• Pen Test Distros

    From diviniti@700:100/33 to All on Tuesday, July 19, 2022 14:54:45
    hi, infosec student here, I've been using Kali as I go through coursework but
    I have need of installing a new os today and I have a couple of questions. first, is there anything better than kali that's maybe not so well known or even public? a private distro would be rad. or should I just install my usual Arch and add toolsets piece-meal? the latter is where I'm leaning, I looked
    at blackarch and it suuuuuucked but I know I can just add the repo to a
    normal arch install.
    thanks in advance for your advice!

    - diviniti

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (700:100/33)
  • From Greenlfc@700:100/71 to diviniti on Wednesday, July 20, 2022 11:02:18
    When you're learning it can be valuable to load your tools yourself so that you understand them a little better.

    It's never a good idea to use a dedicated pentest distro as your regular workstation. You're better hardening your choice of OS and doing your pentesting from a VM, or just use a dedicated machine for your investigations.

    I would investigate Parrot Security distro, and if you can get a copy of it, Slingshot. Slingshot is provided to SANS students in the pentesting classes and is loaded with good stuff (and some of the class materials are hanging out in there, too).

    GreenLFC ║ e> greenleaderfanclub@protonmail.com
    Infosec / Ham / Retro ║ masto> GLFC@mstdn.starnix.network
    Avoids Politics on BBS ║ gem> gemini.greenleader.xyz

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)
  • From diviniti@700:100/71 to Greenlfc on Thursday, July 21, 2022 10:11:55
    Awesome, slingshot sounds like something I'd be interested in. But ultimately I just went with my usual comfy Arch install and I'm just loading the tools I need from the blackarch repos. Will keep an eye out for slingshot though, the class materials sound promising.

    - diviniti

    ... Hey you dropped your pen.... and while you're down there

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)
  • From paulie420@700:100/71 to diviniti on Sunday, July 24, 2022 14:18:36
    hi, infosec student here, I've been using Kali as I go through
    coursework but I have need of installing a new os today and I have a couple of questions. first, is there anything better than kali that's maybe not so well known or even public? a private distro would be rad.
    or should I just install my usual Arch and add toolsets piece-meal? the latter is where I'm leaning, I looked at blackarch and it suuuuuucked
    but I know I can just add the repo to a normal arch install.
    thanks in advance for your advice!

    It really depends on what you are DOING and what you need from the OS. You know, if you are doing a literal pen test for your company, Kali might be perfect out of the box. To answer your question, some people like blackArch. Its built on Arch Linux instead of Ubuntu and can either be installed via command line or theres an ISO you can grab.

    I a couple other tools I use, and why;

    a Whonix VM - A software that can anonymize everything you do online. When I'm doing anything that requires complete anonymity I spin up Whonix and make sure that I'm behind both their gateway and workstation. It can be used for both .onion browsing behind Tor, among other tools to send, receive and disseminate data without giving up any info.

    Kodachi Linux - This is a distro that runs behind a VPN [or three] and has anonymity build into the OS... it can be turned off, if needed. It also has a cool self-destruct feature that you can arm or set off if needed.


    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)