detector (CVE-2021-44228) pentest robot
Treasure Hunter (host) pentest robot
Full WordPress Scan pentest robot
Using the findings and results they got from our tools, customers downloaded almost 64.000 reports in their preferred formats: PDF, customizable DOCX, HTML, XLSX, CSV, and JSON.
Now let’s talk about the top tools they used to make this happen.
Top most used pentesting tools in 2023 - free and paid
Out of the 20+ penetration testing tools on the platform, our customers constantly relied on these 10 to do their job - and knock it out of the park:
Top paid pentest tools on the platform
Network Vulnerability Scanner - over a million scans!
TCP Port Scanner - almost 900.000 scans
Website Vulnerability Scanner - almost 650.000 scans
And when it comes to our free arsenal, over 1 million people turned to these free pentest tools to level up their projects:
Top free pentest tools on the platform
Website Vulnerability Scanner - with over 550.000 free scans
TCP Port Scanner - with almost 400.000 free scans
Subdomain Finder - with over 230.000 free scans
Keep in mind these are the numbers until now, and 2023 isn’t over yet!
We spent a lot of time this year beefing up our platform under the hood so it can successfully run the new features we’re launching in 2024, so keep an eye out for what’s coming!
Top 5 most read pentesting guides on the blog in 2023
We cast our net far and wide to extract practical wisdom from our team members and the offensive security community.
Your reading preferences showed us, once again, that your appetite for specific methods to elevate your work - and thinking - are what you need.
In November we also launched the We think we know podcast, a great resource to expand your mindset and skills with input from some of the best hackers in the world:
Top “what you can do with Pentest-Tools.com” videos in 2023
Because tools are only as powerful as how you use them, we created more guides about how to max out Pentest-Tools.com. (We’re doubling down on this next year!)
In June we also started doing monthly video updates - along with the email versions our customers get. Options - you got ‘em!
2023 events and community support
OffensiveCon 2023 in Berlin
Supporting and sponsoring OffensiveCon 2023 this year was a thrilling deep-dive into the world of ethical hacking and vulnerability research!
Some of the key moments for us include:
watching Dave Aitel deliver an awe-inspiring keynote, delving deep into the pivotal role of ethical hackers in today's ecosystem
spotting a fellow enthusiast proudly donning a Pentest-Tools.com T-shirt he got at DefCamp 2022, featuring one of our most beloved taglines
exchanging greetings with the legendary Marc Rogers from DEF CON
personally experiencing Yarden Shafir's remarkable teaching abilities
meeting fellow ethical hackers with exceptional talent, experience, and focus.
OffensiveCon was an immersive experience that not only stayed true to hacker culture but also provided unrivaled exposure to cutting-edge vulnerability research.
If you're interested in this space or actively work in offensive security, we encourage you to make attending this event an absolute priority in 2024!
DefCamp #13 in Bucharest
DefCamp is always one of the best opportunities to reconnect with the cybersecurity community!
From meeting old friends and making new ones to levelling up with top-notch research from all over the world - it’s an unmissable event.
We joined speakers and attendees from 40 countries both on-stage and off, we talked to dozens of peers and demonstrated the cool stuff we've been building, and gave away a lot of cool, exclusive merch.
It’s been a pleasure to sponsor this event for years and definitely a streak we intend to keep!
Bonus: we launched our free plan!
If you’re one of the 1 million+ people who use our free tools every year and ever wanted to:
see all of them in the same place
keep a list of assets to scan
store your results for up to 30 days
and run 2 scans in parallel
Now’s your chance!
We’ve made this happen with our free plan for which anyone can sign up!
A free account gives you access to our arsenal of tools and features - with some limitations, of course.
Let’s dig deeper, pop shells, and have fun in 2024!
And there you have it - a rollercoaster of a year at Pentest-Tools.com!
Thanks for joining us on this hack-tastic journey.
Here's to more exploits, more coffee, and yes, even more keyboard wear in 2024.
Until then, have a peaceful end of your year!