PentesterraPENTESTERRA

Platform Updates & Releases

Stay updated with the latest Pentesterra platform developments, new features, and improvements in automated penetration testing and attack surface management.

Pentesterra Changelog

2026-03-20 · Attack Chain Engine · major

Highlights

  • **Kill chain phase labels** on every attack chain step: each step now carries an explicit phase badge — *Initial Access*, *Exploitation*, *Privilege Escalation*, *Lateral Movement*, or *Impact* — making attack paths immediately readable by both security teams and business stakeholders.
  • **Impact-typed CVE exploit nodes**: network CVEs are now routed to four distinct graph nodes — `cve_exploit_rce`, `cve_exploit_auth`, `cve_exploit_dos`, and `cve_exploit_info` — instead of collapsing all CVEs into a single generic exploit node. Each type generates its own attack chain, so RCE and authentication bypass paths are no longer mixed.
  • **Per-CVE triage**: security analysts can now mark individual CVEs as False Positive, Accepted Risk, or Confirmed — independently of the service triage. The engine respects per-CVE decisions when building chains, giving teams surgical control over which vulnerabilities produce attack paths.
  • **Separate entry points for top CVEs**: the top two most dangerous CVEs per impact type (e.g. two separate RCE CVEs on the same host) now generate independent chain entry points, so each high-priority vulnerability appears as its own attack path rather than being merged.
  • **Multi-asset aggregate analysis**: new `POST /api/v1/attack_chains/aggregate` endpoint returns a unified risk view across multiple business assets simultaneously — useful for comparing exposure across all hosts in an engagement at once.
  • **Auto re-analyze on new scan data**: the engine now tracks a `is_stale` flag on each analysis. When a new network or web scan arrives for the same asset, the analysis is marked stale. A background reanalysis can be triggered via `POST /api/v1/attack_chains/{id}/stale/reanalyze` without manual intervention.
  • **Stable chain fingerprint**: each chain now carries a `chain_fingerprint` derived from its entry point, impact node, and data sources — not from the display text. Fingerprints survive re-analysis, so False Positive and Accepted Risk exceptions remain correctly attached even after the underlying scan is refreshed.

Improvements

  • **Lateral movement blast radius**: the lateral movement step now reports `blast_radius_hosts` — the count of unique IPs reachable in the same network segment — giving a concrete measure of how far a pivot could spread.
  • **SSRF → containerized app detection**: SSRF chains now automatically confirm a cloud metadata pivot step when the target asset uses container technology (k8s/Docker port detection or tech tags), closing a gap for modern cloud-native deployments.
  • **CVSS float scoring**: chain risk scores now use the exact CVSS float (e.g. 9.8) rather than tier buckets (9.8 → 10.0). This improves ranking precision across chains when multiple CVEs are present.
  • **Theoretical path penalty reduced**: chains with mostly unconfirmed steps are penalised more aggressively — the floor dropped from 0.30 to 0.10. Purely theoretical paths now score Low/Medium instead of being inflated to High.
  • **`accepted_risk` fully removes nodes from analysis**: previously, accepting a risk reduced a node's score but still allowed chains to be built through it. Now, accepted nodes are excluded from `present_nodes` entirely and no chains are generated through them.
  • **KEV chains prioritised before cutoff**: when more than 20 chains are computed, CISA KEV-related chains are promoted to the front before the `max_chains` slice — ensuring the most critical known-exploited paths are never dropped.
  • **Web scan freshness filter**: the engine now queries only web scan results updated within the configured staleness window. If no fresh results exist, it falls back to the most recent available scan rather than returning empty data.
  • **`reachable_vuln` auto-confirm tightened**: a DevGuard reachable vulnerability is now auto-confirmed as active only when it is in CISA KEV or has CVSS ≥ 9.0 — reducing false-positive confirmed steps for moderate-severity library vulnerabilities.
  • **DevGuard ↔ business asset many-to-many**: a new `business_asset_devguard_projects` join table explicitly links business assets to DevGuard projects. The engine prioritises these explicit mappings when loading DevGuard findings, eliminating mismatches caused by name heuristics.

2026-03-19 · Network Scanner · major

Highlights

  • Dramatically expanded service identification for network scanning: the enrichment pipeline now recognises 22 additional enterprise products — Cisco IOS / NX-OS / ASA, Juniper Junos, Fortinet FortiOS, Palo Alto PAN-OS, Ivanti Connect Secure (formerly Pulse Secure), Citrix NetScaler ADC, F5 BIG-IP, Checkpoint Gaia OS, Atlassian Confluence, Jira, Microsoft Exchange OWA, GitLab, phpMyAdmin, Splunk, Zabbix, Nagios, Icinga, HAProxy, Traefik, Caddy, OpenVPN, Dropbear SSH.
  • New passive HTTP fingerprinting step (Step 2b): when the `Server:` header is absent or shows a CDN/proxy, the scanner now analyses `X-Powered-By`, `X-Generator`, framework-specific headers (`X-Drupal-Cache`, `X-Confluence-*`, `X-OWA-Version`, `MicrosoftSharePointTeamServices`), and session cookie names to identify the backend technology. This enables KB enrichment and CISA KEV matching even through Cloudflare and other reverse proxies.
  • VNC services (port 5900) are now actively probed: the scanner reads the RFB version banner to detect libvncserver and map applicable CVEs.
  • TechDetector findings (`http_info.detected_tech`) are now fed back into the product identification pipeline (Step 2c), closing the gap between HTTP technology detection and KB enrichment.

Improvements

  • `ms-rdp` → product mapping (Remote Desktop Services / Microsoft).
  • Vendor enrichment map expanded with 14 new vendors: Cisco, Juniper, Ivanti, Citrix, Palo Alto Networks, Checkpoint, F5, Atlassian, Splunk — enabling fallback CVE lookup when banner parsing succeeds in identifying vendor but not version.
  • `_title_keywords` and `_vendor_hints` extended with 22 new keywords to capture product identity from HTTP page titles.
  • All new product patterns support version extraction where version strings appear in banners, enabling the more accurate `by_version` KB lookup mode instead of `by_product_with_checks`.

2026-03-19 · Web App Pentest · major

Highlights

  • Three new scanning modules close critical gaps in OWASP API Security Top 10 (2023): **Mass Assignment / BOPLA** (API3), **Rate Limit Bypass** (API4), and **API Versioning Security** (API9).
  • Mass Assignment scanner tests POST/PUT/PATCH endpoints by injecting 28 privileged fields (`role`, `isAdmin`, `price`, `balance`, `permissions`, `approved`, ...) and detects when they are reflected in responses or change the HTTP status from 4xx to 2xx.
  • Rate Limit Bypass scanner first confirms that a rate limit exists (15 rapid requests → expects 429), then tests 10 IP-spoofing headers and 6 path-variation techniques to detect bypasses. Severity is `high` when a 429 → 200 transition is achieved.
  • API Versioning scanner detects the current API version from path, header, and query param, then probes legacy versions (`v0`, `v1`, `legacy`, `deprecated`, `beta`, dated versions) for auth bypass and data-leakage indicators.
  • New **Rule Engine** infrastructure components reduce redundant HTTP requests and improve test accuracy across all modules.

Improvements

  • **SharedBaselineCache**: a single baseline GET per unique endpoint is performed before all modules start — eliminates the 3–5× redundant baseline traffic that each module previously generated independently.
  • **EndpointModuleRouter**: endpoints are now sorted by relevance for each module before being passed to it, using a scoring model (preferred_modules hints, tag overlap, HTTP method preference, path pattern match, platform boost). 24 modules have dedicated path patterns and tag sets.
  • **PlatformPayloadProfile**: the detected platform fingerprint (WordPress, Drupal, Django, Laravel, Rails, Spring Boot, ASP.NET, React/SPA, etc.) now controls additional paths, parameters, and payloads injected per module — replacing the static payload approach.
  • All three infrastructure components are fail-safe: if initialisation fails, scanning continues without them.
  • New modules added to the web pentest profile builder UI under **API & Services** category and included in the OWASP preset by default.

2026-03-18 · DevGuard · major

Highlights

  • Attack Chains now support False Positive and Accepted Risk management. Mark any chain as a false positive or a known accepted risk — it moves to the Exceptions tab and stops affecting analysis scores. Typical use case: Redis detected in infrastructure but not exposed to the internet — the chain is technically valid but not an actionable finding.
  • Exceptions are scoped: mark a chain for a specific asset (domain/IP), for the entire DevGuard project, or organization-wide.
  • The new Exceptions tab in Attack Chain Detail shows all marked chains with scope, reason, and the option to restore them to the active list at any time.

Improvements

  • Each chain row now has a one-click mark button — opens a modal with type (False Positive / Accepted Risk), scope selector, and a reason field.
  • Chain identity is tracked by a stable fingerprint (SHA-256 of chain path + impact), so exceptions survive re-analysis.

2026-03-17 · DevGuard · major

Highlights

  • Business Logic Analysis now correctly distinguishes server-side API endpoints from client-side SPA navigation routes (React Router, Vue Router, Angular Router). Previously, React pages like `/login`, `/register`, `/admin/*` were incorrectly flagged as unprotected server endpoints — these false positives are now fully eliminated.
  • Global authentication middleware is now detected and respected: Flask `@before_request`, Express `app.use(authMiddleware)`, Django `MIDDLEWARE`, and NestJS global guards are recognized as implicit protection for all routes. Individual routes no longer need per-route auth decorators to be considered protected.
  • Public route whitelists (`PUBLIC_ROUTES`, `WHITELIST_PATHS`, inline `if path in ['/login', '/health']` patterns) are extracted from auth middleware code and used to correctly mark explicitly public routes.
  • "Compute Risk Analysis" in the DevGuard Scan Details view is now fully functional — the button triggers attack vector analysis and displays results without requiring navigation to another section.
  • The App Security Model (ASM) section in scan details now reliably appears for all projects, including those with only SPA routes. A dedicated "SPA Routes" metric shows client-side coverage separately from server-side endpoints.
  • Attack Chain detail view: DevGuard stat widgets (cloud credentials, supply chain findings, etc.) are now clickable links that navigate directly to the corresponding DevGuard scan.
  • Severity sorting fixed in the Supply Chain section — Critical findings now always appear first.

Improvements

  • SPA route scanner now detects `<ProtectedRoute>`, `<PrivateRoute>`, `<AuthRoute>`, and other custom Route wrapper components in React Router, not just the base `<Route>` element.
  • Business logic analysis pipeline correctly propagates `global_auth=True` metadata to all server-side routes when a global auth gate is detected, enabling accurate risk scoring without per-route annotation.

2026-03-16 · DevGuard v5.4 · major

Highlights

  • New scanners for Go, PHP/Laravel, and CMS platforms (WordPress, Drupal, Joomla, Magento, PrestaShop) - detecting insecure configurations, dangerous functions, debug modes, and risky plugin inventories.
  • LLM Integration Risk scanner detects exposed AI gateway credentials (LiteLLM, OpenRouter, Portkey), insecure agentic loop patterns, missing guardrails, and LLM output passed to code execution (RCE chain).
  • Prompt Injection Risk scanner identifies multi-agent trust boundary violations and system prompts constructed from unvalidated external data sources.
  • All scan results are now displayed in full - no truncation in CLI reports, IDE extension panels, or web console. Every finding is shown as-is.

Improvements

  • Fixed a runtime version detection issue where the reported Node.js version could differ between the developer's machine and the production server due to an incorrect upgrade threshold in the deployment script.
  • LLM-assisted analysis expanded with server-side AI gateway: all cloud analysis features (business process inference, crypto false-positive reduction, attack scenario generation) now run via Pentesterra's own infrastructure - no external LLM API keys required from users.
  • IDE extension updated to v1.3.0.

2026-03-12 · DevGuard · major

Highlights

  • Six new scanners expand DevGuard coverage into AI tooling, automation platforms, IDE supply chain risks, and vector database exposure.
  • Transitive Dependency Tracking parses `package-lock.json` (v2/v3) to detect nested dependency chains and identify vulnerable packages beyond direct dependencies.
  • SAST Lite introduces lightweight static analysis with 20+ patterns covering SQL injection, XSS, command injection, SSRF, insecure deserialization, prototype pollution, and prompt injection across Python and JS/TS.
  • Automation Platform Risk scanner detects insecure automation workflows including dangerous n8n nodes, missing authentication, and exposed webhook integrations for platforms such as Zapier, Make, and IFTTT.
  • AI Agent Configuration scanner analyzes agent frameworks and detects dangerous tool exposure (ShellTool, BashTool, PythonREPLTool), unsafe prompt patterns, and persistent memory risks.
  • Vector Database Exposure scanner identifies exposed AI vector databases and credentials including Pinecone, Weaviate, and Qdrant configurations.
  • IDE Plugin Threat Intelligence adds supply-chain protection by detecting malicious extensions, typosquatted packages, and unsafe AI agent permissions in developer environments.

Improvements

  • Extended secret detection patterns with 8 additional AI/LLM API key types including HuggingFace, Groq, LangSmith, Replicate, Perplexity, Mistral, Cohere, and Together AI.
  • Expanded threat intelligence datasets for malicious NPM and PyPI typosquatted packages targeting AI and automation ecosystems.
  • Added new exposed endpoint patterns for AI services such as LangServe, Gradio, Jupyter, Ollama, MLflow, and n8n webhooks.
  • Remediation guidance expanded with 35+ new remediation entries covering AI tooling, automation workflows, and vector database security.
  • API client updated to support extended scan submissions with additional metadata parameters.
  • CLI updated to support new scan result categories and extended local summaries.
  • Results panel UI updated with dedicated sections for SAST, automation platforms, AI agents, and vector databases.
  • Category alias mapping added for consistent rendering across legacy and new findings.
  • Collector module significantly expanded (4400+ lines) to support new scanning logic and integrations.
  • Test suite expanded with 25 new tests across 5 new test classes (173 tests passing).

📢 DevGuard for IDE is now available on the VS Code Marketplace — search for “Pentesterra DevGuard” or “Pentesterra”.

2026-02-03 · Notification, verification, and vulnerability triage · major

Highlights

Pentesterra Platform Update We’ve rolled out a major upgrade to our notification, verification, and vulnerability triage system:

  • System alerts from API, backend, and scanner nodes are now organized into a dedicated notification icon and section
  • Message history with read/unread status is now available
  • Improved notification reliability when working with multiple browser tabs
  • Backend now generates alerts for:
  • Critical vulnerabilities with known exploits
  • Vulnerabilities listed in CISA KEV
  • Successfully verified critical network vulnerabilities

Improvements

  • Refactored manual False Positive / False Negative (FP/FN) tagging and resolution workflow
  • Optional automatic vulnerability verification
  • Configurable weights and tuning options for different verification methods and scripts
  • Targeted verification for individually selected vulnerabilities
  • Improved detection of potential vulnerabilities
  • Full vulnerability triage workflow:

`potential / detected → verified / exploited / unconfirmed`

  • Direct links from detected vulnerabilities to the Knowledge Base, opening detailed information in a new tab

These improvements significantly enhance accuracy, transparency, and operational efficiency across Pentesterra’s automated security pipeline.

2026-01-16 · API route access control · minor

Highlights

Global update to API route access control 🚀 We have significantly revised access control across API routes:

  • In line with the existing RBAC (Role-Based Access Control) model, all access checks are now performed exclusively through roles for every actor.
  • In addition to user roles, dedicated roles for scanners and backend components have been introduced. This provides greater flexibility for different processes and deployment scenarios.
  • Each scanner or backend component can be assigned its own specific role, granting access only to explicitly allowed API routes.
  • During manual or automatic registration of a new scanner, a default scanner-node role is assigned, which can later be replaced with a more specific role if required.

Scanner roles now clearly restrict access to only the API routes and data required for scanner nodes, eliminating the need for additional decorators or ad-hoc permission checks at the API route level.

2025-12-20 · Added Bug Bounty Programs Feed · minor

Highlights

Previously, public Bug Bounty programs could be found inside the general Security Feeds via search. Our users asked for a dedicated and more convenient way to track them — so we built it.

  • Pentesterra now includes a separate Bug Bounty Programs page, making it easier to follow program updates, announcements, and opportunities.
  • At the same time, the original Security Feeds section still supports keyword-based search, so you can continue exploring all security news as before.

This feature will be available to all users, including from Tier 0 (free). More updates coming soon.

2025-12-19 · New unified Scan & Pentest Profile Builder · major

Highlights

We’ve delivered a significant update to the web app, introducing a completely new unified Scan & Pentest Task Builder designed to simplify workflows, reduce fragmentation, and provide much more flexibility in how scans are created and executed. 💫 The feature is already tested and pushed to main. Once updates to the scanner, API, and backend are finalized, it will be included in the next release.

Improvements

  • Single unified wizard for creating both tasks and reusable profiles - can be launched immediately or scheduled.
  • Hybrid & multi-phase scanning
  • A single task can now combine:
  • network scanning (with different strategies)
  • web pentesting or run any of them
  • Independent configuration per scan type
  • Different scanners and different targets can be assigned per module, with fully isolated execution pipelines.

In progress

  • Updated scheduler logic for complex / multi-stage tasks
  • Scanner logic improvements including task priorities per tier
  • Role & tier–based UI access separation down to UI elements and checkboxes
  • Feature-based access separation across tiers

2025-12-16 · Refactoring Online Quick Tools and Security Feeds · minor

Highlights

We’ve completed a refactoring pass across Online Quick Tools and Security Feeds pages, focused on usability, data exploration, and reporting. What’s updated:

  • Interactive charts

You can now select a specific time range directly on the chart and toggle categories on/off for clearer analysis.

  • Extended table & search capabilities

Tables and search have been enhanced to support deeper filtering and more efficient data navigation.

  • Redesigned Security Summary

The Security Summary section has been reworked to support daily, weekly, monthly, and yearly security digests.

  • Improved CVE search & Knowledge Base

The CVE search flow has been restructured and integrated more tightly with the CVE Knowledge Base for faster lookup and better context.

  • Enhanced search in Web Pentest data

Search across Web Pentest results has been improved for more accurate and relevant matches.

2025-11-06 · Expanded Web Discovery Toolkit · minor

Highlights

  • Dynamic discovery modules now plug into the web-app pentest to complement existing SPA/API/DNS endpoint mapping.
  • Context brute-forcing and base-path detection uncover deeper application roots.
  • Redirect and link analysis highlights hidden surfaces for follow-up testing.
  • 404 response parsing extracts <a>, <script>, fetch(), and similar clues to enrich context automatically.
  • Lightweight SPA-focused wordlists and heuristics tailored to modern front-ends.
  • Weighted enumeration of common paths such as /app, /static, and /assets based on detected technologies.
  • Enhanced Playwright phases rerun SPA analysis on newly discovered contexts to surface fetch calls, REST endpoints, and routes ahead of authentication.

Improvements

  • Provides earlier insight into attack paths by mirroring reconnaissance depth from network pentests in the web workflow.

2025-11-05 · Web Pentest Artifact Reuse Pipeline · minor

Highlights

  • Harvested artifacts like Set-Cookie/Authorization headers, Playwright tokens, and other session materials are automatically extracted and stored in context.
  • Collected artifacts are reused across subsequent requests inside the web pentest module, mirroring how Pentesterra network engagements reuse discovered accounts and tokens.
  • New pipeline is in active development, passing tests, and slated for release soon.

Improvements

  • Brings lateral movement and credential reuse logic from network pentests into the web testing workflow.

Notes

  • Early access build focuses on reliability; wider rollout planned after final validation.

2025-10-16 · New Web Application Modules in Development and Testing · major

Highlights

  • LFI/Path Traversal detection with nuclei payloads.
  • XSS (Reflected/DOM) Cross-Site Scripting detection + nuclei.
  • SQL Injection - Error/Boolean/Time-based SQLi detection + nuclei.
  • SSTI (Template Injection) Server-Side Template Injection + nuclei.
  • Deserialization vulnerabilities detection.
  • JWT Vulnerabilities - JSON Web Token security analysis.
  • Security Headers analysis for missing headers.
  • TLS/SSL Analysis - Certificate and cipher suite checks.
  • Cloud Metadata exposure (AWS/GCP/Azure).
  • HTTP Smuggling - Request smuggling and cache poisoning.
  • IDOR Detection - Insecure Direct Object References.
  • Open Redirect - URL redirection to external domains + nuclei.
  • Technology Stack - Framework and version detection.
  • WAF/CDN Detection - Protection system identification.
  • CVE Detection - Known vulnerability patterns + nuclei.
  • Cookie Security - Secure cookie configuration.
  • CSP Analysis - Content Security Policy validation.
  • Clickjacking - X-Frame-Options validation.
  • Command Injection - OS command injection and RCE detection + nuclei.
  • File Upload - Unrestricted file upload vulnerabilities + nuclei.
  • XXE (XML External Entity) injection + nuclei.
  • SSRF/RFI - Server-side request forgery and RFI + nuclei.
  • GraphQL Injection - GraphQL query injection and introspection.
  • Zip Traversal - Zip archive path traversal.
  • Nuclei CVE Scanner - Additional CVE detection layer.

Improvements

  • Enhanced detection depth and improved validation logic.
  • New categories of web-based security testing.
  • Verification of detected vulnerabilities for reliable results.

2025-08-08 · Extended WAF Detection · minor

Highlights

  • Extended WAF detection capabilities.
  • Passive and active WAF detection methods.

2025-08-07 · New Detection & Evasion Capabilities · major

Highlights

  • DoS Protection Detection and Bypass.
  • CDN Detection and Origin Discovery.
  • LoadBalancerDetector - F5, NGINX, AWS ALB, HAProxy detection.
  • ProxyDetector - Reverse proxies, Squid, Apache mod_proxy detection.
  • DockerDetector - Docker containers and Swarm detection.
  • K8sDetector - Kubernetes clusters and services detection.
  • VMwareDetector - vSphere and ESXi environments detection.
  • CloudDetector - AWS, Azure, GCP detection.
  • GeoBlockingDetector - geographic access restrictions.
  • AntiAutomationDetector - anti-bot and automation defenses.
  • IPSDetector - behavioral intrusion prevention systems.

Improvements

  • All modules integrated into adaptive scanning workflow.
  • Caching, smart prioritization, and real-time feedback.

2025-08-07 · Scanner Performance Update · minor

Highlights

  • Adaptive Scan Parameters - automatic adjustment based on network type.
  • Smart Port Selection - prioritized -> extended -> full sets.
  • Parallel Scanning - up to 3-4 simultaneous CIDR blocks.
  • Intelligent Grouping - similar networks scanned together.
  • Caching System - avoids redundant protection checks.
  • Adaptive Scheduling - smaller networks scanned first.

Improvements

  • Scanning 4 CIDR blocks: improved from 5.6s -> 2.8s.
  • Smart grouping: +20-30% efficiency.
  • Protection caching: reduced load on protected systems.
  • Prioritization: faster feedback for small networks.

2025-08-05 · Navigator and Monitoring Updates · minor

Highlights

  • Added upcoming events to the digest.
  • Events searchable via Navigator.
  • Navigator includes more sources: exploits, PoCs, vulnerabilities, and news.
  • Social media trend tracker for monitoring posts and discussions.
  • Darknet monitoring for Gov version.
  • Host protection detection before starting analysis.
  • Protection bypass methods based on detected defense mechanisms.

Improvements

  • Scan parameters adjust automatically if protection is detected.
  • Updated and improved quickinfo section.

2025-07-15 · QuickInfo Page Update · minor

Highlights

  • Persistent State - scan results stay visible when switching pages.
  • FindSubDomain Upgrade - DNS record fetching and live status indicators.
  • Revamped UI for FindSubDomain.
  • One-click JSON Copy for any module.
  • Dark Theme Overhaul matching modern standards.

Improvements

  • Improved API Communication Protocol.
  • More efficient data handling.
  • Blue theme coming soon as alternative.

Fixes

  • Patched several minor protocol vulnerabilities.

2025-03-16 · Active Directory Security Analysis Framework Update · major

Highlights

  • Domain Controller discovery (Unauthenticated).
  • User, group, and share enumeration (Standard User).
  • GPO analysis (Standard User).
  • AS-REP Roasting, Kerberoasting (Standard User).
  • Password spraying, NTLM relay (Standard User and Unauthenticated).
  • Pass-the-Hash, Pass-the-Ticket, Silver Ticket (Standard User).
  • Null session vulnerabilities.
  • Delegation attacks.
  • Token impersonation.
  • SID history injection.
  • RID hijacking.
  • DCSync rights.
  • SMB signing checks (Unauthenticated).
  • LDAP signing verification (Unauthenticated).
  • Null session testing (Unauthenticated).
  • GPP password exposure (Standard User).
  • LAPS configuration checks (Standard User).
  • DS replication rights (Standard User).
  • Zerologon (Unauthenticated).
  • PetitPotam (Unauthenticated).
  • PrintNightmare (Standard User).
  • NoPac (Standard User).
  • SAM dump attempts (Standard User).

2025-02-28 · DoS Detection with 9 Methods · minor

Highlights

  • SYN Flood detection.
  • UDP Flood detection.
  • ICMP Flood detection.
  • Slowloris detection.
  • HTTP Flood detection.
  • NTP Amplification detection.
  • LAND Attack detection.
  • DNS Amplification detection.
  • Individual services (TCP ports) DoS detection.

Improvements

  • Advanced detection system for GOV organizations in ANPTT module.
  • Demonstration of potential attack vectors including DoS exploits.
  • Testing resilience against distributed DDoS attacks from multiple sources.

2025-02-26 · Advanced WAF & DDoS Protection Detection · major

Highlights

  • Cloudflare, Akamai, Imperva detection - TTL and ASN-based.
  • Firewalls detection (AWS Shield, Fortinet, etc.) - TCP RST connection resets.
  • WAFs detection (Cloudflare, ModSecurity, Imperva, etc.) - HTTP method filtering and header analysis.
  • DDoS Rate-Limiting - identifying artificial response delays.
  • CAPTCHA Protection - detecting reCAPTCHA challenges and JS verifications.
  • User-Agent Filtering - bot blocking and fingerprinting defenses.

Improvements

  • Intelligent network tests analyzing response times, headers, TTL.
  • Connection resets and behavioral patterns analysis.
  • Exact protection identification beyond 403 errors.

2025-02-21 · DRSE Rules Enhancement · major

Highlights

  • Variable Support in Actions - dynamic rule variables.
  • Real-Time Toast Notifications via SSE with MQ buffering.
  • Live Alerts via Actions - toast messages in real time.
  • Trigger Multiple Actions in a Rule.

Improvements

  • Status updates tracking for ongoing operations.
  • Do Not Disturb mode for notifications.
  • Start scan/pentest on detected host/port.
  • Execute script or custom logic.
  • Refine data immediately without waiting for full processing.

2025-02-17 · WAF Detection in OnlineTools · minor

Highlights

  • WAF Detection support in OnlineTools version 3.0.267.

Improvements

  • Future releases will include automatic scanning parameter adjustments when WAF is detected.

2025-02-14 · Pentesterra Platform Launch · major

Highlights

  • Agentless SaaS/PaaS solution.
  • Attack Surface Management (ASM).
  • Breach Attack Simulation (BAS).
  • Automated Network Penetration Testing (ANPTT).
  • Vulnerability Management (VM).
  • Automated and scalable deployment with thousands of scanner nodes.
  • AI-powered testing with real penetration testing tasks.
  • DRSE (Dynamic Rule Set Engine) for automation management.
  • Passive and active scanning (mdns/arp/Shodan/etc).
  • API integrations with existing VM/ASM/BAS solutions.

Improvements

  • Cost-effective solution without expensive security experts.
  • Automated vulnerability detection and attack path mapping.
  • Real-time security insights.
  • Seamless workflow automation.

2024-11-22 · v3.1.70 · Enhanced Scheduled Scan Management · major

Highlights

  • System templates now available.
  • Copy system templates into custom templates for organization.
  • Custom templates secure and accessible only to authorized users.
  • Flexible Scheduling Options - single scan profile for multiple schedules.
  • Run Now - start immediately.
  • Run Once - schedule a one-time scan.
  • Daily - run at fixed time every day.
  • Weekly - schedule weekly scans.
  • Monthly - plan monthly scans effortlessly.
  • Node Selection for Scans - specify which node executes scan.
  • Use any available scanner option when specified node unavailable.

Improvements

  • Simplified onboarding process.
  • Efficient reuse of scanning profiles.
  • Secure access to scan results for authorized users only.

Take Control of Your Attack Surface.

Request a DemoStart Free Tier