Answer the question
In order to leave comments, you need to log in
B
B
BonBon Slick2020-01-10 21:59:51
BonBon Slick, 2020-01-10 21:59:51
How to automate pen tests?
What tools do sukuriti firms use?
And does it make sense to write pen tests like:
/*
* @test
*/
function checkSearchQueryForXSS() {
// отправляем разные запросики вроде тех что по ссылку ниже в БД и смотрим результат
}It is unlikely that they drive everything with their hands.
What I found on the topic with a good description
1 answer(s)
@BonBonSlick
No way. Of course, you can use some ready-made developments or scripts, but each information environment that is being tested has its own characteristics and you cannot be sure that this or that method will work.
Depends on the area of testing. For testing web applications, some, for testing networks, others, for testing websites, others. From the first that comes to mind METASPLOIT!!!!, Nmap, Kismet, Wireshark, SQLmap, XSSploit and in general I advise you to get acquainted with Kali linux.
Not all but very often. The above programs are mainly used to search for vulnerabilities, but you have to use these vulnerabilities by hand.
B
Big_Trouble, 2020-01-23 @BonBonSlick
How to automate pentests?
No way. Of course, you can use some ready-made developments or scripts, but each information environment that is being tested has its own characteristics and you cannot be sure that this or that method will work.
Depends on the area of testing. For testing web applications, some, for testing networks, others, for testing websites, others. From the first that comes to mind METASPLOIT!!!!, Nmap, Kismet, Wireshark, SQLmap, XSSploit and in general I advise you to get acquainted with Kali linux.
Not all but very often. The above programs are mainly used to search for vulnerabilities, but you have to use these vulnerabilities by hand.
Similar questions
D
R
K
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question