Home Platform updates [New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com

[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com

by Ioana Rijnetu

Reading time

2 minutes

Reading Time: 2 minutes

Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful!

To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.

1. Discover vulnerable Windows hosts with our SMBGhost Vulnerability Scanner

The SMBGhost scanner we developed checks the SMB version of the target to identify if your Windows hosts are affected by the Microsoft SMBGhost vulnerability (CVE-2020-0796).

The vulnerability exists in Microsoft SMBv3.1.1 protocol and impacts all machines that run Windows 10 and Windows Server. When successfully exploited, the hacker can execute arbitrary code on the vulnerable target machine or crash the host with the BSOD error.

You can read more about the SMBGhost vulnerability in our dedicated blog article.

Here’s how a SMBGhost Vulnerability sample report looks like:

smbghost vulnerability scanner report

Detect and report SMBGhost fast and get a full report of the vulnerability, including description, evidence, risk, and recommendations for fixing it.

 Try the new SMBGhost scanner

2. Detect vulnerable Tomcat servers with our GhostCat Vulnerability Scanner

The GhostCat scanner, our second new tool on Pentest-Tools.com, detects vulnerable Apache Tomcat servers affected by CVE-2020-1938 by trying to read the file WEB-INF/web.xml from the web root of the server via the AJP connector.

Check out this sample report of the Pentest-Tools.com GhostCat scanner results:

ghostcat vulnerablity scanner report

The GhostCat vulnerability (CVE-2020-1938) exists in the Apache JServ Protocol (AJP) and impacts Apache Tomcat servers versions 6.x, 7.x, 8.x, and 9.x.

Whether you’re a sysadmin or a security consultant, you can use the GhostCat scanner to perform easy security tests and detect if your Apache Tomcat servers are affected. 

Try the new GhostCat scanner 

If you’d like to learn more about Pentest-Tools.com or find quick answers to your questions, explore our support center or send us an email at support@pentest-tools.com

Related Posts

Pentest-Tools.com September platform updates 2021

Detect & exploit the latest CVEs + more automation updates

Pentest-Tools.com july-august updates

Detect critical CVEs, scan stats + more updates



Subscribe to our Platform Updates

Please select how you would like to hear from Pentest-Tools.com:

Unsubscribe any time by clicking the link in the footer of our emails.
For information about our privacy practices, please visit https://pentest-tools.com/.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing.
Learn more about Mailchimp's privacy practices here.

View previous campaigns.