When you're scrambling to resolve a security issue, the last thing you want to do is spend time searching for the right toolkit. And, when it comes time to ascertain your network's or system's strengths and weaknesses, you want a single platform that allows you to run a host of tools. Penetration testing platforms such as Cyborg Essentials can help.
The Debian-based Cyborg Essentials is one of the most complete penetration testing suites you will ever come across. Within Cyborg Essentials, you'll find all of these tools and more:
- Angry IP Scanner
- Autoscan network
- Openvas tools
- Burp Suite
These tools exist within the framework of of Xfce, which does an outstanding job of making it incredibly simple to use Cyborg Essentials. The developers have also included Konky to give you a quick glimpse at system usage, such as networking, USB devices, battery, CPU, and RAM information (Figure A).
Installing Cyborg Essentials isn't necessary—you can burn the ISO image onto either a CD/DVD or a USB drive and run the distribution as a live instance. If you opt to install the platform, the process is as simple as any other operating system. Walk through either the graphical or the text-based wizard (answering a few standard questions), and reboot when prompted.
The only oddity during the installation—and one that leads you to realize Cyborg Essentials was meant to be run as a live platform—is that you are not prompted to create a root password or a user. So, when you are prompted for login credentials, you might immediately feel lost. Fear not, the default login credentials are:
- Username: root
- Password: toor
After you log in, you're ready to start testing.
SEE: Penetration Testing and Scanning Policy (Tech Pro Research)
Click the Cyborg Essentials Menu (upper left corner of the desktop). In that menu you'll find a number of submenus; the two menus that will be of primary interest are Cyborg and Cyborg Services. The Cyborg menu contains all of the tools you'll use for penetration testing (Figure B).
The Cyborg Services menu allows you to stop and start a number of services, including Apache, Anonymous Mode, PostgreSQL, Metasploit, Network, SSH, and Tor. Out of the box, all of those services are stopped; if you need to use any of them, you'll have to go into the Services menu and start the service.
Beyond those two menus, you'll find a fairly straightforward Debian desktop menu. You won't find the standard desktop Linux tools (no office suite, email client, etc.), but that should not be a surprise considering this Linux distribution is all about testing and not productivity.
Penetration testing distributions come with a massive number of tools, some of which are not user friendly. In fact, the majority of the testing tools will require you to take the time to learn their ins and outs.
Most likely you will only use a very small percentage of the included software. I suggest going through the menus, noting the tools you need, and then either reading the man pages for the tools (some of them are command line only) or doing a bit of research about the tool. Although some of the included utilities can be figured out on the spot, others are more complicated.
Cyborg Essentials offers tutorials of the more popular tools that are included with the platform. I highly recommend going through the tutorials to get up to speed on the tools.
Also, some of the tools are the free versions, and they may not include all of the features available with that tool. For example, with the free edition of Burp Suite, you miss out on the Scanner tool, which allows you to scan for numerous types of vulnerabilities and offers real-time feedback. To purchase the Professional edition of Burp Suite, you'll be dropping $349.00 per user/year. Not every tool requires a purchase to achieve the full suite of tools; in fact, most don't.
You'd be hard-pressed to find a more complete penetration testing platform than Cyborg Essentials. It's an easy to use platform that contains seriously complex and complete tools that will help you discover vulnerabilities on your network and systems. The last thing you want to do is depend upon security tools that don't get the job done.
- 6 ways to secure air-gapped computers from data breaches (TechRepublic)
- Don't let a penetration test land you in legal hot water (TechRepublic)
- Determining whether penetration testing is effective (TechRepublic)
- How often should you conduct penetration testing? (ZDNet)
- 10 things you need to know before hiring penetration testers (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.