Is a penetration tools website allowed?

February 25, 2016 716 views
FAQ DigitalOcean Security


I'm currently building a pentest/dns/network tools website and would like to ask if that is allowed?

The website obviously contains port scanning tools, too. (Ofc it is intended to limit the usage - currently I allow multiport scans with a max limit of 250 ports)

Thank you!

1 Answer

This is a bit of a grey area. The tools themselves are allowed and you are allowed to use any pentesting tools against your own droplet as long as they do not involve any type of packet flooding since saturating the network could potentially cause issues for other droplets on the same physical hypervisor.

That being said, making a tool available to the public, while not forbidden, will likely result in abuse issues unless you implement some type of verification that the user owns the target machine (this could be having a user drop a static file into a web accessible directory on the server or some other method). Without verification a tool like this can be abused and while limiting scans is helpful, even a limited scan of a server whose owner did not authorize it could result in abuse complaints and action against the account.

tldr; It's not forbidden but there are potential issues to be concerned about before doing this.

  • Thank you for the reply!
    I understand the decision.

    Aww too bad for the already committed investment.
    However now I know Angular 2 and tons of NetSec^^

    It's questionable how

    • (Linode)
    • (Telecitygroup)

    are handling the hosting part.

    Have a nice day!

Have another answer? Share your knowledge.