From owner-freebsd-questions@FreeBSD.ORG Sun Dec 29 14:13:46 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A230F30D for ; Sun, 29 Dec 2013 14:13:46 +0000 (UTC) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 635971708 for ; Sun, 29 Dec 2013 14:13:46 +0000 (UTC) Received: from r56.edvax.de (port-92-195-127-162.dynamic.qsc.de [92.195.127.162]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 88AB444303 for ; Sun, 29 Dec 2013 14:36:48 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id rBTDaPH7004171 for ; Sun, 29 Dec 2013 14:36:25 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sun, 29 Dec 2013 14:36:25 +0100 From: Polytropon To: FreeBSD Questions Subject: IT security and pentesting tools on FreeBSD Message-Id: <20131229143625.b3f3a2cf.freebsd@edvax.de> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Dec 2013 14:13:46 -0000 To expand my "daily work", I'd like to explore which tools exist on FreeBSD for pentesting and "overall IT security diagnostics". The following questions are primarily directed to those participants of the mailing list who do similar work and/or research and like to share their suggestions. Having primarily used Linux for this specific purpose, I'd like to try to find comparable (or maybe the same) tools on the base of FreeBSD which I prefer as a system for work. What tools in the ports collections can be used, which offer the same functionality? My goal is to migrate as much of the "pentesting toolset" to FreeBSD as possible. I'm already using FreeBSD tools like nmap, tcpdump, iftop or Wireshark, but I bet there are more that I should have a look at. I'm especially interested in tools to scan for WLAN traffic and to demonstrate weak encryption to customers (e. g. for those who insist that WEP is "ultimately secure" or that "a hidden SSID makes them unhackable"). Diagnostics should cover as many layers as possible, it doesn't even matter if this versatility is distributed across a set of different programs, that's okay. Those are fields where no special hardware compatibility is required. I'm aware that especially cellphone communications using a smartphone, connected to USB, may be more tricky on FreeBSD than on Linux where it doesn't seem to be a problem to make a "GSM scanner". SDR is probably a similarly compli- cated topic when FreeBSD is involved... but in regards of hardware I want to use, I've already learned the lessen to first check, _then_ buy. :-) A side question, if I may ask: I'm typically using a second LAN or WLAN adapter for on-site diagnostics for customers. To make it easier to check _their_ logs for my "actions", I'd like to give it an "obvious" MAC address, something like EE:EE:EE:EE:EE:EE (which is quite easy to spot in log files). Is this possible (and trivial) for LAN and WLAN interfaces on a FreeBSD host? For those hesitating to reply: I'm still one of the good guys. You may reply off-list in case the questions list is not the right place to expose that kind of knowledge. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...