Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best live CD for web testing will provide feedback for what they would like to see included on the CD.

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Tools

• – recon-­‐ng
• – w3af
• – BeEF
• – Burp
•  – OWASP
• – Rat
• – DirBuster
• – CeWL
• – Sqlmap
• – Maltego
• – WebScarab
• – Nmap
• - Zenmap
• – Nikto
• – Metasploit
• – Firefox
• – Tilt
• – Wappalyzer
• – FoxyProxy
• – ZAP
• – Firebug
• – ZAP
• – Burp
•  – Nikto
• – DirBuster
• – RaJ
• – ZAP
• – w3af
• – iMacro
• – CeWL
• – ZAP
• – ZAP TokenGen
• – Burpsuite Sequencer
• – User Agent Switcher
• – Cookies
• – Laudanum
• – BeEF 

Download Samurai Web Testing Framework 3.0

Read More

Kali Linux 1.0.7 Released

Kernel 3.14, Tool Updates, Package Improvements

Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:

apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence

One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!

This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

Torrents, Virtual Machine & ARM images

In the next few days, Offensive Security will post Virtual Machine and custom ARM images for the 1.0.7 release. We will announce the availability of these images via our blogs and Twitter feeds, so stay tuned!.

Source

Read More

[Matriux Leandros v3.0 rc1] The pentesting distrib (Now added Blackhat Arsenal 2013 Tools)

Matriux is a Debian-based security distribution designed for penetration testing and forensic investigations. Although it is primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing. Besides standard Debian software, Matriux also ships with an optimised GNOME desktop interface, over 340 open-source tools for penetration testing, and a custom-built Linux kernel.

Matriux was first released in 2009 under code name “lithium” and then followed by versions like “xenon” based on Ubuntu. Matriux “Krypton” then followed in 2011 where we moved our system to Debian. Other versions followed for Matriux “Krypton” with v1.2 and then Ec-Centric in 2012. This year we are releasing Matriux “Leandros” RC1 on 2013-09-27 which is a major revamp over the existing system.

Matriux arsenal is divided into sections with a broader classification of tools for Reconnaissance, Scanning, Attack Tools, Frameworks, Radio (Wireless), Digital Forensics, Debuggers, Tracers, Fuzzers and other miscellaneous tool providing a wider approach over the steps followed for a complete penetration testing and forensic scenario. Although there are were many questions raised regarding why there is a need for another security distribution while there is already one. We believed and followed the free spirit of Linux in making one. We always tried to stay updated with the tool and hardware support and so include the latest tools and compile a custom kernel to stay abreast with the latest technologies in the field of information security. This version includes a latest section of tools PCI-DSS.

Matriux is also designed to run from a live environment like a CD/ DVD or USB stick which can be helpful in computer forensics and data recovery for forensic analysis, investigations and retrievals not only from Physical Hard drives but also from Solid state drives and NAND flashes used in smart phones like Android and iPhone. With Matriux Leandros we also support and work with the projects and tools that have been discontinued over time and also keep track with the latest tools and applications that have been developed and presented in the recent conferences.

Features (notable updates compared to Ec-Centric):

• Custom kernel 3.9.4 (patched with aufs, squashfs and xz filesystem mode, includes support for wide range of wireless drivers and hardware) Includes support for alfacard 0036NH

• USB persistent

• Easy integration with virtualbox and vmware player even in Live mode.

• MID has been updated to make it easy to install check http://www.youtube.com/watch?v=kWF4qRm37DI

• Includes latest tools introduced at Blackhat 2013 and Defcon 2013, Updated build until September 22 2013.

• UI inspired from Greek Mythology

• New Section Added PCI-DSS

• IPv6 tools included.

Download Matriux Leandros v3.0 rc1

Read More