This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Live CD Project"

From OWASP
Jump to: navigation, search
(Version 2.1 Release of OWASP LiveCD ready for testing)
(Added a note on the OWASP Live CD page letting people know about the new OWASP WTE name)
 
(55 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== Overview ==
+
[[Category:OWASP Project|Live CD Project]]
The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.
+
[[Category:OWASP Tool]]
 
+
[[Category:OWASP Download]]
== BETA Release of OWASP LiveCD Version 2.1 ready for testing  ==  
+
[[Category:OWASP Release Quality Tool]]
 +
[[Category:OWASP Live CD Project]]
 +
==== NOTE ====
  
OWASP LiveCD is ready to download. This distro is Beta Version 2.1 named "LabRat" and is part of the OWASP SpoC 007 sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.Another instant advantage is that the CD can be distributed within testing teams and new hires to ensure everyone has the same tools without spending a week setting up a laptop. Same scenario applies for students learning computer security.  
+
This page is being kept for historical and reference purposes. <br />This project has been renamed the OWASP WTE project which can be found [https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project here].
 
====  Details ====
 
V2 of the OWASP liveCD is focused on OWASP tools and Documentation. The menu structure had been built around the three (3) status levels of OWASP projects (Releases, Alpha, and Beta). Each area has been further seperated into Doc and Tools to make updates easier. Wiki pages are now linked for every tool and OWASP document. 
 
  
==== Issues ====
 
At this point (Nov, 9 2007) the OWASP tools and documents are on the CD but they are not all configured at this point.
 
  
The CD doesn't have a lot of other pen-test tools in this version.
+
= Overview =
  
The Boot graphics still need to be changed.
+
[[Image:cdCoverLiveCDView.png|frame|Live CD Cover]]
  
Sounds doesn't work on some systems.
+
The OWASP Live CD project was originally started to update the previous [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2007_Project OWASP Live CD 2007].  The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release.  Since the completion of the SoC, the project has made the following releases:
  
 +
* the Portugal release (Dec 12, 2008) 
 +
* the AustinTerrier release (Feb 10, 2009)
 +
* the AppSec EU release (May, 2009)
  
==== What's Next?====
+
In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.
The first step will be to ensure that all the OWASP tools and documents are present on the CD and working. Once that has been completed- then we will focus on adding traditional pen-test tools. However, the focus of this CD is OWASP resources.
 
 
==== BETA TESTERS====
 
We encourage everyone to download the .ISO and give us feedback on what we can do to make it better. Also, what tools or docs would you like to have on the CD? The URL to the mailing list is [email protected]  . I can also be contacted directly - livecd@packetfocus.com
 
 
==== Download====
 
  
Version 2.1 will be uploaded for testing by Nov 15th 2007. It's currenly working but being tested.
+
Several mini-releases have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.  
  
The distro can be downloaded from the PacketFocus website (http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)
 
  
[http://www.securitydistro.com/index.php?option=com_content&task=view&id=139&Itemid=32 Running An ISO In VMware]
 
  
==== Screenshots ====
+
For historical purposes, the original application for the SoC is available [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Live_CD_2008_Project here] for the curious.
[http://www.securitydistro.com/index.php?option=com_expose&Itemid=41 LabRat 0.1 Screenshots]
 
  
 +
'''[http://appseclive.org/content/ScreenShots Screenshots] of the current release!'''
  
Version 2.1 was sponsored by SpoC 007
+
The most recent presentation on the OWASP Live CD from AppSec EU 2009: ([http://www.owasp.org/images/4/46/AppSecEU09_OWASP_Live_CD-mtesauro.ppt PPT])
Version .008 and .010 were sponsored by OWASP Autumn of Code 2006.
 
  
== Download ==
+
= Project Goals =
  
The BETA version v.10 is now available to download. It can be found on the PacketFocus website http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
+
The overarching goal for this project is to make application security tools and documentation easily available.  I see this as a great complement to OWASP's goal to make application security visible.
The current version is about 800mb and contains 100's of linux applications. Most of these unneeded software will be removed from the next release to minimize .iso size.
 
  
Download via SecurityDistro
+
The project has several other goals going forward:
 +
# Provide a showcase for great OWASP tools and documentation
 +
# Provide the best, freely distributable application security tools in an easy to use package
 +
# Ensure that the tools provided are as easy to use as possible. 
 +
# Continue to add documentation and tools to the OWASP Live CD
 +
# Continue to document how to use the tools and how the tool modules where created.
 +
# Align the tools provided with the [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]
  
http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0008.iso
+
There were also some design goals, particularly, this should be a live CD which is
 +
* easy for the users to keep updated
 +
* easy for the project lead to keep updated
 +
* easy to produce releases (I'm thinking quarterly releases going forward)
 +
* focused on just web application testing - not general Pen Testing.
  
http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0010.iso
+
(For general Pen Testing, the gold standard is [http://www.remote-exploit.org/backtrack.html Backtrack].)
  
== Features ==
+
[http://mtesauro.com/livecd/index.php?title=Original_SoC_Goals Original SoC Goals] are still available for the curious.
LabRat v.08 *Current Beta Download
 
  
LiveCD Based on Morphix (www.morphix.org)
+
= Main Links =
Runs completely in Memory
 
  
 +
These are links to mostly off-site information while the project migrates to this page:<br />
 +
<br />
 +
<b>[http://appseclive.org/downloads/ Download Site]</b><br />
  
Tools:
 
WebGoat v4
 
WebScarab
 
Paros
 
JBroFuZZ
 
Cal9000
 
Nmap
 
TcpDump
 
WireShark
 
  
Docs:
+
The following general documentation exists:<br />
OWASP Guide 2.0
+
*[http://appseclive.org/content/making-owasp-live-cd-using-slax how I created the live CD]
OWASP Testing Guide
+
*[http://appseclive.org/content/owasp-live-cd-tutorials Using the Live CD / Tutorials(work in progress)]
 +
*[http://appseclive.org/forum Forums for support and feature/tool requests]
  
== Future Development ==
+
<!-- ==== Project Identification 1.0 ====
 +
{{:Project Identification:template Live CD 2008 Project}} />-->
  
== News ==
+
<!-- ==== Project Identification 2.0 - work in progress - 1====
 +
{{Template:OWASP Live CD info}} />-->
  
 +
<!-- ==== Project Identification 2.0 - work in progress - 2====
 +
{{Key Project Information 2.0 - OWASP Live CD}} />-->
  
'''OWASP Live CD BETA ready for Download! RC1 - 12:54, 01 Feb 2007 (GMT)'''
+
<!-- ==== Project Identification ====
 +
{{Template:OWASP Live CD Project}} />-->
  
The RC1 version of the CD is now available for testing. The download can be found here: http://www.packetfocus.com/hackos/AOC_Labrat-ALPHA-0010.iso
+
==== Project Details ====
The latest version is v0.10 and is just around 800mb. This version has quite a few OWASP tools and documentation included. Have a look and email your ideas to [email protected]. We also encourage you to join the OWASP LiveCD mailing list to discuss requests for the next version.
+
{{:GPC_Project_Details/OWASP_Live_CD | OWASP Project Identification Tab}}
  
Download via SecurityDistro
 
  
http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0008.iso
+
__NOTOC__
 
+
<headertabs/>
http://downloads.securitydistro.com/labrat/AOC_Labrat-ALPHA-0010.iso
 
 
 
== Feedback and Participation: ==
 
 
 
We hope you find the OWASP Live CD Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to [email protected].  To join the OWASP Live CD Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-livecd subscription page.]
 
 
 
'''Graphics for Labrat ( Live Linux Distro )'''<br>
 
If anyone would like to help out with the graphics for the Live Linux Distro please contact OWASP at packetfocus.com
 
This would be a great project for University or even High School students to participate in the security community.
 
The Distro was named "labrat" because it should contain all the tools necessary to perform labratory grade ethical hacking / auditing. And all of the other cool themes have been taken but other Distro's....
 
 
 
== Project Contributors ==
 
 
 
== Project Sponsor ==
 
 
 
Live CD sponsors:
 
[http://www.packetfocus.com https://www.owasp.org/images/2/2a/LabRat_CD_Cover_logo_small.PNG]
 
[http://www.ritsgroup.com https://www.owasp.org/images/4/4b/Rits_logo_small.GIF]
 
 
 
[[Category:OWASP Project]]
 
[[Category:OWASP Tool]]
 
[[Category:OWASP Download]]
 

Latest revision as of 02:00, 25 May 2014

NOTE

This page is being kept for historical and reference purposes.  
This project has been renamed the OWASP WTE project which can be found here.


Live CD Cover

The OWASP Live CD project was originally started to update the previous OWASP Live CD 2007. The project met the September 15th, 2008 deadline for the OWASP Summer of Code (SoC) and produced its first release - the SoC release. Since the completion of the SoC, the project has made the following releases:

  • the Portugal release (Dec 12, 2008)
  • the AustinTerrier release (Feb 10, 2009)
  • the AppSec EU release (May, 2009)

In addition to creating these releases of the OWASP Live CD, the maintainer has created a series of forums and tutorials for support and documentation in an effort to help the Application Security community best use the tools and resources available.

Several mini-releases have sprung from this project. Currently, a version of the OWASP Live CD installed to a virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.


For historical purposes, the original application for the SoC is available here for the curious.

Screenshots of the current release!

The most recent presentation on the OWASP Live CD from AppSec EU 2009: (PPT)

The overarching goal for this project is to make application security tools and documentation easily available. I see this as a great complement to OWASP's goal to make application security visible.

The project has several other goals going forward:

  1. Provide a showcase for great OWASP tools and documentation
  2. Provide the best, freely distributable application security tools in an easy to use package
  3. Ensure that the tools provided are as easy to use as possible.
  4. Continue to add documentation and tools to the OWASP Live CD
  5. Continue to document how to use the tools and how the tool modules where created.
  6. Align the tools provided with the OWASP Testing Guide

There were also some design goals, particularly, this should be a live CD which is

  • easy for the users to keep updated
  • easy for the project lead to keep updated
  • easy to produce releases (I'm thinking quarterly releases going forward)
  • focused on just web application testing - not general Pen Testing.

(For general Pen Testing, the gold standard is Backtrack.)

Original SoC Goals are still available for the curious.

Subcategories

This category has only the following subcategory.

O

Pages in category "OWASP Live CD Project"

The following 2 pages are in this category, out of 2 total.