Pentest-Tools.com
@pentest-tools.com
From vulnerability scans to proof, Pentest-Tools.com gives 2,000+ security teams in 119 countries the speed, accuracy, and coverage to confidently validate and mitigate risks across their infrastructure (network, cloud, web apps, APIs).
Pinned
Pentest-Tools.com
@pentest-tools.com
· Dec 31
👋 Hello, builders, breakers, and fixers!
We’re Pentest-Tools.com, a team of 60 from Bucharest, Romania.💥
Since 2017, we’ve been building pentest tools that help security specialists like you:
🔍 Map attack surfaces
💥 Find & exploit vulnerabilities
📊 Report findings with clarity & confidence
[1/2]
We’re Pentest-Tools.com, a team of 60 from Bucharest, Romania.💥
Since 2017, we’ve been building pentest tools that help security specialists like you:
🔍 Map attack surfaces
💥 Find & exploit vulnerabilities
📊 Report findings with clarity & confidence
[1/2]
It’s wild that 170,000+ of you have (and use!) a free Pentest-Tools.com account 💥
Compared to the millions who use our free tools without one, you’ve run 3× more scans and that’s probably because you can.
Compared to the millions who use our free tools without one, you’ve run 3× more scans and that’s probably because you can.
December 23, 2025 at 1:17 PM
It’s wild that 170,000+ of you have (and use!) a free Pentest-Tools.com account 💥
Compared to the millions who use our free tools without one, you’ve run 3× more scans and that’s probably because you can.
Compared to the millions who use our free tools without one, you’ve run 3× more scans and that’s probably because you can.
Here is the post draft for Bluesky. It keeps the message tight, highlights the critical "Windows-specific" nuance, and points directly to the validation solution.
Active exploitation confirmed: CVE-2025-11953.
#InfoSec #AppSec #RedTeam #VulnerabilityManagement #ReactNative
Active exploitation confirmed: CVE-2025-11953.
#InfoSec #AppSec #RedTeam #VulnerabilityManagement #ReactNative
December 22, 2025 at 4:24 PM
Here is the post draft for Bluesky. It keeps the message tight, highlights the critical "Windows-specific" nuance, and points directly to the validation solution.
Active exploitation confirmed: CVE-2025-11953.
#InfoSec #AppSec #RedTeam #VulnerabilityManagement #ReactNative
Active exploitation confirmed: CVE-2025-11953.
#InfoSec #AppSec #RedTeam #VulnerabilityManagement #ReactNative
End of year rush? 📉
Pentest-Tools.com is available in the AWS Marketplace.
You can now get our plans using your existing AWS cloud budget—keeping procurement simple and approvals fast.
#offensivesecurity #infosec #AWSMarketplace
Pentest-Tools.com is available in the AWS Marketplace.
You can now get our plans using your existing AWS cloud budget—keeping procurement simple and approvals fast.
#offensivesecurity #infosec #AWSMarketplace
December 19, 2025 at 1:55 PM
End of year rush? 📉
Pentest-Tools.com is available in the AWS Marketplace.
You can now get our plans using your existing AWS cloud budget—keeping procurement simple and approvals fast.
#offensivesecurity #infosec #AWSMarketplace
Pentest-Tools.com is available in the AWS Marketplace.
You can now get our plans using your existing AWS cloud budget—keeping procurement simple and approvals fast.
#offensivesecurity #infosec #AWSMarketplace
Can machine learning make offensive security smarter or is it just security theater?
We asked seasoned pentesters, red teamers, and builders of offensive tools to share where ML helps—and where it falls flat.
#offensivesecurity #securitycompliance #machinelearning
We asked seasoned pentesters, red teamers, and builders of offensive tools to share where ML helps—and where it falls flat.
#offensivesecurity #securitycompliance #machinelearning
December 18, 2025 at 3:12 PM
Can machine learning make offensive security smarter or is it just security theater?
We asked seasoned pentesters, red teamers, and builders of offensive tools to share where ML helps—and where it falls flat.
#offensivesecurity #securitycompliance #machinelearning
We asked seasoned pentesters, red teamers, and builders of offensive tools to share where ML helps—and where it falls flat.
#offensivesecurity #securitycompliance #machinelearning
Getting approval for tools is often harder than the actual engagement.
So we made that conversation easier: We’ve doubled our yearly discount from 15% to 30%.
Lock in your tooling now so you don't have to battle for resources every month. 👇
So we made that conversation easier: We’ve doubled our yearly discount from 15% to 30%.
Lock in your tooling now so you don't have to battle for resources every month. 👇
December 16, 2025 at 3:49 PM
Getting approval for tools is often harder than the actual engagement.
So we made that conversation easier: We’ve doubled our yearly discount from 15% to 30%.
Lock in your tooling now so you don't have to battle for resources every month. 👇
So we made that conversation easier: We’ve doubled our yearly discount from 15% to 30%.
Lock in your tooling now so you don't have to battle for resources every month. 👇
Auditors don't want scan results. They want proof.
Standard scanners miss what matters most:
🛠️ Proof of Remediation
📉 Context (Business > CVSS)
📋 Alignment to controls 🔄 Reproducibility
We automate this "evidence layer."
Get the guide to audit-ready evidence: pentest-tools.com/usage/compli...
Standard scanners miss what matters most:
🛠️ Proof of Remediation
📉 Context (Business > CVSS)
📋 Alignment to controls 🔄 Reproducibility
We automate this "evidence layer."
Get the guide to audit-ready evidence: pentest-tools.com/usage/compli...
December 15, 2025 at 2:53 PM
Auditors don't want scan results. They want proof.
Standard scanners miss what matters most:
🛠️ Proof of Remediation
📉 Context (Business > CVSS)
📋 Alignment to controls 🔄 Reproducibility
We automate this "evidence layer."
Get the guide to audit-ready evidence: pentest-tools.com/usage/compli...
Standard scanners miss what matters most:
🛠️ Proof of Remediation
📉 Context (Business > CVSS)
📋 Alignment to controls 🔄 Reproducibility
We automate this "evidence layer."
Get the guide to audit-ready evidence: pentest-tools.com/usage/compli...
Doomscrolling for 0-days is not a sustainable information diet. 📉
We got tired of the noise, so we asked our own red team and engineers: "What are the newsletters you actually open every week?"
We got tired of the noise, so we asked our own red team and engineers: "What are the newsletters you actually open every week?"
December 12, 2025 at 1:58 PM
Doomscrolling for 0-days is not a sustainable information diet. 📉
We got tired of the noise, so we asked our own red team and engineers: "What are the newsletters you actually open every week?"
We got tired of the noise, so we asked our own red team and engineers: "What are the newsletters you actually open every week?"
We haven't seen a CVSS 10.0 this scary since #Log4Shell. 🚨
Everyone talks about detecting #React2Shell (CVE-2025-55182). But detection based on banner grabbing is just a guess.
To truly know if you're exposed, you need to validate it.
So we launched the exploit.
Everyone talks about detecting #React2Shell (CVE-2025-55182). But detection based on banner grabbing is just a guess.
To truly know if you're exposed, you need to validate it.
So we launched the exploit.
December 9, 2025 at 3:56 PM
We haven't seen a CVSS 10.0 this scary since #Log4Shell. 🚨
Everyone talks about detecting #React2Shell (CVE-2025-55182). But detection based on banner grabbing is just a guess.
To truly know if you're exposed, you need to validate it.
So we launched the exploit.
Everyone talks about detecting #React2Shell (CVE-2025-55182). But detection based on banner grabbing is just a guess.
To truly know if you're exposed, you need to validate it.
So we launched the exploit.
Automation gives you data. Accreditation gives you a good night’s sleep. 😴
With #NIS2 reshaping compliance, we’re proud to confirm Pentest-Tools.com is officially re-accredited by the DNSC as a cybersecurity auditor through 2028.
We build the scanners, and we’re certified to audit the results. 🛠️✅
With #NIS2 reshaping compliance, we’re proud to confirm Pentest-Tools.com is officially re-accredited by the DNSC as a cybersecurity auditor through 2028.
We build the scanners, and we’re certified to audit the results. 🛠️✅
December 8, 2025 at 3:20 PM
Automation gives you data. Accreditation gives you a good night’s sleep. 😴
With #NIS2 reshaping compliance, we’re proud to confirm Pentest-Tools.com is officially re-accredited by the DNSC as a cybersecurity auditor through 2028.
We build the scanners, and we’re certified to audit the results. 🛠️✅
With #NIS2 reshaping compliance, we’re proud to confirm Pentest-Tools.com is officially re-accredited by the DNSC as a cybersecurity auditor through 2028.
We build the scanners, and we’re certified to audit the results. 🛠️✅
📊 39% of cloud environments are vulnerable to React2Shell.
Even worse? 44% have publicly exposed Next.js instances (Source: Wiz).
The "secure by design" assumption is failing.
✅ Detection is LIVE.
#AppSec #Infosec #ReactJS #React2Shell #CloudSecurity
Even worse? 44% have publicly exposed Next.js instances (Source: Wiz).
The "secure by design" assumption is failing.
✅ Detection is LIVE.
#AppSec #Infosec #ReactJS #React2Shell #CloudSecurity
December 5, 2025 at 3:07 PM
📊 39% of cloud environments are vulnerable to React2Shell.
Even worse? 44% have publicly exposed Next.js instances (Source: Wiz).
The "secure by design" assumption is failing.
✅ Detection is LIVE.
#AppSec #Infosec #ReactJS #React2Shell #CloudSecurity
Even worse? 44% have publicly exposed Next.js instances (Source: Wiz).
The "secure by design" assumption is failing.
✅ Detection is LIVE.
#AppSec #Infosec #ReactJS #React2Shell #CloudSecurity
Private cloud assets shouldn't be a black box. ☁️📦
At Infosecurity Europe 2025, our team (Adrian Furtună & Dragoş Sandu) demoed a live compromise of a private AWS infrastructure.
#Infosec #RedTeam #CloudSecurity #Pentesting #SOC2
At Infosecurity Europe 2025, our team (Adrian Furtună & Dragoş Sandu) demoed a live compromise of a private AWS infrastructure.
#Infosec #RedTeam #CloudSecurity #Pentesting #SOC2
December 4, 2025 at 1:16 PM
Private cloud assets shouldn't be a black box. ☁️📦
At Infosecurity Europe 2025, our team (Adrian Furtună & Dragoş Sandu) demoed a live compromise of a private AWS infrastructure.
#Infosec #RedTeam #CloudSecurity #Pentesting #SOC2
At Infosecurity Europe 2025, our team (Adrian Furtună & Dragoş Sandu) demoed a live compromise of a private AWS infrastructure.
#Infosec #RedTeam #CloudSecurity #Pentesting #SOC2
At Infosecurity Europe 2025, our team (Adrian Furtună & Dragoş Sandu) demoed a live compromise of a private AWS infrastructure.
We went from "zero access" to root by:
1️⃣ Tunneling in via VPN Agent
2️⃣ Chaining a Redis RCE
3️⃣ Bypassing Next.js auth to dump secrets
We went from "zero access" to root by:
1️⃣ Tunneling in via VPN Agent
2️⃣ Chaining a Redis RCE
3️⃣ Bypassing Next.js auth to dump secrets
December 4, 2025 at 1:15 PM
At Infosecurity Europe 2025, our team (Adrian Furtună & Dragoş Sandu) demoed a live compromise of a private AWS infrastructure.
We went from "zero access" to root by:
1️⃣ Tunneling in via VPN Agent
2️⃣ Chaining a Redis RCE
3️⃣ Bypassing Next.js auth to dump secrets
We went from "zero access" to root by:
1️⃣ Tunneling in via VPN Agent
2️⃣ Chaining a Redis RCE
3️⃣ Bypassing Next.js auth to dump secrets
You can learn a tool in an afternoon. The adversarial mindset takes a lifetime.
Top community picks to build it:
The Web Application Hacker's Handbook
Red Team Development and Operations
Social Engineering (Hadnagy)
We curated 70+ more here: pentest-tools.com/blog/hacking...
#infosec #redteam
Top community picks to build it:
The Web Application Hacker's Handbook
Red Team Development and Operations
Social Engineering (Hadnagy)
We curated 70+ more here: pentest-tools.com/blog/hacking...
#infosec #redteam
December 3, 2025 at 2:50 PM
You can learn a tool in an afternoon. The adversarial mindset takes a lifetime.
Top community picks to build it:
The Web Application Hacker's Handbook
Red Team Development and Operations
Social Engineering (Hadnagy)
We curated 70+ more here: pentest-tools.com/blog/hacking...
#infosec #redteam
Top community picks to build it:
The Web Application Hacker's Handbook
Red Team Development and Operations
Social Engineering (Hadnagy)
We curated 70+ more here: pentest-tools.com/blog/hacking...
#infosec #redteam
While you were recovering from Thanksgiving, we were shipping exploits. 🦃
New in Pentest-Tools.com:
🔥 3 Sniper RCE modules (Oracle EBS, React Native CLI, WordPress)
🛡️ ASP.NET Core request smuggling detection
🧠 Smarter SQLi testing
Play video www.youtube.com/watch?v=xQsT...
New in Pentest-Tools.com:
🔥 3 Sniper RCE modules (Oracle EBS, React Native CLI, WordPress)
🛡️ ASP.NET Core request smuggling detection
🧠 Smarter SQLi testing
Play video www.youtube.com/watch?v=xQsT...
December 2, 2025 at 12:34 PM
While you were recovering from Thanksgiving, we were shipping exploits. 🦃
New in Pentest-Tools.com:
🔥 3 Sniper RCE modules (Oracle EBS, React Native CLI, WordPress)
🛡️ ASP.NET Core request smuggling detection
🧠 Smarter SQLi testing
Play video www.youtube.com/watch?v=xQsT...
New in Pentest-Tools.com:
🔥 3 Sniper RCE modules (Oracle EBS, React Native CLI, WordPress)
🛡️ ASP.NET Core request smuggling detection
🧠 Smarter SQLi testing
Play video www.youtube.com/watch?v=xQsT...
Different roles. Different pressures. Same need for accuracy.
🏢 Internal Teams: Automate scanning & cut the noise.
🤝 MSPs: Scale service delivery across clients.
🕵️♂️ Consultants: Validate faster & report with proof.
#infosec #vulnerabilitymanagement #redteam
🏢 Internal Teams: Automate scanning & cut the noise.
🤝 MSPs: Scale service delivery across clients.
🕵️♂️ Consultants: Validate faster & report with proof.
#infosec #vulnerabilitymanagement #redteam
November 28, 2025 at 3:04 PM
Different roles. Different pressures. Same need for accuracy.
🏢 Internal Teams: Automate scanning & cut the noise.
🤝 MSPs: Scale service delivery across clients.
🕵️♂️ Consultants: Validate faster & report with proof.
#infosec #vulnerabilitymanagement #redteam
🏢 Internal Teams: Automate scanning & cut the noise.
🤝 MSPs: Scale service delivery across clients.
🕵️♂️ Consultants: Validate faster & report with proof.
#infosec #vulnerabilitymanagement #redteam
If you're clicking "Start Scan" manually every time, you're doing it wrong. 🖱️❌
Scaling security isn't about headcount; it's about automation.
Use our REST API to: 🚀 Trigger scans in CI/CD 📊 Pull machine-friendly JSON results 🔁 Script bulk operations
#DevSecOps #RedTeam #Automation #Infosec
Scaling security isn't about headcount; it's about automation.
Use our REST API to: 🚀 Trigger scans in CI/CD 📊 Pull machine-friendly JSON results 🔁 Script bulk operations
#DevSecOps #RedTeam #Automation #Infosec
Vulnerability Scanning API
Automate vulnerability scanning and reporting with our REST API. Integrate into CI/CD, export results in JSON, CSV, or PDF & scale coverage.
pentest-tools.com
November 27, 2025 at 2:09 PM
If you're clicking "Start Scan" manually every time, you're doing it wrong. 🖱️❌
Scaling security isn't about headcount; it's about automation.
Use our REST API to: 🚀 Trigger scans in CI/CD 📊 Pull machine-friendly JSON results 🔁 Script bulk operations
#DevSecOps #RedTeam #Automation #Infosec
Scaling security isn't about headcount; it's about automation.
Use our REST API to: 🚀 Trigger scans in CI/CD 📊 Pull machine-friendly JSON results 🔁 Script bulk operations
#DevSecOps #RedTeam #Automation #Infosec
Vulnerability assessment tools are everywhere. Accurate results are not.
Scanners produce noise, not proof. This leaves teams chasing false positives and delivering reports that fail to earn confidence.
Read our new white paper here: pentest-tools.com/usage/accuracy
Scanners produce noise, not proof. This leaves teams chasing false positives and delivering reports that fail to earn confidence.
Read our new white paper here: pentest-tools.com/usage/accuracy
Accuracy is the new product
Get validated, reproducible, and proof-backed results across web, network, API, and cloud scans. Detect what’s real with Pentest-Tools.com.
pentest-tools.com
November 26, 2025 at 12:19 PM
Vulnerability assessment tools are everywhere. Accurate results are not.
Scanners produce noise, not proof. This leaves teams chasing false positives and delivering reports that fail to earn confidence.
Read our new white paper here: pentest-tools.com/usage/accuracy
Scanners produce noise, not proof. This leaves teams chasing false positives and delivering reports that fail to earn confidence.
Read our new white paper here: pentest-tools.com/usage/accuracy
A scan today doesn’t protect you from the CVE released tomorrow. 🗓️
The gap between your quarterly pentests is exactly where attackers thrive. They don’t wait for your schedule, and your defense shouldn't either.
Turn security from a snapshot into a continuous process.
The gap between your quarterly pentests is exactly where attackers thrive. They don’t wait for your schedule, and your defense shouldn't either.
Turn security from a snapshot into a continuous process.
November 24, 2025 at 2:11 PM
A scan today doesn’t protect you from the CVE released tomorrow. 🗓️
The gap between your quarterly pentests is exactly where attackers thrive. They don’t wait for your schedule, and your defense shouldn't either.
Turn security from a snapshot into a continuous process.
The gap between your quarterly pentests is exactly where attackers thrive. They don’t wait for your schedule, and your defense shouldn't either.
Turn security from a snapshot into a continuous process.
What happens when AI builds your app, but a human tries to break it?
That’s what Razvan Ionescu covered in our session How attackers think.
We talked about what’s actually exploitable in AI-heavy stacks, logic flaws, bad integrations, and assumptions no scanner can catch.
That’s what Razvan Ionescu covered in our session How attackers think.
We talked about what’s actually exploitable in AI-heavy stacks, logic flaws, bad integrations, and assumptions no scanner can catch.
November 21, 2025 at 2:56 PM
What happens when AI builds your app, but a human tries to break it?
That’s what Razvan Ionescu covered in our session How attackers think.
We talked about what’s actually exploitable in AI-heavy stacks, logic flaws, bad integrations, and assumptions no scanner can catch.
That’s what Razvan Ionescu covered in our session How attackers think.
We talked about what’s actually exploitable in AI-heavy stacks, logic flaws, bad integrations, and assumptions no scanner can catch.
DefCamp 2025, you were so awesome! ⚡️
Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.
#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting
Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.
#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting
November 20, 2025 at 2:27 PM
DefCamp 2025, you were so awesome! ⚡️
Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.
#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting
Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.
#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting
Last chance to register to the webinar - How attackers think (and why it's still the best way to test AI products)
Attackers don’t care what built your app. They care how it breaks.
Attackers don’t care what built your app. They care how it breaks.
November 18, 2025 at 1:48 PM
Last chance to register to the webinar - How attackers think (and why it's still the best way to test AI products)
Attackers don’t care what built your app. They care how it breaks.
Attackers don’t care what built your app. They care how it breaks.
🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.
#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse
#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse
November 17, 2025 at 1:55 PM
🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.
#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse
#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse
✍️ Before AI could write code, Razvan-Costin IONESCU was already breaking it.
#vulnerabilityassessment #informationsecurity #cybersecurity #pentesting
#vulnerabilityassessment #informationsecurity #cybersecurity #pentesting
November 12, 2025 at 1:05 PM
✍️ Before AI could write code, Razvan-Costin IONESCU was already breaking it.
#vulnerabilityassessment #informationsecurity #cybersecurity #pentesting
#vulnerabilityassessment #informationsecurity #cybersecurity #pentesting
🔐 The riskiest vulnerabilities live behind the login - and most scanners don’t go there. Howeverrrrr...
Attackers don’t stop at the login screen.
🏴☠️ They target what’s behind it: broken access controls, IDORs, insecure password policies, and privilege escalation paths.
1/3
Attackers don’t stop at the login screen.
🏴☠️ They target what’s behind it: broken access controls, IDORs, insecure password policies, and privilege escalation paths.
1/3
November 11, 2025 at 12:16 PM
🔐 The riskiest vulnerabilities live behind the login - and most scanners don’t go there. Howeverrrrr...
Attackers don’t stop at the login screen.
🏴☠️ They target what’s behind it: broken access controls, IDORs, insecure password policies, and privilege escalation paths.
1/3
Attackers don’t stop at the login screen.
🏴☠️ They target what’s behind it: broken access controls, IDORs, insecure password policies, and privilege escalation paths.
1/3
We build the tools we wish we had in the field.
Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. www.youtube.com/watch?v=QcVF...
Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. www.youtube.com/watch?v=QcVF...
November 10, 2025 at 2:48 PM
We build the tools we wish we had in the field.
Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. www.youtube.com/watch?v=QcVF...
Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. www.youtube.com/watch?v=QcVF...