Many of you will know I’m a massive fan of learning all the things, but also I’m a huge fan of sharing intel, knowledge and experiances because I know when you are starting in a field, the world can seem too big to know things! So to this end, I’ve put together a quick list of tools that I believe are required you have some knowledge of for the PenTest+.

Where possible links to tools and download locations have been provided. Clearly you can deploy a security testing distro such as Kali Linux, Parrot etc. buy you may want to simply install Ubunt or use Windows and WSL 2.

Open Source Intelligence Gathering Tools

• Whois
• Nslookup
• FOCA (https://github.com/ElevenPaths/FOCA)
• Maltego (https://www.maltego.com/)
• TheHarvester (https://github.com/laramies/theHarvester)
• Shodan (https://www.shodan.io/)
• Recon-ng (https://github.com/lanmaster53/recon-ng)

Network and Vulnerability Scanning Tools

• Nmap (https://nmap.org/download.html)
• Nikto (https://cirt.net/Nikto2)
• OpenVAS (https://www.openvas.org/)
• SQLMap (https://github.com/sqlmapproject/sqlmap)
• Nessus (https://www.tenable.com/products/nessus)

Credential Testing Tools

• John (https://www.openwall.com/john/)
• Hashcat (https://hashcat.net/hashcat/)
• Medusa (https://github.com/jmk-foofus/medusa)
• THC-Hydra (https://github.com/vanhauser-thc/thc-hydra)
• CeWL (https://github.com/digininja/CeWL/)
• Cain and Abel (https://web.archive.org/web/20190603235413if_/http://www.oxid.it/cain.html)
• Mimikatz (https://github.com/gentilkiwi/mimikatz)
• Patator (https://github.com/lanjelot/patator)
• Dirbuster (https://sourceforge.net/projects/dirbuster/)
• W3AF (http://w3af.org/download)

Debugging Tools

• OLLYDBG (http://www.ollydbg.de/download.htm)
• Immunity debugger (https://www.immunityinc.com/products/debugger/)
• Gdb (https://www.gnu.org/software/gdb/download/)
• WinDBG (https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools)
• IDA (https://www.hex-rays.com/products/ida/support/download_freeware/)

Software Assurance Tools

• FindBugs (http://findbugs.sourceforge.net/)
• FindSecBugs (https://find-sec-bugs.github.io/)
• Peach (http://community.peachfuzzer.com/WhatIsPeach.html)
• AFL (American Fuzzy Lop) (https://github.com/google/AFL)
• SonarQube (https://www.sonarqube.org/downloads/)
• YASCA (https://sourceforge.net/projects/yasca/)

Wireless Testing

• Aircrack-ng (https://www.aircrack-ng.org/downloads.html)
• Kismet (https://www.kismetwireless.net/downloads/)
• WiFite (https://github.com/derv82/wifite2)
• WiFi-Pumpkin (https://github.com/P0cL4bs/WiFi-Pumpkin-deprecated)

Web Proxy Tools

• OWASP ZAP (https://www.zaproxy.org/download/)
• BURP Suite (https://portswigger.net/burp/communitydownload)

Social Engineering Tools

• Social Engineering Toolkit (https://github.com/trustedsec/social-engineer-toolkit)
• BeEF (Browser Exploitation Framework) (https://github.com/beefproject/beef)

Remote Access Tools

• SSH
• Ncat (https://nmap.org/ncat/)
• Netcat
• Proxychains (https://github.com/haad/proxychains)

Network Tools

• Wireshark (https://www.wireshark.org/download.html)
• Hping (https://github.com/antirez/hping)

Mobile Tools

• Drozer (https://github.com/FSecureLABS/drozer)
• APKX (https://github.com/b-mueller/apkx)
• APK Studio (https://github.com/vaibhavpandeyvpz/apkstudio/releases)

Misc Tools

• Powersploit (https://github.com/PowerShellMafia/PowerSploit)
• Searchsploit (https://www.exploit-db.com/searchsploit)
• Responder (https://github.com/SpiderLabs/Responder)
• Impacket (https://github.com/SecureAuthCorp/impacket)
• Empire (C2) (https://github.com/EmpireProject/Empire)
• Metasploit (https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers)

Summary

Now there’s some tools here that are old, some I wouldn’t personally use as in my opinion there are better ones out there but.. all of the tools here can be used during penetration testing excercises, the tools aren’t the be all and end all, checking the controls and giving the good advice and helping people improve their security posture is the important part, after all a fool with a tool is still a tool!

Hopefully this helps some people who don’t just want to deploy Kali and have the tools pre-installed. I again use a mixture of Offensive ditrubutions and custom builds for tooling. Hell I also am known to go offensive on just a windows box alone 🙂