Penetration & Hacking Focused Distros

On first thought, it would seem that ethical hackers have everything figured out, their lives are too easy. Why, you ask? Well, they have so many tools out there to make their lives easy. Ok, we are kidding, they have a tough going and lead frustrating lives. It's not easy being a hacker. However, it's true that they do have so many resources at hand to help them out every now and then.

1.Bugtraq

Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. This distribution based on the 3.2 and 3.4 kernel Generic available in 32 Bits & 64 Bits has a huge range of penetration, forensic and laboratory tools. The systems are available in 11 different languages.

2.Blackbuntu

Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment.

3.DEFT

DEFT Linux is a GNU/Linux live for free software based on Ubuntu , designed for purposes related to computer forensics and computer security.

4.Samurai Web Testing Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

5.Back Box Linux

BackBox is an Ubuntu-based Linux distribution penetration test and security assessment oriented providing a network and informatic systems analysis toolkit. BackBox desktop environment includes a minimal yet complete set of tools required for ethical hacking and security testing.

6.Gnacktrack

GnackTrack is a Live (and installable) Linux distibution designed for Penetration Testing and is based on Ubuntu. It's based on GNOME. 

Author : Shivam Kotwalia, CodeKill

Network Security Tools For Security Researchers And Penetration Testers To Use

Penetration testing and network security is a pretty vast topic. These tools cover almost every aspect of it.

Network security is one of the biggest buzzwords nowadays. There are a number of security tools available, each with its own unique ability. That said, there are some that you will find on almost every security expert's computer. These are the ones that are the best and should be on your computer too. Here are 30 of the top network security tools, stay tuned for more.

1. Wireshark

This one was known as Ethereal till the summer of 2006. It is an open source platform network protocol analyzer.

Latest release: 26 July 2013, version 1.10.1

2. Metasploit

This is an open source platform that was released in 2004. It can be launched for developing, testing and using exploit codes. While the framework is free and open source, since its acquisition by Rapid7 in 2009, but there are paid editions to it too.

Latest release: 7 December 2012, version 4.5

3. Nessus

This is another one of the most popular network security tools. It is a vulnerability scanner that costs $1,200. It used to be a free and open source application till 2005.

Latest release: 7 May 2013, version 5.2.1

4. Aircrack

This tool used the best cracking algorithms for 802.11 A/b/g WEP and WPA cracking. It is best used to recover wireless keys.

Latest release: 24 April 2010, version 1.1

5. Snort

This is one of the best available network intrusion applications that has its forte in traffic analysis and packet logging on IP networks. Snort itself is free and open source, but SourceFire (the parent company) offers other complimentary products at a price. In addition, it offers its own VRT-certified rules for $499 per sensor per year.

Latest release: 30 July 2013, version 2.9.5.3

6. Cain and Abel

How is this security tool different from others? Well, it’s a Windows only tool, which is very unlike other tools that support Linux and UNIX before Windows. Cain & Abel is a password recovery tool that can handle a number of tasks.

Latest release: 3 December 2011, version 4.9.43

7. BackTrack

If you’re even remotely involved with hacking you would have heard of BackTrack. This is a Live CD Linux distribution that comes from Whax and Auditor. It has a huge suite of security and forensics tools and is known to be the hacker’s distribution.

Latest release: 13 August 2012, version 5 R3

8. Netcat

Want to read data across UDP or TCP network connections? This is the go to tool for most security personnel for this purpose. First released in 1995 by Hobbit, it is one of the most popular security tools. Interestingly, it hasn’t been maintained despite its popularity. Recognising its usefulness, the Nmap Project made a modern version of the tool called Ncat.

Latest release: 20 March 1996, version 1.10

9. tcpdump

This is a network traffic sniffer that lost its popularity to Wireshark. It still have a respectably large user base though.

Latest release: 20 May 2013, version 4.4.0

10. John the Ripper

Compatible with the Linux, UNIX and Mac OS X platforms, this is a commonly used password cracker.

Latest release: 30 May 2013, version 1.8.0

11. Kismet

This tool is a wireless network detector, intrusion detection system and network sniffer that is used quite commonly for wardriving, warflying, warwalking and warskating.

Latest release: 11 April 2011, version Kismet 2011-03-R2

12. OpenSSH/PuTTY/SSH

This is the go to tool for logging into and executing commands on a remote machine.

13. Burp Suite

This is a tool that is used for attacking web applications. The limited version is available for free, while the pro version costs $299.

Latest release: 3 June 2011, version 1.4.01

14. Nikto

This is an open source web server that performs tests against other web servers for multiple items. This includes more than 6,400 potentially dangerous files/CGIs and other checks.

Latest release: 20 February 2011, version 2.1.4

15. Hping

You can use this one to send custom TCP, ICMP and UDP packets and then display replies. The tool was inspired by the ping command but can be used to perform far more controlled probes.

Latest release: 5 November 2005, version hping3-20051105

16. Ettercap

If a man in the middle attack on LAN networks is what you’re looking at then Ettercap is the tool that you need.

Latest release: 22 March 2013, version 0.7.6-Locard

17. Sysinternals

This tool can be used to gain access to a number of small windows utilities that can be used for low-level windows hacking.

Latest release: 4 February 2011

18. w3af

This is a powerful framework that is used for searching and exploiting web application vulnerabilities.

Latest release: 11 October 2011, version 1.1

19. OpenVAS

This is a vulnerability scanner that was forked from Nessus. The last free version of Nessus, before it became a proprietary tool in 2005, was used for this.

Latest release: 17 April 2013, version 6.0

20. Scapy

Interactive packer manipulation, network scanning, packet generating, packet sniffing, are the activities that Scapy excels in. It is a low level tool and you need Python to interact with it.

Latest release: 28 February 2011, version 2.2.0

20. Ping/telnet/dig/traceroute/whois/netstat

This is a basic security auditing tool that is still very useful. You may be ignoring these for other high tech tools, but knowing these is important too.

21. THC Hydra

This is one tool that has been revered for brute force cracking on temote authentication services. The application can manage rapid dictionary attacks against over 30 protocols like https, ftp, http, telnet, smb, a number of databases and others.

Latest release: 23 May 2012, version 7.3

22. Perl/Python/Ruby

Secripting languages allow you to write your own canned security tools. You can also use them to modify existing tools.
no rating Paros proxy (#24, 8)

23. Paros proxy

This is a Java-based web proxy server that can be used for finding out the web vulnerabilities.

Latest release: 8 August 2006, version 3.2.13

24. NetStumbler

This is a Windows tool that can be used for finding open wireless access points. It is free but not open source and is a Windows-only application.

Latest release: 1 April 2004, version 0.4.0

25. Google

You may think that this is a weird choice for a list like this. But you’re wrong. Google’s database can be is recognised as an important security tool by experts and penetration testers everywhere.

26. OSSEC HIDS

This performs log analysis, rootkit detection, integrity checking, time-based alerting and active response. It is also used as a SEM/SIM solution/

Latest release: 16 November 2012, version 2.7

27. WebScarab

This tool records requests and responses that it observes and lets the operator review them in different ways. It is a tool that can expose the functioning of HTTP(S)-based applications.

Latest release: 20 August 2010, version 20100820-1632

28. Core Impact

This tool is considered by many to be the most powerful exploitation tool that is available right now. It is also much more expensive than others though.

Latest release: 8 August 2011, version 12

29. sqlmap

This is an open source penetration testing tool, which can be used in order to automate the detection and exploitation of SQL injection flaws.

Latest release: 11 April 2011, version 0.9

30. TrueCrypt

This is a very useful open source disk encryption system for Mac, Windows and Linux-based systems.

Latest release: 7 February 2012, version 7.1a 

Author :Shivam Kotwalia, CodeKill

12 Penetration Testing Add-Ons For Firefox

Now you can use your Firefox browser as a penetration testing tool with the help of these amazing add ons! Have a look 

Firefox is not popular only for its open source nature but it can also be turned into a very effective penetration testing tool. Mozilla has its own section for add-ons and all of the following are available. Here they are...

1. FoxyProxy Standard: This advance proxy management add-on for the Firefox internet browser supplements the built-in proxy capabilities of Firefox. The add-on switches the user’s internet connection over one or more proxy servers based on the URL patterns and has many other features as well.

2. Firebug: This tool allows the user to debug and edit JavaScript, HTML and CSS live on a webpage and see the changes take effect. The add-on is useful for analysing JavaScript files for XSS vulnerabilities.

3. Web Developer: This add-on helps in penetration testing by adding various web development tools to Firefox.

4. User Agent Switcher: This add-on is useful if you want to spoof your browser while attacking a network. It places a tool bar on the browser that lets you switch between user agent and browser seamlessly.

5. Live HTTP Headers: The add-on displays live headers for each of the HTTP requests and responses on Firefox. It also allows the user to save header information by a click of a button. It is a really helpful tool for penetration testers.

6. Tamper Data: This add-on is quite similar to the one above, but it brings the added header editing capacity to Firefox. The user can view and then modify HTTP and HTTPS headers and post parameters. You can use it for penetration testing for web applications by modifying the POST parameters. It can also be used to make XSS and SQL Injection attacks.

7. Hackbar: This penetration testing tool for Firefox helps the user in testing simple SQL injection and XSS loopholes through Firefox. In addition, the add-on also has encoding and encryption tools, which can help in testing XSS vulnerability using encoded XSS payloads.

8. Websecurify: This add-on can detect most of the common vulnerabilities in any web applications. It is a complete penetration testing tool that can be added to the Firefox brower.

9. Add N Edit Cookies: As the name suggests, this Firefox browser lets the user add or edit the cookies data for the browser. It is quite useful for penetration testing, especially when trying to perform session hijacks.

10. XSS Me: This add-on helps in detecting XSS vulnerabilities in web applications. It scans all the different forms of a web page and then attacks the pages that qualify with a predefined XSS payload.

11. SQL Inject Me: This one helps in finding SQL injection vulnerabilities in web applications. It displays the vulnerabilities in a web application without exploiting them.

12. FlagFox: This browser adds a country’s flag on Firefox and determines where a web server is located. The add-on also has a web server. 

Author : Shivam Kotwalia, CodeKill

25 Resources On Penetration Testing

Penetration testing is the most used methodology by the ethical hackers. Here we bring 25 resources to help you understand the art better! 

Penetration testing, popularly known as 'pentesting', 'pen testing', or 'security testing', is the art of attacking your own or your client's system and networks exactly how a hacker would do. This helps an ethical hacker identify the security glitches, vulnerabilities and exploits. So here's bringing 25 resources to learn more about this method.

General Information

1. SANS Institute Penetration Testing Reading Room

A set of resources on penetration testing trends, written by students as part of their certification requirements.

2. Penetration Testing Directory Project

An independent online directory, which offers direct links for information on penetration testing and related content.

3. Vulnerability Testing Glossary

A comprehensive index of vulnerability and penetration testing terminology published by the University of Oulu, Finland.

Network

4. National Institute of Standards and Technology (NIST)
“Special Document 800-42: Guideline on Network Security Testing”

A US government-issued paper.

5. Information Systems Audit and Control Association (ISACA)
“Network Penetration Testing”

A slide presentation authored by Jack Jones, director of information security at Nationwide.

Web Application

6. SearchSecurity.com

A read on “Web application penetration testing: Best practices”. Provides an overview of the web application penetration testing process.

7. SecurityFocus
Research article on “Five common Web application vulnerabilities”

8. Ethical Hacker Network
Informational article on “How to Break Software”:

Blogs And Opinions

9. PaulDotCom Community Blog

A security community blog with a focus on penetration testing and an array of expert industry contributors.

10. Penetration Testing Directory Project Blog

An ongoing study of the security assessment process, industry and related issues, written by professional pen testers.

11. Spylogic.net

A blog about security and penetration testing, written by a professional pen tester.

12. Security Second Thoughts

A blog about penetration testing and security research written by an independent security consultant.

White Papers, Podcasts and Other Resources

13. Penetration Testing Mailing List

A mailing list for the discussion of issues and questions about penetration testing and network auditing, hosted by SecurityFocus.

14. CISSP White Papers

An index of security and penetration testing white papers maintained by training experts Logical Security.

15. Seven Deadly Penetration Testing Sins

A list of security testing no-no’s published by code analysis providers Matasano Security.

16. PaulDotCom Security Weekly

Videocast of the PaulDotCom audio podcast, which covers a broad array of security and penetration testing issues.

17. Security Training WebCasts

A series of expert videocasts hosted by leading security and testing trainers from SANS Institute.

Methodologies

18. InfoSec Institute

A security training organisation’s blog on practical penetration testing techniques.

19. The Institute for Security and Open Methodologies (ISECOM)

Open Source Security Testing Methodology Manual.

20. Common Criteria Web Application Security Scoring (CCWAPSS)

A comprehensive security scoring method for Web applications.

21. Information Systems Security Assessment Framework (ISSAF)

A security testing methodology published by the Open Information Systems Security Group (OISSG).

22. Penetration Testing Framework

An outline for planning assessments and gathering information relevant to the penetration testing process.

Wireless Penetration Testing

23. SANS Institute

Wireless security training and penetration testing tutorial.

24. PaulDotCom Network Security Projects

Notes from a training course on hacking wireless routers and using them in penetration tests.

25. WirelessDefence.org

A wireless penetration testing framework.
Shivam Kotwalia, CodeKill