Practical Examples

How to perform authenticated website scans with Pentest-Tools.com

This article shows how to scan a web application that requires authentication using the Website Vulnerability Scanner tool.

Author(s)

Cristin Sirbu

Published at: 06 Oct 2023

10 Practical scenarios for XSS attacks

Let’s delve into these 10 practical attack scenarios with actionable examples that highlight the real risk of cross-site scripting (XSS) vulnerabilities.

Author(s)

Published at: 07 Jul 2023

How to conduct a full network vulnerability assessment

The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.

Author(s)

Daniel Bechenea

Published at: 24 Aug 2022

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)

More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).

Author(s)

Stefan Iridon

Published at: 25 Jan 2022

How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions

We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.

Author(s)

Adrian Furtuna

Published at: 17 Dec 2021

How to detect the Zoho ManageEngine ADSelfService Plus RCE (CVE-2021-40539)

Overwhelmed by so many high-risk vulnerabilities that emerge? Thousands of them are disclosed every year and 2021 is no exception. Systems are complex, cyber attacks get more sophisticated, and patching is still a challenge for many organizations. As infosec pros, it’s our responsibility to help companies (and individuals) understand the real implications and impact of a critical vulnerability and help them find it before it gets worse.

Author(s)

Catalin Filip

Published at: 13 Dec 2021

6 techniques for account enumeration in a penetration test [demo included]

Enumeration is one of the essential tactics that help you gain a foothold in your target’s ecosystem. As a penetration tester, you can gain a lot of speed and prep your exploitation phase more thoroughly if you get enumeration right.

Author(s)

Cristian Cornea

Published at: 20 Jul 2021

How to detect Sensitive Data Exposure with Pentest-Tools.com

The best security specialists have a very strong grasp of fundamental vulnerabilities, the kind that pops up in every engagement.

Author(s)

Cristian Cornea

Published at: 14 Apr 2021

How to detect broken authentication with Pentest-Tools.com

OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

Author(s)

Cristian Cornea

Published at: 07 Apr 2021

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Author(s)

Daniel Bechenea

Published at: 31 Mar 2021

Run laser-focused scans with these 5 platform updates

This month we roll out 5 fresh updates worth trying. Why?

Author(s)

Ioana Rijnetu

Published at: 22 Mar 2021

How to detect injection flaws with Pentest-Tools.com

Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

Author(s)

Cristian Cornea

Published at: 19 Mar 2021