Tiny Core Linux

Tiny Core Linux is a light and modular Linux distribution. Its main purpose is to allow the easy construction of simple but powerful appliance-like desktops.

Contemplating a distribution that can get you to a basic, empty desktop by booting from a 10MB ISO (you read that right), you’d be forgiven for wondering how comprehensive a Tiny Core system could be. On further investigation it turns out that Tiny Core owes its slim stature to a careful choice of lightweight components and the fact that it isn’t derived from one of the mainstream distributions. This decision by the developers brings with it both advantages and disadvantages. Tiny Core offers a very fast experience overall, with a boot time that none of the major distributions can touch. On the other hand, if something goes wrong or you couldn’t find a runnable application that you needed, the remedies that work on other Linux systems may not work with Tiny Core.

Once up and running, you are plonked into a blue desktop courtesy of the FLWM window manager with an icon-based application launcher at the bottom of the screen. By default, there are icons to access settings, add packages to the system, mount disks and to launch the file manager, but there are no substantial applications at this point.

Tiny Core uses its own package format, but rest assured, the package repository is huge with thousands of applications that are ready to go. Adding a medium-sized application such as Firefox, for example, takes only a couple of minutes. When you install applications, using the GUI package manager, they are downloaded and then added on the fly, automatically popping up on the application bar.  During the boot process, the user specifies the location of a directory to be used for settings and application packages, and on subsequent boots, Tiny Core automatically locates the files that it needs. Here again, we glimpse some intriguing technology as there are options for loading the application files into RAM or fetching them from the disk when needed



Tiny Core Linux

There are a few ways of using Tiny Core, but the approach favoured by the developers is to combine a medium such as a CDROM with writable storage such as a hard disk or USB stick. The developers cite the advantage that this makes system files incorruptible, but the problem is that I don’t think that many people will want to boot from a CDROM every time they switch the computer on. Neither will many people be interested in carrying around a CDROM and a USB stick in order to get the system working. Compounding the awkwardness of this approach, Tiny Core doesn’t support NTFS partitions for the user files folder.

A USB pen drive installation is a good compromise, and an automated script for carrying this out does exist. The script isn’t very flexible, however, and it wipes the entire drive, setting up separate partitions for the system files and user data and applications respectively.


The least well supported approach is to boot from the hard disk, and yet I suspect that this would be the most popular amongst potential users. It can be done, but the installation is far from automated and involves manual partitioning, formatting, file copying and setting up of GRUB. Bafflingly, the developers indicate, on the Tiny Core website, that they don’t see the demand for hard disk installation.

Download Tiny Core Linux

Read More

Pentest Distro - Web Testing Framework Samurai

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Download Web Testing Framework Samurai

Read More

squitch pentest – A simple and small pentesting linux distro

Features

º ubuntu based
º gnome 2 desktop
º kernel 3.0.0.15
º pentesting tools

Download squitch

Read More

Distro - Weakerth4n

Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox.This operating system is ideal for WiFi hacking as it contains plenty of Wireless tools. It has a very well maintained website and a devoted community. Built from Debian Squeeze (Fluxbox within a desktop environment) this operating system is particularly suited for WiFi hacking as it contains plenty of Wireless cracking and hacking tools.

Tools includes: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing Android Hacking, Networking and creating Shells.

Download Weakerth4n

Read More

Distro - Knoppix STD

Knoppix STD (Security Tools Distribution) is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities, penetration, packet sniffers, assemblers, vulnerability assessment and wireless networking. Knoppix STD version 0.1 was published January 24, 2004, on Knoppix 3.2. Thereafter, the project stagnated, lacking updated drivers and packages. A release date for version 0.2 has not yet been announced. A list of tools is available on the official website.

Download Knoppix STD

Read More

Distro - Blackbuntu

Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track.

Download Blackbuntu

Read More

Distro - GnackTrack

GnackTrack is an open and free project to merge penetration testing tools and the linux Gnome desktop. GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu.

Backtrack is not only a single player in the field of ethical hacking, so you can try some other distribution as well, if you are Gnome lover than must try this, however backtrack 5 is also available on Gnome platform. Just like backtrack, Gnacktrack comes with multiple tools that are really helpful to do a effective penetration testing, it has Metasploit, armitage, wa3f and others wonderful tools.

Download  GnackTrack

Read More

Distro - Pentoo for pentesters

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable live cd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.

Download Pentoo

Read More

Distro - NodeZero

It is said the necessity is the mother of all invention, and NodeZero Linux is no different. There team is built of testers and developers, who have come to the census that live systems do not offer what they need in their security audits. Penetration Testing distributions tend to have historically utilized the “Live” system concept of linux, which really means that they try not to make any permanent effects to a system. Ergo all changes are gone after reboot, and run from media such as discs and USB’s drives. However all that this maybe very handy for occasional testing, its usefulness can be depleted when your testing regularly. Its there believe that “Live System’s” just don’t scale well in a robust testing environment.

All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.

Download NodeZero

Read More

Ditro - Bugtraq

Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
Bugtraq team is experienced freaks and developers, It is available in Debian, Ubuntu and OpenSuSe in 32 and 64 bit architectures.

Download Bugtraq

Read More

Distro - Network Security Toolkit (NST)

Network Security Toolkit (NST) is a bootable live CD based on Fedora Core. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools. 

What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.

Download  Distro - Network Security Toolkit (NST)

Read More

Distro - Samurai Web Security Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Download Samurai Web Security Framework

Read More

Distro - Live Hacking OS

As i am said before Live Hacking OS is also based on linux which has big package of hacking tools useful for ethical hacking or penetration testing. It includes the graphical user interface GNOME inbuilt. There is a second variation available which has command line only, and it requires very less hardware requirements.

Download Live Hacking OS

Read More

DEFT - Linux Cyber Forensics

Deft is Ubuntu customization with a collection of computer forensic programs and documents created by thousands of individuals, teams and companies. Each of these works might come under a different licence. There Licence Policy describe the process that we follow in determining which software we will ship and by default on the deft install CD.

Download DEFT

Read More

PHLAK - Professional Hacker’s Linux Assault Kit

Description


PHLAK is a modular live security Linux distribution. It is a derivative of Morphix. PHLAK hopes to develop the perfect toolkit for all security professionals. There are two flavors: FatMan- large CD-based iso, LittleBoy- slimmed USB pendrive version.

Download PHLAK

Read More

Operator - Linux

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Download Operator

Read More

Kali NetHunter 3.0 - Android Mobile Penetration Testing Platform

What’s New in Kali NetHunter 3.0

    NetHunter Android Application Rewrite

The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter application has finally reached maturity and is now a really viable tool that helps manage complex attacks. In addition, the application now allows you to manage your Kali chroot independently, including rebuilding and deleting the chroot as needed. You can also choose to install individual metapackages in your chroot, although the default selected kali-nethunter metapackage should include all the bare necessities.

    Android Lollipop and Marshmallow Support

Yes, you heard right. NetHunter now supports Marshmallow (Android AOSP 6.x) on applicable devices – although we’re not necessarily fans of the “latest is best” philosophy. Our favourite device continues to be the OnePlus One phone due to the combined benefits of size, CPU/RAM resources, as well as Y-Cable charging support.

    New Build Scripts, Easier Integration for New Devices

Our rewrite also included the code that generates the images, completely porting it to Python and optimizing the build time significantly. The build process can now build small NetHunter images (~70MB) that do not include a built-in Kali chroot – allowing you do download a chroot later via the Android application.

We’ve also made it much easier to build ports for new devices that NetHunter can run on and we’ve already seen a couple of interesting PRs regarding Galaxy device support…

    Fabulous NetHunter Documentation

We might be somewhat biased regarding our documentation, and perhaps it’s not “fabulous” but just “good”… but still, it’s definitely much better than it was before and can be found in the form of the NetHunter Github Wiki. We’ve included topics such as downloading, building and installing NetHunter, as well as a quick overview of each of the NetHunter Attacks and Features.

    NetHunter Linux Root Toolkit Installer

We’ve got a new official NetHunter installer that runs natively on Linux or OSX. The installer is made from a set of Bash scripts which you can use to unlock, flash to stock and install the NetHunter image to supported OnePlus One or Nexus devices. Please welcome the NetHunter LRT, created by jmingov.

Download Kali NetHunter 3.0

Read More

Xiaopan OS - Pentesting Distribution for Wireless Security Enthusiasts

Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced tools to penetrate wireless networks. Based on the Tiny Core Linux (TCL) operating system (OS), it has a slick graphical user interface (GUI) requiring no need for typing Linux commands. Xiaopan OS is Windows, Mac and Linux compatible and users can simply install and boot this ~70mb OS through a USB pen drive or in a virtual machine (VM) environment.

Alternatives

There are a number of professional operating systems that have been developed specifically for pentesting and security auditing which all are based on Linux. These include Kali, BackTrack and WiFiway. What sets Xiaopan OS apart from its competitors is that it Xiaopan OS is simple to use and just works, depending on a number of variables and providing you have all the right hardware of course.

Tools

Xiaopan OS includes a number of tools to hack WiFi Protected Setup (WPS), WiFI Protected Access (WPA) and Wireless Equivalent Privacy (WEP) encrypted networks:

• Reaver: newly developed application with the ability to brute force crack WPS (WPA / WPA2) pins.
• Inflator: this is the GUI version of command line reaver.
• Aircrack-ng: the major backbone of many other Xiaopan tools including FeedingBottle (FB) and Minidwep with the ability to attack WPA networks through a dictionary attack and WEP networks through collecting and injecting packets.
• FeedingBottle: so easy a baby could use it! FB is essentially the Aircrack-ng GUI and was created by Beini.
• Minidwep: is similar to FB but has a better and similar GUI that is even easier to use than FB. The added advantage of Minidwep is that you can also run Reaver and Inflator from here as well.
• Xfe: this is a simple file manager similar to say windows explorer

Download Xiaopan OS

Read More

Tails 1.7 - The Amnesic Incognito Live System

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:

• use the Internet anonymously and circumvent censorship;
  all connections to the Internet are forced to go through the Tor network;
• leave no trace on the computer you are using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.  

Tails, The Amnesic Incognito Live System, version 1.7, is out.
This release fixes numerous security issues. All users must upgrade as soon as possible.

New features

• You can now start Tails in offline mode to disable all networking for additional security. Doing so can be useful when working on sensitive documents.
  
• We added Icedove, a rebranded version of the Mozilla Thunderbird email client.
  Icedove is currently a technology preview. It is safe to use in the context of Tails but it will be better integrated in future versions until we remove Claws Mail. Users of Claws Mail should refer to our instructions to migrate their data from Claws Mail to Icedove.
  

Upgrades and changes

• Improve the wording of the first screen of Tails Installer.
  
• Restart Tor automatically if connecting to the Tor network takes too long. (#9516)
  
• Update several firmware packages which might improve hardware compatibility.
  
• Update the Tails signing key which is now valid until 2017.
  
• Update Tor Browser to 5.0.4.
  
• Update Tor to 0.2.7.4.
  

Fixed problems

• Prevent wget from leaking the IP address when using the FTP protocol. (#10364)
  
• Prevent symlink attack on ~/.xsession-errors via tails-debugging-info which could be used by the amnesia user to bypass read permissions on any file. (#10333)
  
• Force synchronization of data on the USB stick at the end of automatic upgrades. This might fix some reliability bugs in automatic upgrades.
  
• Make the "I2P is ready" notification more reliable.
  

Download Tails 1.7

Read More

Security Onion - Linux Distro For Intrusion Detection, Network Security Monitoring, And Log Management

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes


Analyze your NIDS/HIDS alerts with Squert


Pivot between multiple data types with Sguil and send pcaps to Wireshark and NetworkMiner


Use ELSA to slice and dice your logs


Access full packet capture with CapMe


Snort/Suricata and Bro compiled with PF_RING to handle lots of traffic


Easy updates

Data Types

• Alert data - HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata
• Asset data from Prads and Bro
• Full content data from netsniff-ng
• Host data via OSSEC and syslog-ng
• Session data from Argus, Prads, and Bro
• Transaction data - http/ftp/dns/ssl/other logs from Bro

Download Security Onion

Read More