Nmap typically is used as a networking tool to find open ports. It has quite the suite of capabilities installed with it that give a incredible amount of reconissance power and push its pentest lifecycle use out of the reconissance phase into vulnerability scanning and detection.

Most “honey” software is intended to emulate a systemhowever, client side attacks are becoming common and to research these attacks there is a need for emulating a client. Enter thug. It requests a target url, follows redirects and obtains all javascript and shellcode from potentially malicious urls. Thug can be found on the excellent honeydrive linux distribution but the project is being very actively maintained and newer version can be cloned right from https://github.com/buffer/thug

https://www.pentesterlab.com/exercises/from_sqli_to_shell

http://bruteforce.gr/honeydrive

This wget one liner exploits shellshock through cgi by injecting commands into the user agent.

labrat’s guide on installing metasploit on maverick

Mutillae has a great SQLMAP target on it. I have been using owasp’s bwa vm to work on more web apps.