This section is designed to be the PTES technical guidelines that help define certain procedures to follow during a penetration test.Something to be aware of is that these are only baseline methods that have been used in the industry.They will need to be continuously updated and changed upon by the community as well as within your own standard.Guidelines are just that, something to drive you in a direction and help during certain scenarios, but not an all encompassing set of instructions on how to perform a penetration test. Selecting the tools required during a penetration test depends on several factors such as the type and the depth of the engagement.In general terms, the following tools are mandatory to complete a penetration test with the expected results.Selecting the operating platforms to use during a penetration test is often critical to the successfully exploitation of a network and associated system. With standard command shells (such as sh, csh, and bash) and native network utilities that can be used during a penetration test (including telnet, ftp, rpcinfo, snmpwalk, host, and dig) it is the system of choice and is the underlying host system for our penetration testing tools.As such it is a requirement to have the ability to use the three major operating systems at one time. Since this is a hardware platform as well, this makes the selection of specific hardware extremely simple and ensures that all tools will work as designed.VMware Workstation is an absolute requirement to allow multiple instances of operating systems easily on a workstation.
Without the ability to encrypt the data collected on a VM confidential information will be at risk, therefore versions that do not support encryption are not to be used.The operating systems listed below should be run as a guest system within VMware. The Linux platform is versatile, and the system kernel provides low-level support for leading-edge technologies and protocols.All mainstream IP-based attack and penetration tools can be built and run under Linux with no problems.For this reason, Back Track is the platform of choice as it comes with all the tools required to perform a penetration test.