Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
![Read the article titled Delete scans through the API, edit scheduled scans, and more improvements](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fdelete-scans-api-platform-improvements%2Fnew-platform-updates-pentest-tools.com_.webp&w=1536&q=50)
![Read the article titled [New scanners] Find Associated Domains, Password Auditor, and 2 more new tools](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fnew-vulnerability-scanners-added%2Fnew-vulnerabilities-scanners-added-on-pentest-tools.com_.webp&w=1536&q=50)
[New scanners] Find Associated Domains, Password Auditor, and 2 more new tools
Vulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively.
- Author(s)
- Published at
- Updated at
![Read the article titled BlueKeep, the Microsoft RDP vulnerability - What we know so far](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fmicrosoft-rdp-vulnerability%2Fbluekeep-technical-breakdown-pentest-tools.com_.webp&w=1536&q=50)
BlueKeep, the Microsoft RDP vulnerability - What we know so far
BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.
- Author(s)
- Published at
- Updated at
![Read the article titled Analysis of a WordPress Remote Code Execution attack](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2F10.-analysis-of-a-wordpress-remote-code-execution-attack.png&w=1536&q=50)
Analysis of a WordPress Remote Code Execution attack
This article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the webserver. The article covers each exploitation step and HTTP request required for a successful attack.
- Author(s)
- Published at
- Updated at
![Read the article titled A faster, enhanced version of the advanced pentest reporting feature](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fimproved-pentest-reporting-feature%2Fupdated-pentest-reporting-feature-pentest-tools.com_..webp&w=1536&q=50)
![Read the article titled Exploiting OGNL Injection in Apache Struts](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fexploiting-ognl-injection-in-apache-struts%2Fexploiting-ognl-injection-apache-struts.webp&w=1536&q=50)
![Read the article titled An enhanced version of our Website Vulnerability Scanner](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fimproved-website-vulnerability-scanner%2Fupdated-website-vulnerability-scanner.webp&w=1536&q=50)
An enhanced version of our Website Vulnerability Scanner
To check the security of a web application or server, you need an automated scanner to save time spent on manual work. Our Website Vulnerability Scanner does that and much more (including detecting widespread vulnerabilities like Log4Shell)!
- Author(s)
- Published at
- Updated at
![Read the article titled Inside Nmap, the world’s most famous port scanner](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fnmap-port-scanner%2Fhow-to-use-nmap-to-scan-1.webp&w=1536&q=50)
![Read the article titled Pentest report writing in 5 minutes (Defcamp 2018 talk)](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fpentest-report-generator-defcamp-2018%2Fwrite-pentest-report-in-5-minutes.webp&w=1536&q=50)