top of page



The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.


Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Anchor 8
Anchor 9
Anchor 10
Anchor 11
Anchor 12
Anchor 13
Anchor 14



REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

  • REMnux incorporates a number of tools for analyzing malicious executables that run on Microsoft Windows, as well as browser-based malware, such as Flash programs and obfuscated JavaScript. This popular toolkit includes programs for analyzing malicious documents, such PDF files, and utilities for reverse-engineering malware through memory forensics.

  • REMnux can also be used for emulating network services within an isolated lab environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and redirects the connections to the REMnux system listening on the appropriate ports.

  • You can learn the malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking the Reverse-Engineering Malware course that my colleagues and I teach at SANS Institute.

  • REMnux focuses on the most practical freely-available malware analysis tools that run on Linux. If you are looking for a more full-featured distribution that incorporates a broader range of digital forensic analysis utilities, take a look at SANS Investigative Forensic Toolkit (SIFT) Workstation.



Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.


  • More than 300 penetration testing tools

  • Open source Git tree

  • FHS compliant

  • Vast wireless device support

  • Custom kernel patched for injection

  • Secure development environment

  • GPG signed packages and repos

  • Multi-language

  • Completely customizable

  • ARMEL and ARMHF support



The word santoku loosely translates as ‘three virtues’ or ‘three uses’. Santoku Linux has been crafted to support you in three endeavours:


Mobile Forensics


Tools to acquire and analyze data:


  • Firmware flashing tools for multiple manufacturers

  • Imaging tools for NAND, media cards, and RAM

  • Free versions of some commercial forensics tools

  • Useful scripts and utilities specifically designed for mobile forensics


Mobile Malware


Tools for examining mobile malware:


  • Mobile device emulators

  • Utilities to simulate network services for dynamic analysis

  • Decompilation and disassembly tools

  • Access to malware databases


Mobile Security


Assessment of mobile apps:


  • Decompilation and disassembly tools

  • Scripts to detect common issues in mobile applications

  • Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more



The goal with the Open Source Android Forensics project was to create a unified framework for Android Forensics, focusing primarily on malware within Android applications. Our approach to tackling this emerging field was three fold. First, the creation of an entirely open source compilation of forensics and malware analytics software in the form of our OSAF Toolkit. Second, our focus was to create a standardized process for using the Toolkit and a set of best practices for analyzing Android applications. Lastly, in order to bring our knowledge and findings to the community, we have created the OSAF Community website. This site will not only host our toolkit and documentation, but will provide a platform for the interested users to gather and collaborate on this fast paced, emerging field in mobile malware forensics.



An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.


Key new features of SIFT 3.0 include:


  • Ubuntu LTS 12.04 Base

  • 64 bit base system

  • Better memory utilization

  • Auto-DFIR package update and customizations

  • Latest forensic tools and techniques

  • VMware Appliance ready to tackle forensics

  • Cross compatibility between Linux and Windows

  • Option to install stand-alone via (.iso) or use via VMware Player/Workstation

  • Online Documentation Project at

  • Expanded Filesystem Support



The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities.

MobiSec provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing framework. Using a live environment provides penetration testers the ability to boot the MobiSec Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.

The MobiSec Live Environment is maintained as an open source project on Source Forge, located at

Subscribe for Updates

Congrats! You’re subscribed

bottom of page