Home
Blog
Podcasts
Contact Us
SETTING UP YOUR PENETRATION TESTING WORKSTATION
SETTING UP YOUR PENETRATION TESTING WORKSTATION

You recently acquired a powerful laptop. You're in love with the system specs and can't wait to set it up with all the cool cyber tools. It's time to hack the world!

If you're a newbie (as all of us once were), you may be wondering which tools would come in handy in your penetration testing journey. This piece will provide a guideline to the hacking tools you'd most probably use. The information here is (obviously) not exhaustive, but promises to point to tools that'll come in handy in your exercises, and provide links to where these tools can be obtained.

Let's Log In!

Penetration Testing Tools:

The tools you'd most definitely need on your penetration laptop are:

  • Virtual Machine: To adequately try out your skills, you'd need as many virtual machines as possible. That's why VirtualBox or VMWare are no-brainers for a penetration testing workstation.
  • Kali Linux: The number of virtual machines you may have on your host machine can only be limited by the host machine specs, however, Kali Linux is an absolute necessity. Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security, and can be used to practice your hacking skills in a safe space. Download Kali here.
  • Fiddler: This is one of the most popular web (and mobile) application testing tools. It functions as a proxy between your workstation and the application being testing. Download the free Fiddler here.
  • Burp Suite: Another popular proxy debugging tool. Burp Suite is a licensed application priced at around 399 USD per user and can be found here. However, if you search the internet hard enough, you may find cracked versions of the application.
  • Mozilla Firefox: Firefox is the preferred browser for testing web applications because the browser proxy can be modified without altering proxy settings of the host workstation. Download Mozilla here.
  • Nmap: One of the most used network scanners around, Nmap is free and open-source. With Nmap, the tester can probe target networks to obtain critical reconnaissance information. Download Nmap here.
  • Mob SF: Short for Mobile Security Framework. As the name implies, Mob SF is an application for testing mobile applications, which allows for penetration testing, malware analysis and security assessment via its static and dynamic analysis capabilities. Mob SF installation may be a bit convoluted, so we've written a specific article for that. Click here for the CyberKach article on Mob SF installation.
  • Nessus: A very popular vulnerability scanning application, Nessus is relevant for reconnaisance activities as it reveals vulnerabilities which may be exploited by the penetration tester. Nessus is a paid application which costs over 2000 USD a year. Purchase Nessus here.
  • OWASP ZAP: Another open-source web application security scanner, ZAP is a free alternative to Burp Suite created by the Open Web Application Security Project (OWASP). Download Zap here.
  • PostMan: This one is pretty popular in the developer-sphere. Simply put, PostMan will help you test APIs. Download Postman here.
  • Wireshark: Another popular application, primarily used by network engineers. Wireshark can be used to sniff and analyze network traffic. Download Wireshark here.
  • GenyMotion: Genymotion is an emulator platform for running android systems and applications. It allows the installation, running and testing of conventional android applications on its platform, and is a very handy tool for android testing. Download Genymotion here.
  • Dex2jar: This is a tool used (in conjunction with JD-GUI) for decompiling android applications. Download Dex2jar here.
  • JD-GUI: Used (with Dex2jar) in decompiling android applications. Download JD-GUI here.

As earlier stated, this is not an exhaustive list of penetration testing tools. However, these are some of the most common tools that would be relevant to many penetration testing activities. It's also worthy of note that as cybersecurity professionals advance, they tend to decide the tools that best work for them (based on capabilities, pricing, etc). Hopefully, you have an exciting penetration testing experience!

Aug 9th, 2020

Recent Articles

CYBER SECURITY IN THE HEALTHCARE INDUSTRY

AI IN CYBER SECURITY - ALLY OR ADVERSARY

LAW ENFORCEMENT DISRUPTS LOCKBIT RANSOMWARE

OKTA HACKED - AGAIN

INFORMATION SECURITY CONTROLS