- Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.
Web application proxies
- Zed Attack Proxy(successor of WebScarab)
- Burp Suit
- ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)
Web vulnerability scanner
- Web Crawler-Dirbuster
- SQLNinjia:tool to attack vulnerable Mssql and gain shell access
CMS identification tools
- Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.
Web application fuzzers
- Burpsuite and WebScarab
**Using Tor for penetration testing **