Home Platform updates [New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com

[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com

by Ioana Rijnetu
Reading Time: 2 minutes

Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful!

To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.

1. Discover vulnerable Windows hosts with our SMBGhost Vulnerability Scanner

The SMBGhost scanner we developed checks the SMB version of the target to identify if your Windows hosts are affected by the Microsoft SMBGhost vulnerability (CVE-2020-0796).  

The vulnerability exists in Microsoft SMBv3.1.1 protocol and impacts all machines that run Windows 10 and Windows Server. When successfully exploited, the hacker can execute arbitrary code on the vulnerable target machine or crash the host with the BSOD error. 

You can read more about the SMBGhost vulnerability in our dedicated blog article. 

Here’s how a SMBGhost Vulnerability sample report looks like:

smbghost vulnerability scanner report

 

 

 

 

 

 

 

 

 

 

 

 

 

Detect and report SMBGhost fast and get a full report of the vulnerability, including description, evidence, risk, and recommendations for fixing it. 

 Try the new SMBGhost scanner

2. Detect vulnerable Tomcat servers with our GhostCat Vulnerability Scanner

The GhostCat scanner, our second new tool on Pentest-Tools.com, detects vulnerable Apache Tomcat servers affected by CVE-2020-1938 by trying to read the file WEB-INF/web.xml from the web root of the server via the AJP connector.

Check out this sample report of the Pentest-Tools.com GhostCat scanner results:

ghostcat vulnerablity scanner report

The GhostCat vulnerability (CVE-2020-1938) exists in the Apache JServ Protocol (AJP) and impacts Apache Tomcat servers versions 6.x, 7.x, 8.x, and 9.x.

Whether you’re a sysadmin or a security consultant, you can use the GhostCat scanner to perform easy security tests and detect if your Apache Tomcat servers are affected. 

Try the new GhostCat scanner 

If you’d like to learn more about Pentest-Tools.com or find quick answers to your questions, explore our support center or send us an email at support@pentest-tools.com

0 comment

Related Posts

Leave a Comment