Nuxt 3 Release Candidate がリリースされました! v3.nuxtjs.org で詳細について見れます。

← 戻る

Pentest Tools

Pentest Tools is a web based software that help security teams and developers to scan their websites and networks for vulnerabilities. As they are rebuilding their front-ends with Nuxt, we talked with Stefan Galescu to learn how Nuxt can be used for this type of SaaS platform.

What is Pentest-Tools.com?

We are a platform providing tools for a wide range of people starting from security teams to penetration testers, bug bounty hunters, and everyone in the web security field. But it's not limited to that. Regular users, developers, people in the executive levels use our tools. Basically anyone that would like to scan their website or infrastructure and see if there are any holes in their security. We also provide them with actionable information and advice on how to fix them.

Pentest Tools homepage

When did you started?

The company started in 2013. Our founder Adrian created the tools that he wish he had from other companies. As the team grew, we won an award at a startups contest called Innovation Labs in 2017, with even more people joining the company in 2019. And basically from there we kind of skyrocketed, it was the point of inflection. We were around 15 people when I joined back in 2020. Now we're over 30 people, and we're still growing.

What does it provide to your customers to have a unified web based interface to work with pentesting?

At the core of our platform, we build on a few tools that the industry already knows, but we configure and optimize them and provide sensible defaults and everything you need to get started without knowing how to use each one of those tools, with best practices built in. Plus, there's the interface which is much easier to use if you're a beginner or you're just testing the waters and you want to get a quick overview of your security posture.

This also allows us to combine those tools into something bigger that you only have to click to run and not have to wrangle your mind around making them connect. For example, we have pentest robots, which you can give a target to and run - for example a port scan with this target. And then you can chain conditions: if we find a certain range of ports open, then take those exact ports and run other tools on them to scan them, and so on.

Was your front end built with Nuxt from the beginning, or did you refactor it?

We refactored it. Originally, it was a PHP monolith that was doing everything it could and a little bit more on top. And when I joined the company, one of my interview questions that turned into a small task was to build a small section of a page using the stack of my choice. I was using Vue at the time I presented it, and that's what got me this job at Pentest-Tools.com. I really found a great team that was willing to hear new ideas and let a beginner like myself try and show them what could be done. I built a small demo project with a couple of pages using Nuxt. This was my first full fledged Nuxt app of enterprise level and the reactions were much better than I anticipated.

This meant decoupling our entire front end from the from the main app in PHP, and it's been quite a lot of refactoring and a lot of changes that would affect other teams in the company as well. But they went with it and I'm really glad they trusted me to take this project to the end. So now our public website is just Nuxt and the platform for our subscribers still runs on the infrastructure that we migrated from.

What are your favorite features in Nuxt?

Oh, that's gonna be a long list! The first one is the community. It's really great. It's a huge community. There are a lot of resources and people willing to help you and answer questions that helped a lot during the refactoring and moving the website. The module ecosystem is also great, which kind of ties into the community, because a lot of them are also built by the community members. Then the focus on improving the developer experience, the accessibility, new modules like Nuxt Image, help a lot. I could go on and on about certain modules, that really ease the development experience.

The server middleware also plays a big part in our project. It would have been a deal-breaking feature if we did not have that, it helped a lot during development.

It's related to security as it is a layer that enhances our communication with the backend API. It allowed us to integrate our API in the most secure and efficient manner.

We are using this feature as a backend for frontend. We're actually using it like a small API for our front end, by importing Express and doing a lot of things in it.

Do you use server side rendering or static generation?

We're using server side rendering. We went around and changed during the development phase. We started out with server side then we went to static generation deployed with Netlify for a bit, and then we explored some other options. Eventually, we settled on server rendering but I would like to explore splitting some parts of our website like the API reference, and maybe statically generating that because it could certainly benefit from it. We're using the Content module, but right now everything is targeting the server.

What are the next steps for Pentest-Tools.com? Do you have any plans to broaden the use of Nuxt?

We have only just launched the website at the beginning of November so we’re excited about the move to Nuxt. We’re looking for more opportunities to refactor some code, make some improvements along the way, and fix some bugs. We managed to keep up with dependency changes across the entire development timeline, and we reaped the rewards for being early adopters. We’ve also implemented a few modules that have helped us a lot more than we initially hoped they would, for example: the Nuxt Sentry Module and the Sentry dashboard, which kept us up to date and able to see if anything was wrong as it happened, long before our customers got the chance to talk to us about it. That helped a lot in the bug fixing process, post launch.

Right now, we’re focusing on small refactors, testing out SSG vs SSR alongside various hosting solutions, but we are eagerly waiting for the Nuxt 3 release. We’re really looking forward to improving our speed and simplifying our deploy process for reduced complexity and less time required of our DevOps engineers. In the second part of 2022, we’re looking forward to upgrading the tech stack of our premium web application as well, using Nuxt to refactor an almost decade-old application, because it’s clear from rebuilding the public website that the performance and workflow benefits are huge.

Would you recommend Nuxt and for what kind of projects?

Oh, yes, absolutely. We would, and I personally, as a developer would. Frankly, there's a wide range of types of projects that it can work for. I mean, you can do websites like Pentest-Tools.com . You can do blogs with the Nuxt Content module, documentation is really easy. The ecosystem and Nuxt itself are very versatile and can accommodate a lot of use cases.