Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful!
To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.
1. Discover vulnerable Windows hosts with our SMBGhost Vulnerability Scanner
The SMBGhost scanner we developed checks the SMB version of the target to identify if your Windows hosts are affected by the Microsoft SMBGhost vulnerability (CVE-2020-0796).
The vulnerability exists in Microsoft SMBv3.1.1 protocol and impacts all machines that run Windows 10 and Windows Server. When successfully exploited, the hacker can execute arbitrary code on the vulnerable target machine or crash the host with the BSOD error.
You can read more about the SMBGhost vulnerability in our dedicated blog article.
Here’s how a SMBGhost Vulnerability sample report looks like:
Detect and report SMBGhost fast and get a full report of the vulnerability, including description, evidence, risk, and recommendations for fixing it.
2. Detect vulnerable Tomcat servers with our GhostCat Vulnerability Scanner
The GhostCat scanner, our second new tool on Pentest-Tools.com, detects vulnerable Apache Tomcat servers affected by CVE-2020-1938 by trying to read the file WEB-INF/web.xml from the web root of the server via the AJP connector.
Check out this sample report of the Pentest-Tools.com GhostCat scanner results:
The GhostCat vulnerability (CVE-2020-1938) exists in the Apache JServ Protocol (AJP) and impacts Apache Tomcat servers versions 6.x, 7.x, 8.x, and 9.x.
Whether you’re a sysadmin or a security consultant, you can use the GhostCat scanner to perform easy security tests and detect if your Apache Tomcat servers are affected.