Samurai Web Testing Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.


xCAT is DataCenter Control. It allows you to: •Provision Operating Systems on physical or virtual machines: SLES10 SP2 & higher, SLES 11 (incl. SP1), RHEL5.x, RHEL 6, CentOS4.x, CentOS5.x, SL 5.5, Fedora 8-14, AIX 6.1, 7.1 (all available Technology Levels), Windows 2008, Windows 7, VMWare, KVM, PowerVM, zVM.

•Scripted install, Stateless, Statelite, iSCSI, or Cloning

•Remotely Manage Sytems: Integrated Lights-out management, remote console, and distributed shell support
•Quickly set up and control Management node services: DNS, HTTP, DHCP, TFTP
xCAT offers complete and ideal management for HPC clusters, RenderFarms, Grids, WebFarms, Online Gaming Infrastructure, Clouds, Datacenters, and whatever tomorrow's buzzwords may be. It is agile, extendable, and based on years of system administration best practices and experience.


WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.


OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is a forked version of nessus. It can be a stand alone package, or an operating system.


Wine lets you run Windows software on other operating systems. With Wine, you can install and run these applications just like you would in Windows.

Wine is still under active development. Not every program works yet, however there are already several million people using Wine to run their software

Download page includes WINE for many popular Distributions of linux.

Returnil Virtual System 2010

Returnil Virtual System 2010 is similar to Faronics-Deepfreeze, with a few differences. it can be turned on and off like you would turn a light on and off, a simple press of a button. It is your standard Virtualization software coupled with an antivirus that helps protect your computer from permanent damage. It, like Deepfreeze has the capability of mounting a virtual disk for static data storage. And all the settings can be password protected so that you can edit them without having to be signed in to any special account.

Sun VirtualBox

VirtualBox is a general purpose full virtualizer for x86 hardware. VirtualBox was developed by Sun Microsystems Inc and is distributed free of charge.

VirtualBox will basically run any operating system. The source code as well as the SDK (Software Developer Kit) has been made available for public download on the VirtualBox web site. Compiled binaries for common operating systems such as Windows, Solaris, OS X, and Linux have also been made available for download on the VirtualBox site.


VMware is a virtual machine software suite for x86 and x86-64 computers.
"It allows you to boot another OS inside of your existing OS."
An example is you could theoretically create an entire virtual environment just for pentesting, application testing, anything you want.

Syndicate content