This section is designed to be the PTES technical guidelines that help define certain procedures to follow during a penetration test.Something to be aware of is that these are only baseline methods that have been used in the industry.They will need to be continuously updated and changed upon by the community as well as within your own standard.
In general terms, the following tools are mandatory to complete a penetration test with the expected results.
Selecting the operating platforms to use during a penetration test is often critical to the successfully exploitation of a network and associated system. With standard command shells (such as sh, csh, and bash) and native network utilities that can be used during a penetration test (including telnet, ftp, rpcinfo, snmpwalk, host, and dig) it is the system of choice and is the underlying host system for our penetration testing tools.
As such it is a requirement to have the ability to use the three major operating systems at one time. Since this is a hardware platform as well, this makes the selection of specific hardware extremely simple and ensures that all tools will work as designed.
VMware Workstation is an absolute requirement to allow multiple instances of operating systems easily on a workstation.
VMware Workstation is a fully supported commercial package, and offers encryption capabilities and snapshot capabilities that are not available in the free versions available from VMware.
Without the ability to encrypt the data collected on a VM confidential information will be at risk, therefore versions that do not support encryption are not to be used.The operating systems listed below should be run as a guest system within VMware. The Linux platform is versatile, and the system kernel provides low-level support for leading-edge technologies and protocols.All mainstream IP-based attack and penetration tools can be built and run under Linux with no problems.For this reason, Back Track is the platform of choice as it comes with all the tools required to perform a penetration test.Windows XP/7 is required for certain tools to be used.Many commercial tools or Microsoft specific network assessment and penetration tools are available that run cleanly on the platform. A good example of a reasonably priced frequency counter is the MFJ-886 Frequency Counter.