From owner-freebsd-questions@FreeBSD.ORG Sun Dec 29 15:50:56 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A21E8850 for ; Sun, 29 Dec 2013 15:50:56 +0000 (UTC) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3BA6B1E22 for ; Sun, 29 Dec 2013 15:50:55 +0000 (UTC) Received: from r56.edvax.de (port-92-195-127-162.dynamic.qsc.de [92.195.127.162]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 9137C279DF; Sun, 29 Dec 2013 16:50:54 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id rBTFoWDA006349; Sun, 29 Dec 2013 16:50:32 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sun, 29 Dec 2013 16:50:32 +0100 From: Polytropon To: Frank Leonhardt Subject: Re: IT security and pentesting tools on FreeBSD Message-Id: <20131229165032.6b82d8a0.freebsd@edvax.de> In-Reply-To: <52C04198.5070102@fjl.co.uk> References: <20131229143625.b3f3a2cf.freebsd@edvax.de> <52C04198.5070102@fjl.co.uk> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Dec 2013 15:50:56 -0000 On Sun, 29 Dec 2013 15:36:56 +0000, Frank Leonhardt wrote: > You work for the NSA and I claim my $50! Sorry, I work for the MfS and we only provide vouchers. But currently we're out of vouchers due to economical stagnation. ;-) > I developed an MSc course in "ethical hacking" a few years ago, and I > used FreeBSD throughout (not Linux). The big ones you missed off the > list are SARA (Security Auditor's Research Assistant) and Metasploit. > SARA was an NMAP-type scanner that looked for vulnerabilities (including > the NVD Database). Unfortunately it's no longer being updated :-( And > you also have ot port it to FreeBSD yourself - so trivial I don't even > remember doing it. If that's possible, it sounds interesting. > I still use SARA, but should probably be looking at OpenVAS, which > forked from Nessus when the latter was still open-source. I haven't > actually compiled it for FreeBSD, but I don't see it being difficult. I > should add to this that I work with proprietary, paid-for, software most > of the time - I don't get to choose (and some of it is written by people > I know, and they need to make a living). I've made quite terrible experience with "professional" (the quotes indicate expensive, but crappy) software for forensics and data examination and would use the free alternatives (like TSK) any day, especially when the "bad guys" add antiforensics targeting that "professional" software... ;-) > Metasploit is very good for demonstrating to clients that there really > is a problem. I don't think there's a FreeBSD port, but if your > technical knowledge is good enough for penetration testing then this is > hardly going to be a problem (i.e. just compile it and fix any errors > that come up). I've used it extensively on FreeBSD. In my (outdated) ports tree, Metasploit is present: Port: metasploit-3.3.3 Path: /usr/ports/security/metasploit Info: Exploit-Framework for Penetration-Testing The framework itself is relatively low on dependencies (ruby, lua, nmap and the like). Adding elements should be possible. > For snooping WLAN, Kismet is the old favourite but if you just want to > break WEP, Aircrack-ng works better (IMHO). I'm pretty sure there's a > port for it under net management. Correct, both seem to be present. Nice to see that they can be used on FreeBSD! > Note that WPA is NOT secure - it just > takes longer to crack than WEP (two hours vs. twenty seconds). This is > NOT something I'd be interested in discussing further on an open list - > all people need to know is that they need new keys every hour. I'm aware of this fact, and anyone interested can find it out by doing a simple web search. But knowledge is dangerous these days... > As to the MAC address, easy. Something like: > > ifconfig bge1 link EE:EE:EE:EE:EE:EE > > It'll either work, or it won't work. What does its working depend on? Has it to be a specific feature or functionality of the wireless card? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...