REQUIREMENTS FOR CREATING A

PENETRATION TESTING LAB

Contributed By: Syed Ubaid Ali Jafri

Virtual Security

Virtual Security

Contents
REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB..................................1
Introduction................................................................................................................... 4
Hardware Requirements?.............................................................................................. 4
Software Requirements?............................................................................................... 4
Operating System Requirements?.................................................................................5
Network Diagram.......................................................................................................... 6
Internet Connectivity Requirements:.............................................................................6
Pre- Requisites For a LAB:............................................................................................. 6
Specialized Software Requirements for Vulnerability Assessment & Penetration Testing
...................................................................................................................................... 7

Virtual Security

Introduction
This document has been prepared in order to develop a good Penetration Testing and
Vulnerability Assessment Lab. The document contains Hardware requirements, our
manual & automated Software requirements, approaches for Performing Penetration
testing.
Further, this document is design to make a Penetration test LAB in order to simulate
the vulnerabilities in the testing environment and to execute the vulnerability
assessment & penetration testing from the LAB by providing the Static IP to the
Client, ensuring that the test is being performed from a valid/legitimate link.
This tools that are mentioned in this document are the proprietary of different
vendors that are commercial and open source and our motive is not to advertise the
software quality of a vendor, instead to providing the qualities of software we will
share our good experience of different solutions, and also build custom script and
tools for the specific tasks for example (Brute force attack, Dos Attack, Exploits etc).

Hardware Requirements?
The Minimum requirements for creating a Penetration Testing Lab are
stated below:
1. Minimum 5th Generation Server(s) with Quad Processor Technology.
2. Minimum 16 GB of RAM.
3. Minimum 500GB Hard Drive.
4. 3 LAN Ports Initially required.
5. 1 Switch of layer 2 Manageable is required.
6. 1 Wi-Fi router is required for remote connectivity with the Server(s).
7. 1 Router (2800, 2811) Cisco.
8. 2 Firewalls are required for Securing the LAB Infrastructure.
9. 3 LED based Monitors are required.
10. 1 Rack at least 20U is required.
11. 10 - 15 Bootable USB sticks are required
12. Windows / Linux Operating System.

Software Requirements?
List of Minimum Customized Software requirements that are required
on Windows based Operating System:
1. Mozilla Firefox with minimum add-ons (Hack bar, Cookie Stealer, Temper Data, Request
Header Modifier).
2. Java for windows.
3. Virtual Machine (VMware Pro, Oracle Virtual Box).
4. Microsoft .Net Framework 4.5.
5. Winrar.
6. Visual Studio version 2010.

Virtual Security

7. Sys Internal Suite

8. Adobe Acrobat Reader.
9. Microsoft Office 2010.

Operating System Requirements?

List of Operating Systems that are required on Bootable USB Sticks
1.
2.
3.
4.
5.
6.

Kali Linux Version 2.0.

DEFT (Digital Evidence Forensics Toolkit).
Backtrack 5 R3.
Windows 7 Bootable USB
Wifi Slax
Kali Linux Version 1.0.6

Virtual Security

Network Diagram

Internet Connectivity Requirements:

The Connectivity for the internet requires:
1. Static (Dedicated IP Address) from the service provider
2. Minimum 8-10 MB Internet connection Pipe is required.

Pre- Requisites For a LAB:

1. Lab resource must have minimum 2 years of Networking/Information Security background
I.T related organization.
2. Professional Hands on Command on Windows and Linux Based Operating systems
3. Basic programming on C, C++, VB is required,.
4. Lab resource must have good knowledge about Routing, Switching, Network /System
Administration.

Note:

The Requirements are initially mark up to reach the initial level but are not limited to the above,
it may changed depends on subject matter.

Virtual Security

Specialized Software Requirements for Vulnerability

Assessment & Penetration Testing

N M A P (O p e n S o u rc e )
R e c o n a is a n c e / In f o r m a t io n G a t h e rin g
F o c a b y E le v l P a th s (O p e n S o u rc e )
F o c a b y E le v l P a t h s ( O p e n S o u r c e )
A n g ry IP S c a n e r ( O p e n S o u rc e )
S m a rt W h o is (O p e n S o u rc e )
W ir e s h a r k ( O p e n S o u r c e )
M a g ic N e t T r a c e ( C o m e rc ia l)
N M A P (O p e n S o u rc e )
R e c o n - g (O p e n S o u rc e )
NW eirteSsphaarrkker (O(Cpoemn Soeurcrciael)) - Nexpose by Rapid7 (Com ercial) Magic Net Trace (Com ercial)
WSeeabrcChrDuiisgerty (Com (OeprecnialS)ource) - Network Miner (Com ercial) Search Dig ty (Open Source)
R
e
c
o
n
g
(
O
p
e
n
S
o
u
r
c
e
)
AOnwgaryspIPZSAcPan er (O(OppeennSSoouurcrec)e) - Ratina Scan er (Com ercial) Maltego (Open Source)
MAaplteSgcoan by IBM (O(Cpoemn Soeurcrciael)) - Lan Guard by GFI (Com ercial) Sm art W hois (Open Source)
CSNopraterIlkamepract by Core(SCeocmuriteerscia(l()CCoomm eurnciitayl)) - Open VAS (Open Source) Recon ais ance / Inform ation Gathering
CXeonr tImix pact by Core(OSepcunriStoeusrce(C)om ercial) - NTO Spider (Com ercial)
AWrembitIangspe ct by HP (Com (OeprcinalS)ource) - Acunetix (Com ercial)
M e t a s p lo it P r o ( C o m e rc ia l)
Configuration Review
NEgipr esroStudio by Titania (Com eurncitayl)
N e s u s P ro ( C o m e rc ia l)
NECgAreTs or (OCpoemn Suonirtcye)
NCipATer Studio by Titania (OCpoemn Seouricael)

In t e r n a l/ W e b B a s e d V u ln e r a b il t y A s e s m e n t
A p S c a n b y IB M ( C o m e r c i a l) - L a n G u a r d b y G F I ( C o m e r c ia l)
N e s u s P r o b y Te n a b l e ( C o m e r c i a l ) - W e b S u r g e r y ( C o m u n i t y )
N S t a l k e r ( C o m e r c i a l) - O p e n V A S ( O p e n S o u r c e )
W e b C r u is e r ( C o m e r c ia l ) - N e t w o r k M i n e r ( C o m e r c ia l )
W e b I n s p e c t b y H P ( C o m e r c ia l ) - A c u n e t ix ( C o m e r c i a l)
O w a s p Z A P ( O p e n S o u r c e ) - R a t in a S c a n e r ( C o m e r c ia l )
N e t S p a r k e r ( C o m e r c i a l) - N e x p o s e b y R a p i d 7 ( C o m e r c ia l)
Xenotix Inter(Onapel/nWSeoubrcBea)sed Vulnera-bNilTOtySApsiders m ent (Com ercial)
N e s u s P r o b y Te n a b l e ( C o m e r c i a l ) - W e b S u r g e r y ( C o m u n i t y )

I n t e r n a l / W e b B a s e d P e n e t r a t io n T e s t i n g
E x p lo it P a c k ( C o m e rc ia l)
M e t a s p lo i t P r o ( C o m e r c ia l)
B r u p S u ite 1 .6 P ro ( C o m e rc ia l)
IntHeranvaijlP/rWo eb Based Penet(CraotmioneTrceisatl)ing
ABrrmupitaSgueite 1.6 Pro ((OCpoemn Seorucricael))
SpaErxtaploit Pack (Com(Comerciuanl)ity)
H a v ij P r o ( C o m e rc ia l)

Virtual Security

AVipsuaSlcCaondeSoGuracpe beyr IBM (COopmen Seoruciale)

OApWAScPaLnASPouErc+e by IBM (OCopmen Seoruciale)
VOiWsuAaSlCPoLdAePSGEra+p er (Open Source)

S o u r c e C o d e R e v ie w

Note: This document is a initial level document for designing and performing a vulnerability
Assessment & penetration testing LAB, other requirements of penetration testing could vary
upon organizational requirements.

Virtual Security