Using automated tools alone, does not make anyone a real pentester in my humble opinion
For tools, you can pretty much just download BackTrack from www.backtrack-linux.org
and you'll have 90-99% of all the tools you will ever need. (Besides those you might have to write yourself.)
That in itself (BT) is nothing more than a tool. Although from time to time I plop open a BT machine, I almost ALWAYS perform testing on anything I can get my hands on. FreeBSD, Solaris, NetBSD, OpenBSD, DragonFly, other versions of Linux. I don't really care for any particular OS as it is only a tool.
In doing so, you get used to whatever is available on the operating system without having to rely on ANY tool including Scapy for packet play. Imagine you getting into a Solaris ONLY network without Python what would you do without Scapy? Install Python to get scapy running? I wouldn't, I would try hping, harpoon or tcpreplay which have less dependencies, and HIDS isn't going to see the glaring python install. On BSD I might use bittwist or hexinject, all depends on what I'm doing.
Personally, I would fiddle with ALL operating systems to become as versatile as possible and try mimicking available security tools with normal system available tools. E.g. if using say FreeBSD, you'd want to focus on ports in the net tree (http://www.freebsd.org/ports/categories-grouped.html
) and familiarize yourself with them. You'd be surprised to find you can perform the same functions as ANY SECURITY TOOL with standard systems tools. You have to know what's available and what's not.
So while some may tout the "this OS" or "this tool" I say, focus on the system rather than the tool. BT is also nothing more than a tool. If you become too comfortable with it and the tools on it, you're not doing yourself any justice and you are no more a pentester than anyone else firing off tools.
MaXe, this isn't aimed at you at all. Just stating the obvious, there isn't any "one size fits all." I would love to see how many pentesters would be able to make do with just the system tools. NOT being able to download, install run whatever favorites they have. When one can do this with most systems, then one should pat themselves on the back period.
I've said it before: imagine being contracted to pentest a "contained" environment without being able to use whatever tools or operating system of your choice. What could you do? What could you do for recon on say a Windows XP machine with no nmap, wireshark, etc.? How would you enumerate the network? Same goes for Linux, BSD, etc., especially BT. When you feel confident on any system without tools, you can best believe the tool of choice would be whatever is available to you. NOT what you favorite.