Platform updates

OWASP & CWE vuln classifcation added, wordlist limit increased, and more updates

Publisher
Pentest-Tools.com
Updated at

This month we rolled out 5 platform improvements that streamline your pentests so you can do more of the work you most enjoy:

1. Website Scanner findings – OWASP 2013/2017 & CWE vuln info added

2. Wordlists limit increased: add more lists with 5X more words each

3. NEW: the Password Auditor now supports NTLM authentication

4. Filter URL Fuzzer results based on customer matches

5. Custom request timing options with the URL Fuzzer

Let’s unpack them!

1. Website Scanner findings include OWASP 2013/2017 & CWE vuln info

The findings’ descriptions you get from our Website Scanner now include the class of OWASP Top 10 of 2013 and 2017 they’re part of and their assigned CWE number.

To see this info, go to Findings and select the ones you need to see more details. You can also visualize it from Scans, where you check the scan results of your target. Just click on the Details to see the Classification.  

Remember you can automatically pull these details in your reports when you choose which Findings to include in them.

vulnerability CWE details

Scan results classification details

2. Wordlist limit now increased up to 50.000 words

Good news! We increased wordlist limits from 10.000 words to 50.000 words. You can now add even more words (usernames, passwords, config files, etc.) to test against your targets from your Pentest-Tools.com account. 

For each wordlist you create, you can include up to 50.000 words, where each word has a maximum length of 200 characters.

Use default wordlists we provide or add your own for faster, smoother pentests.

Create your wordlist

3. The Password Auditor now supports NTLM authentication

We also improved the Password Auditor by adding support for the NTLM (New Technology LAN Manager) authentication protocol.

Authentication through NTLM uses a challenge-response protocol and, as a form of Single Sign-On (SSO), does not require users to send unprotected passwords over the network.

4. Filter URL Fuzzer results based on custom matches

Another improvement we made is the option to automatically filter URL Fuzzer results based on the conditions you choose.

Depending on your engagement, you can now:

  • ignore or match certain HTTP codes

  • ignore or match if the HTML contains a string

  • ignore or match certain conditions for Response Size.

URL Fuzzer filter results

5. The URL Fuzzer now includes custom request timing options

We’ve also added a custom request option to the URL Fuzzer, which allows you to define specific timing for your HTTP requests.

When you go to URL Fuzzer, add your URL target, and select Timing, you can define the number of parallel requests the tool will run for you.

You can also set a maximum of 10 retries per request.

Here’s a snapshot of the new option:

URL Fuzzer - request options

Log in to use the updates

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account

Footer

© 2013-2025 Pentest-Tools.com

Deloitte Fast 500 EMEA 2023

One of EMEA's fastest-growing tech companies.

Recognized by Deloitte in their Fast 500 EMEA 2023 for sustained financial growth and impact.

48,000+ security folks are here. Are you?

Follow us on LinkedIn for practical offensive security tips, guides, and real talk.

More than demos - real faces, real insight.

Subscribe on Youtube to see our team demo the product, build PoCs, and share what drives us.

G2 x Gartner

Security leaders trust what they can prove

See why they choose accurate results, time-saving automation, and clear reporting on Gartner Peer Reviews and G2.