I just found a cool tool that attempts to somewhat automate PenTesting a website. It's called Detcetify, and it works like this:
You sign up, make an account and link that account to a website. You then create a file on your server to prove that the website belongs to you. Detectify starts a scan on your website and attempts to find any flaws in it.
I tested it on my site, and it worked quite well! It found 3 Warnings, 5 Notices, and 0 Vulns
Keep in mind that it doesn't touch forms on your site for fear of fucking stuff up, so it wont find stuff like SQL injections or XSS.