I would like to suggest including a cidrmerge util like the one found at http://ftp.heanet.ie/disk1/sourcefor...rge/cidrmerge/
Makes the creation of whitelists, blacklists, ACLs, etc. of overlapping cidr networks a ton easier.
Why would a penetration tester need this?
Perhaps selling the tool a little better. I see no need for detailed acls on a system the uses root.
Forgive me, I wasn't looking at it strictly from the pentester point of view but more as an overall security consultant. In implementing a defense in depth security posture I have found that creating ACLs in edge routers that block incoming traffic based on country of origin greatly reduces risk. For example, if my client has no business in the Ukraine, the Russian Federation and Africa, blocking all traffic from those locations drops all incoming connection attempts as well as spam originating from servers there. As a value added service for my security assessment client, I can build the appropriate ACLs for their routers (from my tablet loaded with BT5) with the recommendation that they use them to reduce their exposure footprint. Not a necessity, but a 'nice to have' accessory.