Penetration testing tools

precious

Well-known member
Apr 22, 2024
577
329
10,236
I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?
 
I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?
my self I also use trytohackme site it is an excellent site and not so expesive
 
All good suggestions above, I'd add Hack the box along with Try hack me and Social Engineering toolkit for more phishing stuff. The GNS3 topology I provided as part of the PenTest+ TTTs allows for hydra and attacks to be run as well and you can even view the logs on the attacked system to teach some red / blue together.
 
  • Like
Reactions: precious