i want to ask about whonix website penetration testing, did anyone done it to test and improve the security of the website (like DOS , SQL injection , XSS , Website defacement ,…etc) ? if no, then do u allow it ?
There are the usual automated crack attempts. We don’t know if there were any manual black hat crack attempts, because if those are unsuccessful or successful and invisible, those are hard to distinguish from the automated ones without lots of effort.
We are using popular webapps (mediawiki, smfforum, wordpress and phabricator). Those are always kept current. So is the Debian jessie operating system that runs the server. I don’t think the usual popular tools such as metasploit would reveal any issues. Nevertheless, it could be wrong and checking would certainly be useful. But there are so many tasks, so this isn’t on the horizon.
No white hat has approached us yet offering to volunteer its services. If that happens, we’ll see. The answer would be probably, yes, I guess. Dunno what fortasse (whonix.org webmaster) or others think about this.