-
Some ideas:
- Before using tools against production applications, make sure you understand how they work. For example, sqlmap can be potentially destructive, so if you just point & shoot at a target and do damage, that could end up being a bad day for everyone
- Another recent example with linPEAS. The tool was modified before the test taker took the exam, and there was an added feature they weren’t aware of that broke the exam’s rules. This is important in the real world too because it could lead to legal problems
- Just because an automated tool doesn’t find anything doesn’t mean there’s nothing there. Sometimes tools don’t find what manual can