nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

What are some tools that a Info Sec pro must have?

HLRS

Is there like a tool pack to buy from somewhere for a Info Sec pro? where it includes Pentest/Vulnerability tools etc? I know backtrack and metasploit are few, thanks

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

docrice

It depends on the area of infosec your'e talking about. If you're a webapp person, then maybe Burp might be one. If you're into IDS / IPS. then Snort should belong into your basic toolkit (at least from a knowledge perspective) regardless of whether you support it on your business network.

The most important tool I think is curiosity and the itch to solve mysteries.

JDMurray

There are a number of threads here discussing pen test certifications. All of these certs are heavily tools-based because, well, pen testers need their tools. Whatever (free) tools are commonly found across these types of certs is what you should look at first. Start checking out nmap, Wireshark, Snort, Splunk, Nessus, Metasploit, and most any other tool that has a book written about it.

paul78

Also, aside from the mechanics of tool usage, having a good repository of knowledge references is a key tool in the box. If one specializes in the legal, privacy, governance, or risk management aspects of infosec, I recommend familiarizing with various knowledge tools like ISACA, NIST, and privacyassociation.org. If you are interested in web app pentesting, review the processes and tools at OWASP.org.

the_hutch

HLRS wrote: »

Is there like a tool pack to buy from somewhere for a Info Sec pro?

If you take the official CEH course from EC-Council, you are given the option to purchase their toolkit, which consists of 6 DVDs of content for $99. While most of it is open source tools, there is also a lot of malware (viruses, trojans, worms, logic bombs, etc...) on it. That was really the selling point for me, because malware can be much more difficult to get your hands on than open source tools. But in order to purchase the $99 toolkit, you are first going to have to purchase the $1699 course.

the_hutch

The malware has been fun to play with in my own lab, but realistically, most companies are never going to agree to the use of malware in a penetration test on their network, so you will probably never professionally use them. If I had to do it over again, I wouldn't have purchased it...or the course (but that's a different story). Also included is the world-class EC-Council distro of OpenSUSE...which is terrible. I'm pretty sure I'd have more success hacking a system by opening backtrack and slamming my head against the keyboard for 15 minutes, than I would by meticulously using this distro for months on end.

HLRS

Yea its pretty good, its a lot of tools, I downloaded their material. *cough* *torrents*