What’s in your pentesting kit?

We were recently working on an audit of the Pwn Appliance, checking to ensure each tool was documented, relevant, useful, AND up-to-date. If you look at the pure number of tools, we’re a little slanted toward tunneling, network pentesting, and wireless utilities right now, but of course you have root access to your device, and can install whatever you’d like.

We’re loving the stories we get of folks using tools like SET, BeEF, or SQLMap on internal networks after tossing it in the corner.

Here’s a high-level view of the toolkit:


And here’s the full list of packages (note there are some others that are not installed via package, but this covers the majority). We believe that Pwnie devices firmly belong in the pentester’s toolkit – whether you’re doing local or remote network, webapp, wireless, or physical work.

Many testers have encountered scenarios where (lack of) Internet access or time dictated that their toolkit be prepared in advance of a test. Particularly for on-site work.  What’s your pentesting kit consist of? Which hardware? Which software?

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *