#pentesttools — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pentesttools, aggregated by home.social.
-
Demo time! The place where tools behave perfectly… until you hit “Start.” 😅
We’ve launched a bi-weekly demo series where #offensivesecurity practitioners show how they *actually* use Pentest-Tools.com in real workflows.
No polished slides. No “everything works on the first try.”
Just real demos - where things might break, scans might fail, and you see how practitioners adapt.
In the first session, Sacha Iakovenko walks through his process:
📁 How he organizes targets with workspaces
📊 How he spots critical vulnerabilities from the dashboard
🔍 How he chains tools to validate findings faster
Because real #pentesting workflows aren’t perfect - and good demos shouldn’t pretend they are.
Watch the first demo in the video.
What should we try (or possibly break) in the next demo? 👇
Sacha is also one of our most precious collaborators, check out his articles on our blog: https://pentest-tools.com/blog/authors/sacha-iakovenko
-
Most auditors hate raw scanner noise as much as you hate jumping through hoops trying to explain it. Why? Because a scan ≠ a pass. ⬇️
If you spend more time reformatting 200-page PDFs than reducing risk, you’re stuck in a loop that burns into your team’s energy.
Here are 3 ways we reduce compliance noise:
✅ Capture irrefutable proof 👉 get screenshots, request/response traces, and more to prove a vulnerability exists and matters.
✅ Show continuous progress 👉 replace static snapshots with scheduled scans and vulnerability diffing to demonstrate effective remediation over time.
✅ Sync findings directly 👉 push validated data straight into Jira, Vanta, or Nucleus (or others) to eliminate manual reformatting and status drift.
Read the full white paper here: https://pentest-tools.com/usage/Compliance-white-paper-2025.pdf
For more context and examples: https://pentest-tools.com/usage/compliance
-
Our researchers at Pentest-Tools.com just found a new RCE in cPanel (CVE-2025-63261). 🔧
We discovered that a classic Unsafe Perl Open in AWStats allows command execution. The application fails to sanitize input before the open() call, so a well-placed pipe | character tricks the system into spawning a shell instead of reading a file.
This exploit requires zero actual plumbing. 🪠
Read Part 1 of the technical breakdown by Matei Badanoiu: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1
#infosec #cybersecurity #cPanel #RCE #vulnerability #PentestTools
-
The holidays are over. The vulnerabilities aren't.
It’s January 5th. Back at the desk. Is your perimeter the same as you left it?
Instead of digging through a backlog of unverified alerts, use Vulnerability Monitoring to establish a clean baseline for 2026.
Configure the Network Scanner for recurring scans. It compares results against the previous state and notifies you only on differences:
New open ports
Changed service versions
Regressions in patched vulnerabilities
Get a clean difference report, not a list of repetitive findings. Start the year with clarity.
https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
#InfoSec #SysAdmin #VulnerabilityManagement #BlueTeam #PentestTools
-
And it begins, again. AI driven "pentesting platform". I'm just ... I'm just not sure.
-
Hack more LLM APIs. Cisco put out an open source MCP scanner.
-
All in one application security test tool? Methinks this has been tried in the past once or twice.
https://www.darknet.org.uk/2025/10/reaper-unified-application-security-testing-with-ai-support/
-
Neat, like azurite but is doesn't require creds. Audit and attack.
-
Might be useful for the ever present (these days) scope creep from "yeah and take a look at our AI chat bot"!
https://www.darknet.org.uk/2025/09/llamator-red-team-framework-for-testing-llm-security/
-
Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).
I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...
So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools -
Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).
I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...
So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools -
Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).
I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...
So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools -
Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).
I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...
So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools -
Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).
I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...
So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools -
This is an awesome write up on Docker!
https://blog.ropnop.com/docker-for-pentesters/
#security #docker #pentesttools -
Install Kali Linux Tools Using Katoolin In Ubuntu 18.04 LTS #KaliLinuxTools #KaliLinux #Katoolin #Linux #PentestTools #Security #Python #Ubuntu
https://www.ostechnix.com/install-kali-linux-tools-using-katoolin-linux/ -
Hydra 9.5 release, mostly minor bug fixes and enhancements. https://github.com/vanhauser-thc/thc-hydra/releases/tag/v9.5 #thc #hacking #hacker #pentest #pentesting #pentesttools