The Headers option allows the user to make an authenticated scan by having valid headers in the target application.
The Cookies option allows the user to make an authenticated scan by having a valid pair of credentials in the target application.
The Automatic option allows the user to make an authenticated scan by having a valid pair of credentials in the target application.
The Website Vulnerability Scanner is a custom tool written by our team which helps you quickly assess the security of a web application. It is a full-blown web application scanner, capable of performing comprehensive security assessments against any type of web application.
You can receive a notification if a scan finds ports that shouldn’t be open if you set the email notification option to Port IS NOT in list.
To see all your Scans, you should enable the “Show scans for all workspaces” option, under the View Settings dropdown in the top right corner.
See how to start a scan using the pentest robots.
Learn how to create scan groups so you can easier export aggregated scan results.
See how to configure email notifications when your scan matches certain conditions.
See how to set up the Network Scan OpenVAS port range
We have recently added a new method to perform internal network scanning which does not require you to perform any special configuration, you just have to run a VPN Agent and start scanning.
You can perform Authenticated Website Scan with JWT by using the custom HTTP headers authentication method
In order to fix a “no open ports” scan result, you should rescan with Nmap’s option “Don’t ping host (-Pn)” enabled or OpenVAS “Check if host is alive before scanning” option disabled.
From the /scans page you can view all your finished or ongoing scans, rescan, stop ongoing scans, download scan results or delete scan results.
See how to manage findings from all your scans in the /findings tab by adding or deleting findings, changing their status, and more.
See the authenticated website scanner limitations
Learn how to save time by creating and using scan templates which group multiple tools and options within one bundle, in order to launch them all at once.
You can continuously monitor the security of your systems using the Pentest-Tools.com platform by scheduling periodic scans.
You can start a new scan directly from a tool page or from the /targets page by selecting one of the “Scan with…” options.
You need to whitelist our scanners to prevent the following errors
You can see all scan results and download or delete scans from the /scans page. You can export the scan results as PDF, HTML, JSON, CSV, XLSX.
Here you can see more information about the duration and important milestones for some of our most commonly used scanners.
Scanning and IP range with Pentest-Tools.com
Addressing the concern regarding if there are any risks involved in performing a Full Website Scan
Each Pentest-tools.com plan has a limitation to how many targets you can scan and how many scans you can run simultaneously.
Not all OWASP Top 10 Web Application Security Risks can be detected by automatic scanners. See here how you can test 6/10 using Pentest-Tools.com platform.
If you obtained an XSS in your scan results with the Website Scanner or XSS Scanner, you can use the XSS Exploiter to validate the Attack Vector and obtain proof of concept for these findings.
You will need to obtain the Session Cookie in order to perform a Cookies Authentication Website Scan.
If you obtained a SQL Injection (SQLi) in your scan results with the Website Scanner or SQLi Scanner, you can use the SQLi Exploiter to validate the Attack Vector and obtain proof of concept for these findings. The SQLi Exploiter allows you to confirm SQL Injection vulnerabilities in your site, to see the vulnerable parameters and also to demonstrate the business risk by extracting data from the database.
See how to view how the default pentest robots are built.
Learn how to combine tool blocks with logic blocks to design the visual penetration testing flow that fits your specific needs.
See how to use the Recorded Authentication method for website scanner when scanning websites with a non-standard authentication method.
URL is out of scope” error can occur if the target URL is incorrect. Check the spelling of the address carefully and look for characters that are not typically present in addresses.
The Pentest-Tools.com Port scanners let you select common ports, a specific port range, or a list. See here the default port list.
You can increase the security of your account with Two-Factor Authentication (2FA). This article shows you how to login with the second factor using an authentication app on your mobile phone.
Here we address some questions about access rights and what type of data we store.
See how many base targets you have defined in the /workspace tab
See how to check your plan details and history, upgrade, downgrade or cancel your subscription, and change your personal information.
Find out how Pentest-Tools.com platform works, what it can do for your business and what makes it different to other solutions.
Use the Pentest-Tools.com workspaces feature so you can easily group targets based on your workflows
From the /targets page you can delete one or several targets, edit their description or move them to a different workspace.
You can add new targets either from the targets page, by directly scanning them or from the scan results of discovery tools.
We count as base targets only the hostname or IP address of the scanned system. All URLs belonging to the same base target will count as a single target.
You don’t need an account for the Light version of the tools. Go to the tool page and start scanning your systems for vulnerabilities.
See how to mark one or more findings in order to automatically exclude them from the scan result.
“Website is not Accessible” scan result can occur for several reasons, see here what you can do to fix this.
You can cancel your subscription from “My Account” by clicking the “Cancel Subscription” button at the bottom of the page.
See how to add sub-users to your Company’s account.