Pentest-Tools
Pentest-Tools.com helps security professionals find, validate, and communicate vulnerabilities faster and with greater confidence - whether they’re internal teams defending at scale, MSPs juggling clients, or consultants under pressure.
With comprehensive coverage across network, web, API, and cloud assets, and built-in exploit validation, it turns every scan into credible, actionable insight.
Trusted by over 2,000 teams in 119 countries and used in more than 6 million scans annually, it delivers speed, clarity, and control - without bloated stacks or rigid workflows.
Pentest-Tools
The Crafter CMS Groovy sandbox has been patched three times. Our team found 14 more ways through it.
CVE-2026-1770 (PTT-2025-022) — full breakdown and PoC on our Offensive Security Research Hub: pentest-tools.com/research
15 hours ago | [YT] | 1
View 0 replies
Pentest-Tools
AI didn't create the validation gap. It widened it.
When something slips through, who's actually responsible for catching it?
When AI writes the code, who owns the security review?
1 day ago | [YT] | 0
View 0 replies
Pentest-Tools
We found a stored XSS in DNN (DotNetNuke) prior to v10.2.2 that chains to full RCE. Matei "Mal" Bădănoiu documented the full chain, from SVG upload to ASPX backdoor in the server root.
Full write-up + PoC payloads here:
Write-up: pentest-tools.com/blog/dotnetnuke-xss-to-rce
More research from our team: pentest-tools.com/research
6 days ago | [YT] | 0
View 0 replies
Pentest-Tools
If false positives are eating your re-validation time, this breakdown is worth a few minutes.
How we cut FPs by 50% in web scans, and where each layer of validation actually happens:
👉 pentest-tools.com/usage/minimize-false-positives
1 week ago | [YT] | 3
View 0 replies
Pentest-Tools
Session one of Office Hours is up.
Jan Pedersen walks through how to build a compliance evidence trail with continuous scanning: scheduled scans, before-and-after remediation proof, and reports that work for both auditors and engineers.
Tomorrow he's back for session two: AI, accuracy and what's next. Two slots below. 👇
1️⃣ 3:00 PM Bucharest / 1:00 PM London / 8:00 AM New York
👉 zoom.us/webinar/register/WN_uMAjbUwRSqCj1knLCcOCTg
2️⃣ 7:00 PM Bucharest / 5:00 PM London / 12:00 PM New York / 9:00 AM Los Angeles
👉 zoom.us/webinar/register/WN_xp1ewHcMQVKVoZe4bAEIxw
1 week ago | [YT] | 0
View 0 replies
Pentest-Tools
New video is up 👇
Our MCP server is live on all paid plans — it connects your Pentest-Tools.com account to Claude, Cursor, VS Code, Gemini CLI, and other AI clients. You can run scans, triage findings, generate and translate reports, and manage targets in natural language.
Iulian (one of the engineers who built it) walks through the full setup, runs live demos of authenticated scanning, generates an executive report, translates it to German, and shows how to chain it with other MCPs like Linear.
Every tool call still needs your explicit approval before it runs. You stay in control.
Have you tried building MCP workflows yet? Drop your setup or favorite prompt in the comments 👇
1 week ago | [YT] | 1
View 0 replies
Pentest-Tools
The best phishing infrastructure is the one your target already trusts.
🎯Our researcher Matei "Mal" Bădănoiu just published a new 0-day: stored XSS to RCE in DNN Platform (formerly DotNetNuke), the most widely deployed open-source CMS in the Microsoft ecosystem. Around 750,000 sites run it. CVE-2026-40321.
The XSS itself is a clean SVG-upload bypass — javascript: URI inside an anchor tag, filter waves it through.
But the XSS is not the interesting part.The interesting part is the delivery.Instead of sending a phishing email from an external domain, Mal used DNN's own internal messaging feature to send the malicious SVG as an attachment to a SuperUser.
The victim gets a message from another account inside the application they're already logged into. No external domain to flag. No email gateway to catch it. Just a trusted sender, inside a trusted app, with a "Click me!" attachment.One click opens the SVG. A second click on the rendered image fires the chain: the payload writes an ASPX backdoor to the web root via /API/personaBar/ConfigConsole/UpdateConfigFile, and whoami comes back as iis apppool.
From there, standard Windows service-account escalation to SYSTEM.If you run DNN, patch against the GitHub advisory, audit /Portals/*/Users/ for unexpected SVG uploads, and check the web root for ASPX files you don't recognize.
Full write-up, payloads, and the filter-bypass history from older DNN versions here:
👉 pentest-tools.com/blog/dotnetnuke-xss-to-rce
2 weeks ago | [YT] | 5
View 0 replies
Pentest-Tools
The frameworks keep multiplying. The calendar doesn't.
But let's be honest about how it actually feels.
#cybersecurity #infosec #compliance
What is your relationship with compliance?
2 weeks ago | [YT] | 0
View 0 replies
Pentest-Tools
🔍 New research from Matei "Mal" Bădănoiu and Raul Bledea: password reset poisoning via Host header in FuelCMS v1.5.2 (CVE-2026-30459, CVSS 7.1 High).
The app trusts whatever Host header you send it. One spoofed request and the reset token goes to the attacker. No fix coming from the vendor.
Full PoC in the link below.
pentest-tools.com/research
2 weeks ago | [YT] | 4
View 0 replies
Pentest-Tools
If you're evaluating a security tool and want straight answers on scan safety, payload authorship, validation evidence, and data handling, we put them all in one place.
pentest-tools.com/product/faq
3 weeks ago | [YT] | 1
View 0 replies
Load more