Re: OpenBSD as a pentester PC?

2015-11-27 Thread Mohammad BadieZadegan 
Thanks so much Bryan,
Maybe the important tools for every pentesters are:

1. Metasploit
2. Fuzzers (ex. Spike, Sulley,..)

You can download Spike fuzzer source at
https://www.immunitysec.com/downloads/SPIKE2.9.tgz
Thanks alot, Regards.

On Thu, Nov 26, 2015 at 4:04 PM, Bryan Everly 
wrote:

> I have been slowly trying to add such tools to the ports tree. If you
> can give me a list of the ones you are interested in from most
> important to least I will see what I can do.
>
> Thanks,
> Bryan
>
> > On Nov 26, 2015, at 4:50 AM, Mohammad BadieZadegan 
> wrote:
> >
> > Hi every OpenBSD user,
> > I have OpenBSD on my Notebook since 2 years ago and I don't want to
> switch
> > other OS for my business pentest project.
> > I need some pentest tools for my project like metasploit, fuzzers, ..etc
> > but I could not find them on OpenBSD package list
> > !
> > By default does OpenBSD support metasploit installing (or any attack
> tools)
> > or defer them for security purpose?
> > I want to have one OS on my note book for all purpose(business+home).
> > Is that I must switch to other OS? (That I don't like at all!)
> > Regards.
> >
> > --
> > [image: ( openbsd.pro  933k.ir )] 
> >
>



-- 
[image: ( openbsd.pro  933k.ir )]

Re: OpenBSD as a pentester PC?

2015-11-26 Thread Chris Smith 
On Thu, Nov 26, 2015, at 10:23 PM, Mohammad BadieZadegan wrote:
> Hi every OpenBSD user,
> I have OpenBSD on my Notebook since 2 years ago and I don't want to
> switch
> other OS for my business pentest project.
> I need some pentest tools for my project like metasploit, fuzzers, ..etc
> but I could not find them on OpenBSD package list
> !
> By default does OpenBSD support metasploit installing (or any attack
> tools)
> or defer them for security purpose?
> I want to have one OS on my note book for all purpose(business+home).
> Is that I must switch to other OS? (That I don't like at all!)
> Regards.
> 
> -- 
> [image: ( openbsd.pro  933k.ir )] 
> 

To be honest, some security tools can be so poorly written, or perform
unusual or dangerous operations in their daily usages, that they present
a difficult challenge to properly secure and port to other OS's. You
don't really want them on your "main" system.

As a pentester myself, I usually end up with some very basic tools on my
host system (e.g. nmap, nc, hping etc...) and segregating all of the
other rubbish into a kali or debian virtual machine, which can then be
wiped or rolled back between jobs to ensure both system integrity, and
that jobs do not cross-pollinate data between them.

In my opinion, the best way to advance OpenBSD's use in this area is to
support, test and develop its virtualisation capabilities.

>  I want to have one OS on my note book for all purpose(business+home)

If you're doing this professionally, I really do not recommend this
without proper segregation. Especially if you're handling your customers
sensitive data or functionality (e.g. network connectivity).

Cheers,
Chris.

Re: OpenBSD as a pentester PC?

2015-11-26 Thread Stuart McMurray 
On Thursday, November 26, 2015, Chris Smith  wrote:

> On Thu, Nov 26, 2015, at 10:23 PM, Mohammad BadieZadegan wrote:
> > Hi every OpenBSD user,
> > I have OpenBSD on my Notebook since 2 years ago and I don't want to
> > switch
> > other OS for my business pentest project.
> > I need some pentest tools for my project like metasploit, fuzzers, ..etc
> > but I could not find them on OpenBSD package list
> > !
> > By default does OpenBSD support metasploit installing (or any attack
> > tools)
> > or defer them for security purpose?
> > I want to have one OS on my note book for all purpose(business+home).
> > Is that I must switch to other OS? (That I don't like at all!)
> > Regards.
> >
> > --
> > [image: ( openbsd.pro  933k.ir )] 
> >
>
> To be honest, some security tools can be so poorly written, or perform
> unusual or dangerous operations in their daily usages, that they present
> a difficult challenge to properly secure and port to other OS's. You
> don't really want them on your "main" system.
>
> As a pentester myself, I usually end up with some very basic tools on my
> host system (e.g. nmap, nc, hping etc...) and segregating all of the
> other rubbish into a kali or debian virtual machine, which can then be
> wiped or rolled back between jobs to ensure both system integrity, and
> that jobs do not cross-pollinate data between them.
>
> In my opinion, the best way to advance OpenBSD's use in this area is to
> support, test and develop its virtualisation capabilities.
>
> >  I want to have one OS on my note book for all purpose(business+home)
>
> If you're doing this professionally, I really do not recommend this
> without proper segregation. Especially if you're handling your customers
> sensitive data or functionality (e.g. network connectivity).
>
> Cheers,
> Chris.
>
>
I do much the same, with two VMs, though.  I use the OpenBSD VM for
on-the-spot development more than general use.

The other thing I've found OpenBSD great for as a pentester is quickly
putting together small networks of virtual machines for either testing
things or for one-off demonstrations.


-- 
J. Stuart McMurray

OpenBSD as a pentester PC?

2015-11-26 Thread Mohammad BadieZadegan 
Hi every OpenBSD user,
I have OpenBSD on my Notebook since 2 years ago and I don't want to switch
other OS for my business pentest project.
I need some pentest tools for my project like metasploit, fuzzers, ..etc
but I could not find them on OpenBSD package list
!
By default does OpenBSD support metasploit installing (or any attack tools)
or defer them for security purpose?
I want to have one OS on my note book for all purpose(business+home).
Is that I must switch to other OS? (That I don't like at all!)
Regards.

-- 
[image: ( openbsd.pro  933k.ir )]

Re: OpenBSD as a pentester PC?

2015-11-26 Thread Jiri B 
On Thu, Nov 26, 2015 at 12:53:47PM +0330, Mohammad BadieZadegan wrote:
> Hi every OpenBSD user,
> I have OpenBSD on my Notebook since 2 years ago and I don't want to switch
> other OS for my business pentest project.
> I need some pentest tools for my project like metasploit, fuzzers, ..etc
> but I could not find them on OpenBSD package list
> !
> By default does OpenBSD support metasploit installing (or any attack tools)
> or defer them for security purpose?
> I want to have one OS on my note book for all purpose(business+home).
> Is that I must switch to other OS? (That I don't like at all!)
> Regards.

Hi,

see http://www.openbsd.org/faq/ports/index.html

We would be happy to help you to bring more such tools to OpenBSD
ports.

Also check this one https://github.com/jasperla/openbsd-wip, maybe
somebody has started working on some of yours wanted apps.

j.

Re: OpenBSD as a pentester PC?

2015-11-26 Thread Joshua Padman 
Hi,

Its not really set up for this

However, metasploit needs postgres + ruby. Other software is mainly java or
python based..

This would take considerable effort as hackers tend to work towards getting
stuff done rather than neat and nice cross platform compatibility.


On Thu, Nov 26, 2015 at 8:23 PM, Mohammad BadieZadegan 
wrote:

> Hi every OpenBSD user,
> I have OpenBSD on my Notebook since 2 years ago and I don't want to switch
> other OS for my business pentest project.
> I need some pentest tools for my project like metasploit, fuzzers, ..etc
> but I could not find them on OpenBSD package list
> !
> By default does OpenBSD support metasploit installing (or any attack tools)
> or defer them for security purpose?
> I want to have one OS on my note book for all purpose(business+home).
> Is that I must switch to other OS? (That I don't like at all!)
> Regards.
>
> --
> [image: ( openbsd.pro  933k.ir )]

Re: OpenBSD as a pentester PC?

2015-11-26 Thread Bryan Everly 
I have been slowly trying to add such tools to the ports tree. If you
can give me a list of the ones you are interested in from most
important to least I will see what I can do.

Thanks,
Bryan

> On Nov 26, 2015, at 4:50 AM, Mohammad BadieZadegan  
> wrote:
>
> Hi every OpenBSD user,
> I have OpenBSD on my Notebook since 2 years ago and I don't want to switch
> other OS for my business pentest project.
> I need some pentest tools for my project like metasploit, fuzzers, ..etc
> but I could not find them on OpenBSD package list
> !
> By default does OpenBSD support metasploit installing (or any attack tools)
> or defer them for security purpose?
> I want to have one OS on my note book for all purpose(business+home).
> Is that I must switch to other OS? (That I don't like at all!)
> Regards.
>
> --
> [image: ( openbsd.pro  933k.ir )]

Re: OpenBSD as a pentester PC?

2015-11-26 Thread Michael McConville 
Mohammad BadieZadegan wrote:
> I have OpenBSD on my Notebook since 2 years ago and I don't want to
> switch other OS for my business pentest project. I need some pentest
> tools for my project like metasploit, fuzzers, ..etc but I could not
> find them on OpenBSD package list
> ! By default
> does OpenBSD support metasploit installing (or any attack tools) or
> defer them for security purpose? I want to have one OS on my note book
> for all purpose(business+home). Is that I must switch to other OS?
> (That I don't like at all!)

Here's a recent thread on this topic, started by Bryan (who already
replied here):

https://marc.info/?t=143776937300012=1=2