TINKERING with tools has earned this trained monkey at left the title of "house carpenter" on the estate of Cherry Kearten, famous African explorer and authority on
animals. The chimpanzee was brought back from Africa after one of his expeditions and tamed and trained. He was allowed to wander about the estate at will and one day
walked into Mr. Kearten's workshop. His attendants couldn't find him for a day and a half, and when he was finally discovered, he was busily engaged in nailing small
pieces of board around the shop. Now he has a separate corner in the workshop and spends hours with the tools that have been provided for him.
I need to fix my car, therefore I will go into Sears purchase every single automotive related tool, take my car apart, hope to understand what I'm doing, then attempt to put it back together. Can anyone tell me which tools I can buy to undergo this task?
Downloading tools means nothing if you don't fully understand what it is you are doing. Take the time to learn the protocols, how things work, learn how intercommunications work before attempting to just download every tool you can find.
Penetration testing is not always a science and not always an art. There is a lot of information to be understood. So you go and download all these tools for what? Would you understand how to glean info from a packet capture? Would you understand the difference between networks, servers, protocols.
My suggestion would be to begin reading into the OSI layers then moving on to RFC's. I'd start with networking since without a network, there would be no compromise. Local machine with login, sure, but there could be no hacks pulled off on the LAN side since there is no connectivity.
Understand how processes communicate with each other, how and why things happen. Its easier down the road to understand what is going on in terms of security. One doesn't need uber tools if one knows what they're doing from the protocol level on up.
Suggestion: Learn networking, learn systems, learn protocols otherwise you end up devaluing the works of others not to mention yourself. A monkey can be trained to run a tool and most tools out there are that simple. Understanding the entire range of the what you are doing is better in the long run, think about it, if I hired you to perform a pentest on my network and you couldn't explain to me what it is you intend on looking for, how it works in my network, what functions my vulnerabilities perform, why I should remove these functions, I'd sit back in my desk and think the script kiddiot in you.
Too many (quote) professional pentesters have been taking this attitude: "I use Cenzic!$" that it makes me wonder where this industry is headed. It also makes me think about how many vulnerabilities unclued pentesters can bring into an environment.