Copy
View this email in your browser
Hello,

This month, we rolled out 5 new product improvements that help streamline your pentesting work so you can do more of the work you most enjoy: 

1. Website Scanner findings - OWASP 2013/2017 & CWE vuln info added
2. Wordlist limit increased: add lists with 5X more words each
3. NEW: the Password Auditor now supports NTLM authentication
4. Filter URL Fuzzer results based on customer matches
5. Custom request timing options with the URL Fuzzer

xx
Let’s unpack them!

xx

1. Website Scanner findings include OWASP 2013/2017 & CWE vuln info

The findings’ descriptions you get from our Website Scanner now include the class of OWASP Top 10 of 2013 and 2017 they’re part of and their assigned CWE number. 

To see this info, go to Findings and select the ones you need to see more details. You can also visualize it from Scans, where you check the scan results of your target. Just click on the Details to see Classification.  
 
Remember you can automatically pull these details in your reports when you choose which Findings to include in them.

2. Wordlist limit now increased up to 50.000 words

Good news! We increased the limit of a wordlist from 10.000 words to 50.000 words.
 
You can now add even more words (usernames, passwords, config files, etc.) to test against your targets from your Pentest-Tools.com account. 

For each wordlist you create, you can include up to 50.000 words, where each word has a maximum length of 200 characters.

Use default wordlists we provide or add your own for faster, smoother pentests.

Create your wordlist

3.  The Password Auditor now supports NTLM authentication

We also improved the Password Auditor by adding support for the NTLM (New Technology LAN Manager) authentication protocol.

Authentication through NTLM uses a challenge-response protocol and, as a form of Single Sign-On (SSO), does not require users to send unprotected passwords over the network.

4. Filter URL results based on custom matches 

Another improvement we’ve made to the URL Fuzzer is the option to automatically filter URL Fuzzer results based on the conditions you choose.
 
Depending on your engagement, you can now:

  • ignore or match certain HTTP codes
  • ignore or match if the HTML contains a string
  • ignore or match certain conditions for Response Size.

5. The URL Fuzzer now includes custom request timing options 

We’ve added a custom request option to the URL Fuzzer, which allows you to define specific timing for your HTTP request methods.

When you go to URL Fuzzer, add your URL target, and select Timing, you can define the number of parallel requests the tool will run for you.

You can also set a maximum of 10 retries per request. 

Here’s a snapshot of the new option:

Log in to use the updates

Ready to take these updates for a spin?

Which of these updates helped you the most?

 Website Scanner findings - OWASP 2013/2017 & CWE vuln info added
 Wordlist limit increased up to 50.000 words
 The Password Auditor now supports NTLM authentication
 Filter URL Fuzzer results based on customer matches
 Custom request timing options with the URL Fuzzer 

PS: We are always here if there's anything we can help you with, have questions, or want to share your feedback. Make sure to send your message to support@pentest-tools.com. 

The Pentest-Tools.com Team

Let's stay in touch!
Twitter
LinkedIn
Copyright © 2021 PentestTools SRL, All rights reserved.
You are receiving this email because you opted in at our website or used Pentest-Tools.com in the past.

Our mailing address is:
PentestTools SRL
Caderea Bastiliei 64, 1st Floor
Bucharest, Romania EU

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.