Home -> Resources -> Tools

SCADA Hacker's Toolset

The following list has been assembled by SCADAhacker as the foundation for any control system security tester responsible for both vulnerability identification, as well as security testing and auditing.  If you have additional recommendations, please feel free to email me with your comments. 

COMING SOON:

The following content is in development, and will be added in the near future:
  -  Making a Kali Linux EFI Boot USB (with downloadable IMG)
  -  Installing Metasploit on Mac OS X 10.9
  -  Making a Security Test Platform on Mac OS X

Security Frameworks & Distributions

Backtrack

BackTrack 5
(last official released August 13, 2012)
Direct access is available directly from SCADAhacker.com using the following links. Downloads from Offensive Security have been discontinued since Backtrack 5 is deprecated and replaced with Kali Linux. MD5 signatures are available here.

Backtrack 5 R3 (released 8/13/2012) 32-bit GNOME | 64-bit GNOME | 32-bit VM
Backtrack 5 R2 (released 3/1/2012) 32-bit GNOME | 64-bit GNOME | VM (32-bit 64-bit)
Backtrack 5 R1 (released 8/18/2011) 32-bit GNOME | 64-bit GNOME | 32-bit VM
Backtrack 5 (released 5/10/2011) 32-bit GNOME | 64-bit GNOME
Backtrack 4 (released 1/9/2010 unavailable
Backtrack 3 (released 6/19/2008 unavailable
Backtrack 2 (released 3/6/2007 unavailable
Backtrack (released 5/26/2006) unavailable

Click here to access a great mirror site at Rochester Institute of Technology that contains distros and images for a range of useful tools! I do not have links to earlier versions of Backtrack including 3 and 4 (pre-final, final, R1 and R2).



BlackArch

BlackArch Linux 2015.04.08
(released April 8, 2015)
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1217 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. For more information, click here to access the project page with instructions and various download options. This is a relative new distribution, and is recently very active. This could be a good addition to you toolkit in addition to the "staple" Kali Linux.



Digital Evidence & Forensic Toolkit

DEFT 8.2
(released August 10, 2014)
DEFT (acronym of "Digital Evidence & Forensic Toolkit) is a customized distribution of the Kubuntu live Linux CD. It is a very easy to use system that includes an excellent hardware detection and the best open source applications dedicated to incident response and computer forensics.

Click here to access the DEFT blog site with links to download ISOs, bootable USB images, and virtual machines.



HackPorts

HackPorts
(to be released soon)
HackPorts in one of the newest packages to enter the security scene. HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a "super-project" that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines. Click here to access the project page from Buddha Labs, including a complete list of tools as well as details on participating in their beta test program.



Helix

Helix3 2009R1

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Note that Helix is offered by e-Fense and is part of a suite for commercial products. They still offer the free version which is available by clicking here.



Kali Linux

Kali Linux Rolling (2016.1) (released January 16, 2016)
Direct access is available directly from SCADAhacker.com using the following links. Authenticity with the Kali Linux site can be assured by comparison of the applicable sha1sum hash values provided. Check out this video produced by Offensive Security highlighting the existing new environment of Kali Linux 2.0. A complete listing of all tools included in Kali Linux is available here. Be sure to also check out the recipe for building your own custom Kali ISO more appropriate for use in industrial networks.

kali-linux-2016.1-amd64.iso 64-bit     (2.6GB)
kali-linux-2016.1-i386.iso 32-bit     (2.6GB)
kali-linux-light-2016.1-amd64.iso 64-bit Light (0.8GB)
kali-linux-light-2016.1-i386.iso 32-bit Light (0.8GB)
kali-linux-mini-2016.1-amd64.iso 64-bit Mini (30MB)
kali-linux-mini-2016.1-i386.iso 32-bit Mini (30MB)
kali-linux-light-2016.1-armel.img.xz armel Light (0.7GB compressed)
kali-linux-light-2016.1-armhf.img.xz armhf Light (0.7GB compressed)

Kali Linux 2.0 (released August 11, 2015)
This repositories associated with Kali 2.0 "sana" will no longer be updated and will be end-of-life on April 15, 2016. It is recommended to upgrade to Kali Rolling in order to remain current with all the testing tools.

kali-linux-2.0-amd64.iso 64-bit     (3.1GB)
kali-linux-2.0-i386.iso 32-bit     (3.2GB)
kali-linux-light-2.0-amd64.iso 64-bit Light (0.8GB)
kali-linux-light-2.0-i386.iso 32-bit Light (0.9GB)
kali-linux-mini-2.0-amd64.iso 64-bit Mini (29MB)
kali-linux-mini-2.0-i386.iso 32-bit Mini (27MB)
kali-linux-light-2.0-armel.img.xz armel Light (2.1GB | 0.6GB compressed)
kali-linux-light-2.0-armhf.img.xz armhf Light (2.0GB | 0.6GB compressed)

Kali Linux 1.0

Kali Linux 1.1.0a (released 3/13/2015) 64-bit | 32-bit
Kali Linux 1.1.0 (released 2/7/2015) 64-bit | 32-bit
Kali Linux 1.0.9a (released 10/6/2014) 64-bit | 32-bit
Kali Linux 1.0.9 (released 8/25/2014) unavailable
Kali Linux 1.0.8 (released 7/22/2014) 64-bit | 32-bit
Kali Linux 1.0.7 (released 5/27/2014) 64-bit | 32-bit
Kali Linux 1.0.6 (released 1/9/2014) 64-bit | 32-bit
Kali Linux 1.0.5 (released 9/5/2013) 64-bit | 32-bit
Kali Linux 1.0.4 (released 7/25/2013) 64-bit | 32-bit
Kali Linux 1.0.3 (released 4/26/2013) 64-bit | 32-bit
Kali Linux 1.0.2 (released 3/27/2013) 64-bit | 32-bit
Kali Linux 1.0.1 (released 3/14/2013) unavailable
Kali Linux 1.0.0 (released 3/13/2013) unavailable

 SHA1 signatures are available here.

Click here to the Kali Linux website.



Network Security Toolkit

Network Security Toolkit (NST) 20-6535
(released February 9, 2015)
This is a bootable live CD/DVD based on Fedora 20 (kernel 3.18.5-101.fc20) containing a comprehensive site of open source network security tools, many of which are published in the article "Top 125 Security Tools" (see link below in the Websites section).

Download the latest image from Sourceforge by clicking here, or visit the NST website by clicking here.



OpenVAS

OpenVAS-4
(released March 17 2011)
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.  It is available in several formats:

Virtual Appliance - Community Edition compatible with VirtualBox 3.x and VMware
Binary Packages available for most leading distributions including Windows
Source Code  



Ophcrack

Ophcrack
3.6.0 (released June 5, 2013)
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. It is available as either a LiveCD or an installable file.

Click here to access the Sourceforge project page with instructions and download ISOs.



Pentoo

Pentoo 2015.0 RC3.7
3.6.0 (released January 4, 2015)
Pentoo is a penetration testing LiveCD distribution based on Gentoo. It features a set of tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities (yes, it too includes the metasploit framework!).

Click here to access the project page with instructions and download files. There is also a good Tools List on the Download page that provides a comprehensive listing of all installed tools.



SamuraiSTFU

SamuraiSTFU 1.8
(released May 14, 2015)
For years, penetration testing distributions like BackTrack and SamuraiWTF have been available to help perform penetration testing in most IT environments. These distributions however have been generic in nature to enable their use in a wide variety of different environments. One environment where these distributions have failed to meet the needs of their users is on SCADA and Smart Grid systems. The folks at UtilSec are fixing this problem. Taking their experience running SamuraiWTF over the last four years, UtiliSec, a leading provider of security consulting services in the energy sector, has created an open source linux distribution specifically for Electric Utility security teams. SamuraiSTFU takes the best in bread security tools for traditional network and web penetration testing, adds specialized tools for embedded and RF testing, and mixes in a healthy dose of energy sector context, documentation, and sample files. It also includes emulators for SCADA, Smart Meters, and other types of energy sector systems to provide leverage a full test lab. So whether you work for an electric utility or are interested in gaining sufficient experience to start doing security work in these environments, this distribution is something that should be evaluated.

Click here to access the project page with additional background and downloads.



Secmic

Secmic 4.04
(released November 18, 2010)
Click here to access the Sourceforge project page with instructions and download ISOs.  This is a good framework for the toolkit, is based on Kubuntu, and includes some modules not included in BT5 (I especially like some of the wireless tools).



Security Onion

Security Onion 12.04
(updated February 28, 2014)
Network Security Monitoring (NSM) is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence and situational awareness of your network. There are some commercial solutions that get close to what Security Onion provides, but very few contain the vast capabilities of Security Onion in one package.

Security Onion seamlessly weaves together three core functions: full packet capture, network-based and host-based intrusion detection intrusion detection systems (NIDS and HIDS, respectively), and powerful analysis tools. Doug Burks has done an amazing job with this security distribution! You can read more about Security Onion by clicking here.

Since this tool requires some level of configuration, it needs to be installed on either a physical or virtual host. The DVD iso image provides  a complete build environment, including the underlying Xubuntu operating system, or there are scripts available for installing Security Onion on top of a particular version of Linux.

Download and Instructions are available on the Security Onion GitHub.



Other Online Resources

There are many other distributions, both active and inactive, that may contains valuable tools and techniques not listered here. The list below contains sites which have been identified that list additional security options for consideration.

Security Enhanced (SE) Linux Distributions - Linux.com
Security Distributions - SecurityDistro.com

If you find others that should be added to the list, please contact me with details and I will add them to the list.

Industrial Protocol Fuzzers

Commercial
Codemicon Defensics
Wurldtech Achilles

Open-Source
Automatak Aegis

Standalone Security Applications

Cain & Abel Password Cracking Application for Windows
Dsniff Network Auditing Suite
Hping3 Network Probing Tool
John the Ripper Password Cracking Application
Metasploit Framework Security Testing Framework (see Documentation below)
Nessus Vulnerability Accessment Tool
Network Miner Network Forensic Analysis Tool (NFAT) for Windows
Netcat / Cryptcat The Network "Swiss Army Knife"
Ophcrack Password Cracking Application for Windows based on Rainbow Tables
PuTTY Secure Shell Client
Snort Intrusion Detection System
Splunk Security Event Monitoring (SEM) System
THC Hydra Network Authentication (SSH) Cracking Application
WCE Windows Credential Editor
Wireshark Network Sniffer and Packet Analyzer
WhosThere Tool to List Logon Sessions with NTLM Credentials on Windows Domains
winAUTOPWN Auto hacking shell gaining tool

Android and Tablet Security Applications

Anti Android Network Toolkit
Backtrack5 with Metasploit on Android [coming soon]

Documentation

Metasploit Framework User Guide
Meterpreter Guide

Websites

Pentestmonkey Cheat Sheets (reverse shell, ssh, jtr, sql injection)
Top 100 Network Security Tools (sectools.org)
Tools Watch

Supplimental Tools

How to build a mulitiple-boot USB Drive from ISO images
Using UNetbootin to create a persistent Linux USB
How to create a Live USB drive for Linux

Hash My Files Program (ZIP File - 53KB)
Virtual CD/DVD Clone Drive (ZIP File - 1.6MB)