My beginner setup and resources
My setup is fairly simple. I use a number of tools and plugins for testing. This page lists out all the tools I use with appropriate links. Here I will also include links from where as a beginner you can start in cyber.
Hardware
Let’s start from the hardware level. This is the setup that is recommended for smooth practice although you can easily get started with specs much lower than the ones shown below
- CPU
- RAM
- Storage
- GPU
- Networking
- Miscellaneous
Laptop
- i5 or Ryzen 5
- 8th gen or newer
- 4+ cores
Desktop
- i7 or Ryzen 7
- 3rd gen or newer
- 8+ cores
Laptop
- 16GB DDR4
- 32GB if running VMs
Desktop
- 16GB DDR4 or DDR5
- 32GB if running multiple VMs
Laptop
- 512GB SSD for Linux
- 256GB SSD for Windows (dual boot)
Desktop
- 1TB SSD for Linux
- 500GB SSD for Windows (dual boot)
Laptop
- NVIDIA GTX 1050 or better
- 2GB VRAM minimum
Desktop
- NVIDIA GTX 1660 or better
- 4GB VRAM or higher
Laptop
- 1 Gbps Ethernet port (recommended)
- Wi-Fi 6 support
Desktop
- 1 Gbps Ethernet port
- Wi-Fi 6 adapter or PCIe card
Laptop
- External USB 3.0 hub (for accessories)
- USB Wi-Fi adapter for packet injection
- Portable external SSD (for extra storage)
Desktop
- Multiple monitor support
- USB Wi-Fi adapter for packet injection
- External HDD for backup and storage
Operating System
For the operating system, I recommend Kali Linux for beginners but you can consider other options as well by simply installing your tools on your preferred OS. Personally I would recommend using a linux based distro or maybe dual booting.
For my setup I have dual booted Linux and Windows. I find arch linux easy to use and has all the tools required for pentesting whilst for report purposes Office works just on windows so I have to run windows as well. You can find below the list of recommeded distros and how to setup chaotic aur and black arch repos in arch and arch based distros.
Note: The Levels Beginner, Intermediate do not represent how easy it is to use or install the distro but how easy it is to begin hacking.
Debian Based
- Kali Linux (Beginner)
- Ubuntu (Intermediate)
- Linux Mint (Intermediate)
- PopOS (Intermediate)
- Debian (Intermediate)
Arch Based:
- Black Arch (Intermediate)
- Endeavour OS (Intermediate)
- Garuda Linux (Intermediate)
- Vanilla Arch (Intermediate)
While using arch based distros for pentesting, I find it very useful to install chaotic aur and black arch repos which gives make install tools just one install away.
Chaotic Aur
We start by retrieving the primary key to enable the installation of our keyring and mirror list:
sudo pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com
sudo pacman-key --lsign-key 3056513887B78AEB
sudo pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'
sudo pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'
Then, we append (adding at the end) the following to /etc/pacman.conf:
[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist
Black Arch Repo
BlackArch Linux is compatible with existing/normal Arch installations. It acts as an unofficial user repository.
# Run https://blackarch.org/strap.sh as root and follow the instructions.
$ curl -O https://blackarch.org/strap.sh
# Verify the SHA1 sum
$ echo 26849980b35a42e6e192c6d9ed8c46f0d6d06047 strap.sh | sha1sum -c
# Set execute bit
$ chmod +x strap.sh
# Run strap.sh
$ sudo ./strap.sh
# Enable multilib following https://wiki.archlinux.org/index.php/Official_repositories#Enabling_multilib and run:
$ sudo pacman -Syu
Browser
- Chromium Based
- Firefox Based
Chromium-Based Browsers:
- Ublock Origin - Powerful ad-blocker for enhanced security.
- NightTab - Customizable start page to organize tabs.
- Dark Reader - Dark mode for websites, reducing eye strain.
- Bitwarden - Secure open-source password manager.
- FoxyProxy - Switch between proxies, essential for anonymity and testing.
- Wappalyzer - Detect web technologies for reconnaissance.
- I don’t care about cookies - Removes cookie consent popups.
- Enhancer for YouTube - Ad-blocker and custom player for YouTube.
- Return YouTube Dislike - Restores dislike count on videos.
- Plasma Shell Integration - Connect Chromium with KDE Plasma desktop.
- GS Connect - GNOME integration for file sharing and notifications.
- Shodan - Direct access to Shodan’s search engine for identifying vulnerable devices on the web.
- EditThisCookie - Manage, edit, and delete cookies for testing.
- User-Agent Switcher - Quickly change the browser’s user agent for anonymity testing.
- XSS Rays - Analyze websites for XSS vulnerabilities.
- HackTools - Toolbox for pentesters: XSS payloads, reverse shells, and more.
Firefox-Based Browsers:
- Ublock Origin - Blocks ads and trackers.
- NightTab - Organize frequently visited websites.
- Dark Reader - Dark mode for a better browsing experience.
- Bitwarden - Secure password storage.
- FoxyProxy - Fast proxy switching for security assessments.
- Wappalyzer - Detect website frameworks and technologies.
- I don’t care about cookies - Auto-dismiss cookie prompts.
- Enhancer for YouTube - Control YouTube playback, skip ads.
- Return YouTube Dislike - Bring back the dislike count on YouTube.
- Plasma Shell Integration - Integrate with KDE desktop (if using Plasma).
- GS Connect - GNOME extension for Android integration.
- HackBar - Simplify manual SQL injections, XSS, and other input testing.
- HTTP Header Live - View HTTP headers in real-time for testing.
- Cookie Quick Manager - Quickly modify cookies for testing.
- Tamper Data - View and modify HTTP requests for vulnerability testing.
- HackTools - Useful pentesting tools: payloads, encoders, and more.
Code Editors
- Neovim
- VS Codium
NvChad
Neovim is highly customizable and lightweight, making it ideal for fast coding with minimal distractions.
Plugins:
- TreeSitter: Syntax highlighting and parsing for better code comprehension.
- Telescope: Fuzzy file finder and search tool for quick navigation.
- LSPConfig: Language Server Protocol for auto-completion and diagnostics.
- Mason: Simple installer for managing LSP servers, linters, and formatters.
- Gitsigns: Git integration for showing changes in the code.
- Which-Key: Displays available keybindings in a popup for ease of use.
- Nvim-Tree: File explorer for Neovim, built-in file navigation.
NvChad is designed to be beginner-friendly yet powerful, making it perfect for both new and advanced users of Neovim.
VS Codium
VS Codium is the open-source version of VS Code without telemetry, making it a privacy-friendly alternative.
Extensions:
- Python: Python extension for debugging and code formatting.
- ESLint: Linter for JavaScript and TypeScript.
- Prettier: Code formatter for JavaScript, CSS, and other languages.
- GitLens: Enhances Git capabilities and displays code authorship.
- Bracket Pair Colorizer: Helps visualize matching brackets with colors.
- Docker: Docker integration for managing containers directly from the editor.
- REST Client: Useful for testing and sending HTTP requests directly from VS Codium.
- Code Spell Checker: Catches spelling errors in your code and documentation.
- vscode-icons: Adds file icons to make project navigation easier.
VS Codium offers a broad range of open-source extensions to improve your coding experience without compromising privacy.
Note taking
- Obsidian
- Logseq
- AppFlowy
Obsidian is a powerful knowledge base that works on local markdown files. It’s highly customizable through various plugins.
- Calendar: Adds a calendar view to track your daily notes and events.
- Dataview: Allows querying and displaying your notes as tables or lists based on metadata.
- Excalidraw: A drawing tool plugin that lets you integrate visual diagrams into your notes.
- Git: Enables you to back up your notes to a Git repository for version control.
- Kanban: Adds a Kanban board for task and project management within your vault.
- MathJax: Adds LaTeX support for writing and displaying mathematical equations.
- PDF++: Enhances PDF reading capabilities, allowing annotations directly in Obsidian.
- Pomodoro Timer: Adds a productivity timer with the Pomodoro technique for focused sessions.
- Style Settings: Customizes the visual appearance of your vault through themes and CSS tweaks.
- Table of Content: Generates a table of contents for your notes dynamically based on headers.
- Tag Wrangler: Helps manage tags more efficiently, allowing you to rename, merge, or organize tags.
- Tag Folder: Organizes notes based on their tags inside folders, similar to a file manager.
- Templater: Allows for dynamic templating in your notes to automate repetitive content creation.
- Tracker: Track habits, mood, or any data you want within your Obsidian vault.
Logseq is a privacy-first, open-source knowledge management and collaboration platform based on outliner workflows, ideal for personal wikis, journals, and tasks.
- Supports markdown and org-mode.
- Hierarchical and backlinking system for powerful note organization.
- Graph view to visualize the interconnections between notes.
- Integrates with Git for version control.
AppFlowy is an open-source alternative to Notion, with a focus on data privacy and customization. It provides a clean, block-based workspace for managing projects, writing notes, and task management.
- Privacy-first: All your data is stored locally.
- Open-source and customizable through plugins and themes.
- Supports collaboration with real-time syncing.
Pentesting Tools
I am learning the following tools to improve my pentesting skills and I will be writing various blogs related to these
- Programming Languages
- Port Scanning
- OSINT
- Mobile App Testing
- Webapp Testing
- API Testing
- WordPress Sites
- Social Engineering
- Wordlists
- Exploitation Frameworks
- Privilege Escalation
- Burp Suite (PLUGINS: Autorize, Burp Bounty Pro, Coverter)
- OWASP ZAP
- Nikto
- Feroxbuster
- GoBuster
- SQLMap
- XSStrike
Resources
- CTF Platforms
- Hacking Tools
- Learning Platforms
- Creators
- Hacking Resources
- Linux Learning
- InfoSec News
- Useful Blogs
- Cheat Sheets
- Libraries
