This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing. Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

1. Virtual Security 1
REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB
Contributed By: Syed Ubaid Ali Jafri

2. Virtual Security 2

3. Virtual Security 3
Contents
REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB.............................................................1
Introduction..........................................................................................................................................4
Hardware Requirements? ......................................................................................................................4
Software Requirements?........................................................................................................................4
Operating System Requirements?...........................................................................................................5
Network Diagram..................................................................................................................................6
Internet Connectivity Requirements: ......................................................................................................6
Pre- Requisites For a LAB:.......................................................................................................................6
Specialized Software Requirements forVulnerability Assessment & Penetration Testing...........................7

4. Virtual Security 4
Introduction
Thisdocumenthasbeenprepared inorderto developagood PenetrationTestingandVulnerability
AssessmentLab. The documentcontains Hardware requirements,ourmanual & automated Software
requirements, approachesforPerformingPenetrationtesting.
Further,thisdocumentisdesigntomake a PenetrationtestLAB inorderto simulate the vulnerabilitiesin
the testingenvironmentandtoexecute the vulnerabilityassessment&penetrationtestingfromthe LAB
by providingthe StaticIPto the Client,ensuringthatthe testisbeingperformedfromavalid/legitimate
link.
The toolsthat are mentionedinthisdocumentare the proprietary of differentvendorsthatare
commercial andopensource and ourmotive isnotto advertise the software qualityof avendor,instead
to providingthe qualitiesof softwarewe willshare ourgoodexperience of differentsolutions,and also
buildcustomscriptand toolsforthe specifictasks forexample (Brute force attack,DosAttack,Exploits
etc).
Hardware Requirements?
The Minimum requirements for creating a Penetration Testing Lab are stated below:
1. Minimum 5th Generation Server(s) with Quad Processor Technology.
2. Minimum 16 GB of RAM.
3. Minimum 500GB Hard Drive.
4. 3 LAN Ports Initially required.
5. 1 Switch of layer 2 Manageable is required.
6. 1 Wi-Fi router is required for remote connectivity with the Server(s).
7. 1 Router (2800,2811) Cisco.
8. 2 Firewalls arerequired for Securingthe LAB Infrastructure.
9. 3 LED based Monitors are required.
10. 1 Rack at least20U is required.
11. 10 - 15 Bootable USB sticks arerequired
12. Windows / Linux Operating System.
Software Requirements?
List of Minimum Customized Software requirements that are required on Windows based
Operating System:
1. Mozilla Firefox with minimum add-ons (Hack bar, CookieStealer, Temper Data, Request Header Modifier).
2. Java for windows.
3. Virtual Machine(VMware Pro, OracleVirtual Box).
4. Microsoft.Net Framework 4.5.
5. Winrar.
6. Visual Studio version 2010.

5. Virtual Security 5
7. Sys Internal Suite
8. Adobe Acrobat Reader.
9. MicrosoftOffice2010.
Operating System Requirements?
List of Operating Systems that are required on Bootable USB Sticks
1. Kali Linux Version 2.0.
2. DEFT (Digital Evidence Forensics Toolkit).
3. Backtrack 5 R3.
4. Windows 7 BootableUSB
5. Wifi Slax
6. Kali Linux Version 1.0.6

6. Virtual Security 6
NetworkDiagram
Internet Connectivity Requirements:
The Connectivity for the internet requires:
1. Static (Dedicated IP Address) from the serviceprovider
2. Minimum 8-10 MB Internet connection Pipeis required.
Pre-Requisites For a LAB:
1. Lab resource must have minimum 2 years of Networking/Information Security background I.T related organization.
2. Professional Hands on Command on Windows and Linux Based Operatingsystems
3. Basic programming on C, C++, VB is required,.
4. Lab resource must have good knowledge about Routing, Switching, Network /System Administration.
Note:The Requirementsare initially mark up to reach theinitiallevel but are not limited to the above, it may changed dependson subject
matter.

7. Virtual Security 7
Specialized Software Requirements for Vulnerability Assessment &
Penetration Testing
Reconnaissance / InformationGathering
•NMAP (Open Source)
•AngryIPScanner (Open Source)
•Smart Whois (Open Source)
•Wireshark (Open Source)
•Recon-ng (Open Source)
•Maltego (Open Source)
•Search Diggty (Open Source)
•Magic Net Trace (Commercial)
•Foca by Elevel Paths (Open Source)
Internal/ Web Based Vulnerability Assessment
•App Scan byIBM (Commercial) - Lan GuardbyGFI (Commercial)
•NetSparker (Commercial) - Nexpose byRapid7 (Commercial)
•Web Inspect byHP (Commercial) - Acunetix (Commercial)
•Web Cruiser (Commercial) - Network Miner (Commercial)
•OwaspZAP (Open Source) - Ratina Scanner (Commercial)
•Xenotix (Open Source) - NTO Spider (Commercial)
•NStalker (Commercial) - Open VAS (Open Source)
•Nessus Pro byTenable (Commercial) - Web Surgery (Community)
Internal/ Web Based Penetration Testing
•Sparta (Community)
•Armitage (Open Source)
•Core Impact byCore Securities (Commercial)
•Havij Pro (Commercial)
•Metasploit Pro (Commercial)
•Exploit Pack (Commercial)
•Brup Suite 1.6 Pro (Commercial)
Configuration Review
•Nipper StudiobyTitania (Commercial)
•Nessus Pro (Commercial)
•NCAT (Open Source)
•Egressor (Community)

8. Virtual Security 8
Note: This document is a initial level document for designing and performing a vulnerability Assessment & penetration testing
LAB, other requirements of penetration testing could vary upon organizational requirements.
Source Code Review
•App Scan Source by IBM (Commercial)
•VisualCodeGrapper (Open Source)
•OWASP LAPSE + (Open Source)