Penetration Testing mailing list archives
LIPAX 'inline' pentest linux distro, input needed.
From: Rob J Meijer <rmeijer () xs4all nl>
Date: Thu, 19 May 2005 16:04:21 +0200 (CEST)
I've been looking a bit more at what would be needed for creating a 'in-line' pentest Linux distro aimed at small network appliances. I've put together a webpage on the subject, and a list of software packages that will need to be included in the system. The current setup is build around 4 concepts. 1) The yet to implement man in the midle framework, combining different MITM techniques behind a generic API. The basic design of LIPAX will be thus that at startup, all trafic from all interfaces will always traverse the MITM framework. The user can build software that uses the MITM framework API. 2) The MITM framework will communicate with basic servers, on localhost allowing specific services to be diverted to these servers, while all other trafic is bridged transparently, or is made subject to configured MITM services. 3) A user can choose to take the system out of MITM mode, and configure the system using information gathered during MITM mode. After doing this, the user could run basic network analysis tools. The tools available ar chosen thus, that as litle as possible functionality is doubled, no 'hurt them BAD' kind of tools are included, and the distribution does not become just a bunch of freshmeat search results packed together into a 'big set of tools'. 4) The system should provide a complete development enviroment, as standard tools will scarsely be sufficient to complete a security audit, the system comes with a full development kit and networking libraries for C,C++,perl. The basic philosophy behind lipax is that we provide a limited set of tools for the basic stuff, and an extended set of libraries, frameworks and perl modules that could combine to tailor the distribution to provide exactly that functionality that you require. I've put a page on LIPAX at: http://www.xs4all.nl/~rmeijer/inline.html The list of software I would like to put on it is at: http://www.xs4all.nl/~rmeijer/pkg.txt Just to make things clear, the MITM framework DOES NOT YET EXCIST, and I will not get started on it before I have the tracs project TRACS up and running. I am just looking for input with respect to the required software. The target for this linux distribution will be the pcengines wrap systems at first, followed by soekris and mycable appliances, and the target media will be (the fast version of) the 1024MB CF cards, keeping aprox 300 or 400 MB free for user data and tools. I'll be using XFS filesystems to compensate both for both the limited speed of CF storage, and the fact that the running system will get unplugged all the time. Please let me know what you think of where I am heading with this, I know that for myself, this concept would make for the ultimate inline pentesting tool that meets all 'my' needs, but a wider audience than just me, myself and I would be the main goal of making it into a distribution. I am esspecialy interested in what you all think about the 4 concept that I would like to build this distribution on, and the current content of pkg.txt describing what software should be included in the distribution,
Current thread:
- LIPAX 'inline' pentest linux distro, input needed. Rob J Meijer (May 23)