I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?
Penetration testing tools
- Thread starter precious
- Start date
You can use the open-source phishing framework, GoPhish, getgophish.com.
Thanks, MBA! GoPhish is a great suggestion for simulating phishing attacks. I'll incorporate it into my labs to give students hands-on experience with phishing campaigns.
my self I also use trytohackme site it is an excellent site and not so expesive
Setup an OWASP WebGoat environment and Kali and have them do the exercises as an introductory.
Thanks @Anthony McCartney, for the suggestion! WebGoat sounds great way to introduce them to web app vulnerabilities. I’ll definitely look into incorporating it into my labs.
All good suggestions above, I'd add Hack the box along with Try hack me and Social Engineering toolkit for more phishing stuff. The GNS3 topology I provided as part of the PenTest+ TTTs allows for hydra and attacks to be run as well and you can even view the logs on the attacked system to teach some red / blue together.
Thanks so much @Lee McWhorter for the suggestions! Hack the Box and TryHackMe are great for hands-on learning, and I'll definitely incorporate the Social Engineering Toolkit more.