My pentesting setup

My setup

My setup is fairly simple. I use a number of tools and plugins for testing. I've tried to include free alternatives to BURP Suite Professional throughout the guide where possible.

For the operating system, I recommend Kali for beginners. Those that are purely focused on web app pentesting might want to consider other options or simply installing your tools on your preferred OS.

• Debian

  • i3

• BURP Suite Professional

  • Plugins: Autorize, Coverter, Copy as Python Requests

• Visual Studio Code

  • Plugins: Prettier, Intellisense

• Obsidian (syncs to a private github repo)

  • I'm slowly migrating to Joplin

• Postman

• Firefox

  • FoxyProxy

  • Cookie Editor

  • Containers

• Mozilla VPN

• FFUF

  • I'm slowly migrating to Feroxbuster

• cURL

• Docker

• Docker-compose

• SQLMap

• Python3

• Pyenv