BillNew genai enabled phishing kit dropped.
pentest-tools.comDemo time! The place where tools behave perfectly… until you hit “Start.” 😅
We’ve launched a bi-weekly demo series where #offensivesecurity practitioners show how they *actually* use Pentest-Tools.com in real workflows.
No polished slides. No “everything works on the first try.”
Just real demos - where things might break, scans might fail, and you see how practitioners adapt.
In the first session, Sacha Iakovenko walks through his process:
📁 How he organizes targets with workspaces
📊 How he spots critical vulnerabilities from the dashboard
🔍 How he chains tools to validate findings faster
Because real #pentesting workflows aren’t perfect - and good demos shouldn’t pretend they are.
Watch the first demo in the video.
What should we try (or possibly break) in the next demo? 👇
Sacha is also one of our most precious collaborators, check out his articles on our blog: https://pentest-tools.com/blog/authors/sacha-iakovenko
Most auditors hate raw scanner noise as much as you hate jumping through hoops trying to explain it. Why? Because a scan ≠ a pass. ⬇️
If you spend more time reformatting 200-page PDFs than reducing risk, you’re stuck in a loop that burns into your team’s energy.
Here are 3 ways we reduce compliance noise:
✅ Capture irrefutable proof 👉 get screenshots, request/response traces, and more to prove a vulnerability exists and matters.
✅ Show continuous progress 👉 replace static snapshots with scheduled scans and vulnerability diffing to demonstrate effective remediation over time.
✅ Sync findings directly 👉 push validated data straight into Jira, Vanta, or Nucleus (or others) to eliminate manual reformatting and status drift.
Read the full white paper here: https://pentest-tools.com/usage/Compliance-white-paper-2025.pdf
For more context and examples: https://pentest-tools.com/usage/compliance
Our researchers at Pentest-Tools.com just found a new RCE in cPanel (CVE-2025-63261). 🔧
We discovered that a classic Unsafe Perl Open in AWStats allows command execution. The application fails to sanitize input before the open() call, so a well-placed pipe | character tricks the system into spawning a shell instead of reading a file.
This exploit requires zero actual plumbing. 🪠
Read Part 1 of the technical breakdown by Matei Badanoiu: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1
#infosec #cybersecurity #cPanel #RCE #vulnerability #PentestTools
The holidays are over. The vulnerabilities aren't.
It’s January 5th. Back at the desk. Is your perimeter the same as you left it?
Instead of digging through a backlog of unverified alerts, use Vulnerability Monitoring to establish a clean baseline for 2026.
Configure the Network Scanner for recurring scans. It compares results against the previous state and notifies you only on differences:
New open ports
Changed service versions
Regressions in patched vulnerabilities
Get a clean difference report, not a list of repetitive findings. Start the year with clarity.
https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
#InfoSec #SysAdmin #VulnerabilityManagement #BlueTeam #PentestTools
And it begins, again. AI driven "pentesting platform". I'm just ... I'm just not sure.
Hack more LLM APIs. Cisco put out an open source MCP scanner.
All in one application security test tool? Methinks this has been tried in the past once or twice.
https://www.darknet.org.uk/2025/10/reaper-unified-application-security-testing-with-ai-support/
Neat, like azurite but is doesn't require creds. Audit and attack.
CloudConqueror - AWS CloudControl API Attack Surface Mapping and Persistence Tool
CloudConqueror maps and abuses the AWS CloudControl API for discovery, resource enumeration, and persistence. Learn how attackers and defenders can test detection coverage and harden cloud environments.
Might be useful for the ever present (these days) scope creep from "yeah and take a look at our AI chat bot"!
https://www.darknet.org.uk/2025/09/llamator-red-team-framework-for-testing-llm-security/
