In this article, we are going to discuss setting up a pentesting or rig as it is sometimes called. A pentesting rig is the system you use for pentesting. This can be a standalone computer or laptop. The focus of this article is on a locally hosted bare metal setup and virtualization. This information might be useful to those getting into pentesting, bug hunters, and CTF players. Ethical hacking/pentesting skills are used in all three of these areas.
Linux Operating Systems
Most people getting into penetration testing have heard of Kali Linux or do soon after they start researching the subject. Kali Linux was created by Offensive Security, the company that offers the OSCP certification and the associated course Pentesting With Kali (PWK). It is one of the oldest pentesting Linux distributions around. Pentesting distributions or distros make it easier by having most of the popular pentesting/hacking tools installed or available for install. Some think Kali Linux or Linux, in general, is the only way to go. While Linux is a great choice, we will take a look at other options in this article.
Parrot OS is another popular and great Linux distro. I was a big Kali fan and didn’t use other Linux pentesting distros, but last year during a WiFi pentest I gave Parrot a try and became a big fan. Some tools were easier to get working in Parrot, so I used Parrot to conduct my WiFi pentest. Parrot worked well and is an OS that I have kept in my toolset. There were some occasions after that when Parrot worked better in some lab setups using a virtual machine (VM).
Pentester Framework (PTF)
The Pentester Framework or PTF for short is a tool created by TrustedSec to install pentesting tools. You can use PTF to install pentesting tools on Debian or Ubuntu Linux.
PTF can be found here; https://www.trustedsec.com/tools/pentesters-framework/
Windows for Pentesting
While Linux has been a predominant OS in the pentesting world, Windows has its place. Most enterprise environments are mainly Windows and the administrative tools native to Windows work great for pentesting, although you can now run Microsoft PowerShell on Linux and MacOS, Windows is a great place to use PowerShell. Windows can be enhanced with a couple of different tool installers by FireEye called Commando VM and Flare VM. They can be run in a VM but also on bare metal. Commando VM uses a set of scripts to configure your drive to prevent Windows Defender from deleting the hacking/pentesting tools which are viewed as malware. Flare VM is a set of tools for malware analysis and reverse engineering. Reverse engineering is very useful in pentesting.
Commando VM can be found here; https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html
Flare VM can be found here; https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html
Diversity of Tools and Operating Systems
It is good to keep a variety of tools and OSes and not limit yourself by sticking with a few tools or one OS. I use a Kali, Parrot OS, and a Windows VM with Commando VM and Flare VM. I prefer to use MacOS as my host OS, but I have used Windows and Ubuntu. Windows or MacOS are great options because you can use Microsoft Word to write reports. While I like open source and free tools, Word is hard to beat when it comes to report writing.
Using a virtualization solution such as VirtualBox or VMware is needed to run virtual machines (VM). VirtualBox is free and VMware Player for non-commercial use. There are prebuilt VMs that are made for VirtualBox and VMware specifically. I have used both, think diverse tools. I use both VirtualBox and VMware. VMware works better with USB devices that need to connect to the VM, this includes such devices as USB storage or WiFi network adapters.
I am a MacOS fan ever since I started using MacOS with my first pentesting job. But pick the hardware platform your choice, there are a lot of great PC-based hardware options that work great. Some people go with gaming laptops although that is not a requirement. I would get a minimum of 16GB of RAM, more is better. I have 16GB in my M1 MacBook Pro, which is the limit and I had 32GB in my old Intel I9 MacBook Pro. My new MacBook Pro uses the M1 chip also known as Apple Silicon which is a single chip with RAM, GPU, and CPU combined. This requires less memory and why the limits are lower than the Intel based Macs. RAM is important to have plenty of to run more processes and VMs. As far as hard drives, I prefer a solid state drive (SSD) for the speed. I like at least a TB and would not go below 500GB. You can use external storage like USB drives to store files. Graphics Processing Units (GPUs) are helpful in password hash cracking but if you are going to do a lot of password hash cracking, it might be worth building a multi GPU hash cracking rig. You could also get an external GPU to enhance your hash cracking capabilities if you don’t have the budget for a dedicated hash cracking rig. There is also the option of doing your hash cracking in the cloud and just paying for resources when you need them.
Apple M1 Virtualization Software
If you are an M1 Mac user, then you are limited on your options for virtualization software. Parallels supports the M1 processor and there is am ARM64 version of Kali Linux that you can use. The VMs you use will have to be ARM based OSes, so this can limit VMs you host on M1 Macs. The power and performance of the M1 Macs is great and will not limit what you can do but limit the VMs you install. This may impact setting up a lab on these devices but you can use an Intel or AMD bases system to host a lab, host it in the cloud, to take advantage of TryHackMe, Hack The Box, or Proving Grounds.
Cloud-Based Infrastructure and VPNs
When you are testing a target from the Internet, it is a good idea to have some type of dedicated cloud-based pentesting infrastructure. When working on a team it limits the number of subnets the testing traffic will be coming from. Having a cloud hosted VM, allows you to test uninterrupted since there might be cases where you need to disconnect or you lose connectivity. VPNs are also another great option when testing from the Internet. If your IP address is not white listed (on an allow list), then a WAF (Web Application Firewall), IPS (Intruison Prevention System), or firewall could block your attempts to test a target.
I hope that this information was helpful to you and should be enough to get you started or give you some topics to research for your pentesting rig. Pentesting platforms can be very simplistic like discribed in this article or very complex cloud based enviromnets with mutliple VMs using Linux and Windows OSes. If you are into bug bounties, you could use cloud hosted VMs and setup automation to help your bug hunting efforts. Thanks for reading and keep on pwning!