Before you start building your penetration testing lab you must consider what kind of lab need in order to have the appropriate equipment.So the hardware requirements depend of the type of the lab that you want to have.

There are five types of Labs that you can create:

  1. Internal
  2. Virtual
  3. External
  4. Project-specific
  5. Ad-hoc

You might want to recreate the network of your company in your lab in order to have realistic and proper results.

If you have the budget and the space you can have a physical lab with a complete set of networking devices (routers,switches,hubs) and a hardware firewall.Otherwise you can create a virtual lab with many hosts with different operating systems which is a more economical approach and provides flexibility in case that you want to recover/rebuild your lab.


The number of the computers that you have in your availability will depend probably of the budget that you have to spend for the penetration testing lab.It is always better to have many workstations with different operating systems installed however you can do the job with 2 computers by creating a virtual lab.


Of course you will need Ethernet cables with the RJ-45 connectors.Crossover and loopback adapters can prove handy.Also if you have include in your lab network and routers you will need and some rollover cables.Having a wide variety of different cables will allow you to have different network topologies according to your needs.

Hubs,Switches and Routers

These components are essential if you have a physical lab because you can create a proper network.It is almost impossible not to find Cisco products in every network that you will go for your penetration tests so choosing to build your lab with Cisco products it is a brilliant idea.However Cisco products are expensive so you probably want to find some older versions.

Removable disk storage

You might want to have some USB and FireWire drives that will allow you to save and restore the images of your systems in case that become corrupt during a test.

It is almost a necessity to have a Network-attached storage (NAS) which you can keep copies of configuration files,software,system images and tools.The NAS will act as a central storage location so that you can access it from your network hosts.


In companies networks it is almost impossible not to meet a Firewall and specific firewall policies.Installing and setting up a firewall for your lab can help you to build up realistic scenarios.

Wireless Routers,WiFi Access Points and Cards

If your company has also a wireless network or you are offering and wireless penetration testing services and you need also training some wireless cracking tools then you must have the proper equipment.WiFi cards,Access points and Wireless Router will help you to build a WiFi network for your tests.

KVM,Power Strips and Surge Suppressors

If you build a lab with many workstations then you will not want to deal with a bunch of monitors,mice and keyboards that will limit your space in the lab.A KVM switch can save a lot of space.Also you need to have power strips,surge suppressors and maybe a UPS.

As a conclusion your hardware gear must include the following:

  • Computers
  • Cables
  • Hubs
  • Switches
  • Routers
  • Removable disk storage
  • Firewalls
  • Cisco equipment
  • Network-attached storage (NAS)
  • Keyboard,Video,Mouse switches (KVM)
  • Power strips and Surge suppressors
  • Wireless Access Points
  • Networking Tools

Remember also that before buying the hardware components for your penetration testing lab you should ensure that the hardware will support what is commonly used in the corporate world.

Important Notice:

Your lab must be isolated from the rest of network and with no access to Internet.Remember this will be your playground that you want to test tools,exploits and analyze malware so you cannot risk to contaminate the corporate network of your company.Also you wouldn’t want to connect your vulnerable network to the Internet.


  1. Wondered if you could give some advice; I am currently a Lead Web Acceptance Tester and I’m looking at Pen testing and Foresic File Recovery in my spare time.

    I have just bought a ASUS A53E-SX1339S i9 Laptop, I also have a laptop that is about 10 years old, stuck with the DNS virus and will only work when plugged into the mains.

    I was thinking of dual booting my new laptop with Windows 7 and either Ubuntu or Xubuntu (which do you recommend?) to teach myself unix. I will then download Backtrack 5 to a bootable USB so I can use it as needed.

    I am not sure what to do with my rubbish laptop, I could completely wipe it and install Ubuntu or something. I have been hearing a lot about installing Virtual Machines for Brute force attacks, is this something you would recommend me installing on my Main new Laptop or doing to my old “Test” laptop?

    Thanks very much for the advice, love the Blog.



  2. First of all many thanks Mike for your good words about my blog!

    As far as the matter between Ubuntu or Xubuntu I would recommend to use Ubuntu.Basically its the same operating system Mike but the only difference is the desktop environment (Xubuntu uses the Xfce instead of Gnome). If your laptop was old,Xubuntu would be the choice but with a new laptop Ubuntu will run fine.

    There are different scenarios that you can do with your old laptop.

    Scenario 1:

    If I had an old laptop like yours I would try to install backtrack on it as a the main operating system and to use it for my attacks.The fact that your laptop is 10 years old it would not allow you to run properly any virtual machines on it for your testings.So thats why I would choose to install Backtrack.

    So I would create some virtual machines with different operating systems in my new laptop from Ubuntu and I would use the old one for my attacks.

    Scenario 2:

    You can install Windows XP on your old laptop and then from backtrack try to penetrate to the Windows XP machine.You will learn the tools and the methodologies and when you are ready you can change it to a Linux distribution so your attacks will be from backtrack to a Linux host.

    The choice is yours!


    1. Thanks for the feedback NetbiosX, not just a prompt helpful answer but options as well !

      I’m thinking option 2: I’m planning on wiping the old laptop and installing XP onto it, then create a Local Area Network (not sure about this, research to be done) and try to penetrate with new laptop.

      For the new laptop, dual boot it for Window 7 and Backtrack 5.
      (Just to check – I can learn Linux using Backtrack, I don’t need to install Ubuntu as well do I?)

      Rgds, -Mike

  3. Yes of course you can learn Linux using Backtrack.The thing is that backtrack is a penetration testing distribution so you will see only tools which most of them run from console.Backtrack is considered as a hardcore operating system.

    If you are a starter in Linux I would suggest try Ubuntu first and then move on to Backtrack.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s