1.
BackTrack 5r3
The mamma or best known of Linux pentesting distros. BackTrack has a very cool
strapline: “The quieter you become, the more you are able to hear.” That just
sounds cool….
The mamma or best known of Linux pentesting distros. BackTrack has a very cool
strapline: “The quieter you become, the more you are able to hear.” That just
sounds cool….
BackTrack is based on the
ever-popular Ubuntu. The pentesting distro used to be only available within a
KDE environment but Gnome become was added as an option with the release of
BackTrack v5. For those working in Information Security or intrusion detection,
BackTrack is one of the most popular pentesting distros that can run on a live
CD or flash drive. The distribution is ideal for wireless cracking, exploiting,
web application assessment, learning, or social-engineering a client.
Here is a list of some of the
awesome tools available in BackTrack 5r3 (the latest release).
To identify Live Hosts:
dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)
address6 – (which acts as a IPV6 address conversion)
Information Gathering Analysis
(Social Engineering)
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Web Crawlers
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points
Database Analysis
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.
Bluetooth Analysis
Blueranger – Uses link quality to locate Bluetooth devices
Blueranger – Uses link quality to locate Bluetooth devices
Vulnerability Assessment
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Exploitation Tools
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
Password Tools
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec
2. NodeZero.
Like BackTrack, NodeZero is an
Ubuntu based distro used for penetration testing using repositories so every
time Ubuntu releases a patch for its bugs, you also are notified for system
updates or upgrades. Node Zero used to be famous for its inclusion of THC IPV6
Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, etc,
but I think that these days BackTrack 5r3 also includes these tools.
Whereas BackTrack is touted as being
a “run-everywhere” distro, i.e. running it live, NodeZero Linux (which can also
be run live) state that the distros real strength comes from a hard install.
NodeZero, in their own words, believe that a penetration tester “requires a
strong and efficient system [achieved by using] a distribution that is a
permanent installation, that benefits from a strong selection of tools,
integrated with a stable Linux environment. Sounds cool. Ever tried it? Let us
know in the comments below.
3. BackBox Linux
BackBox is getting more popular by
the day. Like BackTrack and NodeZero, BackBox Linux is an Ubuntu-based
distribution developed to perform penetration tests and security assessments.
The developers state that the intention with BackBox is to create a pentesting
distro that is fast and easy to use. BackBox does have a pretty concise looking
desktop environment and seems to work very well. Like the other distros BackBox
is always updated to the latest stable versions of the most often used and
best-known ethical hacking tools through repositories.
BackBox has all the usual suspect for
Forensic Analysis, Documentation & Reporting and Reverse Engineering with
tools like ettercap, john, metasploit, nmap, Social Engineering Toolkit,
sleuthkit, w3af, wireshark, etc.
4. Blackbuntu.
Yes, as the name clearly suggests,
this is yet another distro that is based on Ubuntu. Here is a list of Security
and Penetration Testing tools – or rather categories available within the
Blackbuntu package, (each category has many sub categories) but this gives you
a general idea of what comes with this pentesting distro: Information
Gathering, Network Mapping, Vulnerability Identification, Penetration,
Privilege Escalation, Maintaining Access, Radio Network Analysis, VoIP
Analysis, Digital Forensic, Reverse Engineering and a Miscellaneous section.
This list is hardly revolutionary but the tools contained within might be
different to the other distros.
5. Samurai Web Testing Framework.
This is a live Linux distro that has
been pre-configured with some of the best of open source and free tools that
focus on testing and attacking websites. (The difference with Samurai Web
Testing Framework is that it focuses on attacking (and therefore being able to
defend) websites. The developers outline four steps of a web pen-test. These
steps are incorporated within the distro and contain the necessary tools to
complete the task.
Step 1: Reconnaissance – Tools include Fierce domain scanner and
Maltego.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.
Of interest as well, the Live CD
also includes a pre-configured wiki, set up to be a central information store
during your pen-test.
The Samurai Web Testing Framework is
a live Linux distro that focuses on web application vulnerability research and
web pentesting within a “safe environment” – i.e. so you can ethical hack
without violating any laws. This is a pentesting distro recommended for
penetration testers who wants to combine network and web app techniques.
6. Knoppix STD.
This distro is based on Debian and originated in Germany. The architecture is i486 and runs from the following desktops: GNOME, KDE, LXDE and also Openbox. Knoppix has been around for a long time now – in fact I think it was one of the original live distros.
Knoppix is primarily designed to be
used as a Live CD, it can also be installed on a hard disk. The STD in the
Knoppix name stands for Security Tools Distribution. The Cryptography section is
particularly well-known in Knoppix.
7. Pentoo.
Pentoo is a security-focused live CD
based on Gentoo. In their own words “Pentoo is Gentoo with the pentoo overlay.”
So, if you are into Pentoo then this is the distro for you. Their homepage
lists some of their customized tools and kernel, including: a Hardened Kernel
with aufs patches, Backported Wifi stack from latest stable kernel release,
Module loading support ala slax, XFCE4 wm and Cuda/OPENCL cracking support with
development tools.
8. WEAKERTH4N.
This penetration distribution is
built from Debian Squeeze and uses Fluxbox for its’ desktop environment. This
pentesting distro is particularly well adjusted for WiFi hacking since it
contains many Wireless tools. Here is a quick summary of WEAKERTH4N’s tool
categories: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking,
Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information
Gathering, Fuzzing, Android Hacking, Networking and Shells.
9. Matriux Krypton.
This linux distro is, I believe, is
the first security distribution based directly on Debian, (after WEAKERTH4N?)
if I am wrong please comment below! There are 300 security tools to work,
called “arsenals”. The arsenals allow for penetration testing, ethical hacking,
system and network administration, security testing, vulnerability analysis,
cyber forensics investigations, exploiting, cracking and data recovery.
The last category, data recovery, doesn’t seem to be prevalent in the other
distros.
10. DEFT.
The latest version is DEFT 7 which
is based on the new Linux Kernel 3 and the DART (Digital Advanced Response
Toolkit). This distro is more orientated towards Computer Forensics and uses
LXDE as desktop environment and WINE for executing Windows tools under Linux.
The developers, (based in Italy) hope that their distro will be used by the
Military, Police, Investigators, IT Auditors and professional penetration
testers. DEFT is an abbreviation for “Digital Evidence & Forensic Toolkit”
11. CAINE
A reader to our blog suggested to
add CAINE which we duly have. CAINE Stands for Computer Aided Investigative
Environment, and like many information security products and tools – it is
Italian GNU/Linux live distribution. CAINE offers a comprehensive forensic
environment that is organized to integrate existing software tools that are
composed as software modules, all displayed within a friendly graphical
interface. CAINE states to have three objectives. These are, to ensure that the
distro works in an interoperable environment that supports the digital
investigator during the four phases of the digital investigation. Secondly that
the distro has a user friendly graphical interface and finally that it provides
a semi-automated compilation of the final forensic report. As you would likely
expect, CAINE is fully open-source.
If anyone has used this please let
us know.
12. Bugtraq
Bugtraq is another reader submitted
pentesting distro. Based on the 26.6.38 kernel, this distro offers a really
wide range of penetration and forensic tools. Like most of the others in this
list, Bugtraq can hard-install of obviously run as a Live DVD or from a USB
drive. Bugtraq claims to have recently configured and updated the kernel for
better performance but also importantly so that it can recognize more hardware,
including wireless injection patches pentesting. The team at Bugtraq seem solid
because they are clearly making an effort to get the kernel to work with more
hardware – something which the other distributions don’t always place enough
importance.
Some of the special features
included with Bugtraq include (as stated) an expanded range of recognition for
injection wireless drivers, (i.e. not just the usual Alfa rtl8187), a patched
2.6.38 kernel and solid installation of the usual suspects: Nessus, OpenVAS,
Greenbone, Nod32, Hashcat, Avira etc.
Unique to Bugtraq (as claimed on
their site) is the ability to, or better said, ease, of deleting tracks and
backdoors. Just by having read about Bugtraq I’m really glad that I can add
this to the list because it just sounds like a job well done. If you are
interested in any of the following pentesting and forensic categories, then do
go and check out Buqtraq: Malware, Penetration Shield, Web audit, Brute force
attack, Communication and Forensics Analytics, Sniffers, Virtualizations,
Anonymity and Tracking, Mapping and Vulnerability detection.
