Venkiller.org SecAppliance
This appliance provides a FreeBSD operating system and a complete set of tools to perform pen-tests and network security tests.
Description
About this
This VMware virtual machine was built under FreeBSD-release 6.0, mainly using the packages system (less nessus & nessus-plugin packages that were built by ports).
All problems with VMware & FreeBSD 6.0 (calcru problems) were already fixed and tested.
VMware tools for FreeBSD were loaded too.
The screen resolution for this virtual machine is 800x600px. This was done because most of computers are working with 1024x768px and, having half of resolution you could use the VM without leave your original desktop.
Getting Started
SecAppliance is a tool for Security Auditors. It includes a full featured UNIX-like system (FreeBSD) full loaded with ready to use applications to perform Penetration Testing on remote machines.
Using SecAppliance is pretty simple. After loading the OS, you will see a login screen. The default login for the system is root/root. This will give you a desktop with all the features.
Clicking in the bug icon, you can find more help about the tools, and clicking in the arrow located at the top of the icon you will see a menu with all graphical applications.
The netscape icon will launch Firefox browser, which is loaded with security bookmarks and feeds to keep you updated.
The screen icon will give you a terminal window with a shell.
The other icons provide some useful tools like text editors, file managers, and configuration options.
To power off your machine, you could press the padlock icon. It will perform the halt operation. You could halt your machine by typing halt command in any terminal window.
Note on Nessus
When using Nessus Client to connect to the Nessus Daemon, there's a default user with all rights granted. The login information for that user is venk/venk. You could add more users to the Nessus Daemon (please refer to Nessus Documentation).
It's very recommended that you subscribe to the Nessus plugins feed. There's a free (registered) version, and a paid (direct) version. The appliance could work with two versions. Once you have registered to receive the feed, you'll get a key by email. Then just execute the following command:
nessus-fetch --register {KEY}
where {KEY} is what you received by email and update plugins again:
nessus-update-plugins -v.
Other Notes
You can find a folder named "ExploitTree" in root folder, as well a perl script named "ExploitTree.pl". These files belong to ExploitTree repository.
However, there are two commands accesible from everywhere:
ExploitTree: Updates the ExploitTree repository using anonymous account. Everytime you run this script, the folder located at /root/ExploitTree is updated with new exploits.
ExploitSearch: Performs search in ExploitTree folder.
To update Metasploit Framework you need to run the following command from a terminal:
msfupdate -u -a: This performs a remote update of the exploits without asking.
There's a script that could perform all this operations, including update-nessus-plugins:
updatexploits: Running this command from a console will update automagically the following tools: Nessus, Metasploit Framework and ExploitTree database. (Note: executing this command needs an internet connection, and it could take some time to complete).
System Requirements
This appliance is intended to run in the following configuration:
* Intel or AMD (x86) processor running >1GHz
* 512 MB RAM for smooth operation
* About 2GB of disk space (1.5 max. disk image size plus 160MB RAM image)
* Decompressed size of disk image is about 700MB (50% disk used)
* VMware Player
Last updated: 05/14/2006
Operating system:
FreeBSD 6.0
Applications installed:
Packages installed (pkg_info)
ADMsmb-0.3 Security scanner for Samba
adns-1.1 Easy to use, asynchronous-capable DNS client library and ut
atk-1.9.1 A GNOME accessibility toolkit (ATK)
bison-1.75_2 A parser generator from FSF, (mostly) compatible with Yacc
bitstream-vera-1.10_1 Bitstream Vera TrueType font collection
cairo-1.0.4 Vector graphics library with cross-device output support
cups-base-1.1.23.0_5 The Common UNIX Printing System: headers, libs, & daemons
desktop-file-utils-0.10_2 A couple of command line utilities for working with desktop
dri-6.2.1,2 OpenGL hardware acceleration drivers for the DRI
ethereal-0.10.12 A powerful network analyzer/capture tool
ettercap-gtk2-0.7.3,1 A network sniffer/interceptor/injector/logger for switched
expat-1.95.8_3 XML 1.0 parser written in C
firefox-1.0.7_1,1 Web browser based on the browser portion of Mozilla
fontconfig-2.2.3,1 An XML-based font configuration API for X Windows
freetype2-2.1.10_1 A free and portable TrueType font rendering engine
gdk-pixbuf-0.22.0_3 A graphic library for GTK+
gettext-0.14.5 GNU gettext package
glib-1.2.10_11 Some useful routines of C programming (previous stable vers
glib-2.6.6 Some useful routines of C programming (current stable versi
gmake-3.80_2 GNU version of 'make' utility
gnomehier-2.0_7 A utility port that creates the GNOME directory tree
gnutls-1.0.24_1 GNU Transport Layer Security library
gtk-1.2.10_13 Gimp Toolkit for X11 GUI (previous stable version)
gtk-2.6.9 Gimp Toolkit for X11 GUI (current stable version)
hicolor-icon-theme-0.5 A high-color icon theme shell from the FreeDesktop project
hping-2.0.0r3,1 Network auditing tool
hydra-5.0_1 Brute force attack utility working on multiple network serv
imake-6.8.2 Imake and other utilities from X.Org
intltool-0.34.1 Tools to internationalize various kinds of data files
ispell-3.2.06_13 An interactive spelling checker for multiple languages
john-1.6.37_1 Featurefull Unix password cracker
jpeg-6b_3 IJG's jpeg compression utilities
libIDL-0.8.6 A library for creating trees of CORBA Interface Definition
libXft-2.1.7 A client-sided font API for X applications
libaudiofile-0.2.6 A sound library for SGI audio file
libdrm-2.0_1 Userspace interface to kernel Direct Rendering Module servi
libgcrypt-1.2.1_1 "General purpose crypto library based on code used in GnuPG
libgpg-error-1.0_1 Common error values for all GnuPG components
libiconv-1.9.2_1 A character set conversion library
libltdl-1.5.18 System independent dlopen wrapper
libtool-1.3.5_2 Generic shared library support script (1.3)
libxml2-2.6.20 XML parser library for GNOME
lynx-2.8.5 A non-graphical, text-based World-Wide Web client
m4-1.4.3 GNU m4
metasploit-2.4_1 Exploit-Framework for Penetration-Testing
nasm-0.98.39,1 General-purpose multi-platform x86 assembler
nedit-5.5 An X11/Motif GUI text editor for programs and plain text fi
nemesis-1.4,1 Command-line network packet creation and injection suite
nessus-gtk2-2.2.5 A security scanner: looks for vulnerabilities in a given ne
nessus-libnasl-2.2.5 Nessus Attack Scripting Language
nessus-libraries-2.2.5 Libraries for Nessus, the security scanner
nessus-plugins-2.2.5 Plugins for Nessus, the security scanner
net-snmp-5.2.1.2 An extendable SNMP implementation
nmap-3.81 Port scanning utility for large networks
nmapfe-3.81 GUI frontend for the nmap scanning utility
nspr-4.6 A platform-neutral API for system level and libc like funct
nss-3.10 Libraries to support development of security-enabled applic
open-motif-2.2.3_2 Motif X11 Toolkit (industry standard GUI (IEEE 1295))
p5-Net-SSLeay-1.25 Perl5 interface to SSL
p5-ReadLine-Gnu-1.14 Perl 5 module that allows Term::ReadLine to use GNU readlin
p5-XML-Parser-2.34_1 Perl extension interface to James Clark's XML parser, expat
pango-1.10.4 An open-source framework for the layout and rendering of i1
pcre-6.2 Perl Compatible Regular Expressions library
perl-5.8.7 Practical Extraction and Report Language
pico-4.63 PIne's message COmposition editor
pkgconfig-0.17.2 A utility to retrieve information about installed libraries
png-1.2.8_2 Library for manipulating PNG images
popt-1.7 A getopt(3) like library with a number of enhancements, fro
queso-980922 Determine the remote OS using simple tcp packets
samba-2.2.12 A free SMB and CIFS client and server for UNIX
shared-mime-info-0.16_1 A MIME type database from the FreeDesktop project
tiff-3.7.3 Tools and library routines for working with TIFF images
wget-1.10_2 Retrieve files from the Net via HTTP and FTP
xfce-3.8.18_3 CDE like desktop with GTK
xorg-6.8.2 X.Org distribution metaport
xorg-clients-6.8.2 X client programs and related files from X.Org
xorg-fonts-100dpi-6.8.2 X.Org 100dpi bitmap fonts
xorg-fonts-75dpi-6.8.2 X.Org 75dpi bitmap fonts
xorg-fonts-cyrillic-6.8.2 X.Org Cyrillic bitmap fonts
xorg-fonts-encodings-6.8.2 X.Org font encoding files
xorg-fonts-miscbitmaps-6.8.2 X.Org miscellaneous bitmap fonts
xorg-fonts-truetype-6.8.2 X.Org TrueType fonts
xorg-fonts-type1-6.8.2 X.Org Type1 fonts
xorg-fontserver-6.8.2 X font server from X.Org
xorg-libraries-6.8.2 X11 libraries and headers from X.Org
xorg-nestserver-6.8.2 Nesting X server from X.Org
xorg-printserver-6.8.2 X Print server from X.Org
xorg-server-6.8.2_6 X.Org X server and related programs
xorg-vfbserver-6.8.2 X virtual framebuffer server from X.Org
xterm-203 Terminal emulator for the X Window System
VMware Tools installed:
Yes
Size:
235 MB
Torrent available:
Yes
(What is BitTorrent?)
Primary account
Username: root
Password: root
Submitted by: brainx
Download link provided by the submitter, not VMware. Report broken downloads here.
« BACK...