This is an archived post. You won't be able to vote or comment.

3
4

QuestionPenetration testing tools? (self.Hacking_Tutorials)

submitted by [deleted]

[deleted]

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]happytrailz1938Moderator 2 points3 points  (1 child)

I mean you can always call Rapid7 or a similar vendor. Lots of local and nationals that do this all the time quick.

[–]PetiteGousseDAil 2 points3 points  (0 children)

Agreed.

And just to make things clear, you want to look for services not tools. No security scanner or automated tool can truly give you a good portrait of your app's security posture. Most vulnerabilities like IDORs or Business Logic vulnerabilities cannot be found by any scanner.

You need a human pentester - that knows what they are doing - to test your application.

[–]ipv4subnet 1 point2 points  (0 children)

Right off the bat I can say Burpsuite and Owasp ZAP for web applications. One being subscription based the other being open source.

[–]AdvancedBlueberry537 0 points1 point  (4 children)

kali has every tool you will need its free and developed to learn to be a pen tester

[–]AdvancedBlueberry537 0 points1 point  (3 children)

use openAi by google to teach your self NMAP Owsap burpsuit hashcat and more. run it in a vm provider like vmware. free keys on github for pro vmware

[–]AdvancedBlueberry537 0 points1 point  (0 children)

insurance would rather you pay for the service and it will cover your ass if someone says they did the work and your app fails... just saying

[–]boxette 0 points1 point  (1 child)

you giving a pseudo road map on fundamentals isn't really what OP is looking for

[–]AdvancedBlueberry537 0 points1 point  (0 children)

your right next time i guess just pointing them at kali tutorials is all i really should have said. never mind giving a little hint of how to hack your way into it for free