Platform Updates

Detect critical CVEs, scan stats + more updates

Updated at
Reading time
read
Article tags

If you’ve had an intense summer, that makes two of us. We worked hard to roll out new and helpful updates, so let’s break them down:

  1. Detect 4 critical & high-risk CVEs with the new Network Scanner modules

  2. Control the delay between requests & recursion options in the URL Fuzzer

  3. Get scan stats with the new Website Scanner

  4. Run scheduled scans on demand

  5. Use the HTTP Request Logger through our API 

  6. Add targets using the CIDR notation

  7. Enable more enumeration options in the WordPress Scanner

Let’s unpack them!

1. Detect 4 crucial CVEs with the new detection modules we built from scratch

When you run our Network Vulnerability Scanner against your targets, they’ll also check them for:

Use the Full Scan option from the Network Vulnerability Scanner with OpenVAS and see the scan results in Findings.

2. Control the delay between requests and use recursive searches with the URL Fuzzer

You now have the option to control the delay between the HTTP requests you make with the URL Fuzzer. To exponentially increase the delay, make sure to add up to 120 retry delays/request.

If you need to validate payloads with the URL Fuzzer, you can now automatically run recursive searches inside all the directories you’ve already discovered.  

Go to URL Fuzzer, add your URL target, select Payload options, and enable Recursion. You can set a maximum of 3 recursion depth levels/payload.

Here’s a snapshot of these two options:

 

3. Get specific scan stats about your targets with the new Website Scanner

Scan results for our new Website Scanner come with a richer summary section! 

When you scan your URL target with our proprietary Website Scanner, you get detailed, specific scan stats such as URLs spidered, the total number of HTTP requests, error count, injection points detected, and more.

Check it out:

 

 4. Run scheduled scans on demand

Another improvement we added is the option to run a scheduled scan whenever you need to.

To keep your work flexible and productive, select Scheduler from the Dashboard, select a Tool name and Run a specific scan.

 

5. API support available for the HTTP Request Logger

This latest platform update allows you to programmatically create HTTP handlers through the API. Using specific parameters, you can automate scanning and save invaluable time.

6. Add targets using the CIDR notation

On Pentest-Tools.com we now support the CIDR (Classless Inter-Domain Routing) notation, which lets you add your IP targets accordingly (e.g: 192.168.1.0/24).

7. More enumeration options available in the WordPress Scanner 

The WordPress Vulnerability Scanner can now search for config backups, database exports, or TimThumbs! 

Add your URL target and select specific enumeration options to uncover juicy findings in WordPress sites.

 

Log in to use the updates

Get future pentesting guides!

We won't spam you with useless information.

Ready to apply what you read?

Use our free tools

Related articles