BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use for network security and penetration testing. The tools are organized into different categories such as ‘Information Gathering’, ‘Vulnerability Assessment’, ‘Exploitation Tools’, ‘Privilege Escalation’ and ‘Maintaining Access’, amongst others.
When you boot into BackTrack, you are taken to a Linux shell where you will need to enter “startx” to load the GUI. When the BackTrack GUI has loaded, click the ‘Install BackTrack’ shortcut on the desktop to initiate the BackTrack installation. Once complete, reboot the machine and access the tools from Applications > BackTrack.
Note: When BackTrack was taken over by a commercial entity, they remained committed to sustaining an open source security and penetration testing distribution and re-built BackTrack from the ground up into what is now known as Kali Linux. Kali Linux is another useful addition to your security toolkit and will eventually render BackTrack redundant. Download it from here and try it out for yourself.
Cain & Abel allows you to recover passwords by sniffing the network, cracking encrypted passwords, recording VoIP conversations, decoding scrambled passwords, and revealing password boxes, amongst others. It also contains an Access Database password decoder, RDP password decoder, VNC password decoder and Hash Calculator.
When you launch Cain & Abel, start by exploring the Decoders tab and the Cracker tab – this is where you can set Cain & Abel to decode and display passwords for various protocols or applications. You should also check out the Sniffer tab – this is where you can capture usernames and passwords as they travel across the network between different hosts.
Password Safe allows you to create an encrypted database container for listing all your usernames and passwords, which can only be accessed by means of a “master password”. The encrypted database container file can be backed up and transferred between locations for convenience.
When you load Password Safe for the first time, you’ll first need to create a new Password Safe Database and then enter a Safe Combination which will be used to encrypt the database. The Safe Combination will be used every time you wish to gain access to the list of passwords. Once you’ve created the database, right click on a blank area within the main window and choose “Create Entry” to create a new entry – here, you’ll be able to store a username, a password and any relevant notes.
Tip: Password Safe contains an in-built Password Generator which you can access from Manage > Generate Password, or by using CTRL + P.
Eraser allows you to completely remove data from your hard drive by overwriting each data block several times using an erasure method of your choice.
To get started, open Eraser, right click anywhere on the blank section of the main window and click “New Task”. You will be asked to select when the task should be run, the data you wish to remove and the erasure method to be used (e.g. US Air Force 5020 (3 passes) or Gutmann (35 passes)).
Security Onion is a Linux distribution tailored for use as an IDS (Intrusion Detection System) and NSM (Network Security Monitoring) toolkit. It contains tools like Snort, ELSA, Xplico, and NetworkMiner and the in-built setup wizard makes it easy to use.
When you boot from the Security Onion ISO file, you are given the option to launch the live system or system installer. If you choose to launch the live system you will be taken to an Ubuntu-based Linux interface with a series of tools available for you to use. You will also have the ability to launch the Security Onion setup wizard.
Metasploit Community Edition allows you to simulate attacks on your network to uncover security issues. Features include the ability to discover network assets, conduct basic penetration tests and exploit individual vulnerabilities.
Tip: Rapid7’s Nexpose Vulnerability Scanner (Community Edition) integrates with MetaSploit Community Edition to offer increased functionality.
Note: MetaSploit also comes in a “Framework” edition which is the original open source platform for manual exploitation and brute forcing via a command line interface.
When you launch the MetaSploit Community UI, you’ll first need to create an account and enter a product licence key (which you can obtain for free when downloading the installation package). You can then get going immediately by performing a network discovery from the Overview tab.
WinDump is essentially TcpDump for Windows. TcpDump is a powerful network packet analyser for Linux that can be used for network debugging and security monitoring. Using WinDump allows you to have the same functionality as TcpDump in a Windows environment.
WinDump requires WinPcap 3.1 or above to be installed. Once you’ve installed this, simply execute windump.exe from a command line to initiate the packet capture process. Unless you wish to perform a live analysis, dumping the results to a text file is recommended. To do this, type “windump >> c:\folder\textfile.txt” in the command prompt, and replace the text file location with one of your choice.
Network Security Toolkit (NST) is a bootable live CD containing a wealth of open source network security tools that can be used by security professionals for network security analysis, validation, testing and monitoring.
When you boot from the NST ISO file, you first choose whether you wish to launch the command-line version or the GUI version. If you choose the command-line version, you’ll need to run the tools manually by issuing a series of commands and parameters. If you choose the GUI version, a Linux type environment will load giving you the option of installing the NST tools to disk or running them directly from the “Activities” menu.
OpenVAS is an open source Vulnerability Assessment System that offers a selection of tools and services for vulnerability scanning and vulnerability management. The security scanner feeds off an online database of over 30,000 network vulnerability tests and is updated regularly.
When you launch the OpenVAS web UI you can launch a quick scan against an IP address or hostname or create a new task manually from the Scan Management tab. When the scan is complete you can view the results and download a report detailing the open ports, vulnerabilities found and the information log.
Steganography is all about hiding in plain sight. Essentially you are hiding data within data. OpenPuff is a steganography tool with features that include multi-level encryption, pseudo random number generator based data scrambling, whitening, and encoding which make for a strong steganography algrithm. OpenPuff also includes the ability to add a decoy password to reveal decoy data (in case you were ever suspected of receiving a steganography file and asked to reveal the data) as well as the ability to split the hidden data over multiple files (carriers).
To initiate data hiding, launch OpenPuff and press the “Hide” button. Follow the four step process to enter a password, add the secret data, add the carrier files, and choose the level of bit selection to be used. Optionally, add decoy data and then click “Hide Data!” to begin.
Freeraser is a data shredder tool that permanently deletes data by overwriting the data blocks with random data multiple times. Freeraser offers three options for data destruction – a ‘fast’ option which uses 1 round, a ‘forced’ option which uses 3 rounds and an ‘ultimate’ option which uses 35 rounds of overwriting with random data.
When Freeraser is open, a large recycle bin icon will appear on the desktop. To erase files, simply drag them to the icon. A warning message will pop up stating that the data will be permanently destroyed if you continue. You can also choose which files to remove by right clicking on the icon and selecting “Select File to Destroy”.
OpenStego is a basic easy-to-use steganography tool that takes any ‘secret’ message file as input and embeds it into a cover file to create a resulting image. You are given the option to compress and encrypt data and control the algorithm used in the steganography process.
Note: OpenStego is built using Java so you will need to run it on a machine that has Java installed.
The first thing you need to do is select the steganography algorithm to be used and the ‘secret’ message file you wish to be hidden. You then select the cover file (the image to be used to conceal the secret message file within it) and the output filename. Once you are done, click “OK” to start the obfuscation process.
Retina Network Community is a free vulnerability scanner for up to 256 IPs that offers powerful vulnerability assessment across operating systems, applications, devices and virtual environments within your network using a comprehensive vulnerability database that is updated regularly.
When you launch Retina Community, start by setting up your Audit from the Audit section at the top – here, you can choose what credentials to use, which targets to scan, which ports to detect, which audit types to run, and what information to obtain from each target. Once you’ve done this hit the “Scan” button to initiate the scan and view the results at the bottom of the window.
OWASP Mantra is a browser based security framework which includes a selection of integrated and online tools that can be used for penetration testing and web application testing. There is everything from online network and information gathering utilities to an integrated SSH client.
When you launch the OWASP Mantra browser you are presented with a Welcome page with a splash screen similar to the Windows 8 interface. From here you can browse to the “Hackery” or “Gallery” pages to discover the available online tools. On the left hand side of the browser is a selection of icons which launch the integrated tools.
KeePass is a light-weight user-friendly password manager that allows you to store username and password combinations in a highly-encrypted database. Access to the database is secured using a master password or key file.
When you first launch KeePass you’ll need to enter a “Master Key” which is used to prevent access to the password database. You can then start to create groups for categorization and password entries for each group. KeePass also has a search facility in the top menu bar for quick access to a certain password or to help you find a password entry if you can’t remember it – this saves you navigating through each group.
Nmap allows you to perform network discovery and security auditing, including tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Note: The Nmap package comes with Zenmap (a front-end GUI for Nmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Zenmap can be used to control Nmap from a GUI rather than a command-line. Upon launching Zenmap, enter the target to be scanned and choose a scan profile before clicking “Scan. Results will be displayed in the “Nmap Output” tab with a further breakdown available in the Ports/Hosts, Topology, Host Details, and Scans tabs.
PuTTY is a lightweight application that allows someone sitting at a Windows machine to remotely connect to a Linux server using the SSH, Telnet and Rlogin network protocols. The PuTTY family of tools also consists of PSCP (an SCP client for secure command-line file copy), PSFTP (an SFTP client), PuTTYtel (a Telnet-only client), Plink (a command-line interface to the PuTTY back ends), Pageant (an SSH authentication agent) and PuTTYgen (an RSA and DSA key generation utility).
Note: On the server side, you will likely have an SSH implementation such as OpenSSH (http://www.openssh.org/) which encrypts all traffic transmitted across the network and is useful for securing protocols like telnet, rlogin and ftp (which transmit data over the network in plain text).
Once you enter the connection details and click Open, a command prompt type window will appear asking you to login to the specified server. Once you do this, you can issue commands directly to that server.
The Random Password Generator from random.org does just that – it generates random passwords for you based on a set of criteria you provide. Unlike some websites, the generated passwords are delivered to you over an SSL connection for added security (last thing you want is a rogue on your network capturing packets and discovering all your newly generated passwords!).
Simply navigate tohttp://www.random.org/passwords/ and enter the required criteria to get started. If you want more criteria to be considered when generating a password, try using the Random String Generator at https://www.random.org/strings/.