home.social

#pentesttools — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pentesttools, aggregated by home.social.

  1. Demo time! The place where tools behave perfectly… until you hit “Start.” 😅

    We’ve launched a bi-weekly demo series where #offensivesecurity practitioners show how they *actually* use Pentest-Tools.com in real workflows.

    No polished slides. No “everything works on the first try.”

    Just real demos - where things might break, scans might fail, and you see how practitioners adapt.

    In the first session, Sacha Iakovenko walks through his process:

    📁 How he organizes targets with workspaces

    📊 How he spots critical vulnerabilities from the dashboard

    🔍 How he chains tools to validate findings faster

    Because real #pentesting workflows aren’t perfect - and good demos shouldn’t pretend they are.

    Watch the first demo in the video.

    What should we try (or possibly break) in the next demo? 👇

    Sacha is also one of our most precious collaborators, check out his articles on our blog: pentest-tools.com/blog/authors

    #PentestTools #Cybersecurity

  2. Most auditors hate raw scanner noise as much as you hate jumping through hoops trying to explain it. Why? Because a scan ≠ a pass. ⬇️

    If you spend more time reformatting 200-page PDFs than reducing risk, you’re stuck in a loop that burns into your team’s energy.

    Here are 3 ways we reduce compliance noise:

    ✅ Capture irrefutable proof 👉 get screenshots, request/response traces, and more to prove a vulnerability exists and matters.

    ✅ Show continuous progress 👉 replace static snapshots with scheduled scans and vulnerability diffing to demonstrate effective remediation over time.

    ✅ Sync findings directly 👉 push validated data straight into Jira, Vanta, or Nucleus (or others) to eliminate manual reformatting and status drift.

    Read the full white paper here: pentest-tools.com/usage/Compli

    For more context and examples: pentest-tools.com/usage/compli

    #compliance #offensivesecurity #infosec #pentesttools

  3. Our researchers at Pentest-Tools.com just found a new RCE in cPanel (CVE-2025-63261). 🔧

    We discovered that a classic Unsafe Perl Open in AWStats allows command execution. The application fails to sanitize input before the open() call, so a well-placed pipe | character tricks the system into spawning a shell instead of reading a file.

    This exploit requires zero actual plumbing. 🪠

    Read Part 1 of the technical breakdown by Matei Badanoiu: pentest-tools.com/blog/cpanel-

    #infosec #cybersecurity #cPanel #RCE #vulnerability #PentestTools

  4. The holidays are over. The vulnerabilities aren't.

    It’s January 5th. Back at the desk. Is your perimeter the same as you left it?

    Instead of digging through a backlog of unverified alerts, use Vulnerability Monitoring to establish a clean baseline for 2026.

    Configure the Network Scanner for recurring scans. It compares results against the previous state and notifies you only on differences:

    New open ports

    Changed service versions

    Regressions in patched vulnerabilities

    Get a clean difference report, not a list of repetitive findings. Start the year with clarity.

    pentest-tools.com/network-vuln

    #InfoSec #SysAdmin #VulnerabilityManagement #BlueTeam #PentestTools

  5. Might be useful for the ever present (these days) scope creep from "yeah and take a look at our AI chat bot"!

    darknet.org.uk/2025/09/llamato

    #ai #pentesttools

  6. Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

    I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

    So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
    #askfedi #askinfosec #rfhacking #pentesttools #hackingtools

  7. Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

    I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

    So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
    #askfedi #askinfosec #rfhacking #pentesttools #hackingtools

  8. Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

    I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

    So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
    #askfedi #askinfosec #rfhacking #pentesttools #hackingtools

  9. Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

    I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

    So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
    #askfedi #askinfosec #rfhacking #pentesttools #hackingtools

  10. Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

    I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

    So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
    #askfedi #askinfosec #rfhacking #pentesttools #hackingtools