Home Platform updates Detect & exploit the latest CVEs + more automation updates

Detect & exploit the latest CVEs + more automation updates

by Ioana Rijnetu

Reading time

3 minutes

Reading Time: 3 minutes

Great and getting even better” is what we commit to with each monthly update we roll out on Pentest-Tools.com.

So here are 6 fresh updates we deployed to make your security testing flow a lot easier, more flexible, and more efficient:

  1. Detect 4 new, high-risk CVEs with the Network Scanner
  2. Exploit 3 critical CVEs with Sniper Automatic Exploiterin <2 minutes
  3. Control the requests/seconds limit in the Website Scanner
  4. Automatically validated Website Scanner findings get a Confirmed tag
  5. Clone pentest robots on Pentest-Tools.com
  6. Manually reset your Pentest-Tools.com API key

Let’s dive into specifics!

1. Detect 4 widespread CVEs with the Network Scanner

Our vulnerability research team worked around the clock to embed new detection modules for the latest high-impact vulnerabilities.

Run our Network Vulnerability Scanner against your targets and check for:

  • the critical VMware RCE vulnerability in the vCenter server – CVE-2021-21985
  • entry points for the Microsoft Exchange Server RCE (ProxyOracle) – CVE-2021-31195
  • the SSRF vulnerability in the VMware’s vRealize Operations Manager API  – CVE-2021-21975
  • unauthenticated events in the Modern Events Calendar Lite WordPress plugin – CVE-2021-24146

Use the Full Scan option from the Network Vulnerability Scanner with OpenVAS and get a ready-to-use report with detailed findings.

2. Automatically exploit & confirm 3 critical CVEs with Sniper

If you haven’t tried it yet, take this chance to see how Sniper Automatic Exploiter validates, exploits, and does post-exploitation in under 2 minutes for the most recent critical vulns.

Automatically run a full exploitation sequence on your targets and get validation for:

  • the RCE vulnerability in VMware’s vCenter servers – CVE-2021-21972 
  • the OGNL injection RCE in Atlassian’s Confluence servers – CVE-2021-26084
  • the unauthenticated OMIGOD RCE vulnerability in multiple Azure Linux machines CVE-2021-38647, among a dozen other widespread security flaws.

Try Sniper now

3. Limit the number of requests/second with the Website Scanner

You now have the option to control the maximum number of requests per second you make with the Website Scanner.

Go to Website Vulnerability Scanner, add your URL target, select Engine options, and choose Limits. From there, you can set a maximum of 10.000 requests/second.

Here’s what it looks like:

 

4. Automatically validated Website Scanner findings get a Confirmed tag

When you scan your targets with our proprietary Website Scanner, the discovered findings are automatically validated and get a specific tag.    

Each finding is marked as Confirmed so you can easily select the interesting ones to include in the final pentest report.

Check it out:

 

5. Clone a predefined or a custom pentest robot

If you’re a heavy user of our pentest robots automation feature, you can now clone a predefined pentest robot or any of the robots you’ve already built.

Go to your pentest robot, click on the Clone button from the Actions tab, and use it in your engagements as you need – edit it, improve it or share it with your team.

Clone a robot

6. Manually reset the API key authentication on your account

From your Pentest-Tools.com account, you can now reset your API key manually.

To do this, go to My Account, select Plan details, and click on the Reset API key button.

Log in to use the updates

Before you go

We added 6 new auto-exploitation and detection modules in Sniper and our Network Scanner in the last month alone and the pace is picking up.

Do you want to find out when we launch new ones without waiting for the monthly platform updates? Get an email notification the moment new CVEs get integrated into Pentest-Tools.com.  

Sign me up

 

Related Posts

Pentest-Tools.com july-august updates

Detect critical CVEs, scan stats + more updates

Detect ProxyShell Pentest-Tools.com

Detect ProxyShell (pre-auth Microsoft Exchange RCE) with Pentest-Tools.com

0 comments

Comments

Subscribe to our Platform Updates

Please select how you would like to hear from Pentest-Tools.com:

Unsubscribe any time by clicking the link in the footer of our emails.
For information about our privacy practices, please visit https://pentest-tools.com/.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing.
Learn more about Mailchimp's privacy practices here.

View previous campaigns.