Some Ideas please?

[BrandonND]

Id like to start by clarifying that I am not one of the many noobs who use ubuntu for like a month then decide to try this. I also know this will not outtclass BackTrack or even Knoppix STD. I am going to be building a less bloated Pen Testing Distro, with all tools I have tried and tested and a few that I coded myself.

So far this is my plan:

Base Debian Install with KDE.

A nice Dark Theme with Compiz and a good Conky Script by default.

And The Following Programs:

Information Tools:

Maltego CE Information Gatherer

Finger Google OverPowered Google Searcher

Autopsy + sleuthkit Remote Computer Autopsy Tool

Frameworks:

Metasploit Exploit Framework

Immunity Canvas Exploit FrameWork

Other:

Socat Multipurpose Tool (ping, tracert, etc. )

MacChanger Change my Mac

SPIKE Multi Purpose Fuzzer

Matahari Reverse Connecting Backdoor Kit

Samba Connect to Windows Shares

Pstools + Sysinternals most can run in wine

Router Exploitation:

Fragrouter IDS evasion

cicso --all of them

Scanners:

p0f Service Identifier

nmap Port Scanner

amap Service Identifier

Zenmap GUI for nmap

hping3 Port Scanner + packets

Passwords:

FGdump Sam Dumper

Bob The Butcher Hash Cracker

John The Ripper Hash Cracker

Medusa Password Cracker

Hydra Password Cracker

Packets:

Scapy Packet Forger

Yersinia Packet Forger

EtterCap, Etterape -- Packet Manipulation

Wireshark Packet Monitor and Injector

Web Scanners:

Nessus Vuln Scanner

Absinithe SQL Injecting Fuzzer

WebScarab Web Application Proxy

Wapiti Web Script Fuzzer

Nikto Web Vuln Scanner + Fuzzer

Burp Web Scanner

Wireless:

Gkismet AP and Client Monitor

AirCrack-ng Wireless Cracking Set ( 15 tools )

AirSnarf + Airsnort AP impersonation

coWpatty WPA cracker

On Top of those will be my favourite ones, the ones I made myself,

GainKey- You supply the raw info, it automaticly runs through the hoops of cracking into a wireless network.

Drop2SYSTEM - An exploit in 2000, XP, Vista and Windows 7, that allows any process to become a SYSTEM process. -UNRELEASED

InfoGet - A program that automaticly gathers almost every kind of information you could want from a target.

RevCon- A Reverse Connecting Server + Client for windows Boxes.

MonitorAll - A Monitoring program capable of taking 1 fps video and monitors keys + mouse.

My problem is this: How can I get a very compatible kernel? I was wondering if it was possible to extract the bt4 kernel and then applying it to my distro. Any help on this front would be appreciated.

[digininja]

My suggestion, don't do it.

People come on various mailing lists I'm on all the time saying they want to do this and it always comes back to the same question, why bother when BT and others like Pentoo already exist.

It may be nice for a personal training exercise but general consensus is nothing more. If all you want to do is to add your own tools to a distro then BT4 is built on Ubuntu and will be able to use repositories so you can just take a BT4 release and add the packages to that.

If you want to go ahead then look at /proc/config.gz for the kernel config. If it isn't there then have a look for the config file in the linux source directory that I'm pretty sure comes with BT4 as I needed it to build some stuff I'm doing for them.

[gEEEk]

The thought is good. But when BT is out there, why use yours?

[taiyed14]

agreed, not worth it. and i would hardly say that BT4 is bloated.

[digip]

BT4 is still in Beta I think anyway. Who knows what they will come up with. Especially now htat it can do auto updates and easily install files, although, I prefer BT2&3 to 4 at the moment.

[BrandonND]

Well, I will never need 300+ tools and I prefer to build my own things whenever I can, and this is one thing I can do. I agree bt3 + 4 + 1 + 2 are great, but Id liek someting that I can customize 100% the way I want it. Thanks to the first person who gave my the tip on the kernal files :)

[digininja]

If you want to customize things then just create a partition on your testing machine and install everything on there, why bother with a dvd?

That is what I do, I rarely touch any live distros except to look at the tool list to see what they are suggesting for a certain area then install it on my own machine. I usually get a more up-to-date install, it is customised to me and having built and installed it once I know more about how it works and how to do it again.