Web based Linux attack virtual machine customized distribution for pen testers and security engineer
AMI image AWS EC2 Elastic Cloud platform, subscriptions
Kali Linux or Parrot Linux
Apache Guacamole® The remote desktop proxy HTML 5 web application
Docker based distro
- Jenkins – workflow orchestrator
- Greenbone – vulnerability management
- reNgine – attack surface & Web DAST tool
Offensive tools
- nmap with vulnerabilty plugins
- searchsploit local exploit database
- hydra – bruteforce tool (including wordlist)
- metasploit – scanning, exploiting tool and central C&C (kiwi module)
- hascat – password cracking tool
- BurpSuite Community – Intercepting proxy
AD tools
- enum4Linux
- kerberoast impacket-scripts
- kerbrute Domain, Users enumeration a Password bruteforcing
Web hacking
- nuclei – project discovery DAST tool
- testssl, scannssl – encryption