nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Top two tools (Linux) ;)

Cyberscum

I work in security and get to play with some pretty cool GOTS tools, but I would like to master some open source stuff from Kali.

I mostly do vulnerability resolution and network mapping and kinda want to stay that route.

Which TWO tools from the Kali distro or any other open source would you choose to master to provide consulting services?

I am leaning towards nmap and openVAS, but have only general exp with either.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

doctorlexus

I'm not sure, but I hope one day to know the answer after I take the PWK course. Have you considered the PWK course + OSCP certification?

https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

Expect

really depends what type of security consulting you're doing...there are hundreds of tools out there.

mastering Burp/OWASP ZAP, Metasploit and enumeration tools is usually a good start.

and its not all about tools, it's about techniques, your knowledge your methodologies and your OOB thinking that would lead you to find the security gems. sometimes automated tools don't hit.

EngRob

If you can only pick two, Nmap and OWASP ZAP. Limiting to two won't get you very far though.

Verities

Expect wrote: »

really depends what type of security consulting you're doing...there are hundreds of tools out there.mastering Burp/OWASP ZAP, Metasploit and enumeration tools is usually a good start.and its not all about tools, it's about techniques, your knowledge your methodologies and your OOB thinking that would lead you to find the security gems. sometimes automated tools don't hit.

Amen. Knowing how to secure systems and where inherent vulnerabilities exist (i.e. .mysql_history) you can easily gain enough information to do damage to a system or gain access to privileged information.

UnixGuy

Use the right tool for the right task I would say...I wouldn't select a tool or two to master...but say if you do a lot of packet capture analysis then tcpdump/wireshark are your friends....use nmap to scan and know the options (create a **** sheet or google them up)...again depends on what you wanna do really.

alias454

I stumbled on this the other day https://www.concise-courses.com/hacking-tools/ it has more than two tools listed but can give you some ideas. Ultimately, learning the fundamentals behind multiple different tools is better. For instance openvas is the same thing as nessus really. So knowing how they both work and when to use one vs. the other might be beneficial.