Pentesting Tools & Labs

Practice Environment Setup

🚀 NetHunter Start Commands

Start NetHunter Terminal

nethunter

Start Kali Terminal

kali

📦 System Update & Essential Tools

Update System

apt update && apt upgrade -y

Install Essential Tools

apt install nmap netcat-tools python3 python3-pip curl wget git -y

🏠 Local Practice Lab Setup (DVWA)

DVWA - Damn Vulnerable Web Application

Install Apache & PHP

apt install apache2 php php-mysql php-gd php-mbstring -y

Install MariaDB

apt install mariadb-server mariadb-client -y

Start Services

service apache2 start && service mysql start

💾 Database Setup & Configuration

Login to MySQL

mysql -u root -p

Create DVWA Database

CREATE DATABASE dvwa;

Create User & Grant Privileges

CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Download DVWA

cd /var/www/html
git clone https://github.com/digininja/DVWA.git
cd DVWA

Configure DVWA

cp config/config.inc.php.dist config/config.inc.php
sed -i 's/p@ssw0rd/p@ssw0rd/g' config/config.inc.php

Set Permissions

chmod 777 /var/www/html/DVWA/hackable/uploads
chmod 777 /var/www/html/DVWA/external/phpids/ids.log

🖥️ GUI Setup with KeX

Start KeX

kex &

Full Screen Mode

kex --fullscreen

Seamless Mode

kex --seamless

⚡ Practice Steps

Step 1Network Scan

Use Nmap to scan your DVWA instance:

nmap localhost
Step 2Web Application Testing

Access DVWA in browser:

http://localhost/DVWA

Default credentials: admin / password

Step 3SQL Injection Testing

Use SQLmap to test SQL injection:

sqlmap -u "http://localhost/DVWA/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=your_session_id" --dbs
Step 4Exploitation with Metasploit

Start Metasploit Framework:

msfconsole
⚠️ Important Reality & Warnings

Mobile pentesting has limitations:

  • Many exploits may not work due to ARM architecture
  • Limited CPU/RAM compared to desktop
  • Some tools may crash or have reduced functionality
  • Always test in isolated environment first

⚠️ Legal Warning:

Never test on systems without proper authorization. Only practice on your own devices, local networks, or authorized targets.

🛠️ Pentesting Tools Categories

Category 1🔍 Information Gathering
Category 2🎯 Vulnerability Analysis
Category 3🌐 Web Application Testing
Category 4💣 Exploitation Tools
Category 5🔑 Password Attacks
Category 6📡 Wireless Attacks
Category 7👂 Sniffing & Spoofing
Category 8🎭 Post Exploitation
Category 9🔬 Forensics
Category 10🔧 Reverse Engineering
Category 11⚡ Stress Testing
Category 12🔌 Hardware Hacking
💡 Pro Tips for Beginners
1

Start with Information Gathering

Always begin with reconnaissance. More you know about target, better your attack will be.

2

Practice on Legal Targets Only

Use DVWA, Hack The Box, TryHackMe, or your own lab setups.

3

Learn One Tool at a Time

Master basic tools like Nmap, Burp Suite, and Metasploit before moving to advanced ones.

4

Document Everything

Keep notes of commands, techniques, and results. This builds your knowledge base.

5

Join Communities

Learn from others, share knowledge, and stay updated with latest security trends.

🔧 Want to learn more about Kali NetHunter?

Explore Kali NetHunter installation, KeX desktop environment, and more advanced features.