Penetration (Pen) testing and security auditing are now part of every system administrator's "other duties as assigned." BackTrack Linux (http://www.backtrack-linux.org/) is a custom distribution designed for security testing for all skill levels from novice to expert. It is the largest collection of wireless hacking, server exploiting, web application assessing, social-engineering tools available in a single Linux distribution.
BackTrack Linux is a fine example of a specialized Linux distribution. Its only purpose is to test your network, devices, and systems for security vulnerabilities. BackTrack is packed with every security and hacker tool used by security professionals and professional hackers. If you're looking for all of the tools in one place, this is it.
You must love the command line to use this distro, although it does contain a few graphical tools, such as zenmap and wireshark. Even in graphical mode (which comes up with the Gnome desktop), most of the applications open in a terminal window. Fortunately, each command line application opens and displays the help text so you can refer to the command reference right there on the screen.
BackTrack is a highly customized, Debian-based Linux distribution that you should only update through BackTrack's own repositories
What Do You Get For Nothing?
BackTrack Linux contains more than 300 security tools and utilities that are all open source. Many security professionals prefer them over expensive commercial programs. And, hackers certainly prefer hundreds of no cost, high-end applications to anything commercial. One reason for BackTrack's popularity is its anonymity. You don't have to register (Registration is optional). No names, bank accounts, or user accounts are associated with obtaining the ISO image. Additionally, no spyware will report back to any vendor.
In short, BackTrack's tagline says it all: "The quieter you become, the more you are able to hear."
The distro is a bootable, live DVD that's approximately 2GB in size. If you decide to install it to a hard disk or USB drive, the installation expands to almost 7GB. BackTrack is perfectly suited to installation to a USB drive, so that it's portable and stealthier than a hard disk install. A 16GB USB drive holds the installation with plenty of room for saving files and data.
Remember that you'll need to save your data from your information gathering exercises so that you can write security audit reports for your clients. The Live DVD is powerful but considerably slower than a hard disk or USB disk. If you use the DVD, use a USB drive or mountable hard disk partition to save the information you gather.
What's Included in the Distro
The BackTrack Distribution includes the following major tool categories:
- Information Gathering
- Vulnerability Assessment
- Exploitation Tools
- Privilege Escalation
- Maintaining Access
- Reverse Engineering
- RFID Tools
- Stress Testing
- Reporting Tools
Under each of the main headings, you'll find subheadings. For example, under the first selection,Information Gathering, you have Network Analysis, Web Application Analysis, Database Analysis, and Wireless Analysis. Under each of those subheadings, you have multiple types of analyses. The Network Analysis subheading contains an extensive list of network analysis types from DNS Analysis to VPN Analysis, as shown in Figure 1.
Figure 1: BackTrack->Information Gathering->Network Analysis.
At the final level, you'll find multiple choices for each type of analysis. For example, under Network Scanners, you have a list of 11 different network scanning tools from which to choose. See Figure 2.
Figure 2: The list of BackTrack's Network Scanner tools.