Hey peeps, I sometimes see certain programs that explicitly state that automated scanning of the website is not allowed. I understand I should not scan the website with automated tools, but does this also mean that I should not use tools like Burp/Zap to do stuff like forced browsing, fuzzing with wordlists and spidering the website for endpoints? After all, fuzzing/directory brute forcing/spidering necessitates numerous requests to the website. Some advice?
1 Like