Hardware list:
The exercises performed in this book and the tools used can be deployed on any modern Windows, Linux, or Mac OS machine capable of running a suitable virtualization platform and a more recent version of the OS. Suggested minimum requirements should allow for at least the following resources to be available to your virtual platforms:
- 4 virtual CPUs
- 4-8 GB of RAM
- 802.3 Gigabit Ethernet, shared with host machine
- 802.11a/g/n/ac WiFi link, shared with host machine
Software list:
Desktop/Laptop Core OS and Hypervisor:
Virtualization should be provided by one of Kali Linux's supported hypervisors, namely one of the following options. The operating system and hardware will need to support the minimum requirements, with an eye toward dedicating the previous hardware recommendations to the guest virtual machines:
For Windows:
- VMware Workstation Pro 12 or newer (Player does not support multiple VMs at a time)--http://www.vmware.com/products/workstation.html
- VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads
For Mac OS:
- VMware Fusion 7.X or newer--http://www.vmware.com/products/fusion.html
- Parallels 12 for Mac--http://www.parallels.com/products/desktop/
- VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads
For Linux:
- VMWare Workstation 12 or newer (Player does not support multiple VMs at a time)--http://www.vmware.com/products/workstation-for-linux.html
- VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads
For Barebones Hypervisors:
- VMware ESXi/vSphere 5.5 or newer
- Microsoft Hyper-V 2016
- Redhat KVM/sVirt 5 or newer
Applications and virtual machines:
Essential:
- Kali Linux VM (choose 64-bit VM, Vbox, or Hyper-V image)--https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
Alternatives:
- Kali Linux ISO (64 bit, for Virtual-Box or Parallels)--https://www.kali.org/downloads/
Target VMs:
- OWASP Broken Web Application: https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
- Metasploitable 2--https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
- Metasploitable 3--https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3
- Bee Box--http://www.itsecgames.com
- Damn Vulnerable Web Application (DVWA)--http://www.dvwa.co.uk
- OWASP Mutillidae 2--https://sourceforge.net/projects/mutillidae/files/
- Windows Eval Mode OS + Browser--https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
