Platform updates

[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with

Updated at
Article tags

Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful!

To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on

1. Discover vulnerable Windows hosts with our SMBGhost Vulnerability Scanner

The SMBGhost scanner we developed checks the SMB version of the target to identify if your Windows hosts are affected by the Microsoft SMBGhost vulnerability (CVE-2020-0796).

The vulnerability exists in Microsoft SMBv3.1.1 protocol and impacts all machines that run Windows 10 and Windows Server. When successfully exploited, the hacker can execute arbitrary code on the vulnerable target machine or crash the host with the BSOD error.

You can read more about the SMBGhost vulnerability in our dedicated blog article.

Here’s how a SMBGhost Vulnerability sample report looks like:

smbghost vulnerability scanner reportDetect and report SMBGhost fast and get a full report of the vulnerability, including description, evidence, risk, and recommendations for fixing it.

Try the new SMBGhost scanner

2. Detect vulnerable Tomcat servers with our GhostCat Vulnerability Scanner

The GhostCat scanner, our second new tool on, detects vulnerable Apache Tomcat servers affected by CVE-2020-1938 by trying to read the file WEB-INF/web.xml from the web root of the server via the AJP connector.

Check out this sample report of the GhostCat scanner results:

ghostcat vulnerablity scanner report

The GhostCat vulnerability (CVE-2020-1938) exists in the Apache JServ Protocol (AJP) and impacts Apache Tomcat servers versions 6.x, 7.x, 8.x, and 9.x.

Whether you’re a sysadmin or a security consultant, you can use the GhostCat scanner to perform easy security tests and detect if your Apache Tomcat servers are affected. 

Try the new GhostCat scanner 

If you’d like to learn more about or find quick answers to your questions, explore our support center or send us an email at

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Suggested articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account


© 2013-2024 has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn! has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.