Retest Commands

Every finding includes a retestCommand field - a Docker one-liner that re-runs the specific check that found the vulnerability. Use these to verify your fix before running a full pentest.

How it works

  1. Fix the vulnerability in your code
  2. Deploy the fix
  3. Run the retest command from the finding
  4. If the tool no longer reports the issue, your fix is working

Example

For a finding from Nuclei about an exposed .env file:

Terminal
docker run --rm projectdiscovery/nuclei:latest \
  -t http/exposures/configs/env-file.yaml \
  -u https://example.com

If the output shows no findings, the .env file is no longer exposed.

Common retest patterns

Nmap (open ports)

Terminal
docker run --rm instrumentisto/nmap:latest \
  -p 3306 example.com

OWASP ZAP (web vulnerabilities)

Terminal
docker run --rm zaproxy/zap-stable:latest \
  zap-baseline.py -t https://example.com -m 5

TestSSL (TLS issues)

Terminal
docker run --rm drwetter/testssl.sh:latest \
  --quiet https://example.com

Gitleaks (secrets in code)

Terminal
docker run --rm zricethezav/gitleaks:latest \
  detect --source /path/to/repo

Tips

  • Retest commands use the same Docker images as the full pentest
  • They are scoped to the specific check that found the vulnerability
  • No TurboPentest account or credit is needed to run retest commands
  • All images are public and available on Docker Hub

Previous

Understanding Results

Next

Reports & Attestation

On this page