Creating my own personal Linux distribution for Penetration Testing and White-Hat Hacking

[USBHacker]

Greetings,

Recently I have been working on a distribution of Linux built on

Debian... to get more specific, built on Linux -> Debian -> Ubuntu

8.10 -> Super Ubuntu. Though I will probably build it directly from

Ubuntu (or Debian) sometime in the future.

My distribution has been specialised to suite the requirements of your

everyday (and not so everyday!) pen-tester and white/grey hat hackers.

My sobriquet for this distribution is: HackBuntu.

Though sometime in the (near) future, I will probably rename it to:

Subuntu. (SecurityUbuntu)

I have posted this on this forum to get some advice.

Can someone please recommend me some tools to put on it?

Here is what I have already put into the distribution (excluding

command line ones);

Metasploit

Ettercap

Cain & Abel (via WINE)

NetStumbler (via WINE)

Maltego CE

Nessus

PuTTy

Wireshark

ZeNMap

OPHCrack

As for the command line ones (of what I can remember off hand)

Kismet

NMap

Aircrack-ng

p0f

Please recommend me some more tools to 'put into' this distribution.

Thanks in advance,

Chip D. Panarchy a.k.a: USBHacker

PS: Apart from adding tools, I also plan on editing the GNOME source code (and probably the Linux kernel) to better suite my needs. I may also include a version that contains Rainbow Tables (LiveDVD)

[PLuNK]

Why did you put Putty in there?

And personally if I wanted to be a script kiddie I'd use Backtrack.

[loftrat]

You might want to check the licensing conditions for nessus before including it, they removed it from BackTRack because it couldn't be freely distributed under the current nessus licence.

[moonlit]

*groan*

*headdesk*

[loftrat]

*groan*

*headdesk*

Give us a clue: Post 1, 2, or 3?

[ls]

according to this, netstumbler does not work with wine

nor does cain and abel : http://appdb.winehq.org/objectManager.php?...on&iId=6640

i would include

-foremost,photorec,autopsy,thesleuthkit for forensics

-bkhive and samdump

-nikto

-driftnet,wireshark,dsniff,ettercap

-pdfcrack,fcrackzip

- and ofcourse scapy so you can make your own sniffers and tools in python

a list with all the tools in backtrack 2 is here: http://securitydistro.com/distroinfo/4/Bac...2-Tool-List.php

[RogueHart]

Give us a clue: Post 1, 2, or 3?

gonna assume post 1 because everybody attacks anyone who wants to make their own distro

[psydT0ne]

i don't wanna make my own distro...there's already hundreds out there...

i'd be more interested in picking a distro and using it to the point where i'm 31337 with it.

who gives a crap about "another" toolz distro....aimed solely at improving one's notoriety.

sounds harsh but meh...

[USBHacker]

according to this, netstumbler does not work with wine

nor does cain and abel : http://appdb.winehq.org/objectManager.php?...on&iId=6640

i would include

-foremost,photorec,autopsy,thesleuthkit for forensics

-bkhive and samdump

-nikto

-driftnet,wireshark,dsniff,ettercap

-pdfcrack,fcrackzip

- and ofcourse scapy so you can make your own sniffers and tools in python

a list with all the tools in backtrack 2 is here: http://securitydistro.com/distroinfo/4/Bac...2-Tool-List.php

Thanks for all the tools listed, will add them (those that aren't already installed).

Um, for a more updated list: http://backtrack.offensive-security.com/index.php/Tools

But thanks!

Please continue to recommend tools &/or features to award my distro with.

who gives a crap about "another" toolz distro....aimed solely at improving one's notoriety.

Actually, it's aimed solely on... well not just one thing, I'd have to say 2 things (no longer solo!).

1. Furthering my knowledge of linux, and ubuntu/debian.

2. Furthering my knowledge of hacking, pentration testing, cracking etc.

There are other things (of course) that this will help me learn, such as programming. But those two listed above are [probably] the most important.

Please continue with replies that contain comments &/or suggestions!

Thanks in advance

USBHacker

[DingleBerries]

BACKTRACK < "SecutiyBuntu"

You are reinventing the wheel.. Why not make a REALLY vulnerable version of linux?

[loftrat]

BACKTRACK < "SecutiyBuntu"

You are reinventing the wheel.. Why not make a REALLY vulnerable version of linux?

<me_falling_into_obvious_trap>

http://www.damnvulnerablelinux.org/

</me_falling_into_obvious_trap>

[USBHacker]

BACKTRACK < "SecutiyBuntu"

You are reinventing the wheel.. Why not make a REALLY vulnerable version of linux?

As LoftRat mentioned, DVL.

Also, what's the problem with reinventing the wheel? (fuck, is this the most overused cliché on forums or what?)

I mean, do you like using Linux? Linux is (as you say) a reinvention of the wheel...

UNIX->Linux

So... yeah!

Anyways, please continue to suggest programs &/or features to add to my distribution.

Thanks in advance,

USBHacker

[ls]

As LoftRat mentioned, DVL.

Also, what's the problem with reinventing the wheel? (fuck, is this the most overused cliché on forums or what?)

I mean, do you like using Linux? Linux is (as you say) a reinvention of the wheel...

UNIX->Linux

he has a good point here, if no one would start developing a new linux distro because there are already hundreds of them then we probably wouldn't have had ubuntu or eeebuntu or ....

and for more tools :

-mtr

-hping

-thc amap

-netdiscover

-tor /privoxy

-imsniff

and since you are going to build it on top of ubuntu, you may want to check here:

http://www.ubuntu-unleashed.com/2008/06/to...-in-ubuntu.html

[psydT0ne]

i guess from my point of view, i'd prefer that he'd just produce the distro and say ..yeah i've been working on this...here it is all done...enjoy.

[metatron]

Wow the level of fail is at an all time high.

[DingleBerries]

Downloading a Distro and adding packages != "Lawl" I r making my own distro.

lrn2linux kthnxbai

[digip]

I'm gonna come right out and say it, because I have to wonder.

USBHacker, do you even know how to use linux? I am being serious here. Some of the questions you ask lead me to beleive you barely even know how to turn a computer on and off let alone run anything under linux.

As for reinventing the wheel, if you can possibly do any beter than Back Track, Russix or any other pen testing distro, then my hat is off to you, and I bow down at your feet. With BT4 just about to be released and the fact that I happen to know they are working on some new tools that make things so much easier to test/breach a system, you might as well wait until you see what is coming. Then try to work at improving upon something.

It's not so much reinventing the wheel, but if you are only adding what others can freely download and install right now, you are not only NOT reinventing the wheel, you are not accomplishing/inventing anything.

[Ingo]

Well, let the guy customize his live cd, it good practice on linux.

Besides it doesn't have to be better than something that has been out there for longer time there is always room for improvement no matter what OS/Live cd you are running. It's good to have some goals no matter how "easy" they may be =)

Just something to keep you motivated and "in-the-game" so to say

[USBHacker]

he has a good point here, if no one would start developing a new linux distro because there are already hundreds of them then we probably wouldn't have had ubuntu or eeebuntu or ....

and for more tools :

-mtr

-hping

-thc amap

-netdiscover

-tor /privoxy

-imsniff

and since you are going to build it on top of ubuntu, you may want to check here:

http://www.ubuntu-unleashed.com/2008/06/to...-in-ubuntu.html

Thanks for agreeing with me!

And thanks even more for suggesting those tools! Silly me, I don't have ANY of those tools on my distro yet. I will add them, expect them in the beta.

Thanks once again!

i guess from my point of view, i'd prefer that he'd just produce the distro and say ..yeah i've been working on this...here it is all done...enjoy.

Thanks for seeing it my way!

Downloading a Distro and adding packages != "Lawl" I r making my own distro.

lrn2linux kthnxbai

Ah... it won't be just adding packages. It'll be adding dependencies (libraries etc.) as well.

LOL

Okay, to be serious;

I'll be adding and removing packages, as you said, also, I will be editing the GNOME source code to better suite my needs, and will [probably] edit the kernel as well, also to better suite my needs!

So... yeah, that would make it my own distro, even if I didn't write the programs.

I mean, did Muts (one of the main 'makers' of BackTrack) write NMap and Wireshark? Yet he add it to his distro?

I'm gonna come right out and say it, because I have to wonder.

USBHacker, do you even know how to use linux? I am being serious here. Some of the questions you ask lead me to beleive you barely even know how to turn a computer on and off let alone run anything under linux.

As for reinventing the wheel, if you can possibly do any beter than Back Track, Russix or any other pen testing distro, then my hat is off to you, and I bow down at your feet.

Yes, I know linux. And thanks to my project, am learning much more every week.

I'll do my best to be the best. But if I end up failing (as metatron thinks I will) at least I will gain valuable linux and 'security type' knowledge in the process.

Though, if I succeed... well... WOOT! I'll be incredibly happy (for a long time!)

Well, let the guy customize his live cd, it good practice on linux.

Besides it doesn't have to be better than something that has been out there for longer time there is always room for improvement no matter what OS/Live cd you are running. It's good to have some goals no matter how "easy" they may be =)

Just something to keep you motivated and "in-the-game" so to say

Yeah, I agree with what you say. This will keep me very motivated, and when I'm motivated I've always found myself better able to learn.

So, could everyone please continue to suggest tools &/or features to add to my distribution?

Thanks in advance,

USBHacker

PS: Sorry about the size of my sig, if anyone can shrink it please do, I'm going to sleep! (LOL)

[PLuNK]

Resize that fucking signature.

[Ingo]

Big ass fucking signature!!!

Please A ) make smaller one for forums B ) limit its size in your signature

[DingleBerries]

This may be a good project for starting out with but if i dont think you will get it anywhere close to BT4. If it is _better_ than BT then i will give you some karma, if not then boo. So far you get no karma for that redonkeyless sig

[USBHacker]

Resize that fucking signature.

^LOL

Okay!

Sorry for not doing it straight away, was very tired when I finished it, and went straight to bed as soon as I uploaded it to tinypic!

LOL

Won't happen again!!!

Big ass fucking signature!!!

Please A ) make smaller one for forums B ) limit its size in your signature

Okay!

Sorry for not doing it straight away, was very tired when I finished it, and went straight to bed as soon as I uploaded it to tinypic!

LOL

Won't happen again!!!

This may be a good project for starting out with but if i dont think you will get it anywhere close to BT4. If it is _better_ than BT then i will give you some karma, if not then boo. So far you get no karma for that redonkeyless sig

All I can do is try!

So I need 3 things from online communities;

1. Luck (always #1!)

2. Tool recommendations

3. Feature recommendations

So if you so please, I would really appreciate some more suggestions of tools &/or features.

And/or luck !!!

Thanks in advance

USBHacker

[mubix]

So here are some of my suggestions:

1. Every tool that you include, check it's license as you will be distributing it.
2. Compatibility is key. If it doesn't work on peoples hardware, they can't get to the awesome tools
3. Decide if you are doing a LiveCD, a USB, a VM, a installable distro, or all of the above.
4. Get help. A project this size isn't something that is easily accomplished alone
5. As for a list of tools used, just look around some of the security forums and see what tools are being asked about their usage. Another place to look is the tools released at security conferences.

If this is going to just be a learning experience, then may I suggest jumping into Gentoo.

Good luck.

[MBP]

Maybe if he wanted to learn to use linux (Not hard people) he might just install a distro that isnt ubuntu and use it :P. Why does no one try this instead they make stupid threads about how they will learn to sue linux :P