Security should always be one of the premises that, as system administrators, IT personnel and in general every user of some type of operating system must take into account at all times since both internal and external threats grow day by day. which makes each system, with its respective information, an easy target to be violated ..
We can take measures such as assigning secure passwords , encrypting files , assigning security privileges and more but one of the best options is to use an operating system that is designed exclusively for this area and this refers to penetration systems which have been created to analyze in detail the possible failures that a system presents. And with it the general infrastructure of the organization, and thus determine the security gaps that can be exploited by the attackers to carry out their infection or violation plans.
Based on this, TechnoWikis will analyze one of the best operating systems developed for these penetration tests, which has more than 1,900 tests, and is BlackArch Linux..
What is BlackArch?
BlackArch Linux has been developed as a distribution of penetration tests which is based on Arch Linux to carry out hundreds of penetration tests and security research at the enterprise level in order to deploy and expose the possible, and real , failures or vulnerabilities that the system or its components present.
The BlackArch repository contains more than 1900 tools, it will be possible to install tools individually or in groups and each of these tools has been thoroughly tested to obtain the best security level results.
The toolkit for BlackArch is distributed as an unofficial user repository of Arch Linux and is compatible with existing Arch installations.
BlackArch can be downloaded for free, its weight is 7.5 GB, in the following link:
Blackarch
BlackArch features
BlackArch gives us the following features of use:
- Support for multiple architectures: BlackArch is capable of being used in i686 and x86_64 architectures and support for armv6h and armv7h has now been added with more than 600 tools available for them.
- It has a live ISO with multiple window managers: There is the option to use its full potential live, without local installation, using platforms such as dwm, Fluxbox, Openbox, Awesome, wmii, i3 and Spectrwm.
- Ability to build the installer from the source: It is possible to obtain the source code and compile the elements from the source.
- More than 1,900 test tools based on categories
- Possibility of installing packages individually or in groups
1. Classification of groups in BlackArch Linux
BlackArch allows users to install a specific range of packages in a simple and simple way, this is achieved since the packages have been separated into groups., These groups allow users to run the pacman -S <group name> syntax with the In order to get a lot of packages dynamically.
Each group is prefixed by the blackarch parameter which is the base group to which all available packages must belong in order to facilitate users to install each package in a simple way..
The package groups available in BlackArch are:
blackarch-anti-forensic
Within this group, there are the packages that can be used to counteract forensic activities, including encryption, steganography and other actions that can modify the attributes of the file, there are tools to work with elements that are able to apply. changes to a system with the objective of hiding information such as Luks, TrueCrypt, Timestomp, dd, ropeadope, secure-delete and more.
blackarch-automation
In this group we find the packages that are used for the automation of tools or workflows such as blueranger, tiger, wiffy and more.
blackarch-backdoor
Something very common when talking about network attacks are backdoor (backdoor) attacks, and this group includes packages that exploit or open backdoors on already vulnerable systems to remove their failures, there we have options such as backdoor-factory, rrs, weevely and many more.
blackarch-binary
This group includes packages that operate in system binary files such as binwally, packerid and more.
blackarch-bluetooth
As the name implies, this group includes packages that exploit everything related to the Bluetooth 802.15.1 standard and we have utilities such as ubertooth, tbear, redfang, etc.
blackarch-code-audit
It is one of the most essential since there we find packages that audit the existing source code in order to carry out the vulnerability analysis process, they are utilities such as flawfinder or pscan.
blackarch-cracker
In this group, packages that can be implemented to decrypt cryptographic functions or hashes are added, we have options such as hashcat, john, Crunch and more.
blackarch-crypto
This includes packages that work with cryptography except cracking, for example, ciphertest, xortool, sbd, etc.
blackarch-database
Another of the vital groups is this since here we have packages that involve the exploitation of databases at any level using tools such as metacoretex or blindsql.
blackarch-debugger
Ideal for administrators since in this group we have packages that allow the user to see what a specific program does in real time, we find utilities such as radare2, shellnoob and more.
blackarch-decompiler
Within this group, packages are available that have the task of inverting a compiled program in the source code, some examples are flasm or jd-gui.
blackarch-defensive
Ideal to increase the levels of information security since in this group we find the packages that allow to protect a user from malware and attacks from other users, the available tools are arpon, chkrootkit, sniffjoke and many more.
blackarch-disassembler
Identical to Blackarch-decompiler but with this group the packages produce an assembly output instead of the source code without being processed, example is inguma or radare2.
blackarch-dos
In this group, the packages that make use of the DoS (Denial of Service) attacks such as 42zip, nkiller2, etc. are added.
blackarch-drone
In a world where technology is in the form of a drone, these packages are used to manage physically designed drones and some of the utilities of this management are mesh and skyjack.
blackarch-exploitation
In this group, packages that exploit vulnerabilities in other programs or services such as armitage, metasploit, zarp, etc. have been added.
blackarch-fingerprint
Used in access media, these packages exploit the biometric fingerprint equipment with utilities such as dns-map, p0f, httprin and more.
blackarch-firmware
It is another critical security point because this group of packages exploits vulnerabilities in the firmware.
blackarch-forensic: Ideal for managing control functions since with this group of packages you can search for data in physical disks or in the integrated memory, some options of use are aesfix, nfex, wyd.
blackarch-fuzzer
They are packages that use the fuzz test principle, in order to display random entries to the destination to see their behavior, there we find options such as msf, mdk3 or wfuzz.
blackarch-hardware
Another essential group because in it are added packages that are able to exploit or manage everything related to physical hardware such as arduino, smali and many more.
blackarch-honeypot
It refers to packages that act as "honeypots", that is, as programs that appear to be vulnerable services that are used to attract hackers to a trap in order to discover their intentions, but without risking the productive environment, we have tools like artillery, bluepot, wifi-honey.
blackarch-keylogger
They are packages that record and capture keystrokes on another local system.
blackarch-malware
Indicates a group of packages that are used as any type of malware or malware detection with tools such as malwaredetect, peepdf, yara and more.
blackarch-misc
As the name implies, they are part of a miscellany of packages that are not within a specific category such as oh-my-zsh-git, winexe, stompy and more.
blackarch-mobile
They are packages that are capable of manipulating mobile platforms such as android-sdk-platform-tools, android-udev-rules and some more.
blackarch-networking
In this group, packets involving IP networks are added.
blackarch-packer
They are packages that operate or involve packers, these packers are programs that incorporate malware into other executables for specific purposes, an example of this is packerid.
blackarch-proxy
These are packages that can act as a proxy by redirecting traffic through another node on the Internet with utilities such as burpsuite, ratproxy or sslnuke.
blackarch-reconV
They are packages that look for vulnerabilities in a global environment like canri, dnsrecon, netmask and more.
blackarch-reversing
It is a standard group for any decompiler, disassembler or similar program that executes these actions such as capstone, radare2, zerowine and more.
blackarch-scanner
They are packages that scan the selected systems for thorough vulnerabilities, the tools to use are scanssh, tiger, zmap and others.
blackarch-sniffer
This group involves packets that are in the task of analyzing network traffic such as hexinject, pytactle, xspy.
blackarch-social
In a world of extensive activity in social networks, this group of packages can specifically attack social networking sites with tools such as jigsaw, websploit and some more.
blackarch-threat-model
It is a group of packages that can be used to inform or register the threat model described in a specific scenario, the tool to be used is magictree.
blackarch-tunnel
They refer to a group of packets that are used to channel network traffic in a given network such as ctunnel, iodine, ptunnel.
blackarch-webapp
As the name implies, they are packages that operate in internet-oriented applications with utilities such as metoscan, whatweb, zaproxy and more.
blackarch-windows
This group is designed for any native Windows package that runs through Wine such as 3proxy-win32, pwdump, winexe, etc.
blackarch-wireless
With this group, wireless networks are managed and tested at any level with options such as
airpwn, mdk3, wiffy.
If we want to list all available tools we must execute the following:
pacman -Sgg | grep blackarch | cut -d '' -f2 | sort -u
To install all available tools it will be necessary to execute the following command:
pacman -S blackarch
Login Join up!