Is a penetration tools website allowed?

February 25, 2016 3.8k views
Security DigitalOcean FAQ


I’m currently building a pentest/dns/network tools website and would like to ask if that is allowed?

The website obviously contains port scanning tools, too. (Ofc it is intended to limit the usage - currently I allow multiport scans with a max limit of 250 ports)

Thank you!

2 Answers

This is a bit of a grey area. The tools themselves are allowed and you are allowed to use any pentesting tools against your own droplet as long as they do not involve any type of packet flooding since saturating the network could potentially cause issues for other droplets on the same physical hypervisor.

That being said, making a tool available to the public, while not forbidden, will likely result in abuse issues unless you implement some type of verification that the user owns the target machine (this could be having a user drop a static file into a web accessible directory on the server or some other method). Without verification a tool like this can be abused and while limiting scans is helpful, even a limited scan of a server whose owner did not authorize it could result in abuse complaints and action against the account.

tldr; It’s not forbidden but there are potential issues to be concerned about before doing this.

  • Thank you for the reply!
    I understand the decision.

    Aww too bad for the already committed investment.
    However now I know Angular 2 and tons of NetSec^^

    It’s questionable how

    • (Linode)
    • (Telecitygroup)

    are handling the hosting part.

    Have a nice day!

Hello dear

I am interesing with doing a PenTest to my droplet as well.

Did you find out how can it be done?
Is there any easy tool to use for that aim?
Do you have any PenTest report that i may use? It might save me a lot of research time.

Many thanks in advance
Orlev (

Have another answer? Share your knowledge.