====== Security Frameworks & Distributions ====== Backtrack BackTrack 5 BlackArch Linux 2015.04.08 (released April 8, 2015) BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1217 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. For more information, click here to access the project page with instructions and various download options. This is a relative new distribution, and is recently very active. This could be a good addition to you toolkit in addition to the "staple" Kali Linux. Digital Evidence & Forensic Toolkit DEFT 8.2 (released August 10, 2014) DEFT (acronym of "Digital Evidence & Forensic Toolkit) is a customized distribution of the Kubuntu live Linux CD. It is a very easy to use system that includes an excellent hardware detection and the best open source applications dedicated to incident response and computer forensics. Helix Helix3 2009R1 Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Note that Helix is offered by e-Fense and is part of a suite for commercial products. They still offer the free version. Kali Linux Kali Linux Rolling (2016.1) (released January 16, 2016) Network Security Toolkit Network Security Toolkit (NST) 20-6535 (released February 9, 2015) This is a bootable live CD/DVD based on Fedora 20 (kernel 3.18.5-101.fc20) containing a comprehensive site of open source network security tools. OpenVAS OpenVAS-4 (released March 17 2011) OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is available in several formats: Virtual Appliance - Community Edition compatible with VirtualBox 3.x and VMware Ophcrack Ophcrack 3.6.0 (released June 5, 2013) Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. It is available as either a LiveCD or an installable file. Pentoo Pentoo 2015.0 RC3.7 3.6.0 (released January 4, 2015) Pentoo is a penetration testing LiveCD distribution based on Gentoo. It features a set of tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities (yes, it too includes the metasploit framework!). SamuraiSTFU (Control Things) SamuraiSTFU 1.8 (released May 14, 2015) For years, penetration testing distributions like BackTrack and SamuraiWTF have been available to help perform penetration testing in most IT environments. These distributions however have been generic in nature to enable their use in a wide variety of different environments. One environment where these distributions have failed to meet the needs of their users is on SCADA and Smart Grid systems. The folks at UtilSec are fixing this problem. Taking their experience running SamuraiWTF over the last four years, UtiliSec, a leading provider of security consulting services in the energy sector, has created an open source linux distribution specifically for Electric Utility security teams. SamuraiSTFU takes the best in bread security tools for traditional network and web penetration testing, adds specialized tools for embedded and RF testing, and mixes in a healthy dose of energy sector context, documentation, and sample files. It also includes emulators for SCADA, Smart Meters, and other types of energy sector systems to provide leverage a full test lab. So whether you work for an electric utility or are interested in gaining sufficient experience to start doing security work in these environments, this distribution is something that should be evaluated. Secmic Secmic 4.04 (released November 18, 2010) Security Onion Security Onion 12.04 (updated February 28, 2014) Network Security Monitoring (NSM) is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence and situational awareness of your network. There are some commercial solutions that get close to what Security Onion provides, but very few contain the vast capabilities of Security Onion in one package. Security Onion seamlessly weaves together three core functions: full packet capture, network-based and host-based intrusion detection intrusion detection systems (NIDS and HIDS, respectively), and powerful analysis tools. Doug Burks has done an amazing job with this security distribution! Since this tool requires some level of configuration, it needs to be installed on either a physical or virtual host. The DVD iso image provides a complete build environment, including the underlying Xubuntu operating system, or there are scripts available for installing Security Onion on top of a particular version of Linux. **Other Online Resources** There are many other distributions, both active and inactive, that may contains valuable tools and techniques not listed here. The list below contains sites which have been identified that list additional security options for consideration. Security Enhanced (SE) Linux Distributions - Linux.com Security Distributions - SecurityDistro.com **Industrial Protocol Fuzzers** Commercial Codemicon Defensics Wurldtech Achilles **Open-Source** Automatak Aegis **Standalone Security Applications** Cain & Abel Password Cracking Application for Windows Dsniff Network Auditing Suite Hping3 Network Probing Tool John the Ripper Password Cracking Application Metasploit Framework Security Testing Framework (see Documentation below) Nessus Vulnerability Accessment Tool Network Miner Network Forensic Analysis Tool (NFAT) for Windows Netcat / Cryptcat The Network "Swiss Army Knife" Ophcrack Password Cracking Application for Windows based on Rainbow Tables PuTTY Secure Shell Client Snort Intrusion Detection System Splunk Security Event Monitoring (SEM) System THC Hydra Network Authentication (SSH) Cracking Application WCE Windows Credential Editor Wireshark Network Sniffer and Packet Analyzer WhosThere Tool to List Logon Sessions with NTLM Credentials on Windows Domains winAUTOPWN Auto hacking shell gaining tool **Android and Tablet Security Applications** Anti Android Network Toolkit Backtrack5 with Metasploit on Android Documentation Metasploit Framework User Guide Meterpreter Guide **Websites** Pentestmonkey Cheat Sheets (reverse shell, ssh, jtr, sql injection) Top 100 Network Security Tools (sectools.org) Tools Watch Supplemental Tools How to build a mulitiple-boot USB Drive from ISO images Using UNetbootin to create a persistent Linux USB