I am new here, so I may need some help form time to time.
Right now I am working on a project that has this in the do not do list.
“The use of Automated scanners is strictly prohibited”
Not I take it that you can’t run any type of scans on the site.
no web scraping
No vulnerability scanner
All work must be done by the keyboard, one tap at a time.
Is this right, yes or no
I got used to not run automated scanners because almost every policy says “The use of Automated scanners is strictly prohibited”.
However, I doubt that everyone cares about that. The same happens with the domains in scope.
So, in my opinion is not right. But people get bounties even when not following the rules in the policies, so there is not right answer.
Good luck with the project.
Thank you stefanofinding for the info.
I’d say ‘it depends’. No automated scanners usually refers to vulnerability scanners that automatically crawl, parse and inject everywhere which can cause quite a server load (so things likes nessus, burpsuite pro, Nexpose, Nikto, OpenVAS, etc.). I don’t think nmap would fall into this category nor any kind of targeted scripting (for example, using a burpsuite intruder to parse through HTTP methods or certain directories). While nmap does have various modules to scan for various vulnerabilities I think if you’re just port scanning or enumerating services I think it’s ok.
Agreed. I think this also comes down to ‘noise’ no one wants a page out a 2am because the SIEM is reporting a ton of scanning / injections attempts from one 1 IP.
I agree with what everyone else mentioned, but I’d also add: if you find a potential SQLi, XSS, code injection, etc., I don’t think it’s unreasonable to load up some common payloads in Burp Intruder and fire them off. I’m not saying to use a massive file sending thousands upon thousands of requests to the application–obviously–but I think what they’re mainly speaking against are tools like sqlmap, nikto, sparta, etc. that tend to be extremely noisy on the network. Can Burp also be noisy if you’re using Intruder with lots of payloads? Absolutely, but I think what I’m speaking of is more of a grey area. If you limit it properly, I think it’s perfectly acceptable. I hope that makes sense!
I need someone who can teach me step by step instructions how to do an automatique test with QTP?