Item: Pentest-Tools.com
Rating: 7
Author: Shane Muggeridge

Use Cases and Deployment Scope

Pentest-Tools.com is a website
that provides a range of online tools and services for pentesting, or ethical
hacking. These tools are designed to help identify and address vulnerabilities
in computer systems and networks.

In
our organization, Pentest-Tools.com is used to assess the security of the
company's systems and identify potential weaknesses that could be exploited by
malicious hackers. This helps us protect our assets and sensitive information
from cyber attacks, and also helps ensure compliance with relevant regulations
and standards. In particular, we like to utilise this product for it's website/port scanners, and it's password auditor, since these allow us to set up automated alerts when something has gone awry, giving us situational awareness at all times.

Pros and Cons

Cheaper than some other platforms
Good support
Cloud based
Integrates well with identity providers

No logging for things like scanning. This means you don't actually know when the scan has failed if you're not immediately on the ball.
Reports could look better. It would be good to be able to customise the report with some different styles to suit your company's branding.
Could have better tutorials.
It may be useful to have a feature similar to Microsoft Secure Score, which compares your organisation to similar ones, so that you have a reference of how secure your environment actually is.

Most Important Features

Attack surface view allows you to see the multiple different scanners in one place, giving you an overview of that targets complete security picture.
Cloud based. This is really important because tools like this need to be easily accessible for ease of use. Ideally you don't want to have to access a dedicated device every time you want to run a report, because it can be a real pain to do so whilst you are on the go.
Quick and easy to generate reports. This was useful to sell internally when we wanted to purchase the tool, and I imagine it would be useful for MSSP's as well, as the ability to quickly spin up a report for exactly what you need immediately is an impressive thing to do. You can edit the report before generating it so that it suits your needs, only including the information that is relevant.
White label features for the reporting

Return on Investment

Price point allows us to sell the solution at an excellent margin
Freed up time due to the automated solutions, allowing us to utilise staff better
Use from anywhere due to being cloud based

Alternatives Considered

Microsoft Sentinel, Microsoft Defender for Endpoint, Metasploit, Nmap, Kali Linux and Wireshark

Offers a great number of tools in one interface, giving you a single pane of glass to work from. Therefore, it's favourable compared to some of these other products, that do similar things but are less intuitive and less easy to use. This makes it not only easier to use, but easier to report results to your customers.

Also, although the price point can seem high, once you start adding multiple paid tools that do the same job, there probably isn't a massive amount of difference (if any).

Key Insights

Do you think Pentest-Tools.com delivers good value for the price?

Yes

Are you happy with Pentest-Tools.com's feature set?

Yes

Did Pentest-Tools.com live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Pentest-Tools.com go as expected?

Yes

Would you buy Pentest-Tools.com again?

Yes

Other Software Used

Microsoft Defender for Endpoint, Trend Micro Apex One, Cisco Umbrella, Malwarebytes Endpoint Protection, Cisco Packet Tracer (part of Cisco Networking Academy)

Likelihood to Recommend

This website is well suited for organisations that perform regular security assessments. In particular, external scans and reconnaissance. As an example, I am able to run a report on our Wordpress website to enable me to see whether we are missing any important security updates.

We found it to be very useful for training new security analysts, due to the straightforward GUI. You can work on the same projects together to help you to do this. Having it laid out in front of them helps them to understand the concepts much easier than using dozens of different tools to achieve the same goals, and also speeds up training.

If you're a personal user it may not be appropriate due to price. If you are a personal user, I would advise using the many open source tools there are that do the same things. The strength of this platform is that it combines them into a single pane of glass, but you can achieve the same things with other tools if necessary. For example, there are many other tools that you could use to run a UDP port scan that do not cost money (EG NMAP).

Products Replaced

Yes - We were using some free solutions to test our external vulnerability - EG free wordpress scanners, NMAP, Shodan. When we wanted to increase our security awareness without expending a lot of extra time, this tool was the preferred offering.

Key Differentiators

Product Usability

Usability was most important because we don't have many greatly experienced security analysts, so this product is a great way to save money on salaries and also save the time that would otherwise be spent constantly browsing through the different tools. For me this is the part of the product that justifies the reasonably high price. However, it would still be good if they offered things like student discount pricing, or a personal solution, since this price point is effectively gatekeeping users from their product.

It is not unreasonable to suggest that it is in their business interests to do so, since people that are learning to be security researchers/pen testers are likely to use the tools that they first learn on. Also, encouraging the development of the security community means that there will be more IT security users around, and more users = more revenue.

Evaluation Lessons Learned

I wasn't involved with the selection process, although I did have limited input to the evaluation process. We looked at multiple different products in the industry and we adjudged that this product was the one that suited our particular needs the best. We had trials for each particular product and ran them alongside to see which fared better in the real world. The only thing I can say here is that we probably could have run the products for longer to give a better idea of how they would fare over the long term, although this hasn't ultimately proven to be much of a problem for us.

Power up Your Productivity with Pentest-Tools.com

Overall Satisfaction with Pentest-Tools.com