Tool integration

Pentest-Tools.com Integration Guide

Online pentest toolkit with REST API and JSON export

Get a Free API Key

Integrate Pentest-Tools.com with Vulnetix. Export scan results as JSON via the Pentest-Tools REST API for centralised vulnerability tracking.

Network / Web ApplicationSaaS platformJSON

How Vulnetix compares — better together

Vulnetix does not replace Pentest-Tools.com. Keep running it. Vulnetix sits on top of Pentest-Tools.com — and every other scanner you already own — turning disconnected tool outputs into one prioritised, fixable queue.

Pentest-Tools.com is strongest at its core category and also carries features in DAST, Network & Vulnerability Scanners, Cloud Security & CSPM — just like Vulnetix spans categories.

CapabilityVulnetixPentest-Tools.com
Security coverage
SAST (static code analysis)Built-in rules + Semgrep augmentation
SCA / dependencies40+ ecosystems, transitive graph
DAST (dynamic testing)~ Ingests DAST results; no native dynamic engineWebsite Scanner is a DAST engine finding SQLi/XSS/OS-command-injection/directory-traversal and other web vulns in live apps
Container & imageImage CVEs, base image, Dockerfile
IaC / misconfigurationTerraform, k8s, CloudFormation
Secret scanning1,000+ rules, source + binary + git history
Cloud / CSPMCloud-posture findings, compliance tab~ Maps exposed network assets, web apps, cloud and APIs from the external perimeter view
Mobile (MAST)~ Ingests mobile scanner output; no native mobile engine
License complianceSPDX, copyleft/AGPL/SSPL policy
SBOM generationCycloneDX 1.7 + SPDX 2.3, cosign-signable
Malware / supply-chainDe-duplicated corpus + install-time firewall (25+ registries)
Network / infra vuln~ Ingests network scanner output; no native network scannerNetwork Vulnerability Scanner (OpenVAS-based, 57k+ plugins) plus SSL/TLS, DNS and password auditing for the perimeter
FuzzingIngests fuzzing crashes; no native fuzzer
Pentest / bug bountyIngests pentest/bug-bounty findings; not a testing serviceCloud-based pentest toolkit with automated tool chaining (Pentest Robots) mimicking attacker workflows
The Vulnetix orchestration layer
Cross-scanner dedup & one queue (ASPM)Correlates every scanner into one prioritised queue with ownership routing
Exploit-intel prioritisationEPSS, CISA KEV, Coalition ESS, CWSS, Vulnetix LEV
Reachability analysisTree-sitter + CVEAffected; direct/transitive/semantic
Versioned VEX + audit trailImmutable OpenVEX/CycloneDX, cosign-signable
Safe Harbour autofixResolves + applies the nearest safe version
End-of-life policyFlags/blocks past-EOL runtimes & packages
SSVC / risk-based policySSVC v2 + CISA/FedRAMP/Essential-8 presets

✓ full · ~ partial · ✗ not covered

What Pentest-Tools.com does well

Where Vulnetix adds to it: Vulnetix ingests Pentest-Tools.com JSON/API results and orchestrates its DAST, network and pentest findings into the unified deduplicated queue alongside SAST/SCA/IaC/secrets/SBOM, then adds EPSS/KEV/ESS exploit-intel, versioned VEX, autofix and SSVC. Vulnetix has no native DAST or pentest engine and does not run these tests itself; Pentest-Tools.com remains the active-testing toolkit and Vulnetix is the consolidation and prioritisation layer above it.

No migration, no rip-and-replace. Pentest-Tools.com keeps doing what it does best; Vulnetix adds the orchestration, exploit-intelligence prioritisation and remediation layer built for the way AppSec works today.

Centralise Pentest-Tools.com results in Vulnetix

Upload Pentest-Tools.com JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Pentest-Tools.com documentation ↗

Wire Pentest-Tools.com into your CI/CD pipeline →