Top two tools (Linux) ;)

CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
in Off-Topic
I work in security and get to play with some pretty cool GOTS tools, but I would like to master some open source stuff from Kali.

I mostly do vulnerability resolution and network mapping and kinda want to stay that route.

Which TWO tools from the Kali distro or any other open source would you choose to master to provide consulting services?

I am leaning towards nmap and openVAS, but have only general exp with either.
· Share on FacebookShare on Twitter

Comments

  • doctorlexusdoctorlexus Member Posts: 217
    I'm not sure, but I hope one day to know the answer after I take the PWK course. Have you considered the PWK course + OSCP certification?

    https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/
    · Share on FacebookShare on Twitter
  • ExpectExpect Member Posts: 252 ■■■■□□□□□□
    really depends what type of security consulting you're doing...there are hundreds of tools out there.

    mastering Burp/OWASP ZAP, Metasploit and enumeration tools is usually a good start.

    and its not all about tools, it's about techniques, your knowledge your methodologies and your OOB thinking that would lead you to find the security gems. sometimes automated tools don't hit.
    · Share on FacebookShare on Twitter
  • EngRobEngRob Member Posts: 247 ■■■□□□□□□□
    If you can only pick two, Nmap and OWASP ZAP. Limiting to two won't get you very far though.
    · Share on FacebookShare on Twitter
  • VeritiesVerities Member Posts: 1,162
    Expect wrote: »
    really depends what type of security consulting you're doing...there are hundreds of tools out there.mastering Burp/OWASP ZAP, Metasploit and enumeration tools is usually a good start.and its not all about tools, it's about techniques, your knowledge your methodologies and your OOB thinking that would lead you to find the security gems. sometimes automated tools don't hit.
    Amen. Knowing how to secure systems and where inherent vulnerabilities exist (i.e. .mysql_history) you can easily gain enough information to do damage to a system or gain access to privileged information.
    · Share on FacebookShare on Twitter
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Use the right tool for the right task I would say...I wouldn't select a tool or two to master...but say if you do a lot of packet capture analysis then tcpdump/wireshark are your friends....use nmap to scan and know the options (create a **** sheet or google them up)...again depends on what you wanna do really.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

    · Share on FacebookShare on Twitter
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    I stumbled on this the other day https://www.concise-courses.com/hacking-tools/ it has more than two tools listed but can give you some ideas. Ultimately, learning the fundamentals behind multiple different tools is better. For instance openvas is the same thing as nessus really. So knowing how they both work and when to use one vs. the other might be beneficial.
    “I do not seek answers, but rather to understand the question.”
    · Share on FacebookShare on Twitter
Sign In or Register to comment.