Resources

Changelog

These are the latest updates we've made to our platform. If you have any questions about any of the updates you see below, please feel free to contact us!

Filter by

November 2024 Changes

  • Your next steps in web app scanning

    Our proprietary Website Vulnerability Scanner just got more powerful with these November updates:

    Validate with SQLi Exploiter button: Found an SQL Injection vulnerability? Validate it instantly in one click! Our SQLi Exploiter auto-fills details like HTTP methods, POST data, and test parameters.

    Insecure deserialization detection for Python-based applications in the scanner’s Active module. (‘Nough said!)

    Subdomain whitelisting for broader scan coverage. By default, we’re whitelisting "api", but you can customize your subdomain scanning under the Custom scan settings for even more control.

  • Monitor targets with scheduled scans in Free!

    You now have access to scheduled scans so it’s even easier to maintain regular monitoring routines. 

    Here’s how it works:

    • Set your preferred scans to run automatically on a weekly or monthly basis.

    • Set up scan diff email alerts to know when something changes. 

    [New in free] Monitor your targets for new vulnerabilities with Pentest-Tools.com
  • Network Scanner x Password Auditor

    Chaining our tools for more and better findings is our ultimate goal. 

    That’s why when the Network Vulnerability Scanner detects a login interface, you’ll now see a Scan with Password Auditor button.

    Click it and the scanner automatically fills in fields like target, ports, and service for faster weak credentials detection.


  • Prove these Palo Alto vulns with Sniper

    Not one month passes without adding new proof of exploitation to our proprietary offensive tool —  Sniper: Auto-Exploiter. 

    The tool can now exploit Authentication Bypass and Remote Code Execution vulnerabilities in Palo Alto Networks Expedition:

    • CVE-2024-0012 and CVE-2024-9474 (CVSSv3 9.8) - allow a remote attacker to bypass the authentication mechanism and compromise your internal network.

    Prove exploitation easily and integrate this update into your offensive workflows.

  • Use the Joomla Scanner through our API

    You asked, we listened! The Joomla Scanner is now part of our API, ready to use directly from your scripts.

  • Faster validation for AWS results

    The "How to reproduce" section in the Cloud Scanner findings now includes the AWS command so you can easily validate your results.

October 2024 Changes

  • NEW: Import your AWS targets with ease

    There’s a new cloud integration in your Pentest-Tools.com toolkit!

    Now you can easily import AWS targets to your account with a fast setup. 

    We’re constantly expanding our integrations to improve your pentesting workflow experience. If you have any preferred tool we should consider next, let us know!

  • Continuous monitoring made (even) easier

    First we introduced the scan diff notification, so you can easily track changes in your targets’ security posture.

    Now, we’ve made it even easier for you to set a complete monitoring flow for our Network & Website Vulnerability Scanners, Port Scanner, and Subdomain Finder.

    You just select your target(s) and follow the Monitor setup process. It’s that simple! 

    You’ll automatically get email alerts whenever there’s an update.

  • Even more detectors and findings for your network scans

    Our Network Scanner is constantly expanding its reach so you get the most from your precision network scans. 

    Detect these freshly added high-impact RCEs:

    • CVE-2024-47177 (CVSSv3 9) — RCE in CUPS, a standards-based, open-source printing system.

    • CVE-2024-28986 (CVSSv3 9.8) — RCE in SolarWinds Web Help Desk that allows an attacker to run commands on the host machine

    Get more detailed findings for:

    • misconfigured DNS (because it's always DNS!) SPF, DNS DMARC, and DNS DKIM records

    • a DNS Zone Transfer vulnerability

    Also, know what step your scan is at with real-time updates in the Network Scanner’s scan logs.

  • Fresh detectors & findings for your website scans, too!

    Our team also updated the Website Scanner's capabilities this past month so you have a more comprehensive view of your targets.

    You can:

    • detect insecure deserialization in PHP applications with the scanner’s Active module

    • automatically detect GraphQL as we’ve integrated our API Vulnerability Scanner’s test methods for this language 

    We’ve also added more extensive findings to your scan results. 

    The Website Scanner now:

    • creates a new finding with all the API endpoints it detects during crawling

    • fuzzes for Open API specifications, creates a new finding with any identified results, and even adds it into the Specification Spider

    • adds exposures and exposed-panels Nuclei templates to the Interesting files finding so you detect even more publicly accessible pages that should’ve been hidden.

    Plus, to make the overall scan results easier to navigate, we’re highlighting the request/response lines for all detectors, both passive and active.

  • New proof of exploitation for this RCE with Sniper

    Our proprietary offensive tool, Sniper: Auto Exploiter, has a wide range of available exploits — but we want to make it even more up to date.


    Use Sniper to extract the proof of exploitation for a critical Palo Alto Networks Expedition RCE (CVE-2024-9463, CVSSv3 9.8) that can allow an unauthenticated attacker to inject an OS Command using special characters and fully compromise your server.

  • Fresh AWS findings for the Cloud Scanner

    With the Cloud Vulnerability Scanner, you can assess targets across multi-cloud environments like AWS, GCP, or Azure from both within and the outside.

    There’s a fresh finding for it, too!

    Use our Cloud Scanner to detect the risk of data leaks because of a misconfiguration in your AWS bucket that gives a potential attacker public access to list your multipart uploads.

  • More wordlist translations in Subdomain Finder

    Our Subdomain Finder also has a new update to make your scan results more accurate.

    The tool now translates key entries from the Enumeration wordlist for languages from the top level domain (TLD) through the FindSubdomains alteration test.

September 2024 Changes

  • Fresh look, enhanced Reports

    There’s a fresh, new Reports section in Pentest-Tools.com for you to manage and download scan results, findings, and custom reports — all in one place.

    Yet, our fresh makeover comes with fresh improvements for faster and smoother reporting work:

    • Asynchronous report generation, so you don’t have to worry about getting stuck on the same screen while waiting for your files. Not even for larger ones. You’ll get an in-app alert as soon as the report is ready.

    • 30 days storage for all your reports. No need to regenerate or search for a specific report, we make sure they’re all in their right place.

    See how you can leverage the power of automation to streamline your client reports in this hands-on demo:

    Improved reporting in Pentest-Tools.com: streamline your workflow!
  • Get more from your Website Scanner results

    There’s a new module in the active capabilities of our proprietary Website Scanner: detection for insecure deserialization in .Net applications

    To make XSS and SQLi findings easier to navigate, we’ve also added a highlight directly in the request/response line containing the payload used in that detection.  

  • Clone multiple Findings at once for faster edits

    We’ve made Findings management even smoother so you don’t waste time on menial tasks. Now you can clone Findings in bulk with just a press of the button! Quick and easy. 

  • 7 new CVEs to check out with your Pentest-Tools.com toolkit!

    Detect these 2 high-risk CVEs with our powerful Network Vulnerability Scanner:

    • CVE-2024-5932 (CVSSv3 10) - this GiveWP Donation Plugin RCE can allow unauthenticated attackers to inject a PHP Object, gain full access, and compromise your server.

    • CVE-2023-43770 (CVSSv3 6.1) - this RoundCube Cross-Site Scripting vulnerability can lead to data theft, session hijacking, or defacement of the affected application.

    Get proof of exploitation for these 5 critical CVEs with our proprietary offensive tool, Sniper - Auto-Exploiter:

    • CVE-2024-29973 (CVSSv3 9.8) - RCE in Zyxel. Validate that an unauthenticated attacker can execute arbitrary commands on the device by exploiting improperly sanitized inputs in the "setCookie" endpoint.

    • CVE-2024-38856 (CVSSv3 9.8) - RCE in Apache OFBiz. Validate this RCE through an especially crafted HTTP POST request that allows an attacker to fully compromise your server. 

    • CVE-2024-4358 (CVSSv3 9.8) - Prove how an attacker can fully compromise your server with this RCE in Progress Telerik Report Server through an insecure XML deserialization.

    • CVE-2022-20705 (CVSSv3 9.8) and CVE-2022-20707 - Validate these Cisco Small Business RV Series RCE and Authentication Bypass vulnerabilities.

    • CVE-2024-5932 (CVSSv3 9.8) - assess the business risk of this GiveWP Donation Plugin RCE. 

August 2024 Changes

  • Monitor critical changes with scan diff notifications

    Scan diff for your scan results is finally here! We know you’ve been asking for it, so we’ve listened and delivered. 

    Available for port scanning, vulnerabilities, and subdomains, scan diff highlights new and updated findings compared to your previous scan on the same target within a set workspace. 

    • Use it for continuous monitoring of all targets in your workspace 

    • Get automatic notifications when anything changes, on your preferred channel (email, Slack, Teams, Discord, etc.)

    • Create an automatic scan baseline and use scheduled scans for easier tracking

    Master vulnerability monitoring with Scan Diff notifications! Here's how
  • Faster & better detection with our Website Scanner!

    We've increased the URL crawling speed by 30%, making the Website Scanner more efficient from start to finish. 

    Our proprietary web app scanner now uses parallelization when detecting cloud hosted URLs. Expect faster discovery, quicker scan completion, and more timely results

    We’ve also improved the tool’s passive detection method with: 

    • Disclosure of OS paths in the HTTP response

    • Detection for session tokens in the request URLs

  • Exploit selected CVEs with Sniper

    We're giving you even more control over our most powerful offensive security tool - Sniper Auto-Exploiter.

    You can now automatically get proof of exploitation for specific CVEs.

    Plus, our team developed new custom exploits for these critical CVEs:

    • CVE-2024-36401 (CVSSv3 9.8) - this GeoServer RCE can fully compromise your server and allow unauthenticated attackers to pivot to your internal network. 

    • CVE-2024-28995 (CVSSv3 7.5) - prove this Arbitrary File Read vulnerability found in SolarWinds Serv-U is exploitable.

    Don’t forget that, whenever we add new exploits in Sniper, it means our Network Scanner can also detect those CVEs for you.

    Want to see it in action? Here’s a practical demo on how Sniper works:

    How to get validation proof with Sniper Auto-exploiter
  • Tiny Network Scanner tweaks that protect your focus

    This month, we’ve fine-tuned the Network Vulnerability Scanner to handle details more efficiently, so you don’t lose focus with too much manual work:

    • Get end-of-life findings for Nmap-detected products and operating systems.

    • The “How to reproduce section” got tidier as we’ve moved the curl command from Nuclei here. 

  • Even more effective bruteforcing with our Password Auditor

    Find weak credentials with the Password Auditor and also get these effective operational improvements:

    • Informational findings for HTTP server-side errors now have screenshots to make them easier to check.

    • We’ve introduced scan logs for this tool, so you always know what scan is active at any given time.

  • Get these better looking Wordpress Scanner reports

    If you’re running the Wordpress Scanner to find core vulnerabilities, outdated plugins, and other critical issues, now you’ll see a lot of visual improvements to your findings.

    We’re always looking for ways to make our product easy on your eyes so you can find - and focus on - what’s important.

July 2024 Changes

  • Better detection with the Password Auditor

    Our Password Auditor expands its effectiveness and can now find weak credentials in a broader range of network services and web technologies:

    • We've improved the weak credentials checks on Joomla, Kibana, Grafana, Plesk, and Webmin.

    • Plus, bruteforce attacks with this tool now run in parallel for open services to speed up your workflow. 

  • Even more integrations for more focused security workflows

    Are you on the lookout for more efficiency in your workflows? (Who isn't, right?) 

    We've got a growing list of integrations so you run your security operations smoothly.

    Just added:

    • Discord - a popular request in our community! Get custom notifications for scan results, set different channels for specific alerts, and make sure everyone sees the relevant findings.

    • Vanta - another popular request! Use it to automatically get PDF reports from scheduled scans only straight to your Vanta account and make compliance operations a bit smoother.

    • You can now use the CLI version for our Website Vulnerability Scanner to set up vulnerability tests in your CI/CD flow.     


    Our colleague Mihai explains how to use it in this quick video: 

    Use automated GitHub Actions to test web app configurations & deployments for vulnerabilities
  • Faster, stronger DNS enumeration with the Subdomain Finder

    Wordlists got better in our Subdomain Finder!

    For the DNS Enumeration test, you now have a more comprehensive wordlist available for deep scans — created from the most popular 5000 names that our team of security researchers found.

  • Run precision network scans with new detectors and findings

    The Network Vulnerability Scanner is always expanding its reach and getting stronger for you.

     

    New CVEs you can now detect cover:

    • CVE-2016-7406 (CVSSv3 9.8) - RCE in Dropbear SSH. A remote attacker can execute arbitrary code via format string specifiers in the username or hostname argument and fully compromise the server.

    • CVE-2024-0692 (CVSSv3 8.8) - RCE in SolarWinds Security Event Manager. This vulnerability allows an attacker to abuse SolarWinds' service. 

    • CVE-2024-6387 (CVSSv3 8.1) - RegreSShion - the critical OpenSSH vulnerability and its technical details are still relevant, so you may want to get up to speed if you haven't had a chance.

    Other improvements to the Network Scanner include:

    • Get informational findings when a version-based engine doesn't return anything on a port, so you are aware of it.

    • Get end-of-life findings for products Wappalyzer detects.

    • Scan logs are now available to easily keep track of all your active scans.

  • New tool: Kubernetes Vulnerability Scanner

    Find security vulnerabilities and misconfigurations in your Kubernetes clusters - from reconnaissance (e.g. Node/Master cluster components) to initial access vulnerabilities (e.g. exposed Kubelet API critical endpoints, etc.).

    Light, deep, and custom scan settings let you control port ranges and even give you the option to emulate an authenticated adversary - if you have a service account token.

    Curious to see how we report findings? See a sample below or log in and check it out for yourself! 

  • Prove these 7 new critical CVEs are exploitable with Sniper

    Use our most powerful offensive tool, Sniper Auto-Exploiter, to exploit the following 7 newly added critical CVEs:   

    • CVE-2020-3250 (CVSSv3 9.8) - this REST API vulnerability in the Directory Traversal in Cisco UCS Director allows an unauthenticated remote attacker to get sensitive info.

    • CVE-2020-3243 (CVSSv3 9.8) - exploit this RCE in Cisco UCS Director and prove how an unauthenticated remote attacker can bypass auth and execute arbitrary actions with admin privileges.

    • CVE-2019-1935 (CVSSv3 9.8) - this RCE in Cisco UCS Director enables an unauthenticated remote attacker to use the SCP User account (scpuser) to log in to the CLI.

    • CVE-2012-1823 (CVSSv3 9.8) - known as the PHP CGI Argument Injection, this RCE allows a remote attacker to fully compromise the server. 

    • CVE-2024-4577 (CVSSv3 9.8)  - another critical argument injection flaw in PHP that can fully compromise the server. Yikes! 

    • CVE-2020-2950 (CVSSv3 9.8) - prove how a remote attacker can fully compromise a server using this RCE in Oracle Business Intelligence

    • CVE-2024-34102 (CVSSv3 9.8) - this XML External Entity Injection in Magento can result in arbitrary code execution and allow an unauthenticated remote attacker to compromise the server.

  • Slice through web apps with these Website Scanner improvements

    Our Website Vulnerability Scanner also has new improvements:

    • We've added an active detector for HTTP2 in the HTTP request smuggling.  

    • Get new findings when scanning and detecting the H2.TE (Transfer-Encoding) and H2.CL (Content-Length) vulnerabilities.

    • File upload input detection now available in the passive scanner module. 

June 2024 Changes

  • More, clearer, better findings from the Network Scanner

    The latest updates to our Network Vulnerability Scanner now let you: 

    • Detect CVE-2024-6387 (CVSSv3 8.1), aka RegreSSHion, the critical OpenSSH vulnerability that got a CVE assigned yesterday - and for which we integrated detection today so you can be truly ahead of attackers (technical write-up for context)

    • Detect CVE-2023-48788 (CVSSv3 9.8), the SQL Injection in Fortinet FortiClient EMS, which a remote attacker can use to run SQL commands on the vulnerable target and fully compromise the database that the FortiClient EMS uses

    • Get individual findings for publicly exposed services such as PostgreSQL, MongoDB, OracleDB, and Redis 

    • Get an informational finding when a port redirects to another port, which leads to skipping the vulnerability checks for that target

    • See the steps to replicate a finding in a dedicated section called “How to reproduce” to make it easier to browse through details

  • Custom Sniper exploits for RCE and file disclosure vulns

    After this month’s updates, Sniper Auto-Exploiter, our most powerful offensive security tool, can gain unauthenticated RCE on the target and extract multiple artefacts as evidence for the following CVEs:

    • CVE-2024-23108 (CVSSv3 9.8) - RCE in Fortinet FortiSIEM. This exploit helps you validate that a remote, unauthenticated attacker can leverage this vulnerability to fully compromise the server and steal confidential information, install ransomware, or pivot to the internal network.

    • CVE-2024-24919 (CVSSv3 8.6) - Information Disclosure in Check Point CloudGuard Network Security. This Arbitrary File Read through a Path Traversal vulnerability can give an unauthenticated attacker remote access to any file on the target’s filesystem. 

    • CVE-2020-29390 (CVSSv3 9.8) - RCE in Zeroshell. Incorrect handling of the User parameter, which doesn't correctly sanitize user-controlled input, causes this vulnerability. An attacker can use a special character to achieve RCE on the target, as the user that is running the webserver process.

  • More efficient brute-forcing with the Password Auditor

    If you’re relying on our Password Auditor to test for weak credentials, we’ve improved the experience of using it in four ways.

    It’s now easier to understand why the brute force attack finished much earlier than you expected:

    • We generate a screenshot when the Password Auditor finds weak credentials using Basic Authorization. 

    • If a port redirects to another port, we skip the bruteforce on that port and you get an informational finding.

    • We also generate a screenshot when the bruteforce attack exceeds current capabilities, including: account lockout detection, website access blocked during the bruteforce, CAPTCHA found, Login form could not be found, and Third Party Authentication or Two Step Authentication detected.

    • And, finally, to reduce false positives, we've added new checks when the tool finds weak credentials.

  • Detect Weak HMAC Secrets and Algorithm Confusion

    Our well-loved Website Vulnerability Scanner also got updates, as it does every single month:

    • SSTI code context - we've improved the capabilities of our Server Side Template Injection detector by adding payloads that work in code context.

    • JWT phase 2 - And we've finished the second part of our JWT detector by adding payloads that work in code context. It can now detect: Weak HMAC Secrets and Algorithm Confusion issues.

  • DOCX reports now compatible with Google Docs!

    Until now, our DOCX reports were very dependent on Microsoft Word. 

    We spent a lot of time and effort to change this and we have good news: DOCX files are now compatible with Google Docs!

    If you’re already using GDocs in your day to day work, you can work together with your team to speed up the review process. Plus, other editors can benefit from this update too.

    Choose the findings you want to report to see this new option in action!

  • NahamSec uses Pentest-Tools.com for bug bounty hacking

    How do you zero in on the assets really worth your hacking energy and focus? 

    The awesome NahamSec explains how he combs through hundreds of domains that branch into even more subdomains to find targets with the highest potential of having a bounty-worthy vulnerability (which he actually finds)!


    Check out his latest video, which we had the pleasure of sponsoring:

    Hacking Large Corporations (Recon)

May 2024 Changes

  • Web app vulnerability scanners benchmark results

    We evaluated our Website Vulnerability Scanner with some of the most-known tools in Dynamic Web Application Security Testing, both commercial and open-source options: Burp Scanner, Acunetix, Qualys, Rapid7 InsightVM, and ZAP. Find out which was the most accurate scanner and which had the most false positives!

    For a look behind the scenes, check out our blog article.

    For all the data behind the results in the benchmark, download the white paper.

    vulnerability detection across both targets

  • NEW: a detailed benchmark of top network vulnerability scanners

    We tested the most used network vulnerability scanners: Nessus Professional, Nmap vulnerability scripts, Nuclei, OpenVAS, Qualys, and Rapid7 Nexpose, including our own Network Vulnerability Scanner.

    Find out how these popular network vulnerability scanners perform in a benchmark so you can validate yourself.

    We explained the testing methodology and benchmark results in this blog article.

    To get all the details, download the white paper.

  • Even more (detailed) Network Scanner findings

    Our Network Scanner packs a big punch (which this benchmark confirms). The list of findings it can get you has just gotten stronger with:

    • IP information - uncover the physical location, Autonomous System (AS) details, and associated company names of your network hostnames

    • Wappalyzer integration - our Network Scanner now uses Wappalyzer to identify the underlying technologies of web apps, giving you richer insights for results coming from our version-based scanning engine (one of 4 engines this tool uses)

    • More individual findings for publicly exposed services, including SSH (with exposed authentication), RPC, WinRM, FTP, POP3, and Telnet

  • New, powerful custom Sniper exploits

    • CVE-2024-24919 (CVSSv3 8.6) - can remote, unauthenticated attackers read the contents of any file on affected Check Point VPN servers, including password hashes for local accounts or SSH private keys?

    • CVE-2022-31137 (CVSSv3 9.8) - can ransomware actors gain remote access to Roxy Wi, the server management GUI, using this vulnerability? 

    • CVE-2024-27198 (CVSSv3 9.8) - can attackers use this critical CVE to get RCE on your JetBrains TeamCity server? 

    These three custom exploitation modules our team added to Sniper will give you the answers - and proof! (The module for CVE-2024-24919 is coming in the next 48 hours).

  • Website Scanner updates for 20/20 vision

    Our Website Vulnerability Scanner now has: 

    • Better spider results table - you now get a broader view of what the web spider did, including page title, page size, and status codes.

    • spider results table for Website ScannerMore verbose vulnerability evidence - we've revamped some of the explanations around more complex detections so you get more details about the methods our scanner uses.

  • (Much) faster URL fuzzing with light scans

    We did two things to make light scans with the URL Fuzzer finish much quicker:

    • changed the default wordlist

    • included the ability to automatically add links and words from the HTML page source to the wordlist.

  • Finished and scheduled scans - in the same screen

    Your scheduled scans now sit next to your finished scans (in separate tabs, don't worry). 

    scheduled scans merged

    Moving scheduled scans from the Automation tab to Scans makes it easier to keep an eye on them and adjust them as your needs change. 

  • Visual updates for scan results from 3 more tools

    Powerful and easy on the eyes - that's exactly what customers expect our tools to be. It's why we're systematically updating the look and feel of our results page for our entire range of tools.


    In the past month, our DNS Server Scanner, Drupal Scanner, and SharePoint Scanner got their visual refresh. They're ready for you when you are! 

April 2024 Changes

  • Get far-reaching findings with the Network Scanner

    We've introduced crucial detections for security issues that expand your attack surface:

    • Publicly exposed VNC, MSSQL, and LDAP services - findings now flag if these services are publicly accessible on the Internet, so you can tighten your network's security posture

    • CVE-2023-3824 (CVSSv3 9.8) - stack buffer overflow in PHP that leads to RCE

    • CVE-2023-44487 (CVSSv3 7.5) - we enhanced detection accuracy for HTTP/2 Rapid Reset by checking if the target supports the HTTP/2 protocol and the HTTP/2 RST_STREAM directive

    • Comprehensive DNS records - see a new finding when a target has DNS records available (A, AAAA, MX, NS, SOA, TXT, SPF, CAA, CNAME) and get deeper visibility into the target’s domain structure.

  • Confirm business risk with Sniper’s new precision strikes

    Sniper just got sharper with new exploits for two critical CVEs:

    • CVE-2024-0204 (CVSSv3 9.8) - assess the business risk of the Authentication Bypass vulnerability in GoAnywhere MFT, which leads to RCE by uploading a webshell 

    • CVE-2024-1212 (CVSSv3 10) - validate the threat of exploiting this Remote Code Execution vulnerability in Progress Kemp LoadMaster

  • Leave no stone unturned with these Website Scanner upgrades

    Our Website Vulnerability Scanner now: 

    • Detects flaws in JWT implementations by checking if web apps that use JWTs for authentication allow them to have a None or random signature, creating security risks

    • Runs faster light web app scans that also come with detailed requests and responses for each finding 

    • Provides extra information about spidered responses in evidence which now includes the status code, page title, and page size for each URL

    • Extracts proof of exploitation for Linux OS command injection in the form of hostnames and usernames.

  • Zoom in and out on details across your projects

    3 improvements you’ll notice as you log into your account:

    • Single sign-on with Microsoft - jump straight into action using your existing Microsoft account

    • View all assets across workspaces - easily search for, identify, and manage duplicate assets from all your workspaces at once.

    view all assets

    • Unified notifications across integrations: you can now get the same notification through multiple services, in preparation for even more integration options we’ll launch in the future.

    multiple integrations

  • Discover subdomains quicker and more effectively

    The Subdomain Finder now uses external APIs tests in light scans to return subdomains faster by accessing online databases. We also increased the list of external APIs so it extracts more subdomains for your targets.

    light versus deep scan for the Subdomain Finder

  • Meet the people behind the tools

    Want to put a face to these updates? 

    Our fresh new Teams page is a great way to see who’s behind this email and the entire Pentest-Tools.com toolkit.

    Meet the people behind Pentest-Tools.com

March 2024 Changes

  • Get better results for Light Subdomain Finder scans

    We upgraded the reporting limit for Light scans by 10x! The Subdomain Finder now provides up to 1000 entries and includes unresolved results so older subdomains are available.

  • Don’t miss a thing with new detection modules in the Network Scanner

    Thanks to our security research team, you can now detect:


    Speaking about Roundcube, a couple of months ago we published an analysis - and public exploit - for CVE-2021-44026, an SQL injection vulnerability in the open-source mail client.


    The Network Scanner now also generates explicit findings for sensitive services that shouldn't be exposed on the internet (e.g. SMB, RDP, MySQL), which are easier to include in your reports.

    • Network Scanning

    • CVE

    • RCE

  • New home for Scan with Tool

    The Scan with Tool button has a fresh look and a new location. It's now called New Scan and you’ll find it at the very top of the sidebar. We are working to make your scanning experience even better in the future!

    Scan with Tool button

  • Services statuses - now online

    This is something we promise you’ll always see in our new status page. 🤞The page includes statuses for our public website, the blog, the platform, the API, and more!

    services status

  • Improved evidence for Nuclei findings from the Network Scanner

    As some of our customers requested, we enhanced the evidence section of findings that the Nuclei engine generates. Now, you’ll receive more relevant details about how the engine produced a finding.

    evidence for Nuclei findings

    • Network Scanning

  • A fresh look for the Scan results page

    We streamlined the look and feel of the Scan results section, keeping it as valuable as ever. We’re rolling out more visual updates for all our tools in the coming months, so stay tuned!

    scan results page

  • Is Pentest-Tools.com any good for bug bounty hunting?

    See what happens when The XSS Rat combines his methods with our toolkit and features.

    PS: Sniper Auto-Exploiter gets a lot of love - and for good reason! 

    Bug Bounty Hunting Demo With Pentest-Tools.com - SuperCharge Your Hunt!
  • New tool: know your targets better with People Hunter

    People Hunter identifies the people associated with the target, using publicly available information from web server responses. 

    Details such as email addresses (and their patterns) and social media profiles help you identify potential targets for social engineering attacks.

    People Hunter tool

  • Get more from the Team feature

    We introduced a new view in the Team feature: Shared with me to help you identify who has shared which information with you. Additionally, the table view has returned, making visual comparisons easier.

    Shared with me in the Team page

  • Two new modules in the Website Vulnerability Scanner

    Two new modules in the Website Vulnerability Scanner:

    • Detection for misconfigured CSP Headers - identifies misconfigured content-security-policy headers on your website, enabling you to control resource loading and their allowed URLs.

    • Enumerable Parameter Detector - explores possible enumerable parameters in your website. Some findings might reveal insecure direct object references after manual examination.

    enumerable parameter detector

    • Web app scanning

February 2024 Changes

  • Know what’s new - right from your dashboard

    Until a few days ago, our product updates were a bit hidden from view, which made it harder for you to find out about them and actually use them. 

    So we added two new sections to your dashboard:

    • What’s new - that brings product updates (text and video) and fresh pentesting guides 

    • Help - which makes it easier to dip into how-to’s, video tutorials, and FAQs

    New dashboard

  • Start a scan from the Scans section

    We noticed some of our customers needed an easier way to start scans from the (obviously named) Scans section, so we added it! 

    The New scan button makes it easy to jump into action the moment you know where you want to dig deeper. 

    New scans button

  • Nuclei fingerprinting in our Website Scanner

    Our Website Vulnerability Scanner gets stronger with each monthly update!

    We’ve integrated the fingerprinting capabilities from Nuclei into our proprietary tool - and it’s just the kickoff!

    Soon, we’ll start incorporating many more templates. Until then, the 40+ vulnerability checks our Website Scanner runs can surely keep you - and your team - focused and making progress. 

    Nuclei fingerprinting

  • More Nuclei detections in the Network Scanner

    We’ve also integrated a bunch of new Nuclei category templates on top of the configured ones our Network Scanner is already using (CVE, CNVD, SSL, network, WAF, DNS).

    New ones include: default-logins, exposed-panels, exposures, honeypot, IoT, miscellaneous, misconfiguration, takeovers, and vulnerabilities.

    Want to refresh your knowledge of what our Network Vulnerability Scanner can do? We just updated its public page: 

    Nuclei in Network Scanner

    • Network Scanning

January 2024 Changes

  • Exploit for CVE-2024-21887 (Remote Code Execution in Ivanti Connect Secure)

    Sniper can exploit a Remote Code Execution vulnerability found in Ivanti Connect Secure (CVE-2024-21887).

    • CVE

    • RCE

  • New integration: get notifications on a Teams channel

    If you (and your team) use Microsoft Teams, set up this integration to get custom notifications for your scan results.

    You can also configure different channels for specific notifications, making sure everyone gets alerts about findings that are relevant for them.

    Microsoft Teams integration

  • Detection for CVE-2022-1471 (Remote Code Execution in SnakeYAML library - Attlassian Confluence)

    Network Scanner detects if CVE-2022-1471 (CVSSv3 10), a Remote Code Execution in SnakeYAML library - Atlassian Confluence, impacts your targets.

    • CVE

    • RCE

  • Detection for CVE-2023-46805 (Authentication Bypass in Ivanti Connect Secure)

    Network Scanner detects if CVE-2023-46805 (CVSSv3 8.2), an authentication Bypass in Ivanti Connect Secure, affects your targets.

    • CVE

  • OpenAPI files detection

    And one more thing: we added a method to detect if the Website Scanner spider finds an OpenAPI file. When it does, you can dig deeper with the API Scanner in just one click, right from your finding.

    OpenAPI file detection

    By the way, we love to see customers truly make the most of our tools:

    We had a tool to scan our websites and endpoints automatically; the reports were not so good, and each additional URL was charged additionally (this doesn't scale in a micro-services architecture).

    Pentest-Tools.com solved all our problems; you can scan up to 1000 targets, the reports are so professional, and you can choose from dozens of different tools to analyze all aspects of an enterprise architecture.

    • Web app scanning

    • API security

  • Session Fixation Detector

    We've also introduced a new Session Fixation Detector to help you identify session hijacking risks. Using the mitigation recommendations will help you prevent unauthorized access to user sessions and sensitive data.

    Here’s a preview of what the finding looks like:

    session fixation finding

    • Web app scanning

  • Exploit for CVE-2023-46604 (Remote Code Execution in Apache ActiveMQ)

    Sniper can exploit a Remote Code Execution vulnerability found in Apache ActiveMQ (CVE-2023-46604).

    • CVE

    • RCE

  • Exploit for CVE-2023-47246 (Remote Code Execution in SysAid)

    Sniper can exploit a Remote Code Execution vulnerability found in SysAid (CVE-2023-47246).

    • RCE

    • CVE

  • Real-time status for all your VPN Agents

    You can now check the status of your VPN Agents in the VPN Profiles section (under Settings). 

    We update their status in real-time, which makes it easier for you to check if your Agents are still up and running before starting scans against your internal infrastructure.

    VPN Agent status

  • Input Reflected in DOM

    We've implemented Input Reflected in DOM to enhance protection against XSS attacks, ensuring coverage of more vulnerabilities lying in the DOM. It is already implemented in the XSS detector so if you select the XSS detector you are covered.

    Here’s what it’ll look like in your report: 

    Input Reflected

    • Web app scanning

December 2023 Changes

  • Service detection in Port Scanner

    Service detection is now enabled by default in Light mode for Port Scanner.

  • Auto spider option in Website Scanner

    We added the option to select automatic detection of the spidering approach that the target needs. Auto is the engine option used in the deep scans too.

  • TCP/UDP Port Scanner unification

    We've combined TCP Port Scanner and UDP Port scanner into a single tool called Port Scanner. A protocol parameter was added to the scan config to choose between TCP and UDP.

  • 3 running modes (light, full, custom) for URL Fuzzer

    We've changed our URL Fuzzer to support 3 running modes (light, deep, and custom) that allow you to scan targets with a predefined configuration.

  • OpenVAS detections in our Vulnerability & Exploit database

    All OpenVAS NVTs that can be detected with Network Scanner are now displayed on our Vulnerability & Exploit database, along with Sniper & Nuclei detections

  • Exploit for CVE-2023-20273 (RCE in Cisco IOS XE)

    Sniper can exploit an authenticated RCE vulnerability found in Cisco IOS XE (CVE-2023-20273), based on an Authentication Bypass vulnerability (CVE-2023-20198).

    • CVE

    • RCE

  • Decluttered the spider results in Website Scanner

    We tweaked the spider results table from the Website Scanner so you can focus more on the things that matter the most: the url, the method, the query and body parameters. So, we removed the listing of headers and cookies and made the table more dynamic.

    • Pentest reporting

  • Confirmed tag for Sniper and Nuclei engines in Network Scanner

    We've added the confirmed tag for findings generated by Sniper & Nuclei scanning engines.

November 2023 Changes

  • Exploit for CVE-2023-46747 (RCE in BIG-IP)

    Sniper can exploit another RCE vulnerability found in F5 BIG-IP (CVE-2023-46747).

    • BIG-IP

    • CVE

    • RCE

  • Improved logout avoidance

    Website Scanner: Fixed a bug in our logout detection mechanism that caused the Spider to sign us out of the session while crawling.

  • WordPress Scanner real-time output

    We came up with a way to show output from WPScan in real-time. This means you are not stuck with a scan running for 4 hours and get the findings as soon as we detect them.

    • Pentest reporting

  • Free license launched (freemium)

    We've just launched our Free license. Use our light tools to do quick assessments, export simple reports with up to 2 parallel scans.

  • Improved DNS response parsing

    Subdomain Finder: We improved our logic for parsing DNS responses. This previously resulted in incorrectly marking domain names as unresolved.

  • Improved error handling for the tcpwrapped service

    We fixed a bug in the Network Scanner that caused some aborted scans when all the open ports were tcpwrapped, although our scanning engines don't scan for this service.

  • Automatic CVE filter mechanism for the Network Scanner

    We created an automatic CVE filtering mechanism for duplicated CVEs. For example, if the Sniper or the Nuclei engines find a CVE, only the Sniper finding will be displayed in the report. We'll show them based on prioritization (Sniper > Nuclei > OpenVAS).

    • CVE

  • Port discovery returns only open ports

    All network tools will display only the open ports found (we remove the filtered and closed ones from the results).

    • Pentest reporting

  • Detection for CVE-2023-44487 (DOS in HTTP/2 - Rapid Reset)

    Network Scanner detects if CVE-2023-44487 (DOS in HTTP/2 - Rapid Reset) affects your targets.

    • CVE

  • DNS Zone Transfer is now DNS Server Scanner

    DNS Zone Transfer is now called DNS Server Scanner and it generates findings for DNS Zone Transfer Information Disclosure vulnerability (AXFR).

  • Exploit for CVE-2023-0126 (File Read in SonicWall)

    Sniper can exploit a File Read vulnerability found in SonicWall (CVE-2023-0126).

    • CVE

  • Exploit for CVE-2023-4966 (Information Disclosure in Citrix - Citrix Bleed)

    Sniper can exploit an Information Disclosure vulnerability found in Citrix (CVE-2023-4966 - Citrix Bleed).

    • CVE

  • Improved error handling in headless browser

    Website Scanner: Fixed another bug in the logic driving the headless browser that crashed the page and prevented us from detecting new crawling targets.

  • Exploit for CVE-2023-20198 (Authentication Bypass in Cisco IOS XE)

    Sniper can exploit an Authentication Bypass vulnerability found in Cisco IOS XE (CVE-2023-20198).

    • RCE

October 2023 Changes