These are the latest updates we've made to our platform. If you have any questions about any of the updates you see below, please feel free to contact us!
August 2023 Changes
Nuclei templates improvements
The Pentest-Tools.com research team contributes to the official Nuclei templates by improving and fixing false positives. We are now ranked among the top 75 contributors on the official repository.
New Handlers page
Our tools that accept requests (XSS Exploiter, HTTP Request Logger, and Sniper Client-side attacks) are now structured and placed into a single page called Handlers.
Scan options for our Cloud Scanner
You can now select if you want to detect the cloud provider and/or detect cloud vulnerabilities & misconfigurations in the Cloud Scanner.
New findings page
The Findings page got a fresh look! But that’s not all. With improved filtering and performance, it’s now faster than ever to manage your findings and find exactly what you are looking for. Moreover, the new Finding editor creates an improved writing experience and a more reliable output. Give it a try by creating a manual finding.
Sniper Client-side attack has an updated version for Windows Defender evasion
Sniper Client-side has a new version for the macro injected inside Microsoft Office documents that can bypass the Windows Defender mechanism.
More AWS tests using an AWS unprivileged account
Using an AWS unprivileged account configured by Pentest-Tools.com, Cloud Scanner can query the AWS API endpoint in order to retrieve more information for the target.
Automatic daily update for Nuclei templates configured in Network Scanner
Nuclei templates now receive automatic updates daily, ensuring the scanner Nuclei detections are always up-to-date.
Pentest Ground: New free resource to test your scanners and skills
Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use it to benchmark your tools and learn new offensive security techniques.
July 2023 Changes
More GCP tests for the Cloud Vulnerability Scanner
The Cloud Vulnerability Scanner can now detect multiple misconfigurations in GCP using a dedicated Google account set by Pentest-Tools.
HTTP request/response in Nuclei evidence
The HTTP request/response from Network Scanner is now displayed when a finding is generated by the Nuclei scanning engine. This will add more details to the finding and will help validate the generated result.
Detection for CVE-2023-29300, CVE-2023-29298 (Adobe Coldfusion), CVE-2023-36934 (MOVEit)
Network Scanner can now detect if CVE-2023-29300, CVE-2023-29298 (Adobe Coldfusion) and CVE-2023-36934 (MOVEit) affect your targets.
25% faster Website scanner
We added some caching to the Passive Scanner to avoid repeating some heavy computations. The overall scan duration can decrease by up to 25%, according to our testing.
The Website Scanner can now detect in-band file-inclusion vulnerabilities via XML External Entities and XInclude directives.
June 2023 Changes
Collaborative working got a new home
The UX of resource sharing wasn't the best, so we decided to completely change the way you interact with this feature. Hopefully, we managed to deliver a better experience while keeping this feature's utility unchanged. Furthermore, we got rid of the complicated flow of adding all of the personal details for the members of your team and replaced it with a simpler Invite by email functionality which should make the addition of new team members much easier, faster, and safer.
Password Auditor is now located under the Network Vulnerability scanners section
Password Auditor is now located under the Network Vulnerability scanners section.
Azure support for Cloud Scanner
Cloud Scanner can detect if an asset is hosted on Azure.
Email notifications on webhook errors
You will be notified via email (1 per day) if a webhook fails (e.g. there's an invalid callback URL).
Edit time zone feature for your account and scheduled scans
You can now edit the time zone per account and for scheduled scans.
New tool: Cloud Scanner
The Cloud Vulnerability Scanner is an advanced and comprehensive cloud security solution that evaluates multi-cloud environments (Amazon Web Services - AWS, Google Cloud Platform - GCP and Microsoft Azure - Azure) to identify misconfigurations, vulnerabilities, weak access controls, interesting files, and other security issues.
May 2023 Changes
Billing email address
You can edit your billing address from the Profile section to receive future invoices at the specified address. You can also aggregate all your past invoices and send them to the current billing address from the Billing history section.
SSRF detector now looks for local services running
We now search for locally available Docker and Elastic Search instances when trying to discover server-side request forgery vulnerabilities.
SQLI, OSCMDI, XSS bug fixing
We've fixed some bugs: XSS and SQL scanner starting with auth enabled; SQLI time-based FPs; OSCMDI time-based FPs; CSRF token not renewing after the first form submission.
Detector for Server-side prototype pollution
Rescan support for the Website Scanner
We've added new exploitation capabilities to our Website Scanner that allow you to read the cookies and localStorage of a web app vulnerable to XSS.
3 running modes (light, full, custom) for Network Scanner
We've changed our Network Scanner to support 3 running modes (light, full, and custom) that allow you to scan targets with a predefined configuration.
3 running modes (light, full, custom) for TCP/UDP Port Scanners
We've changed our TCP/UDP Port Scanners to support 3 running modes (light, full, and custom) that allow you to scan targets with a predefined configuration.
On-hold scheduled scans
Automatically detects and flags faulty scheduled scans that will surely hit a roadblock error such as VPN Error. Flagged scheduled scans will not be started. You can view the reason on the Scheduler Page.
Added follow redirects
When starting a tool that scans URLs, you will have a new option: Follow redirects.
Aggregated report for scan groups
Creating a scan group when you start a scan on multiple targets will return a single aggregated report.
New optional column Started by in Scans
You can now add in your Scans section an optional column where you can see which sub-user started a specific scan.
Sniper client-side attack, XSS Exploiter, and HTTP Request Logger are now available per workspace
April 2023 Changes
Exploitation capabilities added to the XSS detector
We've added new exploitation capabilities to our Website Scanner that allow you to read the cookies and localStorage of a web app vulnerable to XSS.
Include scan_id to callback headers
If you are a heavy API user, you can now identify which scan a callback is from by using the included scan_id. You can find it in the header of a callback.
Add specific filters for Assets & Scans page
You can now search and filter for specific keywords on the Scans and the Assets page to easily identify a target or scan. Use single quotes or double quotes to achieve this.
Select which extractors to run with the Sniper Auto-Exploiter
You now have the option to select which artefacts you want to extract from the target.
VMware ESXi support available for VPN Agents
We've added official support for VMware ESXi for our VPN Agent.
SPA now available for all customers
Our upgraded Website Scanner effortlessly identifies SPAs by harnessing browser-based spidering. Seamlessly explore websites by selecting the SPA option under Custom Scan->Engine Options->Spidering Approach. Moreover, when opting for the Full Scan with SPA detection, our tool automatically enables browser-based spidering for a comprehensive scanning experience.
New tool: API Scanner
The API Scanner is a powerful tool developed by our team to deeply analyze and optimize API endpoints for reliability, and security. Building on the success of our custom website vulnerability scanner, a comprehensive web application scanner, the API Scanner delivers precise vulnerability detection and actionable insights for your APIs. You can set custom headers that will be sent with each request to the server. E.g.: JWT tokens, authorization headers, etc.
Custom scan time limits for All Tools
Take full control of your scanning experience by setting a custom scan time on your scans. Unlock the perfect balance between thorough coverage and accelerated results.
New predefined HTTP Lockpicker pentest robot
The HTTP Lockpicker is a new Robot designed to crawl for web login interfaces and gain unauthorized access through them using a dictionary-based brute force attack.
New recursive brute force method added to the Subdomain Finder
With this new method, the Subdomain Finder searches for subdomains in a recursive manner. When a subdomain is discovered, a new search is started using a different list of words specifically for subdomains. This process continues until no more subdomains are found.
Bing Search now available for the Subdomain Finder
The Subdomain Finder now includes an option (enabled by default) to query Bing Search via its API to search for subdomains.
Don't include fixed vulns for the risk level of a target
Fixed findings are now ignored when calculating the risk level of the target.
Detect HTTP Request Smuggling
You can now detect server-side and client-side Request Smuggling vulnerabilities with our Website Scanner.
New table added to the Scheduler page
What's new: an updated and modern UI, better filtering, a new 'Next scan' column.
March 2023 Changes
Requests and responses added to the findings in Website Scanner
Website Scanner now includes HTTP requests and responses in the findings found with the Website Scanner.
Extract database version in the SQL injection attacks
Website Scanner now extracts the database version after checking and finding SQL injection.
Included URLs to the scope
We've added the option to include separated URLs in the Website Scanner to make sure there aren't any redirects and you are scanning the correct ones. You can add a list of your specific URLs and start scanning.
Detect Client-side template injection
You can now check for XSS through template expressions in AngularJS and Vue apps using our Website Scanner.
Detect Blind XSS Injection
We've added the Blind XSS injection type (to the current XSS detectors) you can now detect with our Website Scanner.
Detect SQL Injection in Order/Group by with the Website Scanner
We've added 'Group/Order By' payloads in our SQL Injection detector from Website Scanner so you can better detect these high-risk vulns.
Extensive modules in Network Scanner + Sniper
We have a new scan option 'Enable extensive modules' you can use to run for an extended period of time. Enabling this option increases the scan duration.
February 2023 Changes
Automatic updates for VPN Agents
We've implemented an auto-update mechanism system for our VPN Agents. Automatically download and install the newest versions of them. Zero downtime + no redeployment needed.
New Finding templates page
The Finding Templates page also got a fresh look and improved design. You can now search and filter for specific templates in a cleaner interface, and more.
Detect request URL overrides
Some web apps support HTTP headers that can be used to override parts of the request URL. You can now detect them with our Website Scanner.
New option to generate a document for the Sniper client-side attack
For the client-side attack option, you can now choose between different types of macros that are added to the document (plain/obfuscated powershell).
New All scans page
The All scans page got a fresh redesign. You can now get a better view of your summary, better filtering for your tool names and start dates, expand and collapse all in the grouped view and more.
Add Status in the HTML/PDF reports
We've included a Status label for the findings of your scans in the HTMP and PDF reports.
January 2023 Changes
Windows screenshots in Sniper
Sniper can now take a screenshot of the target system if it runs Windows. The picture will be available in your scan report and it's part of the Proof-of-Exploit.
New filter in robot: login interface found
We added a new filter in our Pentest Robots for the website scanner block: Login Interface Found. This will match every new URL found by website scanner under the finding Login Interface Found. After this filter, you can add a Password Auditor so you can try to detect weak credentials.
Testing for client-side prototype pollution in Website Scanner
Website Scanner can now detect client-side prototype pollution. You can automatically detect sources for prototype pollution in the URL sent via web messages.
New Engagements page
Engagements page also got a fresh look and improved filtering. You can now hide the columns you don’t use to declutter the page and find the entries you want faster.
Exploit for CVE-2022-24112 (RCE in Apache APISIX)
Sniper can now exploit a Remote Code Execution vulnerability in the Apache APISIX API Gateway server (CVE-2022-24112).
Requests and responses as evidence in Website Scanner
Website Scanner now has full HTTP requests and responses attachments in the evidence fields for all active detection modules like SQL Injection, XSS, SSRF and all the others. This part of the evidence can help you if you want to manually test the finding.
New White Label page
White Label page got a new look and feel, making it easier for you to perform changes. Now you can preview your custom logo, use tags to quickly change your Subject and more.
December 2022 Changes
Display all ports in Network Scanner
When using our Network Scanner (in any mode), you will now get all the ports, not just the open ones. The goal is to have a better view of the target.
Negation in scan status notification trigger
You can now get notified if a scan doesn't have one or more statuses. You can do this by checking the negation checkbox when creating a new notification.
Test for default credentials
Our Password Auditor will automatically scan for default credentials based on the service or application found.
Yearly option in scheduler
We've added the option to schedule a task once per year.
Custom scan time option in Website Scanner
Overwrite the default maximum time that the Website Scanner is allowed to run (24h). The minimum is 30 minutes if you want to get faster results.
New VPN Profiles page
We have updated the VPN Profile Page with a much more efficient design. You can start your Internal Assessments faster with the easier deployment of VPN Agents, batch testing multiple VPN Profiles, and having all the details at a glance with the new slide-over (such as assigned Workspaces or OpenVPN Logs).
November 2022 Changes
New attack type in Password Auditor: Password Spray
In addition to the existing attack type, Dictionary, we've added a new one. Password Spray will try for every password every username in the wordlist, before moving on to the next password. This helps to avoid account lockouts that would normally occur when brute forcing a single account with many passwords.
Client-side attack in Sniper
You can now use our Sniper tool to create client-side attacks. Generate a 'malicious' file (doc, docm, xls, xlsm) containing obfuscated VBA and send it to your victim user. Once they open and enable the macros, Sniper runs all the extractors on their machine to gather evidence of the successful attack. This approach does not use any exploits.
New Dashboard page
We've replaced the old Dashboard page with a new, beautiful page. Now you can view the trend of vulnerabilities for the current workspace on the last 14 days, see at a glance the whole picture of the attack surface for the current workspace and more.
October 2022 Changes
Docker APIs in Password Auditor
Password Auditor can now discover the Docker API with no authentication configured.
Vulnerability & Exploit Database
We've created the Pentest-Tools.com Vulnerability & Exploit Database, which contains the list of vulnerabilities that can be detected and the exploits that are currently available in the platform.
New Robots page
We've replaced the old Robots page with a new page where you can easily sort, filter and more with our new design.
CMS Scanners in Robots
Added the possibility to chain the CMS Scanners within the Pentest Robots.
Notification for Confirmed findings
We've added a new filter: get notified if a scan result has confirmed findings.
New Workspaces page
We've replaced the old Workspaces page with a new page where you can easily sort, filter and more with our new design.
September 2022 Changes
Screenshots in Password Auditor findings
Password Auditor will take a screenshot of the authenticated session if weak credentials are found for HTTP web forms.
Automatically discover login URLs in Password Auditor
Password Auditor will try to automatically find the login page and attempt web form authentication if there is no login form at the target URL.
Exploit for CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029 (RCE in Jenkins)
Sniper can now exploit a Remote Code Execution vulnerability affecting the Jenkins Script Security Plugin (CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029).
Find Subdomains is now Subdomain Finder
We changed the name of Find Subdomains to Subdomain Finder for better name consistency.
Authenticated MySQL Sniper scans
Sniper can now authenticate to the target through MySQL using the provided credentials.
August 2022 Changes
Website Scanner speed improvements
Website Scanner is now greatly improved (up to 60%) by parallelising the active detectors.
July 2022 Changes
New Assets page
We've replaced the old Targets page with a new Assets page where you can easily sort, filter and more with our new design. The new version also better reflects the Targets by grouping them under their according Asset and offers more flexibility with selection operations.
SMB support for Password Auditor
Password Auditor can now discover weak credentials for the SMB service.
WinRM support for Password Auditor
Password Auditor can now discover weak credentials for the WinRM service.
New blog design
Our blog just got a massive revamp. We launched a new blog with a fresh redesign that helps you stay focused and get ethical hacking guides from our offensive specialists.
June 2022 Changes
New dorks in Google Hacking
Increased the number of dorks in Google Hacking: find subdomains, search in wayback machine and more.
AWS Docker Agent
You can now deploy our VPN Agent in any AWS Cloud Infrastructure and start scanning your assets from within the network.
VPN Docker Agent
Deploy the VPN Agent much faster, on any platforms, including Windows, Linux, or even Apple M1, using Docker technology.
Authenticated SMB Sniper scans
Sniper can now authenticate to the target through the SMB protocol using the provided credentials.
May 2022 Changes
Now you can send Pentest-Tools.com notifications to your Slack workspace.
Network hosts visual summary in Sniper
Sniper can now create a visual summary for the network hosts that are currently connected on the target and also the adjacent hosts from nearby subnets.
Move data when deleting a workspace
When deleting a Workspace, you will have the option to move the existing targets (and the associated data e.g. scans) to the default workspace or delete everything.
Added API support for Sniper
Sniper can now be accessed via the API.
April 2022 Changes
March 2022 Changes
Authenticated Sniper scans
Sniper can now authenticate to the target service using the provided credentials. Then it will extract the artefacts as an authenticated user.
New parameter in Domain Finder - Minimum Weight
The Domain Finder assigns a certain weight (or certainty) to each result to validate its correctness. Now the value of this parameter can be set to better filter the results.
February 2022 Changes
Wordlists in Subdomain Finder
Choose your own wordlist or pick from the default ones in order to uncover new subdomains by trying each of them in the DNS Enumeration method of the Subdomain Finder.
Domain Finder in Robots
Added the possibility to chain the Domain Finder tool within the Pentest Robots.
SSTI detection in Website Scanner
We added to Website Scanner the capability to detect Server-Side Template Injection.
Detect CORS misconfiguration in Website Scanner
We added to Website Scanner the capability to detect dangerous Cross-Origin Resource Sharing (CORS) configurations.
January 2022 Changes
New notification triggers
We added new notification triggers related to the status of a scan: Stopped by user, VPN Error, Auth Error, Conn Error, Aborted.
Send notifications to other emails
You can now send a notification to additional emails.
We added Webhooks so you can trigger outgoing HTTP POST requests from Pentest-Tools.com to your endpoints whenever certain events have happened
Message brokers in Password Auditor
The Password Auditor can now discover weak credentials over the following protocols: MQTT, AMQP, STOMP.
December 2021 Changes
Detection for Ruby Code Injection in Website Scanner
We added detection for Ruby Code injection in The Full Website Scanner.
Detection for Broken Authentication in Website Scanner
Added detection for Broken Authentication while running an authenticated website scan in the Website Scanner.
Redis support for Password Auditor
Password Auditor can now discover weak credentials for the Redis service.
New target description column
We added the possibility to see the target description in the All Scans page and the scheduler page. To enable it, check
View settings -> Show target description.
Detection for Perl Code Injection in Website Scanner
We added detection for Perl Code injection in The Full Website Scanner.
November 2021 Changes
Detection for Python Code Injection in Website Scanner
We added detection for Python Code injection in The Full Website Scanner.
Sniper mode in the Network Scanner
We have a new scan option for the Network Scanner - Sniper scan, a light scan that allows you to check only for the highly exploitable vulnerabilities in a non-intrusive way.
Password Auditor produces findings
The Password Auditor now produces findings. Check the Findings page, where you can modify them and create editable reports.
Improved scan result for Sniper
We added a new and more interactive interface for the Sniper scan result.
Delete HTTP Request Loggers
We added the possibility to delete existing HTTP Request Loggers.
The Pentest Robots can now be scheduled to scan recurrently from the targets page.
October 2021 Changes
September 2021 Changes
More screenshots in the Full Website Scanner
The Full Website Scanner will now generate more screenshots to simplify the reporting flow.
Confirmed tag for Website Scanner findings
Website Scanner findings that have been automatically validated by our scanner will be marked with the Confirmed tag.
We added the possibility to clone an existing Pentest Robot.
August 2021 Changes
Custom limit for Website Scanner requests
Now you can limit the maximum requests (per second) for the Website Scanner. Check the Engine Options → Limits → Requests per second.
Manually reset the API Key
We added the possibility to manually reset the API key.
Recursion in URL Fuzzer
The URL Fuzzer can now do recursive searches by running automatically inside all the directories already discovered.
More enumeration options in WordPress Scanner
The WordPress Scanner can now search for config backups, database exports, or TimThumbs.
Add targets as CIDR
Added the possibility to add targets using the CIDR notation (eg. 192.168.1.0/24).
Added API support for HTTP Logger
The HTTP Request Logger tool can now be accessed via the API.
July 2021 Changes
June 2021 Changes
Scheduled scans can now be run on demand
Added the possibility to run a scheduled scan now, on demand.
Scan Stats for the New Website Scanner
The New Website Scanner will provide at the end of a scan result some stats: URLs spidered, the total number of HTTP requests, error count, etc.
Control the delay between requests in URL Fuzzer
Added to URL Fuzzer the possibility to control the delay between the requests. A retry delays factor is also added to increase exponentially the delay.
May 2021 Changes
Option to filter certain results in URL Fuzzer
Added the possibility to filter certain results (eg. ignore or match certain HTTP codes, ignore or match if the HTML contains a string) to URL Fuzzer.
Increased Wordlist limit
We increased the maximum size of a Wordlist from 10000 words to 50000 words.
OWASP 2013, OWASP 2017 and CWE findings classification
The Website Scanner findings will now be classified by OWASP 2013, OWASP2017 and CWE. Check the Details of a finding to see more.
NTLM support for Password Auditor
The Password Auditor now supports the NTLM authentication protocol.
Custom timing options in URL Fuzzer
Added the possibility to specify custom request timing options and the maximum number of retries to URL Fuzzer.
April 2021 Changes
Support for POST data in URL Fuzzer
The URL Fuzzer now allows you to fuzz HTTP POST requests.
New detector added to our New Website Scanner
Our new Website Scanner (currently in beta) will now check for sensitive data (email addresses, social security numbers, credit card numbers) in target applications.
New Website Scanner
We launched a new Website Scanner (currently in beta) fully written by our team. It allows you to select which tests you want to run and it returns less False Positives than the current full scanner.
March 2021 Changes
Detection for Hafnium webshells (ProxyLogon)
The Network Scanner can now detect Hafnium webshells injected during ProxyLogon attacks.
New tests added to Network Scanner
We started to develop custom detection modules which are being added to the standard OpenVAS Network Scanner scans in order to detect high risk vulnerabilities in commercial software.
New payload type in URL Fuzzer
Besides wordlists, the URL Fuzzer can now send a sequence of numbers as payload.
Check if a Microsoft Exchange server is affected by CVE-2021-26855, a vulnerability which can lead to disclosure of sensitive information and to RCE.
February 2021 Changes
More info on Jira issues
The target name and the workspace have been added to the cards created in Jira.
Subdomain Finder improvements
The Subdomain Finder tool has been improved with additional data sources to discover more subdomains.
Notification for ports that shouldn’t be open
You can get a scan notification if the open ports found are other than the ones you defined.
Custom payload in URL Fuzzer
Now you can specify a custom location in URL Fuzzer for the payload using the FUZZ marker in the URL or in query strings.
Custom headers in URL Fuzzer
The URL Fuzzer now allows you to specify custom headers to be sent with each request.
2FA for Advanced
The two-factor authentication is now also available to all the Advanced users (besides Teams).
Custom e-mail subject
Now you can further customize the subject of the mail by changing the placeholders.
E-mail subject changed
The subject of the e-mail generated by a scan will contain the name of the tool, the target and the workspace.
E-mail address changed
All scan results will be sent from the following email address: firstname.lastname@example.org
Deprecated Citrix and BigIP scanners
The vulnerability scanners for Citrix CVE-2019-19781 and BIG-IP CVE-2020-5902 have been deprecated.