Pentest Tools - Online Pentesting Tool Suite

Summary offer more than 25 small tools to scan web applications, networks and API’s.

4 min read

Pentest Tools

What is Pentest Tools?

Pentest Tools web vulnerability scanner finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

Pentest Tools Dashboard

Reconnaissance Tools

Google Hacking

Find juicy information indexed by Google about a target website (e.g. directory listing, sensitive files, error messages, login pages etc.).

Find Subdomains

Discover all the subdomains of a target and map your network’s attack surface. Quickly check for vulnerable systems and reduce security risks for your organization.

Find Associated Domains in One Click

Identify all the domains and associated domains of a target and map your network’s attack surface. Quickly detect vulnerable systems and reduce your target’s exposure to cyberattacks!

Find Virtual Hosts for Any IP Address

Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

TCP Port Scanner with Nmap

Find open TCP ports, exposed network services, and operating systems on a target IP address or hostname. Easily map your network attack surface and discover open ports and services.

UDP Port Scanner with Nmap

Discover open UDP ports, vulnerable network services, and operating systems on your systems. Use our online scanner to find open services such as DNS, VPN, SNMP, NTP, and more.

Website Recon - Discover web technologies

Find useful information about the technologies used by a target web application – server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Web Vulnerability Scanners

Website Vulnerability Scanner

Uncover known vulnerabilities that impact web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal, and more. The scanner also discovers specific web server configuration issues.

XSS Scanner

Test web applications for Cross-Site Scripting vulnerabilities with our XSS Scanner powered by OWASP ZAP.

SQLi Injection Scanner

Discover SQL injection vulnerabilities in web applications by crawling and performing a deep inspection of web pages and parameters. Use our online SQL Injection Scanner powered by OWASP ZAP to quickly detect SQL injection attacks.

Web CMS Vulnerability Scanners

WordPress Vulnerability Scanner - WPScan

This tool helps you discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

Drupal Vulnerability Scanner

Discover Drupal security vulnerabilities in the CMS core, modules and plugins. Use our Drupal Vulnerability Scanner to find misconfigurations and outdated component versions.

Joomla Vulnerability Scanner

Use our scanner to discover known Joomla security vulnerabilities and issues fast. Check for vulnerable Joomla components, modules and templates.

SharePoint Security Scanner

Find SharePoint vulnerabilities in web applications. Use our Microsoft Sharepoint scanner to quickly detect security issues, misconfigurations, and more!

Network Vulnerability Scanners

Network Vulnerability Scan with OpenVAS

Discover outdated network services, operating systems, misconfigurations, and more. Use our Network Vulnerability Scanner to assess your network perimeter and infrastructure.

SSL/TLS Vulnerability Scanner

Check for SSL and TLS vulnerabilities with our SSL vulnerability scanner! Use it to find configuration issues & specific vulnerabilities such as POODLE, Heartbleed, ROBOT, and more.

DNS Zone Transfer Vulnerability Scanner

Find name servers of a target domain vulnerable to DNS Zone. Use this scanner to retrieve the full DNS Zone file.

Offensive Tools

Sniper: Auto-Exploiter

Sniper automatically exploits known, widespread vulnerabilities in high-profile software. The tool gains remote command execution on the vulnerable targets and automatically runs post-exploitation modules to extract interesting data (artefacts) as solid proof for vulnerability validation.

Password Auditor - Find Weak Credentials

Discover weak and default passwords in various network services that require authentication (e.g. SSH, FTP, MySQL) or web pages (web forms). Use our Password Auditor to scan for vulnerable credentials.

URL Fuzzer

Discover hidden files and directories that aren’t linked in the HTML pages: .conf, .bak, .bkp, .zip, .xls, etc. Find hidden content hosted on your target web server fast. Fuzz the target with your custom wordlist in a specific location.

SQLi Exploiter with SQLMap

Exploit SQL injection vulnerabilities in your websites and prove business risks with a detailed report. Use the SQLi Exploiter with SQLMap to quickly detect vulnerable parameters.

XSS Exploiter

Create proof-of-concept scenarios and easily prove the risk of XSS attacks in web applications. Test payloads with our XSS Exploiter and easily find exposed parameters.

HTTP Request Logger

Easily create custom HTTP servers that record and show all requests in one place. Better simulate phishing attacks and perform faster security tests with the HTTP Request Logger.

Subdomain Takeover

Identify all the subdomains of a target that point to external services (e.g. Amazon S3, Heroku, GitHub, etc.). Find those subdomains vulnerable to a hostile takeover.


ICMP Ping Echo Request

Check if a server is live and responds to ICMP Echo requests. Use this online scanner to find the IP address of a hostname.

Whois Lookup – Find Domain Name, IP Address

Perform Whois lookups to find data about an Internet resource such as domain name or IP address. Try our scanner to quickly extract information about your targets.

On this page:

Leave a Reply

Your email address will not be published. Required fields are marked *