When I first became interested in Pen Testing I had no idea where to begin or the tools to use. In this blog I will cover the tools I use most often and their purpose. Every kit is different, but this is what I use the most.
Here is my list, I will discuss each item in detail:
- Kali Linux
A. Installed on HP 110 Netbook
- Alfa AWUSO36NH Wireless Adapter
- Wifi Pineapple
- 2 x Yagi Wifi antennas
- USB Rubber Ducky
- NooElec USB RTL-SDR
- Maxpedition Lunada Gearslinger Bag
When I first started getting into Pen Testing I was trained on CentOS then I moved to Backtrack. I’ve now moved to Kali, which most people are now are using. Granted, you can use any OS you want for Pen Testing, and usually I have to use different ones, but Kali has almost all the tools in one place.
I installed Kali on an old HP Mini 110 netbook. It is not the fastest, but it does fine for running scans and exploits. If you are attempting to do something processor intensive, like password cracking, it is a good idea to run this on a machine that has more power.
This leads me to the next feature with Kali. Kali gives you the option to create a bootable USB image. This link covers how to set that up. The good thing about having a bootable USB is that you do not have to install the OS on your machine to use it. Just run it in live mode and you’re good to go.
The last option for running Kali is to run it as a virtual machine, which I do use regularly. I personally use VirtualBox whenever I do virtual machines. VirtualBox is free and has a lot of helpful articles. Kali actually has images available for download forVirtualBox and WMware.
Alfa Network Wireless Adapter
In my opinion there are two easy ways into someone’s network. The first is to “ask,” for access via social engineering. The second is wireless exploitation. Wireless testing is one of my favorite aspects of pen testing. I use a Alfa AWUSO36NH Wireless Adapter for wireless testing. The Alfa adapter allows you to run WiFi scans to determine encryption on networks, network names, MAC addresses, and also inject packets back into the networks you are trying to test. With this tool you can crack WEP in no time, capture WPA2 handshakes for offline cracking, and exploit WPS enabled Access Points. You can also use different antennas, like the Yagi ones in my kit.
The WiFi Pineapple is another wireless auditing tool. It comes with two antennas, which can be swapped for other antennas. The Pineapple can do recon of access points in an area, exploits on those access points, or act a free, open WiFi network. If a person were to connect to the open network you can utilize the Pineapple to act as a man in the middle and strip out packets, spoof DNS, capture credentials, and much more. The WiFi Pineapple is sold by Hak5 and is a great, fun tool to use.
Yagi WiFi antennas
To help increase the distance for my wireless testing I purchased two directional Yagi Antennas. These antennas can connect to the Alpha Networks Card or the WiFi Pineapple. These antennas were around $20 dollars for the two on EBay.
USB Rubber Ducky
The USB Rubber Ducky is the ultimate Social Engineering tool. This looks like a common thumb drive, but it is far from that. It is actually a keystroke injection attack platform. Basically it acts like a keyboard when plugged into a person’s machine and automatically types out commands. The commands are placed on the rubber ducky via a simple scripting language, saved to a Micro SD card, and inserted into the rubber ducky. These scripts can execute programs, save files and FTP them to remote locations, insert backdoor connections to machines, and many more things. A pen tester could drop the device in a common area in the hopes a user will plug it in. The rubber ducky can execute commands very quickly, making it an ideal tool to use when testing physical security. If you are able to get in front of a machine, plug the rubber ducky in and let it run the scripted commands while you do some more exploring around the complex. Of course, you’ll need to have it configured prior to using it.
NooElec USB RTL-SDR
The NooElec USB RTL-SDR is a mini Software Defined Radio USB device. It comes with a small antenna, but you can purchase a larger replacement if you want. With SDR, a pen tester could test anything that run over radio waves, not just WiFi. Things such as smart meters and RFIDs are a few examples. I’m new to SDR, but have had some fun with it like picking up the local Fire/EMS/Police dispatch. This device is very inexpensive, around $20.
Maxpedition Lunada Gearslinger Bag
No Pen Testing kit is complete without a tacticool bag to carry it all in. The maxpedition bag is very durable and can store everything I carry, with the exception of the yagi antennas. These can actually be strapped to the sides if necessary with the use of the MOLLE system. The bag is not very big, but can pack in an IPad or netbook without a problem. Definitely a great bag for when you don’t want to tote around a full size backpack.
My pen testing tool kit took me several years to put together. I’m still modifying it all the time. This is an ever evolving game, and so should your pen testing tool kit.
274 total views, 1 views today