Thank you all for your reply. We do pen testing and IT auditing for Financial Institutions and Medical Firms for compliance to HIPPA and FFIEC regulations that recommend them to have internal and external penetration testing by a third party organization. Most of our clients are small to medium sized community banks or credit unions. We established or secuirty consulting roughly 2 or 3 years back as kind of a spin off of our normal core business. We are lucky enough to offer other products to our customers which already gives us a foot in the door, and what I believe to be the biggest factor in selling consulting services to our customers which is trust. Since we started we have found that the bulk of our work is now coming from word of mouth and repeat business from previous clients that we have done testing for which is the core to being sucessful in this industry. As far as tools that we use:
Port Scanners - nmap, solarwinds (used for multiple purposes), hping
Firewall Testing - nmap, hping, firewalk
Scanners - Nessus, GFI Languard, Sara
Web Application Scanner - Web Inspect, Nikto
Password - Cain, John, Rainbow Tables, Sam Inside
Brute Force - Hydra, Brutus, tsgrinder, tscrack,
Sniffer - tcpdump, wireshark/ethereal, Network General Sniffer Pro
Wireless - Kismet, NetStumbler, Aircrack suite of tools for cracking WEP etc...
Exploit Tools - Metasploit, CANVAS, for bigger jobs we will buy a consulting license of Core but the majority of them we do not due to cost.
Bootable Linux - BackTrack
I am sure I missed some but the above is what I would call the core tools that we use. Of course there are several others that we use in different situations as well as manual methods of compromising systems without running automated tools.
And the best tool of all "Google". Just kidding but I have found in my researching that there is an unlimited amount of information out there and if someone looks hard enough they can normally find anything they want if they are patient.
We are always looking to hook up with other people to contract out services to. Unfortunatley where we are located we lose out on alot of work due to travel expenses for us to get to the location. We have tried to form partnerships with other companies that have consultants across the US but they all charge for the name, and alot of the smaller banks are tightly budgeted and wont spend the money to have a big consulting firm come in.
I would be happy to share compare notes with you. Always interested in learning more and from reading the forums there are alot of really talented people here.
CEH, CCNA, Security+