AppSecExplained
Search
⌃K

My pentesting setup

My setup

My setup is fairly simple. I use a number of tools and plugins for testing. I've tried to include free alternatives to BURP Suite Professional throughout the guide where possible.
For the operating system, I recommend Kali for beginners. Those that are purely focused on web app pentesting might want to consider other options or simply installing your tools on your preferred OS.
  • Debian
    • i3
  • BURP Suite Professional
    • Plugins: Autorize, Coverter, Copy as Python Requests
  • Visual Studio Code
    • Plugins: Prettier, Intellisense
  • Obsidian (syncs to a private github repo)
    • I'm slowly migrating to Joplin
  • Postman
  • Firefox
    • FoxyProxy
    • Cookie Editor
    • Containers
  • Mozilla VPN
  • FFUF
    • I'm slowly migrating to Feroxbuster
  • cURL
  • Docker
  • Docker-compose
  • SQLMap
  • Python3
  • Pyenv