OWASP Zed Attack Proxy
Every web application penetration tester needs vulnerability scanner. The OWASP Zed Attack proxy will become your best friend. Easy to use and setup, this integrate penetration testing tool will find a wide range of vulnerabilities. From direct browsing to persistent cross-site scripting, this tool will find them all. The best part… it’s totally free.
Fiddler Intercepting Proxy
This tool is the bread and butter for any web application penetration tester. Fiddler gives you the power to intercept HTTP/HTTPS traffic allows you to display and modify requests and responses using a man-in-the-middle decryption technique. Privilege escalations, script injections, filter bypasses, and more all become easily executable with this intuitive and simple tool.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
This is more of a suite then an actual tool but if you are going to do any testing whether it is infrastructure, web app or red teaming this image will have what you need. Also if you don’t know linux this is a good way to get started, learning basic command line functions is essential. It can be run in a VM, off a USB stick and even on a Raspberry Pi!
This is the premier infrastructure testing tool, not only is it powerful but once you learn how to use it you will be able to customize it to fit your needs. A lot of other tools out there use a very similar framework to Metasploit so learning this will help you understand other tools down the road. It contains numerous features for discovery, exploits, brute forcing, payloads etc. And it is included in Kali Linux.
This is the simplest and easiest way to do recon on a system, you will always want to see what is going on with a system before starting your tests. The tool in it’s most basic use allows you to find what ports are open. It can go beyond that but we will save this for another time. The most important part of any penetration test is to understand your attack surface. Also you can import this data directly into your metasploit workspace for ease of use. It is included in most OS distributions.
Exploitable Virtual Machines
The most important part of your toolset for testing is to always test against systems you’re authorized to. You do not want to use the above tools against public domains or your company without express permission, it can get you into a lot of trouble. So how do you learn? Stand up virtual machines using VM software such as Virtual Box or VMWare Fusion and then go to town on your own private network. You can make it as complex or vulnerable as you want. A good one to start with for fun is the Metasploitable image, it is extremely vulnerable and ready to test.