January 31, 2016

Any experienced Pentester will tell you that the enumeration and reconnaissance phases of a Penetration Test are probably the most important parts of any Security Assessment. The problems many Pentesters face these days is the sheer volume of different tools available and which one(s) to use.

Thankfully there is an answer for the Enumeration Phase. A great tool with a nice GUI has been developed and best of all it’s absolutely free and has been integrated into Kali Linux 2.0. Of course it can also be downloaded as a standalone on Github.

It’s called Sparta: https://github.com/SECFORCE/sparta 

An extremely powerful tool which goes beyond NMAP, SMTP, SNMP, NetBIOS, FTP etc. but also includes fancy tools like dirbuster and other nice Web Assessment tools all through 1 single user interface.



The Metasploit Framework

Author: Martin Voelk
March 17, 2015

The Metasploit framework is one of the best Penetration Testing suites around. It’s modular structure and coverage of all Penetration Test cycles, makes it the preferred choice of many Penetration Testers and unfortunately hackers alike. It’s easily expandable with custom modules.

For those who are not friends with command lines (every Pentester should be though!) there is even a GUI option available called Ermitage which simplifies the whole process significantly.

Metasploit itself is owned by Rapid 7. But the community version is distributed free of charge within Kali Linux.


Kali Linux: https://www.kali.org
Armitage: http://www.fastandeasyhacking.com
Free Metasploit Training by Offensive Security: http://www.offensive-security.com/metasploit-unleashed/Main_Page