Top 10 Security-focused Live Linux Distributions
Darknet.org has this nice article on 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery). I personally have tried Knoppix and Backtrack. Personally, I would have liked a Fedora Core-based LiveCD system. This is mainly for ease of customization since I am a Fedora Core fan. Backtrack is the next best thing as it is SLAX-based and I find customizing a SLAX-based distribution easier than a Debian-based one. Knoppix (regular edition) is not really a Security-focused LiveCD but it does have the basic tools.
In the end, I would just like a distribution with at least the following features:
1. Runs on memory or at least has part of its filesystem in memory. This way I can download and install other tools on the fly. I can also customize existing tools that may require filesystem modification. A scratch work directory is important when building exploits and security tests from scratch.
2. Ability to compile, build and run programs. The GNU build tools (make, gcc and etc) and Perl will suffice for this. The flexibility of writing a custom vulnerability test or exploit is already a create boon to security experts. In most cases, some level of automation is also needed. Building programs for both these cases is a mandatory trick up any whitehat’s (even blackhat’s) sleeve. Sometimes, you need the source to get things done.
3. Ability to browse the Internet. Yes, I would like to browse my favorite search engines and security-aware sites when I need help. Hey, no system is complete and perfect. Just give me links and wget. Also a lot of tests can be done using browsers and tools available on the Internet.
4. Standard Network Shell Tools. Knowing ones’ network environment is necessary. The standard Linux networking tools (innocent as they seem) like dig, ping, traceroute, tcpdump, netstat, nbtstat and telnet are deadlier than most people think.
5. A Decent Port Scanner. Knowing the available services and ports is sometimes enough. It saves you the trouble of doing trial and error or guessing. I like nmap for its ease of use and straight its forward interface. Nmap also comes with a whole suite of options that are helpful during special cases.
Although not mandatory in my book, these things would definitely help:
1. List and documentation of latest exploits. Securityfocus and Secunia documentation would be nice to keep on CD. Especially, if it were properly indexed and searchable. This is especially true if you are in a closed system with no gateway access.
2. An Updated Vulnerability Scanner. This just makes it easier for look for known exploits. I personally prefer Nessus and it IS worth paying for the additional commercial plugins. Nessus like nmap also comes standard with a whole suite of customizable options.
3. Automated Vulernability Testing and Exploiting Tools. If I don’t have to build the exploits myself that would be great. I am a big fan of the Metasploit Framework (a script kiddie’s dream come true) and hope they come out with more plugins. Additional tools like Nikto for websites, Hydra for passwords and logins, and others.
4. Wireless Network Scanner. Since, there are numerous potentially vulnerable wireless networks out there. It would be nice to take advantage of them, at least, for the free Internet access. Kismet will do.
It would have been nice if darknet.org had some criteria for judging what they consider the “top”. I also noticed that some of these are pre-beta or alpha software and might not be actively supported or maintained. Redoing the Top 10 list based on a accepted criteria might be a good article for a future issue. Hmmm…
