Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com
For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.
- Author(s)
- Published at
- Updated at
![Read the article titled [New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fscanners-detect-smbghost-ghostcat%2Fsmbghost-and-ghostcat-scanners-pentest-tools.com_.webp&w=1536&q=50)
[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com
Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.
- Author(s)
- Published at
- Updated at
![Read the article titled [New enterprise feature] Add sub-users and share your Pentest-Tools.com plan](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fenterprise-feature-add-sub-users%2Fadd-sub-users-enterprise-feature-pentest-tools.com-2.webp&w=1536&q=50)
[New enterprise feature] Add sub-users and share your Pentest-Tools.com plan
Working on a security project is always better when your team is involved. That’s why you can now add multiple users to your Pentest-Tools.com account and share the plan with your team members. The new feature allows the account owner (the parent user) to create sub-users and share access to their account.
- Author(s)
- Published at
- Updated at
How to simulate phishing attacks with the HTTP Request Logger
As a penetration tester or a Red Team security consultant, you probably deal with lots of challenges when you want to simulate phishing attacks using social engineering techniques. Because our team’s goal is to make your job easier by providing the right tools, we’ve put together a hands-on guide you can use straight away!
- Author(s)
- Published at
- Updated at
API support for TCP Port Scan, API scans & more updates
Through our API integration, you can easily streamline and automate your pentesting tasks for better results. Because we know how important it is for your business, we’ve worked on improving our API system to become a fully programmable penetration testing platform for your specific needs. Here are 3 new API improvements we added in the current update
- Author(s)
- Published at
- Updated at
New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)
To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).
- Author(s)
- Published at
- Updated at
How to detect the SACK Panic vulnerability with Wireshark
The security team at Pentest-Tools.com has recently performed an in-depth analysis of the SACK Panic vulnerability (which was first disclosed in June 2019) to find out its exploitability against Linux machines. Throughout this research, we’ve identified a new method to detect vulnerable servers using Wireshark, the popular network traffic analyzer.
- Author(s)
- Published at
- Updated at
Black Hat Europe 2019 Highlights
We are extremely grateful and happy to find out how many users already know about our online platform each time we explore a new context. To know people around the world use Pentest-Tools.com on a daily basis to discover vulnerabilities in websites or networks drives us to achieve even more going forward. In this article, we share our recent experience at the Black Hat Europe 2019 conference and what we learned from it.
- Author(s)
- Published at
- Updated at
.webp&w=1536&q=50)
Capital One, CafePress, Suprema data breaches and their root causes
In this article, we discuss some of the most recent data breaches, what are their root causes, and how to better secure your most valuable personal information and other digital assets.
- Author(s)
- Published at
- Updated at
Analysis of recent Exim mail server vulnerabilities
For the past months, multiple critical vulnerabilities were found in Exim mail servers that could allow attackers to gain remote access and perform malicious activities: CVE-2019-16928, CVE-2019-15846, and CVE-2019-10149.
- Author(s)
- Published at
- Updated at
How to Perform Internal Network Scanning with Pentest-Tools.com
In this article, we show you how to scan hosts from your internal network using our security tools from Pentest-Tools.com. This is a new capability that we have recently added to our platform and it uses VPN tunnels to reach the internal networks.
- Author(s)
- Published at
- Updated at
