• Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.

  • Web application proxies

    • WebScarab
    • Zed Attack Proxy(successor of WebScarab)
    • Burp Suit
    • ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)

  • Web vulnerability scanner

    • Nikto
    • skipfish
    • Web Crawler-Dirbuster
    • OpenVAS

  • Database exploitation

    • SQLNinjia:tool to attack vulnerable Mssql and gain shell access
    • sqlmap

  • CMS identification tools

    • wpscan
    • Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.
    • joomscan

  • Web application fuzzers

    • Burpsuite and WebScarab
    • Wfuzz

  • **Using Tor for penetration testing **