Most auditors hate raw scanner noise as much as you hate jumping through hoops trying to explain it. Why? Because a scan ≠ a pass. ⬇️

If you spend more time reformatting 200-page PDFs than reducing risk, you’re stuck in a loop that burns into your team’s energy.

Here are 3 ways we reduce compliance noise:

✅ Capture irrefutable proof 👉 get screenshots, request/response traces, and more to prove a vulnerability exists and matters.

✅ Show continuous progress 👉 replace static snapshots with scheduled scans and vulnerability diffing to demonstrate effective remediation over time.

✅ Sync findings directly 👉 push validated data straight into Jira, Vanta, or Nucleus (or others) to eliminate manual reformatting and status drift.

Read the full white paper here: https://pentest-tools.com/usage/Compliance-white-paper-2025.pdf

For more context and examples: https://pentest-tools.com/usage/compliance

#compliance #offensivesecurity #infosec #pentesttools

Our researchers at Pentest-Tools.com just found a new RCE in cPanel (CVE-2025-63261). 🔧

We discovered that a classic Unsafe Perl Open in AWStats allows command execution. The application fails to sanitize input before the open() call, so a well-placed pipe | character tricks the system into spawning a shell instead of reading a file.

This exploit requires zero actual plumbing. 🪠

Read Part 1 of the technical breakdown by Matei Badanoiu: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1

#infosec #cybersecurity #cPanel #RCE #vulnerability #PentestTools

The holidays are over. The vulnerabilities aren't.

It’s January 5th. Back at the desk. Is your perimeter the same as you left it?

Instead of digging through a backlog of unverified alerts, use Vulnerability Monitoring to establish a clean baseline for 2026.

Configure the Network Scanner for recurring scans. It compares results against the previous state and notifies you only on differences:

New open ports

Changed service versions

Regressions in patched vulnerabilities

Get a clean difference report, not a list of repetitive findings. Start the year with clarity.

https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

#InfoSec #SysAdmin #VulnerabilityManagement #BlueTeam #PentestTools

And it begins, again. AI driven "pentesting platform". I'm just ... I'm just not sure.

https://www.securityweek.com/tenzai-raises-75-million-in-seed-funding-to-build-ai-powered-pentesting-platform/

#pentesttools #genai

Hack more LLM APIs. Cisco put out an open source MCP scanner.

https://www.darknet.org.uk/2025/10/mcp-scanner-python-mcp-scanner-for-prompt-injection-and-insecure-agents/

#pentesttools #genai

All in one application security test tool? Methinks this has been tried in the past once or twice.

https://www.darknet.org.uk/2025/10/reaper-unified-application-security-testing-with-ai-support/

#appsec #pentesttools

Neat, like azurite but is doesn't require creds. Audit and attack.

https://www.darknet.org.uk/2025/10/cloudconqueror-aws-cloudcontrol-api-attack-surface-mapping-and-persistence-tool/

#aws #pentesttools

Might be useful for the ever present (these days) scope creep from "yeah and take a look at our AI chat bot"!

https://www.darknet.org.uk/2025/09/llamator-red-team-framework-for-testing-llm-security/

#ai #pentesttools

Is it just me or is every demo/overview of the #FlipperZero extremely unimpressive (especially those for a mainstream audience).

I regretfully watched one such video earlier and one of the features highlighted was the ability to copy TV remote signals :blobcatgoogly2: ...I get it was aimed at a non-technical audience but I literally had a watch that could do that when I was a kid and to this day grandparents around the world have universal remotes with this capability...

So I want to put it out there to the #infosec community - where are the cool flipper zero #projects? And I don't mean installing #DOOM or some other quirky play thing. I want to see legit #RF #hacking, or at least using the #GPIO!
#askfedi #askinfosec #rfhacking #pentesttools #hackingtools

This is an awesome write up on Docker!

https://blog.ropnop.com/docker-for-pentesters/
#security #docker #pentesttools

Hydra 9.5 release, mostly minor bug fixes and enhancements. https://github.com/vanhauser-thc/thc-hydra/releases/tag/v9.5 #thc #hacking #hacker #pentest #pentesting #pentesttools

Install Kali Linux Tools Using Katoolin In Ubuntu 18.04 LTS #KaliLinuxTools #KaliLinux #Katoolin #Linux #PentestTools #Security #Python #Ubuntu
https://www.ostechnix.com/install-kali-linux-tools-using-katoolin-linux/