Date: Sun, 29 Dec 2013 16:50:32 +0100 From: Polytropon <freebsd@edvax.de> To: Frank Leonhardt <frank2@fjl.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: IT security and pentesting tools on FreeBSD Message-ID: <20131229165032.6b82d8a0.freebsd@edvax.de> In-Reply-To: <52C04198.5070102@fjl.co.uk> References: <20131229143625.b3f3a2cf.freebsd@edvax.de> <52C04198.5070102@fjl.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Dec 2013 15:36:56 +0000, Frank Leonhardt wrote: > You work for the NSA and I claim my $50! Sorry, I work for the MfS and we only provide vouchers. But currently we're out of vouchers due to economical stagnation. ;-) > I developed an MSc course in "ethical hacking" a few years ago, and I > used FreeBSD throughout (not Linux). The big ones you missed off the > list are SARA (Security Auditor's Research Assistant) and Metasploit. > SARA was an NMAP-type scanner that looked for vulnerabilities (including > the NVD Database). Unfortunately it's no longer being updated :-( And > you also have ot port it to FreeBSD yourself - so trivial I don't even > remember doing it. If that's possible, it sounds interesting. > I still use SARA, but should probably be looking at OpenVAS, which > forked from Nessus when the latter was still open-source. I haven't > actually compiled it for FreeBSD, but I don't see it being difficult. I > should add to this that I work with proprietary, paid-for, software most > of the time - I don't get to choose (and some of it is written by people > I know, and they need to make a living). I've made quite terrible experience with "professional" (the quotes indicate expensive, but crappy) software for forensics and data examination and would use the free alternatives (like TSK) any day, especially when the "bad guys" add antiforensics targeting that "professional" software... ;-) > Metasploit is very good for demonstrating to clients that there really > is a problem. I don't think there's a FreeBSD port, but if your > technical knowledge is good enough for penetration testing then this is > hardly going to be a problem (i.e. just compile it and fix any errors > that come up). I've used it extensively on FreeBSD. In my (outdated) ports tree, Metasploit is present: Port: metasploit-3.3.3 Path: /usr/ports/security/metasploit Info: Exploit-Framework for Penetration-Testing The framework itself is relatively low on dependencies (ruby, lua, nmap and the like). Adding elements should be possible. > For snooping WLAN, Kismet is the old favourite but if you just want to > break WEP, Aircrack-ng works better (IMHO). I'm pretty sure there's a > port for it under net management. Correct, both seem to be present. Nice to see that they can be used on FreeBSD! > Note that WPA is NOT secure - it just > takes longer to crack than WEP (two hours vs. twenty seconds). This is > NOT something I'd be interested in discussing further on an open list - > all people need to know is that they need new keys every hour. I'm aware of this fact, and anyone interested can find it out by doing a simple web search. But knowledge is dangerous these days... > As to the MAC address, easy. Something like: > > ifconfig bge1 link EE:EE:EE:EE:EE:EE > > It'll either work, or it won't work. What does its working depend on? Has it to be a specific feature or functionality of the wireless card? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131229165032.6b82d8a0.freebsd>