knoppix-std for linux

[hexadecimal]

i did some searching on this site and i couldnt find anything on knoppix-std so i decided to post a thread on it
knoppix-std is a freeware security junkie's dream program
its a 600 meg image (iso) that boots right to linux dl at www.knoppix-std.org/download.html
this is just about everything the sys admin could use to fix/test his/her system
Im sure some if not msot of you know about this but for thoes who dont i highly recomend this for your network
the list of types of programs it contains is as follows
authentication
encryption utilities
firewalls
penetration tools
vulnerability assessment
forensic tools
honeypots
intrusion detection
packet sniffers and assemblers
network utilities
wireless tools
password auditing (crackers)
servers
the next list are the names of the files
Authentication
/usr/bin/auth/

freeradius 0.8.1 : GPL RADIUS server
PAM config

Cracker
/usr/bin/cracker/

john 1.6 : John the Ripper password cracker. Includes the CERIAS dictionary: allwords2 (27 MB!) and NTLM patch

Encryption
/usr/bin/crypto/

gpg 1.2.1: GNU Privacy Guard
openssl 0.9.7a
cryptcat : netcat + encryption
sslwrap : SSL wrapper
stunnel : SSL wrapper

Forensics
/usr/bin/forensics/

sleuthkit 1.61 : atstake/sleuthkit.org's extensions to The Coroner's Toolkit forensic toolbox.
autopsy 1.71 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
mac-robber 1.0 : TCT's graverobber written in C rather than perl
fenris .07: code debugging, tracing, decompiling, reverse engineering tool
wipe : wipe a partition securely. good for prep'ing a partition for dd
secure_delete : securely delete files, swap, memory....
and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

Firewall
/usr/bin/fw/

iptables 1.2.7a
gtk-iptables : GUI front-end
shorewall 1.4 : iptables based package

Honeypots
/usr/bin/honeypot/

Honeyd 0.5-2
labrea 2.3-2 : tarpit (slow to a crawl) worms and port scanners

IDS
/usr/bin/ids/

snort 1.8.7-4: but of course
aide 0.9 : host baseline tool, tripwire-esque
swatch 3.0.1 : monitor any file, oh like say syslog
sha1sum
md5sum
syslogd

Network Utilities
/usr/bin/net-utils/

LinNeighboorhood : Linux network neighborhood
cheops 0.61-4 : snmp, network discovery and monitor tool
etherape 0.8.2-3 : network monitor and visualization tool
ntop 2.1.0 : network top, protocol analyzer
iptraf : network monitor
arptool : monitor and manage arp
arping : ping hosts by MAC
arpwatch : another arp tool
macchanger : change your MAC addr. works with wireless too.
mtr : traceroute
samba 2.2.3a

Penetration Tools
/usr/bin/pen-test/

Way too many to list. All the usual suspects. dsniff toolkit, much THC, ADM, Gobbles, RFP, nmrc, teso, irpas routing tools, brute force tools, buffer overflows, dns spoofing, man in the middle, tcp/ip hijacking, denial of service... Includes exploits for cve-2002-0392, cve-2001-0241, can-2002-1337, can-2002-0656, can-2003-0109. There is some overlap into Vuln-test tools. These tools are meant to test IDS systems and to learn how exploits in the wild are used and written. Be very careful. You are entirely responsible for your own actions. When source code was available you'll find it under /usr/bin/pen-test/src/.

Servers
/usr/bin/servers

apache 1.3.27
smail 3.2
sshd
vnc
bind9
net-snmp
iacd
tftpd
xinetd
netcat
httptunnel

Packet Sniffers and Assemblers
/usr/bin/sniff/

ethereal 0.9.5 : simply amazing.
ettercap 0.6.a : sniff on a switched network and more.
ngrep : network grep, a sniffer with grep filter capabilities
netsed : network sed, change the contents of packets traveling through your gateway on the fly
tcpdump 3.6 : the core of it all (libpcap 0.6)
ip-sorcerer : magic and ipmagic packet assemblers
nemesis 1.4 beta 1 : Packet injector or "a portable IP stack"
paketto 1.10 : fun with TCP/IP, scanning, tracerouting, NAT
tcpreplay 1.4.0 : replay tcpdump or snoop captures
dsniff 2.4 : sniffs only for usernameassword pairs passed on the wire in clear text protocols (telnet, ftp, http .....)

Vulnerability Assessment
/usr/bin/vuln-test/

Nessus 2.0.4 : what else?
nasl : command line nessus to trigger nasl scripts directly
map 3.10 : a necessity (also w/ a front-end for gui freaks)
amap 2.5 : application mapper (can find apps running on strange ports. like http on 2993.)
hkrootkit 0.40: look for rootkits
rpcinfo : hmmmm.... info from RPC?
snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
whisker 2.1 : cgi web vulnerability scanner (Thanks for everything RFP!)
winscan tools: SMB enumeration
hping2 : port scanner, host enumerator, packet assembler, traceroute on any port, much underrated, essential tool!

Wireless tools
/usr/bin/wireless/

airsnort : sniff, find, crack 802.11b
wardrive : ditto
kismet 2.6.2 : ummm ... yeah, ditto
macchanger : change your MAC address
patched orinoco drivers

[Zonewalker]

you didn't search very hard then - this thread gives a link to knoppix-std

http://www.antionline.com/showthread...hlight=knoppix

admittedly not much there on page 2 other than a mention and a link so this is a bit by the by... but one question though - Have you actually used this variant of knoppix? If so what are your opinions of it? I mean all of these tools are available for any linux install. I do like the idea of having them all run off CD mind you but just wondering what you thought of it.....

Z

[hexadecimal]

when i searched in this forum for knoppix i didnt find anything but i have used it a couple of times and i think its great and i highly recommend it

[lumpyporridge]

The title of this thread is just too funny , I thought it was gonna be bashing knoppix ,being that std is usually a sexually transmitted disease .

[hexadecimal]

lol no its not

[PuReExcTacy]

Thanks for the heads up. I normally use knoppix as an emergency linux distro, for server crashes and visiting a M$ user's computer. Anyways, I've been wanting a version of knoppix with security tools built-in. It's here, great.


--PuRe www.pureescape.net.

[Zonewalker]

hmm... I'm not sure if I've been fully understood - I have used knoppix quite a bit and think it's a great distro. But like PureExtacy I have been looking around for a live version with extra tools built in - so I was actually more interested if you have specifically used knoppix-std not just knoppix.... anyway I'll be burning a copy as soon as I can

Z

[FrameWork]

There is another great distro similiar to knoppix, called the "linux business card", i thought it was rather cool.

While having a live Linux distribution that you can fit in your wallet is cool, it's only the beginning of the coolness LNX-BBC has to offer. The LNX-BBC discovers all of your different devices and sets up the windowing environment automatically, but it doesn't start it quite yet. This allows the experienced user to work in text mode if need be.

LNX-BBC is the expert's tool for system maintenance. I recently used it at my brother's house to probe his broken hard drive for anything that could be recovered. Oddly, this Linux distribution is designed to make the Windows administrator's life much, much better. For example, it has tools for accessing NTFS partitions, Samba shares, and more.

It only takes a few minutes to download this very cool distribution and have some fun with Linux, so go ahead.

Here's the link to it: LNX-BBC

As you can see, very usefull aswell.

Source: TechTv

[hexadecimal]

yea i saw that on tech tv and it sounds pretty neat