From Fedora Project Wiki

(Add labrea to the IDS list)
(Add pads to recon list)
Line 75: Line 75:
| [ halberd]  || Tool to discover HTTP load balancers
| [ halberd]  || Tool to discover HTTP load balancers
|- [ pads] || PADS is a libpcap based detection engine used to passively detect network assets.  It is designed to complement IDS technology by providing context to IDS alerts. When new assets are found, it can send IDMEF alerts via prelude.
| [ argus] || Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status
| [ argus] || Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status

Revision as of 00:01, 28 October 2008

Fedora Security Spin


  • To provide a fully functional livecd based on Fedora for use in security auditing, forensics, and penetration testing.


  • All of the security features and tools Fedora has to offer
  • Ability to install directly to hard disk or usb drives
  • Read-write rootfs so it's possible to install software while the livecd is running
  • Minimal openbox desktop, with a customized menu (Screenshot)

Spinning your own

$ hg clone

Making changes to the LiveCD is as simple as modifying the livecd-fedora-security.ks configuration file.


You can help with this project by writing RPMS for packages in the Wishlist, reviewing existing new package reports, tweaking the livecd configuration, among many other things.

Send patches, suggestions, etc to LukeMacken.



The following packages currently exist in Fedora and are on the Security LiveCD.

Software Description
ettercap Ettercap is a suite for man in the middle attacks on LAN. It
features sniffing of live connections, content filtering on the fly
and many other interesting tricks. It supports active and passive
dissection of many protocols (even ciphered ones) and includes many
feature for network and host analysis.
dsniff dsniff is a collection of tools for network auditing and penetration testing.
hping3 TCP/IP stack auditing and much more
iptraf IPTraf is a console-based network monitoring utility.
nc6 Netcat with IPv6 Support
nc Reads and writes data across network connections using TCP or UDP
nessus Remote vulnerability scanner
ngrep Network layer grep tool
nmap Network exploration tool and security scanner
p0f Versatile passive OS fingerprinting tool
scanssh Fast SSH server and open proxy scanner
socat Bidirectional data relay between two data channels ('netcat++')
tcpdump A network traffic monitoring tool
tiger Security auditing on UNIX systems
wireshark Network traffic analyzer
xprobe2 An active operating system fingerprinting tool
nbtscan Tool to gather NetBIOS info from Windows networks
tcpxtract Tool for extracting files from network traffic based on file signatures
firewalk Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass.
hunt Tool for demonstrating well known weaknesses in the TCP/IP protocol suite
halberd Tool to discover HTTP load balancers
argus Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status

and performance of all network transactions seen in a data network traffic stream.

pcapdiff Compares packet captures, detects forged, dropped or mangled packets
chkrootkit Tool to locally check for signs of a rootkit
clamav Clam Antivirus
dd_rescue Fault tolerant "dd" utility for rescuing data from bad media
gpart A program for recovering corrupt partition tables
hexedit A hexadecimal file viewer and editor
prelude Log analyzer
testdisk Tool to check and undelete partition
foremost Recover files by "carving" them from a raw disk
sectool A security audit system and intrusion detection system
rkhunter A host-based tool to scan for rootkits, backdoors and local exploits
scanmem scanmem is a simple interactive debugging utility, used to locate
the address of a variable in an executing process. This can be used
for the analysis or modification of a hostile process on a
compromised machine, reverse engineering, or as a "pokefinder" to
cheat at video games.
aircrack-ng aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
airsnort Wireless LAN (WLAN) tool which recovers encryption keys
kismet WLAN detector, sniffer and IDS
Code Analysis
pscan Limited problem scanner for C source files
splint A tool for statically checking C programs for coding errors and security vulnerabilities
flawfinder Examines C/C++ source code for security flaws
Intrusion Detection
aide Intrusion detection environment
snort Intrusion detection system
tripwire IDS (Intrusion Detection System)
labrea Intrusion detection "sticky" honey pot technology using virtual
servers to detect and trap worms, hackers, and other malware.
Password Tools
john John the Ripper password cracker
tor Anonymizing overlay network for TCP (The onion router)


Note: the software listed below has not yet been verified to make sure the licenses meet our Guidelines . Please see the NewPackageProcess to help get these packages into Fedora.

Software Description Notes
airsnarf A rogue AP setup utility
apf PF is a policy based iptables firewall system designed for ease of use and configuration Packager unfriendly. Upstream contacted with no response
autopsy The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit. huzaifas will do it
cryptcat Cryptcat is the standard netcat enhanced with twofish encryption.
hydra A very fast network logon cracker which support many different services Under review (#Bug 461385)
iisemulator The goal of this project is to create a functioning web server which is indistinguishable from Microsoft's IIS product at a topical level.
metasploit The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code.
sleuthkit The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. In the repository
tct Tools for analyzing a system after a break-in Deprecated (See TSK above)
rats Rough Auditing Tool for Security In the repo now
examiner The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries
cowpatty Audit Wpa pre-shared keys Under review (#Bug 231011)
sdd 'sdd' is a replacement for a program called 'dd'. sdd is much faster than dd in cases where input block size (ibs) is not equal to the output block size (obs). Statistics are more easily understoon than those from 'dd'. Timing available, -time option will print transfer speed Timing & Statistics available at any time with SIGQUIT (^\) Can seek on input and output Fast null input Fast null output. Support for the RMT (Remote Tape Server) protocol makes remote I/O fast and easy.
TrueCrypt Free open-source disk encryption software for Windows Vista/XP/2000 and Linux Questionable license?
honeyd Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.
arpon ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects.
labrea Intrusion detection "sticky" honey pot technology using virtual servers to detect and trap worms, hackers, and other malware. rpm is build, will be in the repo soon
OpenVAS The Open Vulnerability Assessment System is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. huzaifas will do it