IT security and pentesting tools on FreeBSD

Polytropon freebsd at
Sun Dec 29 15:50:56 UTC 2013

On Sun, 29 Dec 2013 15:36:56 +0000, Frank Leonhardt wrote:
> You work for the NSA and I claim my $50!

Sorry, I work for the MfS and we only provide vouchers. But
currently we're out of vouchers due to economical stagnation. ;-)

> I developed an MSc course in "ethical hacking" a few years ago, and I 
> used FreeBSD throughout (not Linux). The big ones you missed off the 
> list are SARA (Security Auditor's Research Assistant) and Metasploit. 
> SARA was an NMAP-type scanner that looked for vulnerabilities (including 
> the NVD Database). Unfortunately it's no longer being updated :-( And 
> you also have ot port it to FreeBSD yourself - so trivial I don't even 
> remember doing it.

If that's possible, it sounds interesting.

> I still use SARA, but should probably be looking at OpenVAS, which 
> forked from Nessus when the latter was still open-source. I haven't 
> actually compiled it for FreeBSD, but I don't see it being difficult. I 
> should add to this that I work with proprietary, paid-for, software most 
> of the time - I don't get to choose (and some of it is written by people 
> I know, and they need to make a living).

I've made quite terrible experience with "professional" (the
quotes indicate expensive, but crappy) software for forensics
and data examination and would use the free alternatives (like
TSK) any day, especially when the "bad guys" add antiforensics
targeting that "professional" software... ;-)

> Metasploit is very good for demonstrating to clients that there really 
> is a problem. I don't think there's a FreeBSD port, but if your 
> technical knowledge is good enough for penetration testing then this is 
> hardly going to be a problem (i.e. just compile it and fix any errors 
> that come up). I've used it extensively on FreeBSD.

In my (outdated) ports tree, Metasploit is present:

	Port:   metasploit-3.3.3
	Path:   /usr/ports/security/metasploit
	Info:   Exploit-Framework for Penetration-Testing

The framework itself is relatively low on dependencies (ruby,
lua, nmap and the like). Adding elements should be possible.

> For snooping WLAN, Kismet is the old favourite but if you just want to 
> break WEP, Aircrack-ng works better (IMHO). I'm pretty sure there's a 
> port for it under net management.

Correct, both seem to be present. Nice to see that they can
be used on FreeBSD!

> Note that WPA is NOT secure - it just 
> takes longer to crack than WEP (two hours vs. twenty seconds). This is 
> NOT something I'd be interested in discussing further on an open list - 
> all people need to know is that they need new keys every hour.

I'm aware of this fact, and anyone interested can find it out by
doing a simple web search. But knowledge is dangerous these days...

> As to the MAC address, easy. Something like:
> ifconfig bge1 link EE:EE:EE:EE:EE:EE
> It'll either work, or it won't work.

What does its working depend on? Has it to be a specific feature
or functionality of the wireless card?

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list