Pentesting VoIP Systems - VIPER VAST 3

Pentesting VoIP Systems: VIPER VAST 3

VAST is a Linux-based security distribution specifically designed for pentesting VoIP and UC networks.

It enables security professionals and UC administrators to rapidly perform VoIP security assessments and enumerate vulnerabilities in IP Phones or IP PBX servers in a lab environment. With VAST, a security consultant has every tool necessary to carry out a successful onsite or remote penetration test or vulnerability assessment against a UC network. VAST is built on Mint Linux 13 and includes all of the open source VIPER Lab tools, in addition to some other network pentest tools.

VAST can be downloaded in .ISO format and VMWare guest image.

Download VIPER VAST 3

Read More

Portable Linux Auditing CD

PLAC is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools. ISO will be avialable and scripts to roll you own cd.

Download PLAC

Read More

Bootable Forensics - snarl

snarl is a bootable forensics ISO based on FreeBSD and using @stake's autopsy and task as well as scmoo's list of known good checksums. Once you boot the iso just log in as root there is no password. You will boot into a dialog driven menu. select the first option and choose the checksum set for the OS you are auditing. this will convert the schmoo checksum database into a format that autopsy understands. Then select the second option. this will configure and start autopsy. Then select the third option and links will be launched browsing the autopsy page. You can also select exit and use the large collection of security related ports.

Download snarl

Read More

Tiny Core Linux

Tiny Core Linux is a light and modular Linux distribution. Its main purpose is to allow the easy construction of simple but powerful appliance-like desktops.

Contemplating a distribution that can get you to a basic, empty desktop by booting from a 10MB ISO (you read that right), you’d be forgiven for wondering how comprehensive a Tiny Core system could be. On further investigation it turns out that Tiny Core owes its slim stature to a careful choice of lightweight components and the fact that it isn’t derived from one of the mainstream distributions. This decision by the developers brings with it both advantages and disadvantages. Tiny Core offers a very fast experience overall, with a boot time that none of the major distributions can touch. On the other hand, if something goes wrong or you couldn’t find a runnable application that you needed, the remedies that work on other Linux systems may not work with Tiny Core.

Once up and running, you are plonked into a blue desktop courtesy of the FLWM window manager with an icon-based application launcher at the bottom of the screen. By default, there are icons to access settings, add packages to the system, mount disks and to launch the file manager, but there are no substantial applications at this point.

Tiny Core uses its own package format, but rest assured, the package repository is huge with thousands of applications that are ready to go. Adding a medium-sized application such as Firefox, for example, takes only a couple of minutes. When you install applications, using the GUI package manager, they are downloaded and then added on the fly, automatically popping up on the application bar.  During the boot process, the user specifies the location of a directory to be used for settings and application packages, and on subsequent boots, Tiny Core automatically locates the files that it needs. Here again, we glimpse some intriguing technology as there are options for loading the application files into RAM or fetching them from the disk when needed



Tiny Core Linux

There are a few ways of using Tiny Core, but the approach favoured by the developers is to combine a medium such as a CDROM with writable storage such as a hard disk or USB stick. The developers cite the advantage that this makes system files incorruptible, but the problem is that I don’t think that many people will want to boot from a CDROM every time they switch the computer on. Neither will many people be interested in carrying around a CDROM and a USB stick in order to get the system working. Compounding the awkwardness of this approach, Tiny Core doesn’t support NTFS partitions for the user files folder.

A USB pen drive installation is a good compromise, and an automated script for carrying this out does exist. The script isn’t very flexible, however, and it wipes the entire drive, setting up separate partitions for the system files and user data and applications respectively.


The least well supported approach is to boot from the hard disk, and yet I suspect that this would be the most popular amongst potential users. It can be done, but the installation is far from automated and involves manual partitioning, formatting, file copying and setting up of GRUB. Bafflingly, the developers indicate, on the Tiny Core website, that they don’t see the demand for hard disk installation.

Download Tiny Core Linux

Read More

Pentest Distro - Web Testing Framework Samurai

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Download Web Testing Framework Samurai

Read More

squitch pentest – A simple and small pentesting linux distro

Features

º ubuntu based
º gnome 2 desktop
º kernel 3.0.0.15
º pentesting tools

Download squitch

Read More

CAINE 7.0 - DeepSpace 64bit

CAINE (Computer Aided INvestigative Environment) is a Linux distribution specifically designed for digital forensics. It is based on Ubuntu.

The latest edition is CAINE 7, code-named DeepSpace. It is based on Ubuntu 14.04 LTS and, therefore, UEFI and Secure Boot ready.

It comes with some new features, including booting into a read-only mode whereby all block devices are not writable, and a VNC server and client that allows remote control of a Caine 7 installation.

This post offers screenshots from a test installation of CAINE 7 in a virtual environment.

This is the installation boot menu. If you want to install CAINE in a virtual environment (using VirtualBox) on Ubuntu, select the Boot Live in safe graphics mode. Booting using the default will only give you a garbled display.

Download CAINE 7.0

Read More

F.H.C - FORENSIC LIVE CD IMAGER

Forensic Hard Copy, is a Linux distribution, bootable CD (LiveCD), exclusively created to automate and speed up the copy of the storage devices. These procedures of copy are commonly in use in computer forensics. In computer science is orthodox practice, acquire data from the offending media in order to protect them from any alteration or damage, then later analyze the identical copy. The project was created to meet the operational needs of the police involved in investigations, the technical consultants (CTU) and part IT(CTU), ensuring the durability and the use of evidence in computer science criminal trial.


Has been used open source software, open-source scripts and to give all users the ability to understand, if necessary, the actual operation of the software in the process of copying or image acquisition. The process has been automated through a script-wizard that guides you step by step in the copy of a support. The new release has a 2.6.32 kernel which has a wide compatibility with controllers and disks. The recognition is done through media connections IDE, SATA, Firewire and USB, so you can also copy data to external media to the machine being analyzed.

Download F.H.C

Read More

Distro - Weakerth4n

Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox.This operating system is ideal for WiFi hacking as it contains plenty of Wireless tools. It has a very well maintained website and a devoted community. Built from Debian Squeeze (Fluxbox within a desktop environment) this operating system is particularly suited for WiFi hacking as it contains plenty of Wireless cracking and hacking tools.

Tools includes: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing Android Hacking, Networking and creating Shells.

Download Weakerth4n

Read More

Distro - Knoppix STD

Knoppix STD (Security Tools Distribution) is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities, penetration, packet sniffers, assemblers, vulnerability assessment and wireless networking. Knoppix STD version 0.1 was published January 24, 2004, on Knoppix 3.2. Thereafter, the project stagnated, lacking updated drivers and packages. A release date for version 0.2 has not yet been announced. A list of tools is available on the official website.

Download Knoppix STD

Read More

Distro - Blackbuntu

Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track.

Download Blackbuntu

Read More

Distro - GnackTrack

GnackTrack is an open and free project to merge penetration testing tools and the linux Gnome desktop. GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu.

Backtrack is not only a single player in the field of ethical hacking, so you can try some other distribution as well, if you are Gnome lover than must try this, however backtrack 5 is also available on Gnome platform. Just like backtrack, Gnacktrack comes with multiple tools that are really helpful to do a effective penetration testing, it has Metasploit, armitage, wa3f and others wonderful tools.

Download  GnackTrack

Read More

Distro - Pentoo for pentesters

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable live cd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.

Download Pentoo

Read More

Distro - NodeZero

It is said the necessity is the mother of all invention, and NodeZero Linux is no different. There team is built of testers and developers, who have come to the census that live systems do not offer what they need in their security audits. Penetration Testing distributions tend to have historically utilized the “Live” system concept of linux, which really means that they try not to make any permanent effects to a system. Ergo all changes are gone after reboot, and run from media such as discs and USB’s drives. However all that this maybe very handy for occasional testing, its usefulness can be depleted when your testing regularly. Its there believe that “Live System’s” just don’t scale well in a robust testing environment.

All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.

Download NodeZero

Read More

Ditro - Bugtraq

Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
Bugtraq team is experienced freaks and developers, It is available in Debian, Ubuntu and OpenSuSe in 32 and 64 bit architectures.

Download Bugtraq

Read More

Distro - Network Security Toolkit (NST)

Network Security Toolkit (NST) is a bootable live CD based on Fedora Core. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools. 

What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.

Download  Distro - Network Security Toolkit (NST)

Read More

Distro - Samurai Web Security Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Download Samurai Web Security Framework

Read More

Distro - Live Hacking OS

As i am said before Live Hacking OS is also based on linux which has big package of hacking tools useful for ethical hacking or penetration testing. It includes the graphical user interface GNOME inbuilt. There is a second variation available which has command line only, and it requires very less hardware requirements.

Download Live Hacking OS

Read More

DEFT - Linux Cyber Forensics

Deft is Ubuntu customization with a collection of computer forensic programs and documents created by thousands of individuals, teams and companies. Each of these works might come under a different licence. There Licence Policy describe the process that we follow in determining which software we will ship and by default on the deft install CD.

Download DEFT

Read More

PHLAK - Professional Hacker’s Linux Assault Kit

Description


PHLAK is a modular live security Linux distribution. It is a derivative of Morphix. PHLAK hopes to develop the perfect toolkit for all security professionals. There are two flavors: FatMan- large CD-based iso, LittleBoy- slimmed USB pendrive version.

Download PHLAK

Read More