How do you overcome Target Site DOS Paranoia

Hi All

Long story short, I actively search for bugs and vulns on Bug Crowd approved sites, Vulnerable VMs (CTF)(BootTooRoot)(VulnVMs) and lately have been lucky enough to be granted full permission to hack my Web Developer friends site, which is hosted by a local ISP.

Question is:As i have been throwing every Recon + Vuln Testing tool at this site i feel it has gone offline on more then one occasion… thats all well and good right because its my friends website, but heres the thing. My intel picked up that 22 other domain registered websites share this same Web Server… so essentially when i take down my friends site, any one of those other sites are down…

I’m having to have a constant ping on these websites, clearly the ISPs Web Server is an unstable entity… even though its an Apache Web Server… RIP.

I’m sure many people have dealt with such a similar situation in the early stages of their bug hunting careers, please could someone provide some feedback as to what i could do to overcome these heart pounding paranoia moments.

(I can confirm its not the weather or my router acting up)


Many recon and testing tools have a rate-limiting option, and you should definitely use it!

If a tool doesn’t have rate-limiting, it might not be a good choice in this particular case - or you should find another way to rate-limit it (e.g. your own firewall rules outbound)

Thanks for the advice Sir.

I will look into tool rate-limiting