Hello everyone i have a question about tools like Commix and SQLMap i have done general research on each and both look promising to use. Also of course i am learning how to use them effectively on this platform. My question is how do i not make common mistakes that will lead to failure in finding a POC in the real world ?
Before using tools against production applications, make sure you understand how they work. For example, sqlmap can be potentially destructive, so if you just point & shoot at a target and do damage, that could end up being a bad day for everyone
Another recent example with linPEAS. The tool was modified before the test taker took the exam, and there was an added feature they weren’t aware of that broke the exam’s rules. This is important in the real world too because it could lead to legal problems
Just because an automated tool doesn’t find anything doesn’t mean there’s nothing there. Sometimes tools don’t find what manual can
You make valid points it seems that everyone out there prides themselves on hunting manually and using tools makes you nothing more than a script kiddie. Honestly i don’t care what anyone thinks all i care about is finding bugs and doing it right and of course stay within legal limits of a bug bounty.