Demo time! The place where tools behave perfectly… until you hit “Start.” 😅

We’ve launched a bi-weekly demo series where #offensivesecurity practitioners show how they *actually* use Pentest-Tools.com in real workflows.

No polished slides. No “everything works on the first try.”

Just real demos - where things might break, scans might fail, and you see how practitioners adapt.

In the first session, Sacha Iakovenko walks through his process:

📁 How he organizes targets with workspaces

📊 How he spots critical vulnerabilities from the dashboard

🔍 How he chains tools to validate findings faster

Because real #pentesting workflows aren’t perfect - and good demos shouldn’t pretend they are.

Watch the first demo in the video.

What should we try (or possibly break) in the next demo? 👇

Sacha is also one of our most precious collaborators, check out his articles on our blog: https://pentest-tools.com/blog/authors/sacha-iakovenko

#PentestTools #Cybersecurity

Most auditors hate raw scanner noise as much as you hate jumping through hoops trying to explain it. Why? Because a scan ≠ a pass. ⬇️

If you spend more time reformatting 200-page PDFs than reducing risk, you’re stuck in a loop that burns into your team’s energy.

Here are 3 ways we reduce compliance noise:

✅ Capture irrefutable proof 👉 get screenshots, request/response traces, and more to prove a vulnerability exists and matters.

✅ Show continuous progress 👉 replace static snapshots with scheduled scans and vulnerability diffing to demonstrate effective remediation over time.

✅ Sync findings directly 👉 push validated data straight into Jira, Vanta, or Nucleus (or others) to eliminate manual reformatting and status drift.

Read the full white paper here: https://pentest-tools.com/usage/Compliance-white-paper-2025.pdf

For more context and examples: https://pentest-tools.com/usage/compliance

#compliance #offensivesecurity #infosec #pentesttools

Our researchers at Pentest-Tools.com just found a new RCE in cPanel (CVE-2025-63261). 🔧

We discovered that a classic Unsafe Perl Open in AWStats allows command execution. The application fails to sanitize input before the open() call, so a well-placed pipe | character tricks the system into spawning a shell instead of reading a file.

This exploit requires zero actual plumbing. 🪠

Read Part 1 of the technical breakdown by Matei Badanoiu: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1

#infosec #cybersecurity #cPanel #RCE #vulnerability #PentestTools

The holidays are over. The vulnerabilities aren't.

It’s January 5th. Back at the desk. Is your perimeter the same as you left it?

Instead of digging through a backlog of unverified alerts, use Vulnerability Monitoring to establish a clean baseline for 2026.

Configure the Network Scanner for recurring scans. It compares results against the previous state and notifies you only on differences:

New open ports

Changed service versions

Regressions in patched vulnerabilities

Get a clean difference report, not a list of repetitive findings. Start the year with clarity.

https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

#InfoSec #SysAdmin #VulnerabilityManagement #BlueTeam #PentestTools

And it begins, again. AI driven "pentesting platform". I'm just ... I'm just not sure.

https://www.securityweek.com/tenzai-raises-75-million-in-seed-funding-to-build-ai-powered-pentesting-platform/

#pentesttools #genai

Hack more LLM APIs. Cisco put out an open source MCP scanner.

https://www.darknet.org.uk/2025/10/mcp-scanner-python-mcp-scanner-for-prompt-injection-and-insecure-agents/

#pentesttools #genai

All in one application security test tool? Methinks this has been tried in the past once or twice.

https://www.darknet.org.uk/2025/10/reaper-unified-application-security-testing-with-ai-support/

#appsec #pentesttools

Neat, like azurite but is doesn't require creds. Audit and attack.

https://www.darknet.org.uk/2025/10/cloudconqueror-aws-cloudcontrol-api-attack-surface-mapping-and-persistence-tool/

#aws #pentesttools

Might be useful for the ever present (these days) scope creep from "yeah and take a look at our AI chat bot"!

https://www.darknet.org.uk/2025/09/llamator-red-team-framework-for-testing-llm-security/

#ai #pentesttools

Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals  ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools