Question

Is a penetration tools website allowed?

Hello,

I’m currently building a pentest/dns/network tools website and would like to ask if that is allowed?

The website obviously contains port scanning tools, too. (Ofc it is intended to limit the usage - currently I allow multiport scans with a max limit of 250 ports)

Thank you!

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello dear

I am interesing with doing a PenTest to my droplet as well.

Did you find out how can it be done? Is there any easy tool to use for that aim? Do you have any PenTest report that i may use? It might save me a lot of research time.

Many thanks in advance Orlev (orlevln@gmail.com)

This is a bit of a grey area. The tools themselves are allowed and you are allowed to use any pentesting tools against your own droplet as long as they do not involve any type of packet flooding since saturating the network could potentially cause issues for other droplets on the same physical hypervisor.

That being said, making a tool available to the public, while not forbidden, will likely result in abuse issues unless you implement some type of verification that the user owns the target machine (this could be having a user drop a static file into a web accessible directory on the server or some other method). Without verification a tool like this can be abused and while limiting scans is helpful, even a limited scan of a server whose owner did not authorize it could result in abuse complaints and action against the account.

tldr; It’s not forbidden but there are potential issues to be concerned about before doing this.