Is it ok to set up and run a private pen testing machine?
It would only be pointed at our servers.
We would like to set up one or 2 droplets to run some of / all of:
Security scan:
http://www.arachni-scanner.com/
https://cirt.net/Nikto2
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
http://w3af.org/
https://subgraph.com/vega/index.en.html
https://code.google.com/p/skipfish/
http://sunrisetech.gr/?page=websurgery&tab=overview
Stress Test:
https://www.joedog.org/2013/07/siege-3-0-3-url-encoding/
http://tsung.erlang-projects.org/
http://www.hping.org/wbox/