I've been looking a bit more at what would be needed for creating a
'in-line' pentest Linux distro aimed at small network appliances.
I've put together a webpage on the subject, and a list of software
packages that will need to be included in the system.
The current setup is build around 4 concepts.
1) The yet to implement man in the midle framework, combining different
MITM techniques behind a generic API. The basic design of LIPAX will
be thus that at startup, all trafic from all interfaces will always
traverse the MITM framework. The user can build software that uses
the MITM framework API.
2) The MITM framework will communicate with basic servers, on localhost
allowing specific services to be diverted to these servers, while all
other trafic is bridged transparently, or is made subject to configured
MITM services.
3) A user can choose to take the system out of MITM mode, and configure
the system using information gathered during MITM mode.
After doing this, the user could run basic network analysis tools.
The tools available ar chosen thus, that as litle as possible
functionality is doubled, no 'hurt them BAD' kind of tools are
included, and the distribution does not become just a bunch of
freshmeat search results packed together into a 'big set of tools'.
4) The system should provide a complete development enviroment, as
standard tools will scarsely be sufficient to complete a security
audit, the system comes with a full development kit and networking
libraries for C,C++,perl. The basic philosophy behind lipax is
that we provide a limited set of tools for the basic stuff, and
an extended set of libraries, frameworks and perl modules that
could combine to tailor the distribution to provide exactly that
functionality that you require.
I've put a page on LIPAX at:
http://www.xs4all.nl/~rmeijer/inline.html
The list of software I would like to put on it is at:
http://www.xs4all.nl/~rmeijer/pkg.txt
Just to make things clear, the MITM framework DOES NOT YET EXCIST,
and I will not get started on it before I have the tracs project TRACS up
and running.
I am just looking for input with respect to the required software.
The target for this linux distribution will be the pcengines wrap systems
at first, followed by soekris and mycable appliances, and the
target media will be (the fast version of) the 1024MB CF cards, keeping
aprox 300 or 400 MB free for user data and tools. I'll be using XFS
filesystems to compensate both for both the limited speed of CF storage,
and the fact that the running system will get unplugged all the time.
Please let me know what you think of where I am heading with this,
I know that for myself, this concept would make for the ultimate
inline pentesting tool that meets all 'my' needs, but a wider audience
than just me, myself and I would be the main goal of making it into
a distribution. I am esspecialy interested in what you all think about the
4 concept that I would like to build this distribution on, and the
current content of pkg.txt describing what software should be included in
the distribution,
