Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:

apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence

One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!

This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

[Download]

READ MORE

Passionately democratic in its advocacy of networking for the masses, this is the first book on Linux networking written especially for the novice user. Because the free, open-source Linux operating system is winning so many converts today, the number of Linux-based networks will grow exponentially over the next few years. Taking up where Linux Clearly Explained left off, Linux Networking Clearly Explained walks the reader through the creation of a TCP/IP-based, Linux-driven local area network, beginning with a "sandbox" installation involving just two or three computers. Readers master the fundamentals of system and network administration-including handling user accounts and setting up security-in this less complex environment. The author then helps them along to the more sophisticated techniques associated with connecting this network to the Internet.
* Focuses on the 20% of Linux networking knowledge that satisfies 80% of network needs-including the needs of small businesses, workgroups within enterprises and high-tech homes.
* Teaches novices to implement DNS servers, network information services

[Download]

READ MORE

It's simple bash script and easy to install in Linux box such as Ubuntu or Debian-based linux, but recommemded for Kali linux. Instalation is also very easy, Download code and extract it with tar -xvf hackpack.tar.gz. And put it in Home directory. Change to hackpack directory and give chmod permission 777 to install.sh. Run with ./install.sh

There are many many tool for pentesting, you can access from Applications>Hackpack Menu in Kali or Linux box you use.

• Bleeding Edge Repos
• AngryIP Scanner
• Terminator
• Xchat
• Unicornscan
• Nautilus Open Terminal
• Simple-Ducky
• Subterfuge
• Ghost-Phisher
• Yamas
• PwnStar
• Ettercap0.7.6
• Xssf
• Smbexec
• Flash
• Java
• Easy-Creds
• Java and more

[Download]

READ MORE

Offensive Security, the creator of the famous BackTrack Linux operating system, has announced on January 9 that a new maintenance release for its Kali Linux distribution is now available for download. 

Kali Linux 1.0.6 is the first release to introduce an amazing feature called "emergency self-destruction of LUKS," which allows users to quickly nuke the entire installation in case of an emergency.

Being powered by Linux kernel 3.12 kernel, Kali Linux 1.0.6 introduces the Offensive Security Trusted ARM image scripts, Kali Google Compute and AMAZON AMI image generation scripts, as well as numerous new tools, updates for existing ones, and many other interesting changes.

Keep in mind that Kali Linux is a rolling-release distro and you don’t have to download this new ISO in order to keep your installation up-to-date.

root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade

[Download]

READ MORE

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).

With the new version, it is possible to install external modules. This functionality gives the user more flexibility and the FruityWifi can be customized. The modules can be added or removed anytime using the on-line repository.

Available modules:

• Hostapd Karma
• URLsnarf
• DNSspoof
• Kismet
• Squid (code injection capabilities)
• SSLstrip (code injection capabilities)
• nmap
• mdk3
• ngrep
• Captive Portal

New modules are being developed continuously and can be installed from the modules page.

Using the installation script all the required dependencies, scripts and setup can be installed, or if you prefer you can download a SD image of Pwnpi 3.0 with FruityWifi v1.6 from the wiki page: 

https://github.com/xtr4nge/FruityWifi/wiki/Install

[Download]

READ MORE

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti can detect the following vulnerabilities :

• File disclosure (Local and remote include/require, fopen, readfile...)
• Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
• XSS (Cross Site Scripting) injection (reflected and permanent)
• Command Execution detection (eval(), system(), passtru()...)
• CRLF Injection (HTTP Response Splitting, session fixation...)
• XXE (XmleXternal Entity) injection
• Use of know potentially dangerous files (thanks to the Nikto database)
• Weak .htaccess configurations that can be bypassed
• Presence of backup files giving sensitive information (source code disclosure)

Wapiti supports both GET and POST HTTP methods for attacks.

It also supports multipart and can inject payloads in filenames (upload).

Display a warning when an anomaly is found (for example 500 errors and timeouts)

Makes the difference beetween permanent and reflected XSS vulnerabilities.

General features :

• Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
• Can suspend and resume a scan or an attack
• Can give you colors in the terminal to highlight vulnerabilities
• Different levels of verbosity
• Fast and easy way to activate/deactivate attack modules
• Adding a payload can be as easy as adding a line to a text file

Browsing features

Support HTTP and HTTPS proxies

Authentication via several methods : Basic, Digest, Kerberos or NTLM

Ability to restrain the scope of the scan (domain, folder, webpage)

Automatic removal of a parameter in URLs

Safeguards against scan endless-loops (max number of values for a parameter)

Possibility to set the first URLs to explore (even if not in scope)

Can exclude some URLs of the scan and attacks (eg: logout URL)

Import of cookies (get them with the wapiti-cookie and wapiti-getcookie tools)

Can activate / deactivate SSL certificates verification

Extract URLs from Flash SWF files

Try to extract URLs from javascript (very basic JS interpreter)

HTML5 aware (understand recent HTML tags)

Wapiti is a command-line application.

Here is an exemple of output against a vulnerable web application.

You may find some useful informations in the README and the INSTALL files.

[Download]

READ MORE

Description

Gnome Dark 12.04 64 bit
This is my new Distro Respin Based off Penguy O.S. I loaded tons of icons and themes, Wallparers all pre-loaded out the box.This also has the the new dsktop Cinnamon 1.6
environment. This has a lot of anonymous themes. I am not part of Anonymous just loved the movie v for vendetta.I would recommend trying this on virtual box or usb boot-loader.I hope you enjoy my work Please shoot a donation if like to see more distros like this. Thanks, Jesse

Features

    PreLoaded Icons
    PreLoaded Themes
    Cinnamon 1.6
    Gnome 3.4.2
    Cairo (tweaked)
    Conky
    Splash screen changer
    Tweaked out O.S
    Dark Themes

[screenshot]

Download Here

READ MORE

Fast, free and incredibly easy to use, the Ubuntu operating system powers millions of desktop PCs, laptops and servers around the world. To use Ubuntu is to fall in love with it. The desktop environment is intuitive but powerful, so you can work quickly and accomplish all you can imagine. You’ll be captivated by its elegance. You can surf in safety with Ubuntu — confident that your files and data will stay protected — thanks to the built-in firewall and virus protection. And if a potential vulnerability appears, we provide automatic updates which you can install in a single click.
Ubuntu loads quickly on any computer, but it’s super-fast on newer machines. With no unnecessary programs or trial software to slow things down, you can boot up and open a browser
in seconds.

Ubuntu 13.10 32-bit (895.00 MB)
Ubuntu 13.10 64-bit (883.00 MB)

READ MORE

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.


Some of ZAP's functionality:

• Intercepting Proxy
• Traditional and AJAX spiders
• Automated scanner
• Passive scanner
• Forced browsing
• Fuzzer
• Dynamic SSL certificates
• Smartcard and Client Digital Certificates support
• Web sockets support
• Authentication and session support
• Powerful REST based API
• Support for a wide range of scripting languages
• Automatic updating option
• Integrated and growing marketplace of add-ons

Some of ZAP's features:

• Open source
• Cross platform
• Easy to install (just requires java 1.7)
• Completely free (no paid for 'Pro' version)
• Ease of use a priority
• Comprehensive help pages
• Fully internationalized
• Translated into a dozen languages
• Community based, with involvement actively encouraged
• Under active development by an international team of volunteers

It supports the following languages:

• English
• Arabic
• Albanian
• Brazilian Portuguese
• Chinese
• Danish
• Filipino
• French
• German
• Greek
• Indonesian
• Italian
• Japanese
• Korean
• Persian
• Polish
• Russian
• Spanish 

Download ZAP 2.1.0

READ MORE

Matriux is a Debian-based security distribution designed for penetration testing and forensic investigations. Although it is primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing. Besides standard Debian software, Matriux also ships with an optimised GNOME desktop interface, over 340 open-source tools for penetration testing, and a custom-built Linux kernel.

Matriux was first released in 2009 under code name “lithium” and then followed by versions like “xenon” based on Ubuntu. Matriux “Krypton” then followed in 2011 where we moved our system to Debian. Other versions followed for Matriux “Krypton” with v1.2 and then Ec-Centric in 2012. This year we are releasing Matriux “Leandros” RC1 on 2013-09-27 which is a major revamp over the existing system.

Matriux arsenal is divided into sections with a broader classification of tools for Reconnaissance, Scanning, Attack Tools, Frameworks, Radio (Wireless), Digital Forensics, Debuggers, Tracers, Fuzzers and other miscellaneous tool providing a wider approach over the steps followed for a complete penetration testing and forensic scenario. Although there are were many questions raised regarding why there is a need for another security distribution while there is already one. We believed and followed the free spirit of Linux in making one. We always tried to stay updated with the tool and hardware support and so include the latest tools and compile a custom kernel to stay abreast with the latest technologies in the field of information security. This version includes a latest section of tools PCI-DSS.

Matriux is also designed to run from a live environment like a CD/ DVD or USB stick which can be helpful in computer forensics and data recovery for forensic analysis, investigations and retrievals not only from Physical Hard drives but also from Solid state drives and NAND flashes used in smart phones like Android and iPhone. With Matriux Leandros we also support and work with the projects and tools that have been discontinued over time and also keep track with the latest tools and applications that have been developed and presented in the recent conferences.

Features (notable updates compared to Ec-Centric):

• Custom kernel 3.9.4 (patched with aufs, squashfs and xz filesystem mode, includes support for wide range of wireless drivers and hardware) Includes support for alfacard 0036NH

• USB persistent

• Easy integration with virtualbox and vmware player even in Live mode.

• MID has been updated to make it easy to install check http://www.youtube.com/watch?v=kWF4qRm37DI

• Includes latest tools introduced at Blackhat 2013 and Defcon 2013, Updated build until September 22 2013.

• UI inspired from Greek Mythology

• New Section Added PCI-DSS

• IPv6 tools included.

Download Matriux Leandros v3.0 rc1

READ MORE