Automated tools can only discover so much, because there are always edge cases that tools won't be able to analyze or exploit. Human creativity is a big part of penetration testing, whether it's web application assessments or other types of penetration testing, because tools have false positives, and can't come up with creative bypasses for security measures in the way a human can.
You can definitely automate many parts of testing, especially enumeration steps, but any security professional knows that a tool is no substitute for a knowledgeable hacker.
You can definitely automate many parts of testing, especially enumeration steps, but any security professional knows that a tool is no substitute for a knowledgeable hacker.