On Thursday, November 26, 2015, Chris Smith <[email protected]> wrote:
> On Thu, Nov 26, 2015, at 10:23 PM, Mohammad BadieZadegan wrote: > > Hi every OpenBSD user, > > I have OpenBSD on my Notebook since 2 years ago and I don't want to > > switch > > other OS for my business pentest project. > > I need some pentest tools for my project like metasploit, fuzzers, ..etc > > but I could not find them on OpenBSD package list > > <http://ftp.openbsd.org/pub/OpenBSD/5.8/packages/i386/>! > > By default does OpenBSD support metasploit installing (or any attack > > tools) > > or defer them for security purpose? > > I want to have one OS on my note book for all purpose(business+home). > > Is that I must switch to other OS? (That I don't like at all!) > > Regards. > > > > -- > > [image: ( openbsd.pro ---- 933k.ir )] <http://openbsd.pro> > > > > To be honest, some security tools can be so poorly written, or perform > unusual or dangerous operations in their daily usages, that they present > a difficult challenge to properly secure and port to other OS's. You > don't really want them on your "main" system. > > As a pentester myself, I usually end up with some very basic tools on my > host system (e.g. nmap, nc, hping etc...) and segregating all of the > other rubbish into a kali or debian virtual machine, which can then be > wiped or rolled back between jobs to ensure both system integrity, and > that jobs do not cross-pollinate data between them. > > In my opinion, the best way to advance OpenBSD's use in this area is to > support, test and develop its virtualisation capabilities. > > > I want to have one OS on my note book for all purpose(business+home) > > If you're doing this professionally, I really do not recommend this > without proper segregation. Especially if you're handling your customers > sensitive data or functionality (e.g. network connectivity). > > Cheers, > Chris. > > I do much the same, with two VMs, though. I use the OpenBSD VM for on-the-spot development more than general use. The other thing I've found OpenBSD great for as a pentester is quickly putting together small networks of virtual machines for either testing things or for one-off demonstrations. -- J. Stuart McMurray
