This chapter outlines and discusses the components and tools that make up a professional security consultant’s toolkit for performing tasks including reconnaissance, network scanning, and exploitation of vulnerable software components. Many advanced tools can only be run from Unix-based systems, while other Windows-specific tools are required when testing Microsoft-based platforms and environments, and so building a flexible platform is very important.
Although these tools and their respective configurations and uses are discussed in detail throughout the book, they are discussed here at a reasonably high level so that you may start to think about preparing and configuring your assessment platform. At a high level, the tools and components that you need to consider are as follows:
Virtualization software to allow you to run multiple virtual systems on one physical machine
Operating systems within your assessment platform
Reconnaissance tools to perform initial Internet-based open source querying
Network scanning tools to perform automated bulk scanning of accessible IP addresses
Exploitation frameworks to exploit vulnerable software components and accessible services
Web application testing tools to perform specific testing of web applications
With the exception of commercial tools that require licenses, all of the tools listed in this book can be found in the O’Reilly archive at http://examples.oreilly.com/networksa/tools. I have listed the ...