1 minute
Contact me

These are some notes from a talk @ THAT conference.

Kali Linux

Kali Linux is really the de facto penetration testing toolkit for anyone interested in this space.

Some tools that are already built-in to Kali Linux:

  • dnsenum: enumerates DNS information of a domain and to discover non-contiguous ip blocks
  • dnsmap: DNS domain name brute forcing tool
  • nmap: utility for network discovery and security auditing
  • Burp Suite: Web vulnerability scanner and related tooling. Kali bundles the free “community edition”, but you’ll want to buy a license for Pro
  • Maltego: a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates

A free tool you might also consider installing is:

  • discover: custom bash scripts developed by Lee Baird used to automate various pentesting tasks

Chrome Extensions

Some Chrome extensions I highlighted during my talk which are great for reconnaissance:

  • RetireJS: scanning website for vulnerable JavaScript libraries
  • Shodan: tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open
  • Wappalyzer: a cross-platform utility that uncovers the technologies used on websites

Capture the Flag (i.e. vulnerable testing environments)

“Capture the Flag” exercises are a fantastic way to learn and practice your penetration testing skills. The general idea is that the CTF environment is a deliberately broken application (or server) and you’re hunting for all the hidden vulnerabilities.

  • Hack Yourself First: a vulnerable application written by Troy Hunt (to go with his free Pluralsight training)
  • CTF365: interactive security training platform in which you earn points for exploiting vulnerabilities
  • OverTheWire: free wargames to learn and practice security concepts in the form of fun-filled games
  • OWASP Broken Web App: a collection of vulnerable web applications that is distributed on a Virtual Machine
  • Metasploitable: actually a series of vulnerable virtual machines to use in conjunction with Rapid7’s Metasploit toolkit

Books

Other Resources