30 Days of Security Testing – Day Sixteen

The challenge for Day Sixteen is – Research how to build a Tiger Box.

Note: Please use this information responsibly

Step One – find a box

Step Two – add Tiger

Step Three – release into the network


…not quite!


When I started looking into this question the details on what makes a “Tiger Box” was quite slim.

A “tiger team” is a team of specialists in a given field getting together for a specific task project or goal.   So with this in mind, I’d interpret a “tiger box” to mean a machine assembled using specific hardware and software to be used for hacking and penetration testing.

From what I’ve read, a tiger box doesn’t necessarily need to be the gruntiest of machines as many of the applications used in Pent Testing and hacking are relatively lightweight.

Kali Linux seems to be the go-to operating system for penetration testing and infosec professionals in general, and the great thing with Kali Linux is that it already comes pre-loaded with a lot of really useful tools that are automatically kept up to date.

Kali Linux is open source, free to download, and is funded + supported by Offensive Security – who run the highly respected OSCP certification.

Great news too is that as an OS it’s very lightweight, here’s a video I found with a tutorial showing how to install it on a credit card sized Raspberry Pi 3 – I’m pretty keen to give this a go to have a cheap machine to play with

Once your tiger box is set up with Kali Linux, I’d look into learning about:

OpenVAS (Open Vulnerability Assessment System) – vulnerability scanning

John the Ripper – password cracking

Nmap – Network vulnerability scanner

Metasploit Community Edition

Wireshark – Network sniffer

BurpSuite – Proxy

SQLMap – SQL injection tool and database vulnerability scanner

AirCrack-ng – WiFi network security assessor


If you’ve set up your own machine for penetration testing and are cringing / laughing at my noobness – please leave some comments for guidance, I’d love to know where I’m going wrong and where I should be looking.


No tigers or boxes were harmed in the making of this blog post


Thanks for reading my post and following my progress through the 30 Days of Security Testing.

For more on Security Testing please visit here  or any of my other ramblings visit here

Feel like joining in? Sign into the WeTest Slack group and get involved!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: