Home Platform updates Detect critical CVEs, scan stats + more updates

Detect critical CVEs, scan stats + more updates

by Ioana Rijnetu

Reading time

3 minutes

Reading Time: 3 minutes

If you’ve had an intense summer, that makes two of us. We worked hard to roll out new and helpful updates, so let’s break them down:

  1. Detect 4 critical & high-risk CVEs with the new Network Scanner modules
  2. Control the delay between requests & recursion options in the URL Fuzzer
  3. Get scan stats with the new Website Scanner
  4. Run scheduled scans on demand
  5. Use the HTTP Request Logger through our API 
  6. Add targets using the CIDR notation
  7. Enable more enumeration options in the WordPress Scanner

Let’s unpack them!

1. Detect 4 crucial CVEs with the new detection modules we built from scratch

When you run our Network Vulnerability Scanner against your targets, they’ll also check them for:

Use the Full Scan option from the Network Vulnerability Scanner with OpenVAS and see the scan results in Findings.

2. Control the delay between requests and use recursive searches with the URL Fuzzer

You now have the option to control the delay between the HTTP requests you make with the URL Fuzzer. To exponentially increase the delay, make sure to add up to 120 retry delays/request.

If you need to validate payloads with the URL Fuzzer, you can now automatically run recursive searches inside all the directories you’ve already discovered.  

Go to URL Fuzzer, add your URL target, select Payload options, and enable Recursion. You can set a maximum of 3 recursion depth levels/payload.

Here’s a snapshot of these two options:

 

3. Get specific scan stats about your targets with the new Website Scanner

Scan results for our new Website Scanner come with a richer summary section! 

When you scan your URL target with our proprietary Website Scanner, you get detailed, specific scan stats such as URLs spidered, the total number of HTTP requests, error count, injection points detected, and more.

Check it out:

 

 4. Run scheduled scans on demand

Another improvement we added is the option to run a scheduled scan whenever you need to.

To keep your work flexible and productive, select Scheduler from the Dashboard, select a Tool name and Run a specific scan.

 

5. API support available for the HTTP Request Logger

This latest platform update allows you to programmatically create HTTP handlers through the API. Using specific parameters, you can automate scanning and save invaluable time.

6. Add targets using the CIDR notation

On Pentest-Tools.com we now support the CIDR (Classless Inter-Domain Routing) notation, which lets you add your IP targets accordingly (e.g: 192.168.1.0/24).

7. More enumeration options available in the WordPress Scanner 

The WordPress Vulnerability Scanner can now search for config backups, database exports, or TimThumbs! 

Add your URL target and select specific enumeration options to uncover juicy findings in WordPress sites.

 

Log in to use the updates

Related Posts

Detect ProxyShell Pentest-Tools.com

Detect ProxyShell (pre-auth Microsoft Exchange RCE) with Pentest-Tools.com

Pentest-Tools.com June updates

OWASP & CWE vuln classifcation added, wordlist limit increased, and more updates

0 comments

Comments

Subscribe to our Platform Updates

Please select how you would like to hear from Pentest-Tools.com:

Unsubscribe any time by clicking the link in the footer of our emails.
For information about our privacy practices, please visit https://pentest-tools.com/.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing.
Learn more about Mailchimp's privacy practices here.

View previous campaigns.