Providers Allowing Outgoing Pentesting

This is for bug bounties - so while the targets aren’t mine, they will be listed on sites like

1 Like

I have seen some streamers used digitalocean for bug hunting. But I can’t say for sure whether it’s within their AUP or nah.

My rule which I repeatedly cited to clients at DO was this:

It can’t be a denial of service attack, and I don’t want to receive abuse complaints about it. Within those parameters you’re fine (honestly on most/all services typically under those conditions).