Penetration Testing / InfoSec

A Quick Look at My Pen Testing Kit

. 5 min read . Written by Nautilus
A Quick Look at My Pen Testing Kit

People always ask me what I carry on a daily basis, or what tools are my go-to for penetration testing. This article isn't an endorsement, and I'm still building out my kit. It's important to keep in mind that there's no ideal penetration testing kit, like Hacks4Pancakes said in her article "use what works for you".

As shown in the photo above, my current penetration testing kit contains two laptops, a Hak5 essentials kit with other goodies inside, lockpicks, a raspberry pi to be used as a dropbox, and lastly, a mysterious case who's contents will be revealed in this article.

I generally carry two laptops, with one being my everyday go-to for work, general browsing, and virtualization, whereas the ThinkPad is primarily used for quick pen testing needs. The distro changes on a regular basis, however, it's usually running Debian Stable, or Kali Linux. ThinkPads generally work really well with Linux, which makes mine perfect for quickly using tools, quick configurations to scripts, and all the other fun Linux stuff.

Hak5 Essentials Field Kit (and other goodies)

There's no going wrong with Hak5 products. I bought the Hak5 essentials field kit because it has everything I need in a nice compact case. As well as having a WiFi Pineapple Nano, it comes with a Rubber Ducky, and a Lan Turtle. Although I haven't had a chance to use the Lan Turtle yet, writing scripts for the rubber ducky is extremely straightforward and effective in pen tests, and demonstrations. Furthermore, the WiFi Pineapple is a tool that I'd recommend to anyone - not only is it simple to setup and use, but the pineapple has so many other functions like deauthentication attacks, cloning websites to create evil portals, and your general reconnaissance needs.

As well as having these in the kit, I also have a Bash Bunny from Hak5, which is like a rubber ducky on steroids. I have the entire Hak5 repo for the Bash Bunny cloned and stored on the device, so I all have to do is SSH in, or plug it into a laptop to modify the payloads it is using.

Finally, I have a KeyLlama in this kit which is an extremely simple, yet effective keylogger which plugs in between the keyboard, and computer to capture keystrokes. The KeyLlama is opened/recognized by the machine with a key combination that you set prior to using it.

Lockpicking Kit

As well as having some technical stuff I also like to carry a lockpicking kit on me with a bunch of different size tension tools, as well as a load of different rakes, and single picks. This kit in particular is called The Vorax from Sparrows, which I also bought the Octo Rake for. I chose The Vorax because it had a wide variety of rakes, my go-to when quickly trying to open up a lock.

I combined this kit with my first lockpicking kit which was a Southord so I also carry part of that kit in the case since it's what I'm used to using for single pin picking.

As well as having these picks, I also carry two easy shims, one of those being a Mini Jim, and the other being a Hall Pass which I carry in my wallet. These are good to quickly enter, or exit rooms when needed.

Finally, I have a Keysy attached to the case which is an RFID duplicator. Although I would prefer a Proxmark, the Keysy is a cheaper solution to RFID cloning, and is more a proof of concept device, rather than the Proxmark. Keysy also makes  rewriteable stickers, and rewritable keycards rather than keyfobs which is something I've been interested in trying for awhile.

Alfa Wireless Adapter

I like to keep an Alfa AWUS036NHA Wireless B/G/N USB Adapter with me at all times. Not only is it small and simple to setup, but has excellent range and is available for a pretty low price.

The Alfa AWUS036NHA supports monitor mode, and packet injection. "Monitor mode is different from promiscuous mode, also used for packet sniffing, because monitor mode doesn’t require association with an access point or ad-hoc network. Packet injection is important because it allows us to send and receive management and control frames from the adapter while it’s operating in monitor mode." This means we can send deauthentication frames capture handshakes, and much more. This article provides a little more information about the uses of the adapter, and a little more background on the attacks it is capable of.

USBNinja

As well as keeping an Alfa network adapter in the small carrying case I like to keep the USBNinja. The USBNinja is a remake of a rubber ducky or BADUSB, except concealed in a lightning cable. The USBNinja remote allows for two payloads (A, and B) and is set up ahead of time using Arduino.

Personally, I like the USBNinja because I don't have to have physical access to the machine. Rather, the light from the USBNinja once powered on stops blinking the second that the lightning cable is plugged into a machine. This means that I could leave it on a conference table, or drop it somewhere, and wait in a completely different room until the light goes out to execute the payload of choice.

Fin

Although I'm still building out my penetration testing kit, I think this is a pretty good start. I'd like to add more bypassing tools to my kit, as well as a Proxmark and some better devices for creating dropboxes. I've been following a blog called Sprocket Security for a lot of motivation behind building out a dropbox. If you're interested in following their blog, I'd highly recommend it as I've learned a lot about building out red team infrastructure, and thought more about what I want my infrastructure to look like.

If you have any questions feel free to shoot them over to me on Twitter, I'm always happy to talk about my kit, or anything else computer-related.