What tools are people using?

I’m working with our security team on an internal pentest and… I’ll be honest… it’s been a while since I’ve done any kind of testing.

What tools are out there that you all are using?

We use Kali Linux with tools like net-discover, nmap, crunch, and John the Ripper, among others. This is just a few of our main tools that we are familiar with, there are plenty of other tools to use as well.

We use a variety of tools, but Kali Linux and the tools you mentioned are the ones we use the most. We also use Metasploit, Wireshark, and some other tools.

I use the Impacket tool suite a LOT. I can do a lot of Active Directory attacks from Linux without having to worry about EDR or AV on Windows. It runs just fine on a Raspberry Pi, which is my favorite attack platform to embed at a victim’s site when I can get physical access.

I have a cracked Cobalt Strike license, but it can be unwieldy sometimes. I prefer to use command line tools when I can, because they can easily be run from most places.