I first do basic recon, nmap scanning, Shodan.io, and the usual OSINT techniques. Note down whatever I find in a Markdown doc. Most of my engagements so far have been on web based applications, so Burp Suite is the go-to tool for that. I automate (potential) SQLi using sqlmap.
Actual exploitation of services and such, I use Metasploit. Which in my experience, has been quite rare.
Otherwise, most of my work is just ops, monitoring our systems, logs etc.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
What is your main workflow and which tools do you use?
I first do basic recon, nmap scanning, Shodan.io, and the usual OSINT techniques. Note down whatever I find in a Markdown doc. Most of my engagements so far have been on web based applications, so Burp Suite is the go-to tool for that. I automate (potential) SQLi using
sqlmap
.Actual exploitation of services and such, I use Metasploit. Which in my experience, has been quite rare.
Otherwise, most of my work is just ops, monitoring our systems, logs etc.