This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Live CD Project"

From OWASP
Jump to: navigation, search
(Download)
(Added a note on the OWASP Live CD page letting people know about the new OWASP WTE name)
 
(67 intermediate revisions by 7 users not shown)
Line 1: Line 1:
== Overview ==
+
[[Category:OWASP Project|Live CD Project]]
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.
+
[[Category:OWASP Tool]]
 +
[[Category:OWASP Download]]
 +
[[Category:OWASP Release Quality Tool]]
 +
[[Category:OWASP Live CD Project]]
 +
==== NOTE ====
 +
 
 +
This page is being kept for historical and reference purposes. <br />This project has been renamed the OWASP WTE project which can be found [https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project here].
 +
 
 +
 
 +
= Overview =
 +
 
 +
[[Image:cdCoverLiveCDView.png|frame|Live CD Cover]]
  
== BETA Release of OWASP LiveCD ready for testing ==
+
The OWASP Live CD project was originally started to update the previous [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2007_Project OWASP Live CD 2007]. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made the following releases:
  
OWASP LiveCD is ready to download. This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security. The CD contains the WebGoat application designed for learning about application vulnerabilities utilizing easy to follow lessons.( Version 5 will be included this month)
+
* the Portugal release (Dec 12, 2008)   
+
* the AustinTerrier release (Feb 10, 2009)
==== Details ====
+
* the AppSec EU release (May, 2009)
I finally got back from holidays and spent the weekend to finish up the BETA version of the CD. It's quite large right now weighing in at 802mb so it's just big enough to use a DVD and not a CD. This will be much smaller once the first round of testing has been completed. The current release v08 seems to be fairly stable and works on most platforms I have tested on. When the CD boots up you will notice that all the OWASP tools and docs have icons on the desktop and can also be found in the programs menu. What I tried to do was follow the current OWASP  naming convention -Releases,Beta, and Alpha.This keeps everything organized and also helps adding new tools and documents.
 
 
==== Issues ====
 
The CD is stable but I'm having problems starting WebGoat v4 again for some reason. I had this working on several test builds- However, when I burned the final Beta version it stopped for some reason. ( I may have corrupted a permission or something when I was chrooted back into the filesystem.)
 
  
==== What's Next?====
+
In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.
I have not added tools yet other than OWASP docs and tools. Once the OWASP material is added and verified the specialty tools such as VOIP, RFID, and Wireless will be added.
 
 
==== BETA TESTERS====
 
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is [email protected]  . I can also be contacted directly - [email protected]
 
 
==== Download====
 
The distro can be downloaded from the PacketFocus website (http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)
 
 
 
This project was sponsored by OWASP Autumn of Code 2006.
 
  
== Download ==
+
Several mini-releases have sprung from this project.  Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC.  These are either downloadable files or instructions on how to create the alternate delivery mechanisms.
  
The BETA version v.10 is now available to download. It can be found on the PacketFocus website http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
 
The current version is about 800mb and contains 100's of linux applications. Most of these unneeded software will be removed from the next release to minimize .iso size.
 
  
== Features ==
 
LabRat v.08 *Current Beta Download
 
  
LiveCD Based on Morphix (www.morphix.org)
+
For historical purposes, the original application for the SoC is available [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project here] for the curious.
Runs completely in Memory
 
  
 +
'''[http://appseclive.org/content/ScreenShots Screenshots] of the current release!'''
  
Tools:
+
The most recent presentation on the OWASP Live CD from AppSec EU 2009: ([http://www.owasp.org/images/4/46/AppSecEU09_OWASP_Live_CD-mtesauro.ppt PPT])
WebGoat v4
 
WebScarab
 
Paros
 
JBroFuZZ
 
Cal9000
 
Nmap
 
TcpDump
 
WireShark
 
  
Docs:
+
= Project Goals =
OWASP Guide 2.0
 
OWASP Testing Guide
 
  
== Future Development ==
+
The overarching goal for this project is to make application security tools and documentation easily available.  I see this as a great complement to OWASP's goal to make application security visible.
  
== News ==
+
The project has several other goals going forward:
 +
# Provide a showcase for great OWASP tools and documentation
 +
# Provide the best, freely distributable application security tools in an easy to use package
 +
# Ensure that the tools provided are as easy to use as possible. 
 +
# Continue to add documentation and tools to the OWASP Live CD
 +
# Continue to document how to use the tools and how the tool modules where created.
 +
# Align the tools provided with the [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]
  
 +
There were also some design goals, particularly, this should be a live CD which is
 +
* easy for the users to keep updated
 +
* easy for the project lead to keep updated
 +
* easy to produce releases (I'm thinking quarterly releases going forward)
 +
* focused on just web application testing - not general Pen Testing. 
  
'''OWASP Live CD BETA ready for Download! - 10:00, 16 Jan 2007 (EDT)'''
+
(For general Pen Testing, the gold standard is [http://www.remote-exploit.org/backtrack.html Backtrack].)
  
The BETA version of the CD is now available for testing. The download can be found here: Http://www.packetfocus.com/hackos
+
[http://mtesauro.com/livecd/index.php?title=Original_SoC_Goals Original SoC Goals] are still available for the curious.
The latest version is v0.8 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to livecd@packetfocus.com. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.  
 
 
  
'''OWASP Live CD Project Created! - 10:00, 1 October 2006 (EDT)'''
+
= Main Links =
  
The Open Web Application Security Project is proud to announce the OWASP Live CD Project!
+
These are links to mostly off-site information while the project migrates to this page:<br />
 +
<br />
 +
<b>[http://appseclive.org/downloads/ Download Site]</b><br />
  
== Feedback and Participation: ==
 
  
We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org.  To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]
+
The following general documentation exists:<br />
 +
*[http://appseclive.org/content/making-owasp-live-cd-using-slax how I created the live CD]
 +
*[http://appseclive.org/content/owasp-live-cd-tutorials Using the Live CD / Tutorials(work in progress)]
 +
*[http://appseclive.org/forum Forums for support and feature/tool requests]
  
'''Graphics for Labrat ( Live Linux Distro )'''<br>
+
<!-- ==== Project Identification 1.0 ====
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
+
{{:Project Identification:template Live CD 2008 Project}} />-->
This would be a great project for University or even High School students to participate in the security community.
 
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....
 
  
== Project Contributors ==
+
<!-- ==== Project Identification 2.0 - work in progress - 1====
 +
{{Template:OWASP Live CD info}} />-->
  
== Project Sponsor ==
+
<!-- ==== Project Identification 2.0 - work in progress - 2====
 +
{{Key Project Information 2.0 - OWASP Live CD}} />-->
  
Live CD sponsors:
+
<!-- ==== Project Identification ====
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
+
{{Template:OWASP Live CD Project}} />-->
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]
 
  
[[Category:OWASP Project]]
+
==== Project Details ====
[[Category:OWASP Tool]]
+
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Identification Tab}}
[[Category:OWASP Download]]
+
 
 +
 
 +
__NOTOC__
 +
<headertabs/>

Latest revision as of 02:00, 25 May 2014

NOTE

This page is being kept for historical and reference purposes.  
This project has been renamed the OWASP WTE project which can be found here.


Live CD Cover

The OWASP Live CD project was originally started to update the previous OWASP Live CD 2007. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made the following releases:

  • the Portugal release (Dec 12, 2008)
  • the AustinTerrier release (Feb 10, 2009)
  • the AppSec EU release (May, 2009)

In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.

Several mini-releases have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.


For historical purposes, the original application for the SoC is available here for the curious.

Screenshots of the current release!

The most recent presentation on the OWASP Live CD from AppSec EU 2009: (PPT)

The overarching goal for this project is to make application security tools and documentation easily available. I see this as a great complement to OWASP's goal to make application security visible.

The project has several other goals going forward:

  1. Provide a showcase for great OWASP tools and documentation
  2. Provide the best, freely distributable application security tools in an easy to use package
  3. Ensure that the tools provided are as easy to use as possible.
  4. Continue to add documentation and tools to the OWASP Live CD
  5. Continue to document how to use the tools and how the tool modules where created.
  6. Align the tools provided with the OWASP Testing Guide

There were also some design goals, particularly, this should be a live CD which is

  • easy for the users to keep updated
  • easy for the project lead to keep updated
  • easy to produce releases (I'm thinking quarterly releases going forward)
  • focused on just web application testing - not general Pen Testing.

(For general Pen Testing, the gold standard is Backtrack.)

Original SoC Goals are still available for the curious.

Subcategories

This category has only the following subcategory.

O

Pages in category "OWASP Live CD Project"

The following 2 pages are in this category, out of 2 total.