
Penetration Testing Tools Cheat Sheet - adamnemecek
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
======
0xmohit
A couple of more security tools:

[https://github.com/BinaryDefense/artillery](https://github.com/BinaryDefense/artillery)
\- The Artillery Project is an open-source blue team tool designed to protect
Linux and Windows operating systems through multiple methods.

[https://github.com/trustedsec/social-engineer-
toolkit](https://github.com/trustedsec/social-engineer-toolkit) \- The Social-
Engineer Toolkit (SET) repository from TrustedSec

------
INTPenis
This cheat sheet shows what a lot of rookies don't understand, pentesting
requires knowledge of the same systems and services as that which any linux
sysadmin has.

It's amusing to me because I often see people wanting to be hackers, applying
for IT-security classes or ethical hacking classes thinking there's a magic
education they can take to become a hacker.

When in reality they need the same skills as any good linux sysadmin,
understanding protocols, understanding services, and being able to google well
in english.

~~~
0xmohit
> When in reality they need the same skills as any good linux sysadmin,
> understanding protocols, understanding services, and being able to google
> well in english.

It requires much more. The most important being an intrinsic desire to break
things. Persistence is another. Understanding of underlying tech and stuff
follows.

~~~
INTPenis
Oh absolutely, but I file that under character and not technical experience.

You need a character that does not give up and enjoys breaking things apart.

Specifically what's bothered me for many years is people who apply to classes
to become hackers, thinking there's a type of certification that will allow
them to call themselves hackers. It's become much more popular and romantic
lately.

------
nstj
Zdziarski's "iOS Forensic Investigative Methods"[0] is a free eBook which can
be helpful if you're interested in native penetration testing.

[0]:
[http://www.zdziarski.com/blog/?p=2287](http://www.zdziarski.com/blog/?p=2287)

------
dimdimdim
The one I've used for 3 years counting:

[http://pentesteracademy.com/topics](http://pentesteracademy.com/topics)

Its the Pluralsight / Lynda.com but for Computer Security.

~~~
kkirsche
Looks cool. Wish you didn't have to pay $100 each time you restarted and the
PayPal and email cancelation is not anything I would trust sadly. Just seems
to risky for a "well we didn't get your cancelation, sorry" situation.

------
freditup
Does anyone have a recommendation for resources to learn more about (ethical)
hacking and penetration testing? I have some knowledge of common web
vulnerabilities like XSS, CSRF, SQL injection, etc, but have very little
knowledge of networking and how networks and systems are actually attacked.

For example, this course [0] looked great, but I found that it wasn't quite
right for me. (Assumed I knew things I didn't, focus was sometimes off-topic,
etc.) Any better recommendations?

[0]: [https://www.cybrary.it/course/ethical-
hacking/](https://www.cybrary.it/course/ethical-hacking/)

~~~
adamnemecek
Check out this

[https://lab.pentestit.ru](https://lab.pentestit.ru) and
[https://www.reddit.com/r/securityCTF](https://www.reddit.com/r/securityCTF)
and [https://pentesterlab.com/bootcamp](https://pentesterlab.com/bootcamp)

Idk if this is what you are looking for.

Here's an example of a write up for one of the labs
[https://lab.pentestit.ru/docs/TL8_WU_en.pdf](https://lab.pentestit.ru/docs/TL8_WU_en.pdf)

------
unclesaamm
Does anyone actually refer to a "cheatsheet" when they are hacking? Or do they
just use Google? It makes me laugh to think someone has some of this stuff
printed by their desk for an emergency. For example, "gcc -o exploit
exploit.c".

Also, this looks like a ripoff of [http://www.amazon.com/Rtfm-Red-Team-Field-
Manual/dp/14942955...](http://www.amazon.com/Rtfm-Red-Team-Field-
Manual/dp/1494295504/).

~~~
spydum
I am not a metasploit ninja, my job is mostly in design and defending systems.
However, on occasion I'll need to demonstrate a pivot or exploit a common vuln
to make a point to a DEV team. I might bust out the cheatsheet because that
tool isn't I my muscle memory.

------
andersonmvd
Shameless plug: to run multiple of such security tools at once (nmap, openvas,
nikto, etc) I've created [https://gauntlet.io](https://gauntlet.io) \-- it's
free for few days, but soon won't have such limit.

~~~
sikosmurf
Is this a different product than [http://gauntlt.org](http://gauntlt.org) ?

Definitely the possibility for brand confusion on security software tools.
Something to consider before you go live.

~~~
andersonmvd
The idea is similar, but the implementation differs a lot: Gauntlt is a gem
that will help you run multiple scanners, but won't extend scanner
capabilities such as controlling the speed, add custom headers, etc. That's
what Gauntlet does, including issue management on the interface for you to
classify, notify people, build teams around applications and much more,
without needing to know how to configure any of such tools. Gauntlt requires
you to host it and Gauntlet is a SaaS. One of the reasons to be a SaaS is to
reduce the complexity of running scanners. Of course, the name is almost the
same, thanks for pointing out, although it have a reason. The name Gauntlet
comes from physical punishment
([https://en.wikipedia.org/wiki/Running_the_gauntlet](https://en.wikipedia.org/wiki/Running_the_gauntlet))
and it's like an app being 'punished' by multiple scanners. And as far as I
know Gauntlt doesn't seem to be that active. And as I dug into it, I can tell:
there are many things to do in order to make all scanners work together. It's
more complex than it looks. But, anyway, thank you for pointing out.

------
lyonlim
Anyone has recommendation for companies providing pentest services?

~~~
devillius
Lyonlim, Couldn't find an email in your profile. Feel free to send me an email
(in profile) if you wanted to explore this more.

------
arcanus
Is kali linux still considered the best out of the box pen-testing env? I
played around with it a few years ago and always have wanted to get back into
it.

~~~
eugenekolo2
Out of the box, yes. If you want to have a bit of control/knowing exactly what
tools exist then I recommend:

[https://github.com/zardus/ctf-tools](https://github.com/zardus/ctf-tools)

[https://github.com/eugenekolo/sec-tools](https://github.com/eugenekolo/sec-
tools)

But, those sets of tools don't focus on "pentesting", so much as they do on
analysis, and exploitation.

------
acdanger
How does one with the requisite skills get a job as a penetration tester? I
don’t often see companies hiring for the role.

~~~
nikcub
They don't advertise the roles as regularly as other sectors of IT because
they're hard to hire for. A lot of the hiring is word-of-mouth or promoting a
developer internally who has infosec interest into the role, or hiring
freelancers / outside companies.

It is a sector suited to freelance roles and contracting, or working for a
consulting firm in a fulltime capacity.

Build up an online profile on your own website. It can take the form of a blog
or just a simple web page with a bio and some published articles/papers.

Mention on your website that you're available for hire, where you are and what
type of work you do.

Write some blog posts (anywhere from 2-3 a month or even 2-3 a year if they're
a bit longer form), establish specialities that you are good at, produce
conference talks and pitch them at CFP's and go and speak at conferences,
submit your posts and websites on reddit, here on HN etc.

You'll start getting cold approaches (I average around 3 after every blog
post) and you'll have somewhere to point the companies you approach to.

You'll meet people at conferences who want to hire you.

To find companies to approach, find vulnerabilities and send them a note or
participate in bug bounty programs. You can also approach companies who have
recently been in the news with security issues, or those you find on Twitter
where users or other infosec ppl are reporting issues on social networks .

A lot of companies hit a wall when they experience a security incident and
they're not sure what to do, who to call or who to hire - so they're very open
to hiring contractors to organize that or bringing in their first fulltime
infosec hire.

To get the top-end research roles at the big co's you really need to produce
good research and you'll be headhunted.

Try to be specific in terms of both specialities and sectors you deal with. If
you decide on freelancing, use your first couple of clients as references for
potential new clients and ask associated, customers, etc. to refer you other
work.

~~~
acdanger
This is helpful. Thank you.

------
justforthisone
gcc -o exploit exploit.c

the cheat sheet should mention where to find exploit.c

:(

~~~
BrainInAJar
you write it.

~~~
qu4z-2
I really want to know who can write exploit code in C, but needs a cheat sheet
to invoke the compiler.

Also, I always preferred "make exploit" for that. It's just very ... to the
point.

