Whatever tool you need to use to get the job done!

I prefer a Linux box just because there are so many tools at your disposal and for example, backtrack has them all organized and setup for you. There are certain tools however that only run under windows like Cain & Able so you should probably have both OS's ready to go just in case...

Agreed but my question is more as in what tools are there for windows ? its it worth having JTR install both windows and linux box ? same with all other common tools like nessus,metasploit  and so on....

Well at the moment I am using linux with virtual box windows box the reason I have both is just encase I need to use cain but just wanted to know if there are any tools that are must have for windows.

Cool I prefer to use linux I just was not sure if when attacking windows boxes it was better to use a windows box or if a windows box was better at performing certain task other than link box.

I agree, your main host should be whatever your preference is, and then virtual machines for everything else. Or you could dual boot, it doesn't really matter, but that would prevent you from being able to run tools from multiple operating systems at the same time.

Also, if you're doing frugal installs of pen-testing suites (like BackTrack or Samurai), I would recommend only running them in Virtual Machines, as these can usually be rooted more easily.

That in itself (BT) is nothing more than a tool. Although from time to time I plop open a BT machine, I almost ALWAYS perform testing on anything I can get my hands on. FreeBSD, Solaris, NetBSD, OpenBSD, DragonFly, other versions of Linux. I don't really care for any particular OS as it is only a tool.

In doing so, you get used to whatever is available on the operating system without having to rely on ANY tool including Scapy for packet play. Imagine you getting into a Solaris ONLY network without Python what would you do without Scapy? Install Python to get scapy running? I wouldn't, I would try hping, harpoon or tcpreplay which have less dependencies, and HIDS isn't going to see the glaring python install. On BSD I might use bittwist or hexinject, all depends on what I'm doing.

Personally, I would fiddle with ALL operating systems to become as versatile as possible and try mimicking available security tools with normal system available tools. E.g. if using say FreeBSD, you'd want to focus on ports in the net tree (http://www.freebsd.org/ports/categories-grouped.html) and familiarize yourself with them. You'd be surprised to find you can perform the same functions as ANY SECURITY TOOL with standard systems tools. You have to know what's available and what's not.

So while some may tout the "this OS" or "this tool" I say, focus on the system rather than the tool. BT is also nothing more than a tool. If you become too comfortable with it and the tools on it, you're not doing yourself any justice and you are no more a pentester than anyone else firing off tools.

MaXe, this isn't aimed at you at all. Just stating the obvious, there isn't any "one size fits all." I would love to see how many pentesters would be able to make do with just the system tools. NOT being able to download, install run whatever favorites they have. When one can do this with most systems, then one should pat themselves on the back period.

I've said it before: imagine being contracted to pentest a "contained" environment without being able to use whatever tools or operating system of your choice. What could you do? What could you do for recon on say a Windows XP machine with no nmap, wireshark, etc.? How would you enumerate the network? Same goes for Linux, BSD, etc., especially BT. When you feel confident on any system without tools, you can best believe the tool of choice would be whatever is available to you. NOT what you favorite.

Awesome point Sil.  hmm, I actually got to feel the bite of not having any tools available.  I recently started a new job (2 months now) in a very large enterprise.  The last place I was at was small, only a few hundred users and 100 servers 50% VM.  I had the keys to the kingdom there being the Security Admin as well as having a good amount of knowledge on the other areas in our support group.  Now I am in something that dwarfs my last job.  14K users, almost 1000 servers and many restrictions placed on the workstations.  So no keys, limited access to some log data and it took 2 months to get local admin so I can start installing some tools like nmap.  So for the 2 months I had to make due with what I had to investigate systems.  nslookup, ping, tracert, netstat etc... 

Its kinda fun to poke around using only what you have.