Aloha,
Here we go.
We need knowledge, we need tools and targets we need a lab environment.
It is illegal to try penetration procedures in live environments without the written permissions of the owner so a test environment is a must have. In a another post I will analyze how we can create a lab environment, for now lets see a list in no particular order of toolkits and targets. Luckily enough there are plenty out there.!
This list will always be updated .
Penetration Toolkits
These are live CDs or DVDs. I am not going to analyze any of this right now. I am using the Backtrack linux distribution probably because is the first one I started with or…….
- Live Hacking DVD and Live Hacking CD
http://www.livehacking.com/live-hacking-cd/download-live-hacking
- BackTrack Linux
http://www.backtrack-linux.org
- Samurai Web Testing Framework
http://samurai.inguardians.com - Network Security Toolkit
http://www.networksecuritytoolkit.org - Operator
http://www.ussysadmin.com/operator/ - OSWA-Assistant™
http://securitystartshere.org/page-training-oswa-assistant.htm
Targets
These are live CDs, projects or vmdk files. You can use them for pen-testing skill development and testing.
- Metasploitable
https://community.rapid7.com/community/metasploit - De-ICE PenTest LiveCDs
http://heorot.net/livecds/ - Hackerdemia
http://heorot.net/hackerdemia/ - Web Security Dojo
http://www.mavensecurity.com/web_security_dojo/ - Damn Vulnerable Web Application (DVWA)
http://www.dvwa.co.uk/ - Mutillidae
http://www.irongeek.com - WebGoat
http://www.owasp.org