Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
![Read the article titled 6 techniques for account enumeration in a penetration test [demo included]](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Faccount-enumeration-techniques-pentesting%2Faccount-enumeration-tactics.webp&w=1536&q=50)
6 techniques for account enumeration in a penetration test [demo included]
Enumeration is one of the essential tactics that help you gain a foothold in your target’s ecosystem. As a penetration tester, you can gain a lot of speed and prep your exploitation phase more thoroughly if you get enumeration right.
- Author(s)
- Published at
- Updated at
![Read the article titled OWASP & CWE vuln classifcation added, wordlist limit increased, and more updates](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fowasp-cwe-vuln-classification-wordlist-june-updates%2Fpentest-tools.com-june-updates.webp&w=1536&q=50)
![Read the article titled Detect Microsoft Exchange RCE #proxynotfound with our Network Vulnerability Scanner](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fdetect-proxynotfound-remotely%2Fnetwork-vulnerability-scanner-new-detection-module.webp&w=1536&q=50)
Detect Microsoft Exchange RCE #proxynotfound with our Network Vulnerability Scanner
Running on-prem Microsoft Exchange servers? If you didn’t catch the NSA boilerplate announcement, there’s another batch of vulnerabilities to scan for – and we built what you need.
- Author(s)
- Published at
- Updated at
![Read the article titled New modules, methods & payload - April updates](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fnew-modules-methods-payload-april-updates%2Fpentest-tools.com-april-updates.webp&w=1536&q=50)
![Read the article titled How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fvmware-rce-cve-2021-21972%2Fdetect-cve-2021-21972.webp&w=1536&q=50)
How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)
The current, multi-layer setup big organizations run on is a challenge to manage and we both know that (it’s an understatement). And when a vulnerability like CVE-2021-21972 pops up, it reveals how messy the process of patching and mitigation can be.
- Author(s)
- Published at
- Updated at
![Read the article titled How to detect sensitive data exposure with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fdetect-sensitive-data-exposure.png&w=1536&q=50)
![Read the article titled How to detect broken authentication with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fdetect-broken-authentication.png&w=1536&q=50)
![Read the article titled How to do a full website vulnerability assessment with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fhowto-web-vulnerability-assessment-with-pentest-tools%2Ffull-website-vulnerability-assessment.webp&w=1536&q=50)
How to do a full website vulnerability assessment with Pentest-Tools.com
As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!
- Author(s)
- Published at
- Updated at
![Read the article titled Run laser-focused scans with these 5 platform updates](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Frun-scans-5-platform-updates%2F5-platform-updates-pentest-tools.com_.webp&w=1536&q=50)
![Read the article titled How to detect injection flaws with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fdetect-injection-flaws.png&w=1536&q=50)
![Read the article titled 4 platform updates you need to know about](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2F4-platform-updates-security-testing-effective%2F4-platform-improvements-added-pentest-tools.com_.webp&w=1536&q=50)
![pentest robots](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fpentest-robots-automation-feature%2Fpentest-robots-feature-launch-at-black-hat-europe-.webp&w=1536&q=50)
Pentest Robots - rocket fuel for pentesters, not their replacement
Let me say this from the start: full automation is the wrong approach for scaling penetration testing. The whole “machines will replace humans” view doesn’t sit well with us. It’s too simplistic and it fails to capture the complexity and depth involved in security testing and the larger information security ecosystem. So how come we launched pentest robots - an automation feature - at Black Hat Europe 2020?
- Author(s)
- Published at
- Updated at