These are some notes from a talk @ THAT conference.
Kali Linux is really the de facto penetration testing toolkit for anyone interested in this space.
Some tools that are already built-in to Kali Linux:
- dnsenum: enumerates DNS information of a domain and to discover non-contiguous ip blocks
- dnsmap: DNS domain name brute forcing tool
- nmap: utility for network discovery and security auditing
- Burp Suite: Web vulnerability scanner and related tooling. Kali bundles the free “community edition”, but you’ll want to buy a license for Pro
- Maltego: a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates
A free tool you might also consider installing is:
- discover: custom bash scripts developed by Lee Baird used to automate various pentesting tasks
Some Chrome extensions I highlighted during my talk which are great for reconnaissance:
- Shodan: tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open
- Wappalyzer: a cross-platform utility that uncovers the technologies used on websites
Capture the Flag (i.e. vulnerable testing environments)
“Capture the Flag” exercises are a fantastic way to learn and practice your penetration testing skills. The general idea is that the CTF environment is a deliberately broken application (or server) and you’re hunting for all the hidden vulnerabilities.
- Hack Yourself First: a vulnerable application written by Troy Hunt (to go with his free Pluralsight training)
- CTF365: interactive security training platform in which you earn points for exploiting vulnerabilities
- OverTheWire: free wargames to learn and practice security concepts in the form of fun-filled games
- OWASP Broken Web App: a collection of vulnerable web applications that is distributed on a Virtual Machine
- Metasploitable: actually a series of vulnerable virtual machines to use in conjunction with Rapid7’s Metasploit toolkit