Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Top Posters
Who's Online (1)
- Phage 3:49AM
Powered by Vanilla.
Made with Bootstrap.
Project Propostion: X-SploitServ OS (Name not finalised)
-
This is not another Pentest OS before you rage.
This is aimed to be a no GUI server based operating system comprised of tools that can be launched via SSH. It will be a lightweight distro based on a stripped down Debian Squeeze.
We will then build it back up again with server-based penetration testing tools and group collaboration tools. There will also be a variety of command line tools that can be launched via SSH.
Advantages of this
- Tools like Nessus Server will not waste your resources running on your own computer, you can simply use its nice web interface
- Collaboration is key in this project, tools like dradis can be used for easy web based collaberation
- Old computers can not run the latest backtrack with ease
- You do not need to conduct your Pentests in a vm anymore or have a brilliant PC dedicated to backtrack only, you can launch all from the web or from SSH using minimal resources
- If it is a group server, your IP is totally masked in attacks!
- A great and unique community project to get started! :D
Proposed Tool list (Please start contributing)
Web Based tools
- Nessus server
- Dradis Server
- Msf web
Other tools
- Metasploit with rpm server on (ie you can connect clients like arminatage)
- nmap, can be launched via a web script we make or via ssh.
- Most of the CLI tools that are in backtrack
Project SuggestionsIRPAS/VIPRR
LOKI!!!!
NCAT
NCRACK
IKE-SCAN
UNICORNSCAN
SCANRAND
Further Development
- We could also create a web script that allows us to control all the CLI scripts via a nice web interface.
Please give your comments! :)Xin -
tools to include---
IRPAS/VIPRR
LOKI!!!!
NCAT
NCRACK
IKE-SCAN
UNICORNSCAN
SCANRAND
to name a few -
also OpenVAS if we are including vulnerability assessers/databases
-
This looks like it could be a very good project, but yes like someone else said, get rid of autopwnSkype: mrpt3oTwitter: MrPteo
-
Nmap and some form of linux hash cracker.
-
Sounds like a great project, I was thinking about doing something similar on a debian machine of mine.
But I would leave Msf Web out, since it is terribly slow and has security bugs. -
anyway to add IDA pro? or CORE Impact?
-
IDA Pro could probably be added as it's been cracked but CORE impact has yet to be cracked so i'm told. Might have been by now though.
-
what about CANVAS? has that been cracked?
-
There's a VERY old version of CORE out there that's cracked, but no version worth getting... :/
-
can we get a few has cracking one's ?? say like a python script - dark cracker and web tools like : burpsuite
-
msfweb comes bundled with the msf framework, if you want to leave it out, then thats simple, dont execute it from Sysv and use msfgui or msfconsole instead. As for stripping down debian, their are already stripped down versions available as a base package. I suggest taking a look at Crunchbang Linux based on Squeese && Wheezy shipping with OpenBox, if you havent tried OpenBox as a desktop enviroment then your missing out because it's one of the fastest and most responsive desktops going. SELinux is supported by default on Debian as is Kerberos 5, LDAP, FreeRADIUS etc. Theirs also a nice offering called Liberte Linux based on Gentoo which also ships with OpenBox and gRsecurity by default. http://dee.su/liberte/ it has some nice Mac changer scripts worth pilfering that allow you to spoof your Mac Address everytime it starts up. The only thing stopping me from using it myself is I require Prism54 wireless support for my custom built Atheros that I hand built from a second hand ZyXel Router and Gentoo asks you to compile the drivers directly into the kernel whereas Debian has a far easier way of just using a kernel module specified for the task. http://wiki.debian.org/prism54
However unless you have a spare ZyXel uvw GemTek Technologies Co. Blue Router with twin antennas laying around you can forget about laying your hands on one of these wireless cards because their like finding "Gold" dust. By using DECNET for Linux the eth0 (ethernet) aquires both a full MAC and a soft MAC hardware address example: aa:00:04:00:0a:09 (Digital Equipment Corporation) and by using this card shown in the following photo:
http://postimage.org/image/yocvgqgvv/
Then the wireless on wlan0 also gets attributed both a full MAC and a soft MAC address.
That way when you try to use the wireless to connect to anything it asks you to authenticate with a secure 2048bit PKI and your security becomes almost second to none. I took the liberty of adding an external antenna with a 25db gain, most of the Prism54 Cards I have come across are PCMCIA only, these cards are becoming very rare and desireable and since the company went out of buisness finding one wasnt easy.
If you find yourself wanting to have one you'll have to start with one of these:
http://www.ebay.com/itm/Mini-Wireless-Lan-PCI-MiniPCI-to-PCI-Adaoter-Converter-/130722596524?pt=LH_DefaultDomain_0&hash=item1e6fac86ac
However a quick search of ebay for p54pci returns: Your search returned 0 items which is no surprise if you find one expect to pay in excess of $160 for one that handles 54Mbps && Supports b/g
However a search for cheap older brands with the Prism 2.5 Chip returns:
http://www.ebay.com/sch/i.html?_nkw=Linksys+WMP11&_sacat=0
SO DONT DELAY BUY YOURS TODAY - THESE CARDS ARE NO LONGER MANUFACTURED AND THEY'RE ON SALE CHEAP! The part you want is consealed under that little metal blanking plate which should be remounted because the MiniPCI to PCI Converter support's 11/54/108 b/g WiFi wireless with Exchange Data Speed: Max. 600MB/s && US $3.85 <-- Thats what I call a bargin. Dont be fooled into thinking it's WEP only, its WEP / WPA / PSK / TKIP / CCMP / WRAP once Linux loads the Kernel Module for it! HOWEVER - <br />Caveat Emptor - Buyer BEWARE dont buy the phat (fat) Linksys WMP11 v2.7 those are Broadcom Chipsets you want the slimmer V4 on sticker which is Prism 2.5 of which there are only x4 on offer in that sale, the boxed new ones are most definately Broadcom. (too phat!)
http://www.ebay.com/itm/NETGEAR-MA311-PCI-Adapter-New-in-SEALED-Box-/370628030487?pt=US_Internal_Network_Cards&hash=item564b26f017
^-^another Prism 2.5 and the only one that can definately be classed as a Intersil Corporation ISL3890 [Prism GT/Prism Duette]/ISL3886 [Prism Javelin/Prism Xbow] chipset. If your wondering whats so great about these wireless cards... Well I leave that for those that havent gotten one to figure out and just say it was the only wireless card in production where the drivers where open source.
P.S: I am not too sure if taking the wireless mini PCI directly out of a router by cutting away its blanking plate with a dremel and removing it from the base station to stick it onto a PCI host bridge is in conformity with FCC rules & regulations, probably not, but screw the rules. Hackers modify after factory Hardware && Firmware (wet-ware) it's not just Software :)~
P.P.S: Does my server need more Hard Disk Drives? http://postimage.org/image/p4t6445q3/
Oops time to take my pill...
-
this sounds really cool tbh, great idea. I especially like the idea of running the aps remotly to save local resources.Skype: mrpt3oTwitter: MrPteo
