Hacking tools: A new version of BackTrack helps ethical hackers

Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world’s most popular open source or freely distributable hacking tools.

I wrote about the first version of BackTrack back in 2006, although it was based off of Whax/Whoppix/Knoppix distributions, which started even earlier. Version 3.0, released on June 19, includes even more hacking tools (unfortunately, it still doesn’t include Nessus due to vendor negotiations/restrictions), many fixes bugs, and improved menus.

Readers often ask me how they can quickly get up to speed on hacking or defending against hackers. My answer is always the same: Subscribe to multiple computer security distribution lists, read as much as you can, and learn how to (legally) hack. BackTrack is the quickest way to get access to hundreds of tools, if the Linux part doesn’t scare you. For non-Linux users, this distribution is about as Windows-friendly as you can get. Most users can get up and running using BackTrack with little or no Linux knowledge. The KDE graphical user interface makes most tools and programs usable with a few mouse clicks. For instance, setting up Snort is a one-click process (try that outside of BackTrack).

BackTrack also does a decent job for wireless and password hacking. Although there’s a long list of include tools, here are my personal favorites:

• Metasploit (vulnerability tester)
• Snort (intrusion detection/prevention)
• Hping (packet shaper)
• Nmap (fe gui included)
• Xprobe2 (OS identifier)
• Cisco Auditing Tool
• Curl
• Httprint (and GUI)
• Lynx (bare-bones browser)
• Nikto (awesome free Web site vulnerability scanner)
• SQL Scanner
• Milw0rm archive
• Dsniff
• Ettercap
• Hydra (password guesser)
• John the Ripper
• Wireshark (packet sniffer/analyzer)
• Kismet
• Airsnort
• Bluesnarfer
• SIPCrack
• OllyDBG

Not only does BackTrack have an excellent collection of tools, the designers of the CD have tried to align BackTrack with common penetration-testing guideline frameworks, including the Open Source Security Testing Methodology Manual and Information Systems Security Assessment Framework, which can only help any budding pen tester.

You can download several different types of images, including a 784MB USB/DVD image, a stripped-down 695MB ISO, and a 689MB VMware image.

Lest I get any angry readers taking me to task for “teaching malicious hacking,” these tools are for the good guys. Bad hackers are already doing just fine without the supereasy toolkits. Overall, we need more defenders learning more, and tools like BackTrack help in that regard.