Questions

Hello,

i would like to ask which type of pentesting tools we are allowed to use on your VMs to solve the challenges.

This goes specially for Web Client and Web Server.
Can I use stuff like "sqlmap", "nmap NSE script", metasploit? Is it ok?

Thanks! :)

Yes you can