CompTIA PenTest+ PT0-002 Practice Question

Burp Suite is the correct answer because it offers a full suite of web application testing tools, including an automated scanner for identifying vulnerabilities like XSS and an intercepting proxy for real-time HTTP request manipulation, which is crucial for testing reflected XSS. OWASP ZAP also provides similar features, but Burp Suite is typically recognized for its more advanced manual testing capabilities, including intercepting and modifying HTTP requests, making it the better match for the requirement specified in the question. Nikto is mainly a web server scanner and is not designed for intercepting HTTP traffic or digging deep into specific vulnerability classes such as XSS. Gobuster is focused on brute-forcing URIs, DNS subdomains, and virtual host names on target web servers and does not provide the required functionality for testing XSS vulnerabilities.