Pentesting Tools Study Guide
Tools installed via BlackArch categories. Work through these to build practical skills.
Scanning & Recon
- nmap — Network discovery and port scanning
- masscan — Fast mass port scanner
- recon-ng — Web reconnaissance framework
- theharvester — Email, subdomain, and name harvester
Exploitation
- metasploit — Penetration testing framework
- sqlmap — Automated SQL injection tool
- searchsploit — Offline exploit database search
Web Application
- burpsuite — Web vulnerability scanner and proxy
- nikto — Web server scanner
- gobuster — Directory/file brute-forcer
- dirb — Web content scanner
Wireless
- aircrack-ng — Wireless network security suite
- wifite — Automated wireless attack tool
Password Cracking
- john (John the Ripper) — Password cracker
- hashcat — Advanced password recovery
- hydra — Network login brute-forcer
Sniffing & Analysis
- wireshark — Network protocol analyzer
- tcpdump — Command-line packet analyzer
Forensics
- autopsy — Digital forensics platform
- volatility — Memory forensics framework
Reversing
- ghidra — Reverse engineering suite (NSA)
- radare2 — Reverse engineering framework
Study Plan
- Start with nmap — it’s foundational for everything else
- Learn wireshark alongside nmap to see what’s happening on the wire
- Move to metasploit for exploitation basics
- Pick up burpsuite for web app testing
- Branch into wireless, cracking, or forensics based on interest
Resources to Look Into
- TryHackMe — Guided hands-on labs
- HackTheBox — Practice boxes
- OverTheWire (Bandit) — CLI/Linux security basics
- OWASP WebGoat — Web app vulnerability practice
- CyberDefenders — Blue team / forensics challenges