Penetration testing tools

[precious]

I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?

 

[MBA]

You can use the open-source phishing framework, GoPhish, getgophish.com.

 

[precious]

You can use the open-source phishing framework, GoPhish, getgophish.com.

Thanks, MBA! GoPhish is a great suggestion for simulating phishing attacks. I'll incorporate it into my labs to give students hands-on experience with phishing campaigns.

 

[hosnypasha]

I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?

my self I also use trytohackme site it is an excellent site and not so expesive

 

[Emmanuel Phakula Mandala]

my self I also use trytohackme site it is an excellent site and not so expesive

And it's even one of the best rooms that I normally use as well @hosnypasha

 

[Anthony McCartney]

Setup an OWASP WebGoat environment and Kali and have them do the exercises as an introductory.

 

[precious]

Thanks @Anthony McCartney, for the suggestion! WebGoat sounds great way to introduce them to web app vulnerabilities. I’ll definitely look into incorporating it into my labs.

 

[Lee McWhorter]

All good suggestions above, I'd add Hack the box along with Try hack me and Social Engineering toolkit for more phishing stuff. The GNS3 topology I provided as part of the PenTest+ TTTs allows for hydra and attacks to be run as well and you can even view the logs on the attacked system to teach some red / blue together.

 

[precious]

Thanks so much @Lee McWhorter for the suggestions! Hack the Box and TryHackMe are great for hands-on learning, and I'll definitely incorporate the Social Engineering Toolkit more.

 

[Jamesz159]

Hi All, Only just joined a bit late to the conversation, I would recommend Cisco Ethical hacker course you get a free VM Kali based with Containers housing other machines, like your DVWA etc, it comes with 34 labs as well and is free for anyone to access https://www.netacad.com/courses/ethical-hacker?courseLang=en-US
Tryhackme is excellent as well

 

[Tangobro]

Also for exploitable VM's, I came across this

WebSploit Labs - by Omar Santos

WebSploit Labs is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions. WebSploit includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux or Parrot Security OS...

websploit.org