The Sniper can now exploit an Arbitrary File Read and a Remote Code Execution through a Path Traversal vulnerability in Apache (CVE-2021-42013).
Password Auditor can now discover weak credentials for the following services: Postgresql, Telnet, and VNC.
The Sniper can now exploit an Arbitrary File Read and a Remote Code Execution through a Path Traversal vulnerability in Apache (CVE-2021-41773).
The Sniper can now exploit a Local File Inclusion in the Cisco Adaptive Security Appliance or the Cisco Firepower Threat Defense (CVE-2020-3187).
The Network Scanner can now exploit an RCE in VMware vCenter (CVE-2021-21985).
The Full Website Scanner will now generate more screenshots to simplify the reporting flow.
The Sniper can now exploit a Local File Inclusion in Pulse Connect Secure (CVE-2019-11510).
The Network Scanner can now detect if the Cisco Adaptive Security Appliance or the Cisco Firepower Threat Defense is vulnerable to Local File Inclusion (CVE-2020-3187).
The Network Scanner can now detect RCE in VMWare vCenter (CVE-2021-22005).
The Sniper can now exploit an RCE in the WebAdmin of Sophos SG Unified Threat Management (CVE-2020-25223).
Website Scanner findings that have been automatically validated by our scanner will be marked with the Confirmed tag.
The Sniper can now exploit an RCE in the Open Management Infrastructure (OMI) agent that is preconfigured in the Linux VM deployed on Azure (CVE-2021-38647).
We added the possibility to clone an existing robot.
The Sniper can now exploit an RCE in Atlassian Confluence (CVE-2021-26084).
The Sniper can now exploit an Unauthenticated RCE in VMware vCenter (CVE-2021-21972).
The Network Scanner can now detect XSS in the ProxyOracle exploit (CVE-2021-31195).
The Network Scanner can now detect RCE in VMware vCenter (CVE-2021-21985).
Now you can limit the maximum requests (per second) for the Website Scanner. Check the Engine Options -> Limits -> Requests per second.
We added the possibility to manually reset the API key.
The URL Fuzzer can now do recursive searches by running automatically inside all the directories already discovered.
The WordPress Scanner can now search for config backups, database exports, or TimThumbs.
Added the possibility to add targets using the CIDR notation (eg. 192.168.1.0/24).
The Network Scanner can now detect CVE-2018-13379 – path traversal in FortiGate SSL VPN appliance.
The HTTP Request Logger tool can now be accessed via the API.
The Network Scanner can now detect Node.js Systeminformation Command Injection (CVE-2021-21315).
The Network Scanner can now detect Remote Code Execution in Microsoft Exchange Server (CVE-2021-28480).
The Network Scanner can now detect the entry point for the ProxyShell attack chain (CVE-2021-34473).
Added the possibility to run now a scheduled scan.
The New Website Scanner will provide at the end of a scan result some stats: URLs spidered, the total number of HTTP requests, error count, etc.
Added to URL Fuzzer the possibility to control the delay between the requests. A retry delays factor is also added to increase exponentially the delay.
Added to URL Fuzzer the possibility to filter certain results (eg. ignore or match certain HTTP codes, ignore or match if the HTML contains a string).
We increased the maximum size of a Wordlist from 10000 words to 50000 words.
The Website Scanner findings will now be classified by OWASP 2013, OWASP2017 and CWE. Check the Details of a finding to see more.
Password Auditor now supports the NTLM authentication protocol.
Added to URL Fuzzer the possibility to specify custom request timing options and the maximum number of retries.
The URL Fuzzer now allows you to fuzz HTTP POST requests.
The Network Scanner can now detect the VMware vCenter Unauthenticated RCE (CVE-2021-21972) vulnerability.
Our new Website Scanner (currently in beta) will now check for sensitive data (email addresses, social security numbers, credit card numbers) in target applications.
We launched a new Website Scanner (currently in beta) fully written by our team. It allows you to select which tests you want to run and it returns less False Positives than the current full scanner.
The Network Scanner can now detect the F5 BIG-IP CVE-2021-22986 unauthenticated remote code execution vulnerability.
The Network Scanner can now detect Hafnium webshells injected during ProxyLogon attacks.
The Network Scanner can now the Microsoft Exchange CVE-2021-26855 SSRF vulnerability (ProxyLogon).
We started to develop custom detection modules which are being added to the standard OpenVAS scans in order to detect high risk vulnerabilities in commercial software.
Besides wordlists, the URL Fuzzer can now send a sequence of numbers as payload.
Check if a Microsoft Exchange server is affected by CVE-2021-26855, a vulnerability which can lead to disclosure of sensitive information and to RCE.
The target name and the workspace have been added to the cards created in Jira.
The Find Subdomains tool has been improved with additional data sources to discover more subdomains.
You can get a scan notification if the open ports found are other than the ones you defined.
Now you can specify a custom location in URL Fuzzer for the payload using the FUZZ marker in the URL or in query strings.
The URL Fuzzer now allows you to specify custom headers to be sent with each request.
The two-factor authentication is now also available to all the Pro Advanced users (besides Enterprise).
Now you can further customize the subject of the mail by changing the placeholders.
The subject of the e-mail generated by a scan will contain the name of the tool, the target and the workspace.
All scan results will be sent from the following email address: firstname.lastname@example.org
The vulnerability scanners for Citrix CVE-2019-19781 and BIG-IP CVE-2020-5902 have been deprecated.
Multiple stability issues have been fixed.
Pentest Robots can now be used to scan the internal networks through VPN.
We’ve launched the Pentest Robots – a new automation method to create custom scanning flows. This helps you greatly reduce the manual work during a pentest.
The Website Scanner now takes the screenshot of the target website. You can find it in the output of “Server software and technologies” test.
A Scan Group is automatically generated when starting/scheduling multiple scans at once and allows for easier management of those related scans.
The screenshots of target websites generated by Website Recon are automatically embedded into the Attack Surface view.
We have added a new authentication method to the Website Scanner which allows you to record and replay the login steps so you can perform authenticated scans easier.
The Password Auditor now supports custom wordlists for usernames and passwords.
When adding/importing new targets, now you can automatically exclude the ones which are not alive. Very useful when adding IP ranges.
Now you can create your own custom wordlists and use them with URL Fuzzer (and soon with other tools also).
The individual scanners for GhostCat and SMBGhost have been deprecated as they have been included into the full OpenVAS scanner.
Authentication options can now be configured from the Targets page for the Website Scanner.
The scheduled scans are now being displayed by workspace. This can be configured from View Settings.
Now you can configure scan notifications directly from the Targets page, when you choose ‘Scan with Tool’. These allow you to receive emails when certain events occur.
The custom description of your targets is now automatically included in your scan reports.
When you mark a vulnerability as False Positive for a target, it will be automatically marked as False Positive for every future scan result for this target.
The Pentest Report (docx format) now has an appendix section containing the list of tools used during the test. Furthermore, we have added Low risk findings to the executive summary when no High/Medium issues are found.
When generating reports from tool results (individual scans), now you have more options to specify what to exclude from the reports: Ignored or Fixed findings, tool configuration details.
Now the VPN Agent can be downloaded also in VirtualBox format (besides VmWare and Hyper-V).
We have added new API methods for target management: add_target, update_target_description, start_scan_by_targetid. Furthermore, we have updated the get_scans method to return more granular results based on workspace_id and target_id.
We have added a new tool to detect the critical Remote Code Execution vulnerability in BIG-IP devices (CVE-2020-5902).
Multiple scan results can now be aggregated and exported into a single report. You can select which scan results to include in the report, both Vulnerability and Discovery scans.
Now you can configure email notifications when your scan matches certain conditions (is Finished, found High Risk, discovered some open port, etc). These notification filters also apply to Scheduled scans.
We have added the option to automatically group similar findings (obtained by multiple scans against the same target) in order to have a cleaner Findings view and to be easier to manage.
Now you can increase the security of your account with Two-Factor Authentication (2FA). Use your mobile device with any authenticator app to login with the second factor.
Besides VmWare, now you can also download the VPN Agent in Hyper-V format, for using it with the Microsoft virtualization solution.
Each finding/vulnerability produced by a scanner now has a unique identifier (ID). This can be used to easily compare scan results programmatically (exported as JSON or via API). These identifiers (vuln_id) look like WEBSCAN-00-0000012 or NETSCAN-01-0002349.
We have fixed a bug in the finding “Vulnerabilities found for server-side software” in order to set the CVSS score as the maximum of all vulnerabilities mentioned in the table (instead of ‘-1’). Furthermore, the CVE field is now populated with a comma-separated list of all CVEs from this finding (instead of ‘None’).
Now you can import targets from a file together with their descriptions. The target name and description must be comma separated, like: “www.example.com, Production web server”
We have added a new method to connect to the internal network in order to make internal scanning much easier. You just need to download the VPN Agent virtual machine and run it inside the internal network. It initiates a VPN tunnel automatically from our scanning servers to your network.
Paying users can upgrade or downgrade their current plan directly from Pentest-Tools.com (without interacting with FastSpring). Just pick the new plan and it will be modified instantly.
We have launched a dedicated support section on our website with multiple articles, product guides and answers to common questions.
We have added the Getting started page, which is an introduction to the platform to help customers get familiar with the platform.
Users have a new filtering method to display only the relevant findings in the Findings page. They now have the option to exclude False Positives, Informational or Ignored findings, such that the Findings view is cleaner and easier to manage.
This is a bug fix that now allows custom logos to appear in the header of a Docx report generated from the Findings page.
We have added advanced filters for the Attack Surface functionality in order to easily search for interesting ports, services or technologies.
Now you can download your invoices directly from the MyAccount page, without accessing the FastSpring payment provider.
The attack surface view aggregates hosts, ports, services and technologies from all the targets in the current workspace in order to show a summary view of the possible attack entry points.
We have rewritten the authentication module that performs automatic login with username and password. We have added support for Single Page Applications and improved the authentication logic.
We have added a WYSIWYG editor to add rich-text elements when creating a Manual Finding, such as images, tables, hyperlinks, code, bold, italic, underline, etc. All these elements are being properly translated to the .docx format, when you want to generate an editable pentest report.
Users can edit all the details of a finding produced by a tool/scanner by cloning it into a new manual finding. This new finding can be manually adjusted as needed (change name, description, risk level, etc).
Users can export scan results of any tool in JSON format. This allows easier data parsing and integration with external tools.
We are offering limited free penetration testing services for organizations fighting the COVID-19 outbreak to better secure their websites.
Users can generate Jira issues directly from our Findings page and automatically send them as tickets to prioritize important tasks.
We have added a new tool for detecting vulnerabilities in SSL/TLS servers, which deprecates the existing tools (Heartbleed, ROBOT, POODLE, DROWN scanners). Those deprecated tools have been disabled.
We added a new, dedicated scanner to detect the SMBGhost RCE vulnerability (CVE-2020-0796) in Windows 10, SMBv3.
We have added a new scanner to detect the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers.
Now the TCP Port Scan and UDP Port Scan tools can be accessed programmatically through the API.
We have added a new API call – get_workspaces – which returns the list of workspaces of the current user. Furthermore, the start_scan function can be configured to start a scan in a specified workspace.
We have added a new, dedicated scanner on Pentest-Tools.com to detect the Citrix RCE vulnerability CVE-2019-19781.
Users can now delete multiple scheduled scans at the same time. The new improvement simplifies the workflow for those who use the Scheduler feature.