Find answers, ask questions, and connect with our
welcoming community.

Home Page Forums General Discussions SQLMap and Commix

  • SQLMap and Commix

    Posted by Anthony on June 15, 2021 at 5:18 pm

    I know you mentioned with tools there are no guarantees to finding a bug, but with the advent of tools that are specifically designed to find these vulnerabilities. Would it be safe to say that tools are basically a last resort or should be used in manual hunting. Or are tools a better alternative, like the old saying “Work smart not hard” mentality ?

    Anthony replied 1 year, 11 months ago 2 Members · 2 Replies
  • 2 Replies
  • Christophe

    June 25, 2021 at 3:30 pm

    I don’t think anyone can say that one approach is better than another, since it depends on too many factors including what your personal goals are. Like Hakluke mentioned in his podcast episode one of the bounty hunters making the most money on HackerOne right now is almost entirely relying on automated tools. Of course, they’ve built some of their own tooling and/or extensions for existing tools over the years, so even that requires a ton of work upfront and maintenance along the way.

    If you’re mostly interested in learning and experience, then I think a combined approach is best. You don’t want to do everything manually in areas where automation can do a much better job, but you also don’t want to rely exclusively on tools since you’ll want the hands-on practice. They work hand-in-hand.

    • Anthony

      June 25, 2021 at 4:08 pm

      Hmm, there is so much information out there and i am trying to stay solely focus on a few things so i won’t get side tracked. So it all comes to down to a balance between automation and manual hunting these days.