Difference between revisions of "BlackArch"

From ArchWiki
Jump to: navigation, search
m (EvanTeitelman moved page ArchTrack to BlackArch: I was the previous maintainer of ArchTrack. We have merged with another project and chose to use their name (BlackArch).)
(Change `ArchTrack` to `BlackArch`.)
Line 1: Line 1:
 
[[Category:Security]]
 
[[Category:Security]]
ArchTrack is an unofficial project that aims to enable both security professionals and newcomers to learn and use security and hacking tools within Arch Linux.
+
BlackArch is an unofficial project that aims to enable both security professionals and newcomers to learn and use security and hacking tools within Arch Linux.
  
 
==Inspiration==
 
==Inspiration==
Line 11: Line 11:
 
* Include both the latest stable and development versions of tools, in line with Arch Linux's status as a "rolling-release cutting-edge distribution" ([[FAQ#Q.29_Why_is_there_only_a_single_version_of_each_shared_library_in_the_official_repositories.3F|ref]])
 
* Include both the latest stable and development versions of tools, in line with Arch Linux's status as a "rolling-release cutting-edge distribution" ([[FAQ#Q.29_Why_is_there_only_a_single_version_of_each_shared_library_in_the_official_repositories.3F|ref]])
 
* Be a community effort
 
* Be a community effort
* We DO NOT support the use of ArchTrack (or any tool) in an illegal or unethical way
+
* We DO NOT support the use of BlackArch (or any tool) in an illegal or unethical way
 
* We DO suggest that you exercise your responsibility to abide by all applicable laws, regulations, rules and guidelines
 
* We DO suggest that you exercise your responsibility to abide by all applicable laws, regulations, rules and guidelines
 
* Don't just be a penetration testing distribution. Include tools from other major roles in cybersecurity such as network security monitoring, forensics, etc.
 
* Don't just be a penetration testing distribution. Include tools from other major roles in cybersecurity such as network security monitoring, forensics, etc.
Line 47: Line 47:
  
 
* Utilize existing (or make new) AUR packages for every tool available in BackTrack plus any other tools that should be included
 
* Utilize existing (or make new) AUR packages for every tool available in BackTrack plus any other tools that should be included
* Create ArchTrack packages and submit to AUR
+
* Create BlackArch packages and submit to AUR
 
** {{aur|archtrack}}
 
** {{aur|archtrack}}
** Add various other ArchTrack packages that properly sub-categorize packages by various criteria. For example, one wants to install all command line and web tools, but no gui tools.
+
** Add various other BlackArch packages that properly sub-categorize packages by various criteria. For example, one wants to install all command line and web tools, but no gui tools.
 
*** Another idea is to sub-categorize by ''role'': pentesting vs vulnerability assessment vs network security monitoring. Although there may be overlap between roles, there may be some value in enabling a "specialist" versions optimized for a particular use. If you disagree with this, you can just ignore these and not worry about it.
 
*** Another idea is to sub-categorize by ''role'': pentesting vs vulnerability assessment vs network security monitoring. Although there may be overlap between roles, there may be some value in enabling a "specialist" versions optimized for a particular use. If you disagree with this, you can just ignore these and not worry about it.
* Provide a pacman repository for all packages included in ArchTrack
+
* Provide a pacman repository for all packages included in BlackArch
* Provide a functionality like [[ABS]] for all packages included in ArchTrack
+
* Provide a functionality like [[ABS]] for all packages included in BlackArch
 
* Produce live media (iso/livecd/liveusb via archiso, larch, or something else?)
 
* Produce live media (iso/livecd/liveusb via archiso, larch, or something else?)
 
* Create & manage marketing materials, logo, themes, wiki pages...
 
* Create & manage marketing materials, logo, themes, wiki pages...
** I'm not really a graphic designer, but if I have my way... any ArchTrack logo should definitely not be a simple combination of the official Arch Linux logo and the official BackTrack logo.  Since ArchTrack ''is'' Arch Linux, an ArchTrack logo should include or build upon the Arch Linux logo.
+
** I'm not really a graphic designer, but if I have my way... any BlackArch logo should definitely not be a simple combination of the official Arch Linux logo and the official BackTrack logo.  Since BlackArch ''is'' Arch Linux, an BlackArch logo should include or build upon the Arch Linux logo.
*** Version 0.1: On second thought, there's no reason to have a logo that directly builds on the Arch Linux logo, even though we share a certain philosophy.  The ArchTrack project is different and distinct.  This is an original abstract design.  It's simple and clean, and shouldn't conflict with any other logos.
+
*** Version 0.1: On second thought, there's no reason to have a logo that directly builds on the Arch Linux logo, even though we share a certain philosophy.  The BlackArch project is different and distinct.  This is an original abstract design.  It's simple and clean, and shouldn't conflict with any other logos.
 
**** Can't upload and embed it on this page, but you can see it as the icon on our Twitter account ([http://twitter.com/archtrack @archtrack]) or directly [http://a0.twimg.com/profile_images/1130023804/archtrack-med2.png here].
 
**** Can't upload and embed it on this page, but you can see it as the icon on our Twitter account ([http://twitter.com/archtrack @archtrack]) or directly [http://a0.twimg.com/profile_images/1130023804/archtrack-med2.png here].
 
**** As ASCII Art
 
**** As ASCII Art
Line 75: Line 75:
 
**** Add color-coded status column
 
**** Add color-coded status column
 
** Properly acquire administrative control of freenode irc channel #archtrack
 
** Properly acquire administrative control of freenode irc channel #archtrack
** Register @ArchTrack twitter account and set up automatic announcements of various events (releases, wiki page edits, commits to the github repo...)
+
** Register @BlackArch twitter account and set up automatic announcements of various events (releases, wiki page edits, commits to the github repo...)
 
* Translations?
 
* Translations?
 
* Supporting custom tools or scripts?
 
* Supporting custom tools or scripts?
Line 86: Line 86:
 
If you like this idea and want to help, please dive in.  The first milestone is probably the most difficult and will take the longest to accomplish.  Accordingly, it is the area of greatest need.  There is no official record of "project membership" or "project leaders", just what people contribute.  If you feel so moved please investigate how to use the [[AUR]] and develop packages for it, then pick a tool off the list and get to work.
 
If you like this idea and want to help, please dive in.  The first milestone is probably the most difficult and will take the longest to accomplish.  Accordingly, it is the area of greatest need.  There is no official record of "project membership" or "project leaders", just what people contribute.  If you feel so moved please investigate how to use the [[AUR]] and develop packages for it, then pick a tool off the list and get to work.
  
Please do not feel restricted to selecting a tool off our list.  Many things exist that we just do not know about, although I hope that if it were popular/good my attentive scouring should have found it.  We need your eyeballs to help find the tools that ArchTrack should contain (or at least be aware of) ;-) In which case, it'd help if you make a PKGBUILD for it and submit it to the AUR.
+
Please do not feel restricted to selecting a tool off our list.  Many things exist that we just do not know about, although I hope that if it were popular/good my attentive scouring should have found it.  We need your eyeballs to help find the tools that BlackArch should contain (or at least be aware of) ;-) In which case, it'd help if you make a PKGBUILD for it and submit it to the AUR.
  
 
Finally, if you want to make sure that we know that your AUR package exists, please send a quick email to {{Ic|ryooichi[PLUS]archtrack[AT]gmail[DOT]com}} with the name of the tool, which categories it should be in, and the AUR id of your package.
 
Finally, if you want to make sure that we know that your AUR package exists, please send a quick email to {{Ic|ryooichi[PLUS]archtrack[AT]gmail[DOT]com}} with the name of the tool, which categories it should be in, and the AUR id of your package.
Line 101: Line 101:
  
 
Here is a summary of the best places to learn more, communicate, and get involved:
 
Here is a summary of the best places to learn more, communicate, and get involved:
* [[ArchTrack|Wiki Page]]: Central point
+
* [[BlackArch|Wiki Page]]: Central point
* [http://twitter.com/archtrack @ArchTrack] on Twitter: Announcements
+
* [http://twitter.com/archtrack @BlackArch] on Twitter: Announcements
 
** If you're on Twitter, you can follow us to show support, ask questions and get automatic updates from this wiki page, the talk page, github and sourceforge!
 
** If you're on Twitter, you can follow us to show support, ask questions and get automatic updates from this wiki page, the talk page, github and sourceforge!
 
** Alternatively you can use our [http://twitter.com/statuses/user_timeline/179938244.rss Twitter RSS feed] to acheive the same aggregation without joining Twitter.
 
** Alternatively you can use our [http://twitter.com/statuses/user_timeline/179938244.rss Twitter RSS feed] to acheive the same aggregation without joining Twitter.
 
* IRC: #archtrack on Freenode (unofficially?): Support
 
* IRC: #archtrack on Freenode (unofficially?): Support
* [[Talk:ArchTrack|Talk Page]]: Background discussion
+
* [[Talk:BlackArch|Talk Page]]: Background discussion
* [http://sf.net/p/archtrack ArchTrack project at SourceForge]: Project page
+
* [http://sf.net/p/archtrack BlackArch project at SourceForge]: Project page
* [https://github.com/ryooichi/ArchTrack Ryooichi's ArchTrack project at GitHub]: Development
+
* [https://github.com/ryooichi/BlackArch Ryooichi's BlackArch project at GitHub]: Development
 
* [https://aur.archlinux.org AUR]: Please make comments about the packages on their respective AUR page: {{aur|archtrack}}
 
* [https://aur.archlinux.org AUR]: Please make comments about the packages on their respective AUR page: {{aur|archtrack}}
 
** The "0.x" versions should tip you off to the fact that these are to be considered VERY EXPERIMENTAL!
 
** The "0.x" versions should tip you off to the fact that these are to be considered VERY EXPERIMENTAL!
Line 117: Line 117:
  
 
=== Other ===
 
=== Other ===
* [http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5772.msg30537/topicseen,1/ The Ethical Hacker Network - ArchTrack]
+
* [http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5772.msg30537/topicseen,1/ The Ethical Hacker Network - BlackArch]
  
 
=== Historical ===
 
=== Historical ===

Revision as of 00:01, 19 August 2013

BlackArch is an unofficial project that aims to enable both security professionals and newcomers to learn and use security and hacking tools within Arch Linux.

Inspiration

How can one not be inspired by the great work of BackTrack Linux and many other security-oriented distributions and tools? Thanks to open community, we intend to learn from what others have already accomplished and given back to the community at large. We will apply their lessons in the adoption of their examples and tools to Arch Linux.

Ideals

  • Follow Arch Linux ethos: Arch Linux, The Arch Way...
  • Include both the latest stable and development versions of tools, in line with Arch Linux's status as a "rolling-release cutting-edge distribution" (ref)
  • Be a community effort
  • We DO NOT support the use of BlackArch (or any tool) in an illegal or unethical way
  • We DO suggest that you exercise your responsibility to abide by all applicable laws, regulations, rules and guidelines
  • Don't just be a penetration testing distribution. Include tools from other major roles in cybersecurity such as network security monitoring, forensics, etc.

Required Reading

Quotes

  • A determined soul will do more with a rusty monkey wrench than a loafer will accomplish with all the tools in a machine shop. -- Robert Hughes

Rules

  • Once it's out, it's out.
  • Trust no one.
  • Trust but verify.
  • Don't trust, and verify. (ref)
  • Nothing is 100% secure.
  • Everything has weaknesses.
  • Physical access = game over
  • Rational paranoia is healthy, irrational paranoia is unhealthy, stupid and worthless.
  • There is no magic silver bullet solution.
  • Security is a process.
  • It's not about the number of tools, vulnerabilities, open ports, checkboxes; it is about the value, impact, result, outcomes...
  • Don't ask questions you do not want to hear the answer to.
  • The only stupid questions are the ones that start with "This might be a stupid question...".
  • Search and you will find either the answer or the right people to ask.

Milestones

  • Utilize existing (or make new) AUR packages for every tool available in BackTrack plus any other tools that should be included
  • Create BlackArch packages and submit to AUR
    • archtrackAUR
    • Add various other BlackArch packages that properly sub-categorize packages by various criteria. For example, one wants to install all command line and web tools, but no gui tools.
      • Another idea is to sub-categorize by role: pentesting vs vulnerability assessment vs network security monitoring. Although there may be overlap between roles, there may be some value in enabling a "specialist" versions optimized for a particular use. If you disagree with this, you can just ignore these and not worry about it.
  • Provide a pacman repository for all packages included in BlackArch
  • Provide a functionality like ABS for all packages included in BlackArch
  • Produce live media (iso/livecd/liveusb via archiso, larch, or something else?)
  • Create & manage marketing materials, logo, themes, wiki pages...
    • I'm not really a graphic designer, but if I have my way... any BlackArch logo should definitely not be a simple combination of the official Arch Linux logo and the official BackTrack logo. Since BlackArch is Arch Linux, an BlackArch logo should include or build upon the Arch Linux logo.
      • Version 0.1: On second thought, there's no reason to have a logo that directly builds on the Arch Linux logo, even though we share a certain philosophy. The BlackArch project is different and distinct. This is an original abstract design. It's simple and clean, and shouldn't conflict with any other logos.
        • Can't upload and embed it on this page, but you can see it as the icon on our Twitter account (@archtrack) or directly here.
        • As ASCII Art
  |      |
__|_|  |_|__
  | |\/| |
  |      |
    • Wiki page
      • Continue modularization
      • Use templates to allow for easy transclusion of a tool to appear in multiple functional areas
      • Improve the organization and categorization of the tools tables
        • Add color-coded status column
    • Properly acquire administrative control of freenode irc channel #archtrack
    • Register @BlackArch twitter account and set up automatic announcements of various events (releases, wiki page edits, commits to the github repo...)
  • Translations?
  • Supporting custom tools or scripts?
    • Single command to update everything
    • Menus
    • Online documentation

Participation

If you like this idea and want to help, please dive in. The first milestone is probably the most difficult and will take the longest to accomplish. Accordingly, it is the area of greatest need. There is no official record of "project membership" or "project leaders", just what people contribute. If you feel so moved please investigate how to use the AUR and develop packages for it, then pick a tool off the list and get to work.

Please do not feel restricted to selecting a tool off our list. Many things exist that we just do not know about, although I hope that if it were popular/good my attentive scouring should have found it. We need your eyeballs to help find the tools that BlackArch should contain (or at least be aware of) ;-) In which case, it'd help if you make a PKGBUILD for it and submit it to the AUR.

Finally, if you want to make sure that we know that your AUR package exists, please send a quick email to ryooichi[PLUS]archtrack[AT]gmail[DOT]com with the name of the tool, which categories it should be in, and the AUR id of your package.

If you have some other contribution (such as logo work, etc) and aren't interested in becoming an AUR package maintainer, I'd recommend that you learn how to do it and/or find someone to help you. I'll restate that this is a community effort and this community needs people who are willing to choose a cause and run with it, not people that require lots of hand-holding and babysitting. Failing that, you could email it to ryooichi[PLUS]archtrack[AT]gmail[DOT]com and I'll incorporate it when possible.

Forms

These are beta. Try them out and send us any feedback. We'll see how they work.

Contact Information

Here is a summary of the best places to learn more, communicate, and get involved:

  • Wiki Page: Central point
  • @BlackArch on Twitter: Announcements
    • If you're on Twitter, you can follow us to show support, ask questions and get automatic updates from this wiki page, the talk page, github and sourceforge!
    • Alternatively you can use our Twitter RSS feed to acheive the same aggregation without joining Twitter.
  • IRC: #archtrack on Freenode (unofficially?): Support
  • Talk Page: Background discussion
  • BlackArch project at SourceForge: Project page
  • Ryooichi's BlackArch project at GitHub: Development
  • AUR: Please make comments about the packages on their respective AUR page: archtrackAUR
    • The "0.x" versions should tip you off to the fact that these are to be considered VERY EXPERIMENTAL!
  • Forums
  • Email
    • ryooichi[PLUS]archtrack[AT]gmail[DOT]com

Other

Historical

Links