I need to fix my car, therefore I will go into Sears purchase every single automotive related tool, take my car apart, hope to understand what I'm doing, then attempt to put it back together. Can anyone tell me which tools I can buy to undergo this task?

Downloading tools means nothing if you don't fully understand what it is you are doing. Take the time to learn the protocols, how things work, learn how intercommunications work before attempting to just download every tool you can find.

Penetration testing is not always a science and not always an art. There is a lot of information to be understood. So you go and download all these tools for what? Would you understand how to glean info from a packet capture? Would you understand the difference between networks, servers, protocols.

My suggestion would be to begin reading into the OSI layers then moving on to RFC's. I'd start with networking since without a network, there would be no compromise. Local machine with login, sure, but there could be no hacks pulled off on the LAN side since there is no connectivity.

Understand how processes communicate with each other, how and why things happen. Its easier down the road to understand what is going on in terms of security. One doesn't need uber tools if one knows what they're doing from the protocol level on up.

Suggestion: Learn networking, learn systems, learn protocols otherwise you end up devaluing the works of others not to mention yourself. A monkey can be trained to run a tool and most tools out there are that simple. Understanding the entire range of the what you are doing is better in the long run, think about it, if I hired you to perform a pentest on my network and you couldn't explain to me what it is you intend on looking for, how it works in my network, what functions my vulnerabilities perform, why I should remove these functions, I'd sit back in my desk and think the script kiddiot in you.

Too many (quote) professional pentesters have been taking this attitude: "I use Cenzic!@$" that it makes me wonder where this industry is headed. It also makes me think about how many vulnerabilities unclued pentesters can bring into an environment.

http://www.derkeiler.com/Mailing-Lists/securityfocus/pen-test/2008-09/msg00094.html

f4csimil3 "people who never try anything new never learn anything at all". Do you have a lab setup ? if not start there.

If you have a lab get some live cd's like De-ice and run the tools you know how to use on them.

Try and learn new tools what I mean by this is understand what the tools are doing if its a python script take a look at the code see if you understand it.

Maybe sign up-to a hands on course like Hackingdojo or elearnsecurity where you can start off easy and get some guidance.

Have you looked at any methodologies?

What level would you say you are at?