Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Every pentester has a toolkit: Kali / Parrot Linux, Burp Suite, ZAP, nmap, sqlmap, Metasploit, gobuster/ffuf, John the Ripper / hashcat, hydra, BloodHound, mimikatz (on engagements where authorised). Plus custom scripts in Python. The tool list is well-defined; the skill is in chaining them effectively.
Typical engagement-day: morning — gobuster + nmap (discovery), midday — Burp + sqlmap (web exploitation), afternoon — Metasploit + Cobalt Strike-like for lateral, evening — note-taking and report drafting. The tools are utilities; the methodology is the skill.
Use these three in order. Each builds on the one before.
In one paragraph, list a pentester's daily toolkit.
Walk me through a tool chain for one finding.
Design a tool roster for a continuous pentesting team.