Integrate Pentest-Tools.com with Vulnetix. Export scan results as JSON via the Pentest-Tools REST API for centralised vulnerability tracking.
How Vulnetix compares — better together
Vulnetix does not replace Pentest-Tools.com. Keep running it. Vulnetix sits on top of Pentest-Tools.com — and every other scanner you already own — turning disconnected tool outputs into one prioritised, fixable queue.
Pentest-Tools.com is strongest at its core category and also carries features in DAST, Network & Vulnerability Scanners, Cloud Security & CSPM — just like Vulnetix spans categories.
| Capability | Vulnetix | Pentest-Tools.com |
|---|---|---|
| Security coverage | ||
| SAST (static code analysis) | ✓ Built-in rules + Semgrep augmentation | ✗ |
| SCA / dependencies | ✓ 40+ ecosystems, transitive graph | ✗ |
| DAST (dynamic testing) | ~ Ingests DAST results; no native dynamic engine | ✓ Website Scanner is a DAST engine finding SQLi/XSS/OS-command-injection/directory-traversal and other web vulns in live apps |
| Container & image | ✓ Image CVEs, base image, Dockerfile | ✗ |
| IaC / misconfiguration | ✓ Terraform, k8s, CloudFormation | ✗ |
| Secret scanning | ✓ 1,000+ rules, source + binary + git history | ✗ |
| Cloud / CSPM | ✓ Cloud-posture findings, compliance tab | ~ Maps exposed network assets, web apps, cloud and APIs from the external perimeter view |
| Mobile (MAST) | ~ Ingests mobile scanner output; no native mobile engine | ✗ |
| License compliance | ✓ SPDX, copyleft/AGPL/SSPL policy | ✗ |
| SBOM generation | ✓ CycloneDX 1.7 + SPDX 2.3, cosign-signable | ✗ |
| Malware / supply-chain | ✓ De-duplicated corpus + install-time firewall (25+ registries) | ✗ |
| Network / infra vuln | ~ Ingests network scanner output; no native network scanner | ✓ Network Vulnerability Scanner (OpenVAS-based, 57k+ plugins) plus SSL/TLS, DNS and password auditing for the perimeter |
| Fuzzing | ✗ Ingests fuzzing crashes; no native fuzzer | ✗ |
| Pentest / bug bounty | ✗ Ingests pentest/bug-bounty findings; not a testing service | ✓ Cloud-based pentest toolkit with automated tool chaining (Pentest Robots) mimicking attacker workflows |
| The Vulnetix orchestration layer | ||
| Cross-scanner dedup & one queue (ASPM) | ✓ Correlates every scanner into one prioritised queue with ownership routing | ✗ |
| Exploit-intel prioritisation | ✓ EPSS, CISA KEV, Coalition ESS, CWSS, Vulnetix LEV | ✗ |
| Reachability analysis | ✓ Tree-sitter + CVEAffected; direct/transitive/semantic | ✗ |
| Versioned VEX + audit trail | ✓ Immutable OpenVEX/CycloneDX, cosign-signable | ✗ |
| Safe Harbour autofix | ✓ Resolves + applies the nearest safe version | ✗ |
| End-of-life policy | ✓ Flags/blocks past-EOL runtimes & packages | ✗ |
| SSVC / risk-based policy | ✓ SSVC v2 + CISA/FedRAMP/Essential-8 presets | ✗ |
✓ full · ~ partial · ✗ not covered
What Pentest-Tools.com does well
- Website Vulnerability Scanner (DAST) that detects SQLi, XSS, OS command injection, directory traversal and other OWASP-class web vulns in running apps, with authenticated scanning
- Broad network perimeter assessment combining an OpenVAS-based scanner (57,000+ active plugins) plus Nuclei and custom Sniper modules, with SSL/TLS, DNS and password auditing
- Pentest Robots that chain tools into reusable attacker-mimicking testing sequences, plus scheduling, alerting and Jira/Slack integrations
- Rich reporting and export in JSON, CSV, XLSX, PDF and DOCX via web UI and REST API
Where Vulnetix adds to it: Vulnetix ingests Pentest-Tools.com JSON/API results and orchestrates its DAST, network and pentest findings into the unified deduplicated queue alongside SAST/SCA/IaC/secrets/SBOM, then adds EPSS/KEV/ESS exploit-intel, versioned VEX, autofix and SSVC. Vulnetix has no native DAST or pentest engine and does not run these tests itself; Pentest-Tools.com remains the active-testing toolkit and Vulnetix is the consolidation and prioritisation layer above it.
No migration, no rip-and-replace. Pentest-Tools.com keeps doing what it does best; Vulnetix adds the orchestration, exploit-intelligence prioritisation and remediation layer built for the way AppSec works today.
Centralise Pentest-Tools.com results in Vulnetix
Upload Pentest-Tools.com JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.