Essential pen test toolkit:
Nmap (scanning),
Metasploit (exploitation),
Burp Suite (web app),
Wireshark (traffic analysis),
Hashcat (password cracking),
Mimikatz (credential dumping),
BloodHound (AD attack paths),
Impacket (Windows protocols).
Kali Linux bundles most tools. All tools are legal to use on authorized targets — illegal on unauthorized systems. PenTest+ tests knowledge of which tool to use for which task. Know tool categories: reconnaissance, scanning, exploitation, post-exploitation, cracking, web app, wireless.