Pentest-tools.com offer more than 25 small tools to scan web applications, networks and API's.
4 min read
Pentest Tools web vulnerability scanner finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.
Find juicy information indexed by Google about a target website (e.g. directory listing, sensitive files, error messages, login pages etc.).
Discover all the subdomains of a target and map your network's attack surface. Quickly check for vulnerable systems and reduce security risks for your organization.
Identify all the domains and associated domains of a target and map your network's attack surface. Quickly detect vulnerable systems and reduce your target’s exposure to cyberattacks!
Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.
Find open TCP ports, exposed network services, and operating systems on a target IP address or hostname. Easily map your network attack surface and discover open ports and services.
Discover open UDP ports, vulnerable network services, and operating systems on your systems. Use our online scanner to find open services such as DNS, VPN, SNMP, NTP, and more.
Find useful information about the technologies used by a target web application – server-side and client-side. It can also scan multiple virtual hosts on the same IP.
Uncover known vulnerabilities that impact web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal, and more. The scanner also discovers specific web server configuration issues.
Test web applications for Cross-Site Scripting vulnerabilities with our XSS Scanner powered by OWASP ZAP.
Discover SQL injection vulnerabilities in web applications by crawling and performing a deep inspection of web pages and parameters. Use our online SQL Injection Scanner powered by OWASP ZAP to quickly detect SQL injection attacks.
This tool helps you discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.
Discover Drupal security vulnerabilities in the CMS core, modules and plugins. Use our Drupal Vulnerability Scanner to find misconfigurations and outdated component versions.
Use our scanner to discover known Joomla security vulnerabilities and issues fast. Check for vulnerable Joomla components, modules and templates.
Find SharePoint vulnerabilities in web applications. Use our Microsoft Sharepoint scanner to quickly detect security issues, misconfigurations, and more!
Discover outdated network services, operating systems, misconfigurations, and more. Use our Network Vulnerability Scanner to assess your network perimeter and infrastructure.
Check for SSL and TLS vulnerabilities with our SSL vulnerability scanner! Use it to find configuration issues & specific vulnerabilities such as POODLE, Heartbleed, ROBOT, and more.
Find name servers of a target domain vulnerable to DNS Zone. Use this scanner to retrieve the full DNS Zone file.
Sniper automatically exploits known, widespread vulnerabilities in high-profile software. The tool gains remote command execution on the vulnerable targets and automatically runs post-exploitation modules to extract interesting data (artefacts) as solid proof for vulnerability validation.
Discover weak and default passwords in various network services that require authentication (e.g. SSH, FTP, MySQL) or web pages (web forms). Use our Password Auditor to scan for vulnerable credentials.
Discover hidden files and directories that aren't linked in the HTML pages: .conf, .bak, .bkp, .zip, .xls, etc. Find hidden content hosted on your target web server fast. Fuzz the target with your custom wordlist in a specific location.
Exploit SQL injection vulnerabilities in your websites and prove business risks with a detailed report. Use the SQLi Exploiter with SQLMap to quickly detect vulnerable parameters.
Create proof-of-concept scenarios and easily prove the risk of XSS attacks in web applications. Test payloads with our XSS Exploiter and easily find exposed parameters.
Easily create custom HTTP servers that record and show all requests in one place. Better simulate phishing attacks and perform faster security tests with the HTTP Request Logger.
Identify all the subdomains of a target that point to external services (e.g. Amazon S3, Heroku, GitHub, etc.). Find those subdomains vulnerable to a hostile takeover.
Check if a server is live and responds to ICMP Echo requests. Use this online scanner to find the IP address of a hostname.
Perform Whois lookups to find data about an Internet resource such as domain name or IP address. Try our scanner to quickly extract information about your targets.