Ethical hacking & pentesting blog

Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.

Read the article titled detect-proxyshell-pentest-tools.com_.webp

Platform Updates

Detect ProxyShell (pre-auth Microsoft Exchange RCE) with Pentest-Tools.com

On-prem Microsoft Exchange servers have created a lot of work for IT and security specialists in the past months. In March, ProxyLogon left servers vulnerable to Server-Side Request Forgery through CVE-2021-26855, so we launched a dedicated scanner for it. In May, #proxynotfound popped up, so we integrated detection for it into our Network Vulnerability Scanner to make detection and reporting faster.

Andra Zaharia

Published at: 11 Aug 2021

3 min read

Read the article titled account-enumeration-tactics.webp

Security Research

6 techniques for account enumeration in a penetration test [demo included]

Enumeration is one of the essential tactics that help you gain a foothold in your target’s ecosystem. As a penetration tester, you can gain a lot of speed and prep your exploitation phase more thoroughly if you get enumeration right.

Cristian Cornea

Published at: 20 Jul 2021

9 min read

Read the article titled pentest-tools.com-june-updates.webp

Platform Updates

OWASP & CWE vuln classifcation added, wordlist limit increased, and more updates

This month we rolled out 5 platform improvements that streamline your pentests so you can do more of the work you most enjoy:

Ioana Rijnetu

Published at: 11 Jun 2021

3 min read

Read the article titled network-vulnerability-scanner-new-detection-module.webp

Platform Updates

Detect Microsoft Exchange RCE #proxynotfound with our Network Vulnerability Scanner

Running on-prem Microsoft Exchange servers? If you didn’t catch the NSA boilerplate announcement, there’s another batch of vulnerabilities to scan for – and we built what you need.

Andra Zaharia

Published at: 13 May 2021

2 min read

Read the article titled pentest-tools.com-april-updates.webp

Platform Updates

New modules, methods & payload - April updates

It’s been a busy month for us and we’re excited to share what we worked on!

Ioana Rijnetu

Published at: 23 Apr 2021

3 min read

Read the article titled detect-cve-2021-21972.webp

Security Research

How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)

The current, multi-layer setup big organizations run on is a challenge to manage and we both know that (it’s an understatement). And when a vulnerability like CVE-2021-21972 pops up, it reveals how messy the process of patching and mitigation can be.

Daniel Bechenea

Published at: 19 Apr 2021

7 min read

Read the article titled sensitive-data-exposure-vuln.webp

Platform Tutorials

How to detect Sensitive Data Exposure with Pentest-Tools.com

The best security specialists have a very strong grasp of fundamental vulnerabilities, the kind that pops up in every engagement.

Cristian Cornea

Published at: 14 Apr 2021

7 min read

Read the article titled detect-broken-authentication-with-pentest-tools.com_-1.webp

Platform Tutorials

How to detect broken authentication with Pentest-Tools.com

OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

Cristian Cornea

Published at: 07 Apr 2021

9 min read

Read the article titled full-website-vulnerability-assessment.webp

Platform Tutorials

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Daniel Bechenea

Published at: 31 Mar 2021

12 min read

Platform Updates

Run laser-focused scans with these 5 platform updates

This month we roll out 5 fresh updates worth trying. Why?

Ioana Rijnetu

Published at: 22 Mar 2021

3 min read

Read the article titled detect-injection-flaws-with-pentest-tools.com_.webp

Platform Tutorials

How to detect injection flaws with Pentest-Tools.com

Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

Cristian Cornea

Published at: 19 Mar 2021

11 min read

Read the article titled 4-platform-improvements-added-pentest-tools.com_.webp

Platform Updates

4 platform updates you need to know about

It’s been an intense start to the New Year and we’re excited to share what we worked on! These 4 platform improvements are all about streamlining your workflow, so you can focus on the important tasks.

Ioana Rijnetu

Published at: 21 Feb 2021

2 min read