- Becoming the Hacker
- Adrian Pruteanu
- 342字
- 2021-06-11 13:38:51
The tester's toolkit
The penetration testing tools used vary from professional to professional. Tools and techniques evolve every day and you have to keep up. While it's nearly impossible to compile an exhaustive list of tools that will cover every scenario, there are some tried-and-true programs, techniques, and environments that will undoubtedly help any attacker to reach their goal.
Kali Linux
Previously known as BackTrack, Kali Linux has been the Linux distribution of choice for penetration testers for many years. It is hard to argue with its value, as it incorporates almost all of the tools required to do application and network assessments. The Kali Linux team also provides regular updates, keeping not only the OS but also the attack tools current.
Kali Linux is easy to deploy just about everywhere and it comes in many formats. There are 32-bit and 64-bit variants, portable virtual machine packages, and even a version that runs on the Android OS:
Figure 1.2: A fresh instance of the Kali Linux screen
Kali Linux alternatives
One alternative or supplement to Kali Linux is the Penetration Testing Framework (PTF) from the TrustedSec team and it is written in Python. This is a modular framework that allows you to turn the Linux environment of your choice into a penetration testing toolset. There are hundreds of PTF modules already available, and new ones can be quickly created. PTF can also be run on Kali to quickly organize existing tools in one location.
Figure 1.3: The PTF interactive console
Another well-established alternative to Kali Linux is BlackArch, a distribution based on Arch Linux that includes many of the tools bundled with other penetration testing distributions. BlackArch has many of the tools that testers are familiar with for network testing or application assessments, and it is regularly updated, much like Kali Linux. For Arch Linux fans, this is a welcome alternative to the Debian-based Kali distribution.
Figure 1.4: The main BlackArch screen
BlackArch is available in many formats on https://blackarch.org.
- DevSecOps敏捷安全
- Learning Python for Forensics
- 為你護航:網絡空間安全科普讀本(第2版)
- Practical Network Scanning
- Mastering Kali Linux for Advanced Penetration Testing
- INSTANT Windows PowerShell
- 網絡安全三十六計:人人該懂的防黑客技巧
- Computer Forensics with FTK
- ARM匯編與逆向工程:藍狐卷·基礎知識
- 隱私計算
- 云原生安全與DevOps保障
- Instant Java Password and Authentication Security
- 網絡用戶行為的安全可信分析與控制
- 華為Anti-DDoS技術漫談
- Mastering Linux Security and Hardening