Security Samizdat

I’m a big fan of Linux-based security distros. There are many of them and most have their use. Of course each one goes through a period of fame and glory and extreme usefulness, and then it falls into oblivion when it becomes obsolete, stops being maintained (the curse of open-source projects) or a shiny new different one is released.

While there are some general-purpose LiveCD distros which are very good, such as the venerable Knoppix, my choice for security-oriented toolkits is the following:

Backtrack 2
http://www.remote-exploit.org/backtrack.html

Backtrack 2 can be downloaded from here

Mainly for pentesting and wardriving (it happens to support my PCMCIA wireless cards out-of-the-box, kinda). It is Slackware-based and contains many useful tools. From their authors:

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
It’s evolved from the merge of the two wide spread distributions Whax and Auditor Security Collection. By joining forces and replacing these distribution the BackTrack could gain a massive popularity and was voted in 2006 as #1 at the surveil of insecure.org. Security professionals as well as new-comers are using it as their favorite toolset all over the globe.

It contains more than 300 tools, and has some exciting features like the possibility of deploying password-cracking clusters using PXE boot (PDF link)

One bad point, at least for me, is the lack of Nessus 3 in the latest release of Backtrack. Apparently Tenable didn’t agree to it. However it is possible to install Nessus 3 on Backtrack2 without much problem!

mPentoo 2006.1
http://www.pentoo.ch/-PENTOO-.html

mPentoo 2006.1 can be downloaded from here

Pentoo and mPentoo (the mini version) are two LiveCD distros based on Gentoo. The mini-version (mPentoo) seems to be the most interesting one. It weights a little more than 200 MB, so it fits in small CDs the kind of which you can carry inyour wallet. From the authors:

Pentoo is a penetration testing LiveCD distribution based on Gentoo. It features a lot of tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities.

It includes many tools, listed here. As you can see it lacks nothing. It even includes a copy of Nessus 2.2 and Metasploit Framework 2.6.

Helix 1.8
http://www.e-fense.com/helix/

Helix 1.8 can be downloaded from here

One of the best forensics toolkit available today. Well documented. Based on Knoppix. Many different forensics tools and toolsets included, including Sleuthkit/Autopsy, and Steve Gibson’s Forensic Acquisition Utility.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

It can be used by booting the offline system to Helix, or by mounting Helix on a live system (Unix, Linux or Windows). All the evidence acquisition tools have minimal footprint and impact on the examined system, and the relevant tools are “forensically sound“.

As I mentioned at the beginning, there are many more LiveCD distros that can be used. Do you know of a good one? Please feel free to make suggestions!