Broken Web Apps is a distro that is to be run in a vm that includes many applications that are vulnerable. It's purpose is to help the user learn web hacking and web application security.
Plink is a command line interface for the putty backend. Can be used for many things such as pivoting into a network from a remote machine.
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.
Caine is a computer forensics linux live distribution.
Blackbuntu is a new linux pentesting distribution that comes from China. It is still in it's infancy stage and is similar to a stripped down version of backtrack.
Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Features:
Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
Session logs stored in an UML compatible format for easy replay with original timings
Just like Kojoney, Kippo saves files downloaded with wget for later inspection
Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc
Requirements:
An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
Python 2.5+
Twisted 8.0+
PyCrypto
Zope Interface
A Debian based boot disc with various packages including gpart, partimage, parted and others. GParted supports a variety of filesystems including popular Windows and *nix based filesystems
OVAL's reference interpreter shows how: information can be collected from a computer; definitions can be used to test the system for computer vulnerabilities, configuration issues, programs, and patches; and results of the tests can be presented.
OVAL is an international, information security/community standard that has been designed to:
Promote open and publicly available security content,
Standardise the transfer of this information across the entire spectrum of security tools and services.
OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardises the three main steps of the assessment process:
Representing configuration information of systems for testing;
Analysing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.);
Reporting the results of this assessment.
One of the minor drawbacks of using the Mitre OVAL framework is that it is command-line based, which can prove time consuming when scans and updates to the framework need to be performed. SSA has been designed to add a graphical front-end to this process and also provides a great deal more extensibility when utilising the framework in conjunctions with their tool.
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX.
OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set.
KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it (over 8GB on the DVD "Maxi" edition).