Open Source Linux Penetration

Testing and Forensic Distribution

Narayanan SubramaniamInformation Security Consultant

“ GNU is My Religion, Linux is My God, Security is my Passion”

Mentored by Prajwal, Manu

Narayanan Subramaniam

• Started Working on Linux as a hobby from 1996 onwards.• Linux & Open Source Enthusiast• Information Security Enthusiast • Free Software Advocacy • New Member of matriux devel team • FSUG and ILUG Member • Certifications : CISA, CISM, CEH , ECSA

• Email: ns@matriux.com• Twitter: @narayanandots• Website : www.matriux.com

#initial releases:

• Matriux alpha (slax) – early 2008

• Matriux Lithium (Ubuntu KDE) – 2009/11

• Matriux Xenon (Ubuntu Gnome) – 2010/11

• Matriux Krypton (Debian) – 2011/08

• Matriux Krypton v1.2 (Debian) – 2012/02

• Matriux Ec-Centric (Debian) – 2012/08

• Matriux Leandros(Debian ) – 2013/10

• Matriux Blue(Debian ) – 2014/10 (Latest)

• Penetration Testers

• Digital Forensic Investigators

• Auditors

• System and Network Administrators

• Exploit Developers

• Security enthusiasts

• Casual Linux users??

• 330+ open source penetration testing, forensic and security tools

• Custom Kernel 3.2.0.4-amd64

• Very own custom installation tool – MID (Matriux Installation Disk)

• Latest tools – until last updated (2014.09.19)

• Smart phone penetration testing applications.

• Forensics not neglected – given equal importance.

• Build update tool – MUT (Matriux update tool)

• Applications from team Matriux

• USB persistent

• New Tools: lynis, vfeed, masscan, t50, vega scanner, ZAP proxy, Blind Elephant, gggooglescan, THC-IPv6, bing sqliscanner, subterfuge, pyflag

• New section in arsenal - PCI-DSS

• Build Architecture – X32 and X64 Builds

• Security tools logically organized based on work-flow into

#matriux :

• Reconnaissance

• Scanning

• Gain Access

• Exploit Frameworks

• Wireless

• Services

• #Reconnaissance :

• DNS

• HTTrack

• Dradis Framework

• etherape

• Magic Tree

• quickrecon

• peepdf

• tcptracers

• wireshark

• #Scanning:

• Web Servers

• Routing

• CISCO

• Batmand

• Batctl

• Angry IP scanner

• Cryptcat

• Ettercap console

• Ettercap GUI …etc.

• #Gain Access:

• THC-IPV6

• SQL

• Password• Brutessh

• Crunch

• Ophcrack

• John

• Sucrack

• Gcrack

• Etemenanki

• Vncpwdump

• Iisbruteforecer

• Medusa

• rarcrack

• #Exploit Frameworks:

• Inguma

• Metasploit

• Burp Suite

• Maltego

• wsfuzzer

• Webscarab lite

• HTTP Request Exploit Framework

• OWASP Mantra

• #Wireless:

• Bluetooth

• Kismet

• Reaver

• VOIP• SIP

• Aircrack-ng Suite

• Fern wifi cracker

• Gerix wifi cracker

• GrimWEPA

• WepBuster

• WEPlab

• pyrit

• Wifi radar

• #Services#

• Wicd

• Apache

• Batmand

• Bluemon

• Bluetooth

• Mysql

• Ssh

• Public release - in couple of weeks.

• Package repository – in a couple of weeks. (WIP)

• MSTF – Matriux Security Testing Framework. (WIP)

• DVM – Damn Vulnerable Matriux. (WIP)

Linuxfreedom is the major mirror where matriux is hosted.

The kind of support we are looking for

• Wiki mod

• Graphics

• Documentation Expert

• Release Testing

Efforts Required here is mainly Interest + Passion

• Official Home Page : http://www.matriux.com

• Matriux Leandros –OS VM : http://sourceforge.net/projects/matriux-vm/

• Matriux Blue – Latest Version : http://sourceforge.net/projects/matriux/

• Website: http://www.matriux.com/

• Twitter: https://twitter.com/matriuxtig3r

• Information Security Research Association: http://www.is-ra.org/

Narayanan Subramaniam

• Email: ns@matriux.com

• Twitter: @narayanandots

• Website: http://www.matriux.com/

• irc: freenode.net/ #matriux

Thanks to Manu ji, Prajwal and the entire matriux team helping me!