Ethical hacking & pentesting blog

Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.

Read the article titled pentest-tools-1.png

Events

Pentest-Tools.com to participate at Black Hat Europe 2019

Pentest-Tools.com will be exhibiting at Black Hat Europe 2019. Join us in December for one of the biggest cybersecurity events and come to meet the Pentest-Tools.com team.

Ioana Rijnetu

Published at: 28 Aug 2019

2 min read

Read the article titled new-platform-improvements-available-pentest-tools.com_.webp

Platform Updates

Customized white label, website scanner improvements & other platform updates

Here are 7 platform improvements we deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting toolbox.

Ioana Rijnetu

Published at: 20 Aug 2019

3 min read

Platform Updates

Delete scans through the API, edit scheduled scans, and more improvements

Here are 5 platform improvements we’ve worked on in the current update to make Pentest-Tools.com a must-have asset for your pentesting toolkit.

Ioana Rijnetu

Published at: 30 Jul 2019

2 min read

Read the article titled new-vulnerabilities-scanners-added-on-pentest-tools.com_.webp

Platform Updates

[New scanners] Find Associated Domains, Password Auditor, and 2 more new tools

Vulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively.

Ioana Rijnetu

Published at: 25 Jul 2019

3 min read

Read the article titled bluekeep-technical-breakdown-pentest-tools.com_.webp

Vulnerabilities

BlueKeep, the Microsoft RDP vulnerability - What we know so far

BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.

Ioana Rijnetu

Published at: 23 Jul 2019

7 min read

Read the article titled sql-injection-magento-sqlmap.webp

Security Research

Exploiting SQL Injection in Magento Using Sqlmap

In this article we show a new method of exploiting the critical SQL Injection vulnerability in Magento (CVE-2019-7139), using the well known SQLMap tool.

Alexandru Postolache

Published at: 14 Jun 2019

10 min read

Read the article titled website-vulnerability-scanner-security-assessment.webp

Platform Tutorials

How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com

Let’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com.

Adrian Furtuna

Published at: 24 May 2019

5 min read

Read the article titled managed-penetration-testing-services-launched.webp

Platform Updates

Announcing our managed pentesting services for web applications

Checking for vulnerabilities and how attackers could exploit them provide valuable insights on how you can improve your company’s security posture.

Ioana Rijnetu

Published at: 23 May 2019

2 min read

Read the article titled wordpress-remote-code-execution-attack-pentest-tools.com_.webp

Security Research

Analysis of a WordPress Remote Code Execution Attack

This article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the webserver. The article covers each exploitation step and HTTP request required for a successful attack.

Razvan Ionescu

Published at: 21 May 2019

9 min read

Vulnerabilities

Common SQL Injection Attacks

SQL Injection attacks are still a threat to current web applications, despite their long history. In this article, we discuss the most common SQL Injection attack techniques with concrete examples from DVWA (Damn Vulnerable Web Application).

Satyam Singh

Published at: 23 Apr 2019

13 min read

Read the article titled updated-pentest-reporting-feature-pentest-tools.com_..webp

Platform Updates

A faster, enhanced version of the Advanced Pentest Reporting feature

Writing a pentest report about the results of your vulnerability assessment doesn’t have to be a difficult, time-consuming task.

Ioana Rijnetu

Published at: 15 Mar 2019

2 min read

Read the article titled exploiting-ognl-injection-apache-struts.webp

Security Research

Exploiting OGNL Injection in Apache Struts

Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.

Ionuț Popescu

Published at: 14 Mar 2019

24 min read