matriux leandros - bsideslv 2013
DESCRIPTION
Matriux is the first full-fledged Debian-based security distribution designed for penetration testing and forensic investigations. Although it is primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing. Besides standard Debian software the Matriux Arsenal contains a huge collection of more than 350 most powerful and versatile security and penetration testing tools with around 20-50 more tools being added every release cycle of 6 months. Matriux comes with a custom-built Linux kernel to provide better performance and higher support for hardware to work even with a Pentium IV and 512 MB RAM comfortably. Matriux was first released in 2009 under code name “lithium” and then followed by versions like “xenon” based on Ubuntu. Matriux “Krypton” then followed in 2011 where we moved our system to Debian. Other versions followed for Matriux “Krypton” with v1.2 and then Ec-Centric in 2012. This year we are working releasing Matriux “Leandros” which is currently in beta testing and a major revamp over the existing system. Matriux arsenal is divided into sections with a broader classification of tools for Reconnaissance, Scanning, Attack Tools, Frameworks, Radio (Wireless), Digital Forensics, Debuggers, Tracers, Fuzzers and other miscellaneous tool providing a wider approach over the steps followed for a complete penetration testing and forensic scenario. Although there are were many questions raised regarding why there is a need for another security distribution while there is already one. We believed and followed the free spirit of Linux in making one. We always tried to stay updated with the tool and hardware support and so include the latest tools and compile a custom kernel to stay abreast with the latest technologies in the field of information security. Matriux is also designed to run from a Live environment like a CD/ DVD or USB stick which can be helpful in computer forensics and data recovery for forensic analysis, investigations and retrievals not only from Physical Hard drives but also from Solid state drives and NAND flashes used in smart phones like Android and iPhone. With Matriux we also support and work with the projects and tools that have been discontinued over time and also keep track with the latest tools and applications that have been developed and presented in the recent conferences.TRANSCRIPT
#MATRIUX LEANDROS:Open Source Linux
Penetration Testing and Forensic Distribution
“Aut viam Invenium Aut Faciam”
Prajwal Panchmahalkar, C|EHLead Develop, Matriux@pr4jwal, http://www.matriux.com/#BSidesLV 2013Mentored by Josh : @savant42
#whois?Prajwal Panchmahalkar • L30• Security Researcher• Lead Developer, Matriux• Blogger• Recent Grad, MSCS, Texas Tech University• Web Developer – to feed myself..!!
• Email: [email protected]• Twitter: @pr4jwal• Website: http://www.matriux.com/
“Aut viam Invenium Aut Faciam”
“Aut viam Invenium Aut Faciam”
#Statutory warning
“Aut viam Invenium Aut Faciam”
#why?#Matriux• The most commonly asked question:
• Why another distro … while there are many others?• While there are many other desktop variants isn’t there
space for one more security distro?• Just follow the spirit of Linux…!
• The best way to learn Linux – make ONE.• Wanted to build one overcoming the existing systems• Have one that complied with out needs initially.
“Aut viam Invenium Aut Faciam”
#why?#Matriux• The most commonly asked question:
• Why another distro … while there are many others?• While there are many other desktop variants isn’t there
space for one more security distro?• Just follow the spirit of Linux…!
• The best way to learn Linux – make ONE.• Wanted to build one overcoming the existing systems• Have one that complied with out needs initially.
“Aut viam Invenium Aut Faciam”
#challenges faced?#Base Platform:• Ubuntu??• Slax??• Fedora??• Debian??• ……??#Expertize:• Lacked initial knowledge on how to start#Collaboration#Infrastructure#Legal Consultancy / advisory services#And definitely “Financial”..!
“Aut viam Invenium Aut Faciam”
#Matriux?#initial releases:• Matriux alpha (slax) – early 2008• Matriux Lithium (Ubuntu KDE) – 2009/11• Matriux Xenon (Ubuntu Gnome) – 2010/11• Matriux Krypton (Debian) – 2011/08• Matriux Krypton v1.2 (Debian) – 2012/02• Matriux Ec-Centric (Debian) – 2012/08
“Aut viam Invenium Aut Faciam”
#who should use?• Penetration Testers• Digital Forensic Investigators• Auditors • System and Network Administrators• Exploit Developers• Security enthusiasts• Casual Linux users??
“Aut viam Invenium Aut Faciam”
#features?• 330+ open source penetration testing, forensic and security
tools• Custom Kernel 3.9.4• Very own custom installation tool – MID (Matriux Installation
Disk)• Latest tools – until last updated (2013.07.30)• Smart phone penetration testing applications.• Forensics not neglected – given equal importance. • Build update tool – MUT (Matriux update tool)• Applications from team Matriux• USB persistent• New section in arsenal - PCI-DSS
“Aut viam Invenium Aut Faciam”
#matriux• Security tools logically organized based on work-flow into
#Arsenal :• Reconnaissance• Scanning• Gain Access• Frameworks• Wireless• Forensics• PCI- DSS• Debuggers• Tracers• Misc• Services
“Aut viam Invenium Aut Faciam”
#matriux• #Reconnaissance :• DNS• HTTrack• Dradis Framework• etherape• Magic Tree• quickrecon• peepdf• tcptracers• wireshark
“Aut viam Invenium Aut Faciam”
#matriux• #Scanning:• CISCO• Batman tools• Web Scanners• Angry IP scan• ettercap• gggooglescan• metagoofil• Blind eliphant• Nikto• XSS tools• Vega• p0f• t50
“Aut viam Invenium Aut Faciam”
#matriux• #Gain Access:• Passwords:
• Brutessh• Crunch• Ophcrack• John• Sucrack• Gcrack• Etemenanki• Vncpwdump• Iisbruteforecer• Medusa• rarcrack
“Aut viam Invenium Aut Faciam”
#matriux• #Gain Access:• Passwords:
• Brutessh• Crunch• Ophcrack• John• Sucrack• Gcrack• Etemenanki• Vncpwdump• Iisbruteforecer• Medusa• rarcrack
“Aut viam Invenium Aut Faciam”
#matriux• #Gain Access:• SQL:
• Bing-sqli-scanner• bsqlbf• minimysqlat0r• SQLBrute• sqlmap• sqlninja• sqlsus
“Aut viam Invenium Aut Faciam”
#matriux• #Gain Access:• SQL:
• Bing-sqli-scanner• bsqlbf• minimysqlat0r• SQLBrute• sqlmap• sqlninja• sqlsus
“Aut viam Invenium Aut Faciam”
#matriux• #Gain Access:• THC - IPv6:
“Aut viam Invenium Aut Faciam”
#matriux• #Gain Access:• THC - IPv6:
“Aut viam Invenium Aut Faciam”
#matriux• #Frameworks:• Inguma• Metasploit• Social Engineering Toolkit• w3af• BEef• GrendelScan• OWASP Mantra• Skipfish• Web Scarab• yersinia• Subterfuge• BurpSuite• maltego
“Aut viam Invenium Aut Faciam”
#matriux• #Wireless:• Bluetooth• Kismet• Reaver• VOIP
• SIP
• Aircrack-ng Suite• Fern wifi cracker• Gerix wifi cracker• GrimWEPA• WepBuster• WEPlab• pyrit• Wifi radar
“Aut viam Invenium Aut Faciam”
#matriux• #Forensics:• Acquisition• Analysis• Meta extractors• Dhash• dcfldd• fmem• memdump• Mobius forensic toolkit• pyflag• warrick• LIME
“Aut viam Invenium Aut Faciam”
#matriux• #Forensics:• Acquisition:
• A.I.R.• Galleta• Guymager• Steghide• Volatilitux• Volatility
“Aut viam Invenium Aut Faciam”
#matriux• #Forensics:• Analysis:
• androguard• apkviewer• Autopsy sleuthkit• foremost• Forensic data identifier• Gparted• Iphone Analyzer• Jbrofuzz• Vinetto• Pasco• Scalpel
“Aut viam Invenium Aut Faciam”
#matriux• #Forensics:• Metaextractors:
• pdftools• Flash tools• Text extractors• Image extractors• Meta info extractors
“Aut viam Invenium Aut Faciam”
#matriux• #PCI-DSS:• Babel• Ccsrch• Code janitor• Dep-checker• Eramba• Fossbarcode• Fossology• Ftimes• Open SCAP• Panbuster• SeNF• Spider Helix• Verinice
“Aut viam Invenium Aut Faciam”
#matriux• #Debuggers:• Boomerang• Crash• Ddd• Dissy• E2dbg• Electronic fence (efence)• Gdb• Hexedit• Javascript lint• Netifera• valgrind
“Aut viam Invenium Aut Faciam”
#matriux• #Tracers:• Etrace• Leak-tracer• Ltrace• Pstack• Strace• xtrace
“Aut viam Invenium Aut Faciam”
#what you do now?• Download Matriux.• Install it.• Play with it. • Have fun (you can help us improve it.)• Get back to us at:• [email protected]• @matriuxtig3r
“Aut viam Invenium Aut Faciam”
#what we from do now?• Public release - in couple of weeks. • Package repository – in a couple of weeks. • MSTF – Matriux Security Testing Framework. (WIP)• DVM – Damn Vulnerable Matriux. (WIP)
“Aut viam Invenium Aut Faciam”
#Thanks for sitting through this !!
Prajwal Panchmahalkar • Email: [email protected]• Twitter: @pr4jwal• Website: http://www.matriux.com/• irc: freenode.net/ #matriux
“Aut viam Invenium Aut Faciam”
Thanks to Josh: @savant42 for helping me!
Many thanks to Manu Zacharia, Gokul C Gopinath and Mikael Schoentgen for helping me through this build
