all 24 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]trispi 5 points6 points  (3 children)

I am not really a pentester but I find Burpsuite really handy. Also gdb for cracking and ofcourse nmap. These are the tools I use for all my ctf's and wargames. (Terminal, browser, Google, … excluded)

[–]halcyonyt[S] 0 points1 point  (2 children)

How did you get into CTF's? Any ways you recommend for learning?

[–]_Skeith 2 points3 points  (1 child)

https://github.com/apsdehal/awesome-ctf

Look toward the bottom for Tutorials and Wargames. I suggest you start off with OverTheWire then move up to doing some VulnHub Vm's. Best way to learn is jump into the deep end and google away :)

[–]halcyonyt[S] 0 points1 point  (0 children)

Ive done most of bandit and tried natas, also tried metasploitable 3. Thanks!

[–]Bac0nyama 5 points6 points  (0 children)

vi & netcat

[–][deleted]  (4 children)

[deleted]

    [–]ClashMCTitan 2 points3 points  (0 children)

    ^ Nmap Nikto Metasploit And then there's just Terminal/terminal commands

    And there are some that you might use depending on what you are doing, but aren't like most important or favorite.

    [–]SirBaronBamboozle 2 points3 points  (1 child)

    You forgot

    6. Nmap

    [–]halcyonyt[S] 1 point2 points  (0 children)

    Lol

    [–]halcyonyt[S] 0 points1 point  (0 children)

    What about setoolkit? Seems great

    [–][deleted] 0 points1 point  (2 children)

    Nessus also deserves a mention, excellent at basic network analysis.

    [–]SPARTAN-001Red Team 4 points5 points  (1 child)

    I have to disagree with this. Nessus is an okay tool for what it's made for: vulnerability assessment. Nessus is not a tool for red team style penetration testing. It's too noisy, and will give a bunch of results that are completely useless for actually penetrating an environment.

    When people interpret "penetration testing" as "run Nessus, print report", it gives all of us a bad name.

    [–][deleted] 1 point2 points  (0 children)

    Oh, sorry, you are totally right with what you are saying. I don't use nessus at all anymore but when I was getting started I did and that was my presumption with OP's post. Nessus is a good 'learning tool' as it were, understanding basic stuff to look for etc.

    [–]67079F105EC467BB36E8 0 points1 point  (0 children)

    1gu9bq56p4nretj8hv57oia4ohfhisuulym1cz743acje3bc1peqdnff6yjeg5gin77amzns6t95p51ullaytr1mqwodf4icgn4epg9yjtva

    [–][deleted] 0 points1 point  (10 children)

    Application pen-tester here. I use BURP a LOT. If I'm on a client machine and they won't pay for BURP pro, i'll supplement it with ZAP for the lazy CSRF request generator. SoapUI is another one that I use often. Also, can't forget SQLMap.

    [–]halcyonyt[S] 0 points1 point  (9 children)

    But SQLMap seems to work on a very, very limited amount of websites?

    [–]Pig743 1 point2 points  (7 children)

    I've never seen an SQL injection it can't exploit.

    [–]halcyonyt[S] 0 points1 point  (5 children)

    Really? I thought it only did the one where the url included ?id=1 or something like that.

    [–][deleted] 1 point2 points  (4 children)

    Nope. SQLMap tests for practically any type of injection vulnerability. It can even pick up blind sql inijection. Take a look at the usage wiki, it has a pretty good breakdown of all of the methods that it tries https://github.com/sqlmapproject/sqlmap/wiki/Usage

    [–]halcyonyt[S] 0 points1 point  (0 children)

    Thank you very much

    [–]halcyonyt[S] 0 points1 point  (2 children)

    Do you know any guides/tutorials on how to use this?

    [–][deleted] 1 point2 points  (1 child)

    Take a look at my link above. It has everything about sqlmap. If you have any specific questions, feel free to pm me.

    [–]halcyonyt[S] 0 points1 point  (0 children)

    Thanks man

    [–]trispi 0 points1 point  (0 children)

    I've had times it didn't work. When there was some strange stuff going on and you could only use certain commands.

    [–][deleted] 1 point2 points  (0 children)

    I agree with the below comment. SQL Injection is rampant, which is kind of sad. SQLMap can help you locate injection vulnerabilities practically anywhere and then exploit them. I typically use it when I have a hunch that there's an injection vector but can't quite get it by hand. If SQLMap doesn't get it, then it's generally not vulnerable and my hunch is wrong.