NixOS for Pentesting Overview #81418
Description
NixOS for Pentesting
This represents an effort to bring Security and Forensics software to NixOS, so that it can become a viable alternative to projects like Kali Linux and BlackArch.
Expect updates here to any progress we may be making. Contributions are welcome.
Exploitation
-
armitagenot maintained -
backdoor-factorynot maintained - beef-xss
-
cisco-auditing-toolnot maintained, no upstream source -
cisco-global-exploiternot maintained, no upstream source -
cisco-ocsnot maintained - cisco-torch not maintained
- commix commix: init at 3.4 #177726 @fabaff
- crackle @fortuneteller2k
- exploitdb @applePrincess
-
jboss-autopwnnot maintained - linux-exploit-suggester linux-exploit-suggester: init at unstable-2022-04-01 #185034 @emilytrau
- maltego-teeth
- metasploit @fabaff
- msfpc
- routersploit routersploit: init at unstable-2021-02-06 #177860 @fabaff
- set
-
shellnoobnot maintained - sqlmap @bennofs
- thc-ipv6 @ajs124
- yersinia
Forensics
- autopsy
- binwalk-full @k0ral
- bulk-extractor
- capstone @thoughtpolice @risicle
- cuckoo
- dc3dd
- ddrescue @fpletz @domenkozar
- ddrescueview @orivej
- dff
- distorm3 @fabaff
-
dumpzillanot maintained - ext4magic @rkoe
- extundelete @domenkozar
- galleta
- ghidra @roblabla
- guymager
- p0f @thoughtpolice
- pdf-parser @lightdiscord
-
pdfidnot maintained -
pdgmailnot maintained -
peepdfnot maintained - regripper
- sleuthkit @gfrascadorio @7c6f434c
- volatility @bosu
- xplico
Hardware
Information Gathering
- ace-voip
-
amapnot maintained - arp-scan @bjornfor @mikoim @r-burns
-
automaternot maintained - bing-ip2hosts
- braa
-
cdpsnarfnot maintained - copy-router-config
-
dmitrynot maintained -
dnmapnot maintained - dnsenum @c0bw3b
- dnsmap
- dnsrecon @c0bw3b @fabaff
- dotdotpwn
- enum4linux @fishi0x01
- eyewitness -> we have gowitness
- faraday-cli @fabaff
- fierce @c0bw3b
- firewalk
- fragroute
- fragrouter
- golismero
- goofile
- hping
- ident-user-enum
- lbd
- masscan @rnhmjoj
-
nbtscan-unixwiznot maintained - nmap @thoughtpolice @fpletz
- ntopng @bjornfor
- osrframework
- recon-ng
- smbmap
- smtp-user-enum
- sn0int @xrelkd
-
spartanot maintained -
sslcauditnot maintained - sslsplit @contrun
- sslstrip sslstrip: init at 2.0 #296863 @fabaff
- sslyze @veehaitch
-
sublist3rnot maintained - theharvester @c0bw3b @treemo
- testssl @etu
-
twofinot maintained -
unicornscannot maintained - urlcrazy
- wireshark @bjornfor @fpletz
- wol-e
Maintaining Access
Passwords
- brutespray @Ma27
- cewl @elohmeier
- chntpw @deepfire
- cmospwd @t4ccer
- creddump @fishi0x01
- crowbar @Pamplemousse
- crunch @LnL7
-
findmyhashnot maintained -
gpp-decryptnot maintained - hash-identifier @ethancedwards8
- hashcat @kierdavis @zimbatm
- hashcat-utils @fadenb
- hcxtools @dywedir
- thc-hydra @offlinehacker
- john @offlinehacker @matthewbauer
- johnny
- keimpx
- maskprocessor
- multiforcer
- ncrack @siraben
- oclgausscrack
- ophcrack
- pack
- patator @y0no @SuperSandro2000
- phrasendrescher @bjornfor
- rainbowcrack
- rcracki-mt
- rsmangler
- seclists
- sqldict
- statsprocessor
- thc-pptp-bruter
- truecrack @ethancedwards8
-
webscarabnot maintained
Reporting
- casefile
- cherrytree
-
cutycaptnot maintained - dradis
- magictree
- metagoofil
-
nipper-ng)not maintained - pipal
-
rdpynot maintained
Sniffing & Spoofing
- bettercap @y0no
- dnschef @gfrascadorio
- dsniff @symphorien
-
fikednot maintained -
hamster-sidejacknot maintained -
hexinjectnot maintained -
ismtpnot maintained -
isr-evilgradenot maintained - mitmproxy @fpletz @kamilchm
-
ohrwurmnot maintained -
protos-sipnot maintained -
rebindnot maintained - responder
- rshijack @xrelkd
-
rtpbreaknot maintained -
rtpinsertsoundnot maintained -
rtpmixsoundnot maintained -
sctpscannot maintained -
siparmyknifenot maintained - sipp
- sipvicious @fabaff
- sniffglue @xrelkd
-
sniffjokenot maintained -
voiphoppernot maintained -
wifi-honeynot maintained -
xspynot maintained
Stress Testing
- dhcpig @Tochiaha
- funkload
- iaxflood
- inundator
- inviteflood
- ipv6-toolkit
-
mdk3not maintained - reaverwps @nico202 @volth
- reaverwps-t6x @nico202 @volth
-
rtpfloodnot maintained - slowhttptest @fabaff
- t50
- termineter
- thc-ssl-dos
Vulnerability Analysis
-
bbqsqlnot maintained -
bednot maintained - doona @Pamplemousse
-
hexorbasenot maintained, source no longer available - jsql-injection
- lynis @ryneeverett
- openvas
-
oscannernot maintained -
powerfuzzernot maintained -
sfuzzsource not available -
sidguessersource not available -
sqlninjanot maintained -
sqlsusnot maintained -
tnscmd10gnot maintained -
unix-privesc-checknot maintained - vulnix @ckauhaus
Web Applications
- apache-users
-
arachninot maintained, superseded by Codename SCNR -
blindelephantnot maintained, Python 2 - burpsuite @bennofs
- davtest
-
deblazenot maintained - dirb @bennofs
-
dirbusternot maintained -
fimapnot maintained - gobuster @Pamplemousse
-
grabbernot maintained - hurl @eonpatapon
- joomscan
- nikto @SCOTT-HAMILTON
- padbuster
- paros
- parsero
- plecost
-
skipfishnot maintained -
uniscannot maintained -
w3afnot maintained -
webshagnot maintained -
webslayernot maintained - websploit
- wfuzz @Pamplemousse
- whatweb @WolfangAukang
- wpscan @nyanloutre @manveru
- xsser
- zap @mogorman
Wireless
- aircrack-ng
- asleap @theHedgehog0
- bluelog
- bluepot
- blueranger
- bluesnarfer
- bully @edwtjo
- cowpatty @nico202 @fabaff
- eapmd5pass
- fern-wifi-cracker
- freeradius-wpe
-
ghost-phishernot maintained -
giskismetnot maintained - gqrx @bjornfor
-
gr-scannot maintained - hostapd-wpe
- kalibrate-hackrf @mogorman
- kalibrate-rtl @bjornfor
- killerbee killerbee: init at 3.0.0-beta.2 #282429 @fabaff
- kismet
- mfcuk @offlinehacker
- mfoc @offlinehacker
-
mftermnot maintained - multimon-ng @markuskowa
- pixiewps @nico202
- pyrit @danielfullmer
- redfang @fortuneteller2k
-
rtlsdr-scannernot maintained -
spooftoophnot maintained - wifiphisher
- wifitap
- wifite2 @Lassulus @danielfullmer
Also see: Are We Hackers Yet?
Why?
We live in a digital age where high-tech network attacks are rampant, it's critical to regularly scan for vulnerabilities and undergo penetration testing at least once a year to ensure our security practices are working. The only real way to have solid defensive security is to approach it from the mindset of an offensive attacker.