Samurai Web Testing Framework
Live CD's for penetration testing are becoming more prevalent these days, with a wider diversity of offerings. Live CD's allow testers the ability to run pre configured tools from operating systems they might not otherwise have easy access to. A live CD comes with a full operating system and several tools already installed on them. Of course, with virtualization technology becoming available, it is easy to run multiple virtual environments specifically crafted for certain tasks. Utilizing live CD's to either directly boot your machine or from a virtual environment, gives penetration testers maximum flexibility in operating systems and tools at their disposal.
The best know live CD for penetration testing is Backtrack (now at version 3). Backtrack is a wonderful CD that includes lots of tools for all sorts of penetration testing. Backtrack followed closely on the heels of other special purpose live CD's, such as Helix - a live CD aimed at forensic analysis and Knoppix STD, which was one of the first information security centric live CDs.
As live CD's have become more popular, specialized distributions have begun to emerge. One such specialty live CD is Samurai, a distribution squarely focused on web application penetration and vulnerability testing. Samurai is dubbed a "web testing framework" in much the same way that Metasploit is termed a framework. Samurai is sponsored by IntelGuardians Network Intelligence Inc a for profit information security consulting firm based in Washington, DC.
Samurai focuses on tools needed by web application testers to look for common vulnerabilities, such as misconfigurations, cross site scripting (XSS), SQL injection, remote file inclusion and other common vulnerabilities. the CD includes several tools to reconnoiter web applications and servers, enumerate files and directories, and test scripts.
Samurai - First Looks
The bootable Samurai CD allows several options once started. It can be run as a live CD or you can install the framework as a complete operating system:
The starting status screen is fairly clean:
Once you boot Samurai to the login screen you enter the username 'samurai' and the password 'samurai' to log in. This information is a little obscure. It appears on the Samurai SourceForge.net project page, and in the Readme.txt that is only available once you're logged in to the distro:
Once logged in it becomes obvious that Samurai is based on Ubuntu, which is a little unusual for a live CD distribution:
Samurai comes with a host of useful applications. These include many of the regular Linux tools but also include:
- Burp Suite, a web application attacking tool
- DirBuster, an application file and directory enumeration and brute forcing tool from OWASP
- Fierce Domain Scanner a target ennumeration utility
- Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google's caches
- Grendel-Scan, just released, an open source web application vulnerability testing tool
- HTTP_Print a web server fingerprinting tool
- Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together (great for background research on a target).
- Nikto, an open source web server scanner
- Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools
- Rat Proxy, a semi-automated, passive web application security audit tool.
- Spike Proxy, an extensible web application analyzer and vulnerability scanner.
- SQLBrute, a SQL injection and brute forcing tool.
- w3af (and the GUI), a web application attack and audit framework.
- Wapiti, a web application security auditor and vulnerability scanner
- WebScarab, an HTTP application auditing tool from OWASP
- WebShag, a web server auditing tool
- ZenMap, a NMAP graphical front end
Additionally Samurai includes several utilities that aren't available from the GUI menu. These include:
- dnswalk, a DNS query and zone transfer tool
- httping, a ping like utility for HTTP requests
- httrack, a website copying utility.
- john the ripper, a password cracking program
- netcat, a TCIP/IP swiss army knife
- nmap, a port scanner and OS detection tool
- siege, an HTTP stress tester and benchmarking tool.
- snarf, a lightweight URL fetching utility
and many others. Of course, all of these tools could easily be installed on your own Linux based machine, but having a live CD with the tools installed and pre configured is quite nice. Samurai also comes with Wine installed, which is handy if you want to run some windows based tools off of the distribution.
All in all Samurai looks like a wonderful addition to the plethora of live CD's aimed at information security professionals. Samurai succeeds in being an easy to use distro with lots of great tools. Samurai also helps to highlight the many other great open source tools at the disposal of penetration testers and information security professionals alike. One of the greatest boons of live CD's like this one is that you can boot up the CD and test out tools without having to go through the hassle of installing and configuring them first. This provides users the opportunity to test drive tools before deciding if they're worthwhile enough to install on their main systems.
Anja Skrba has generously produced a Serbo-Croatian translation of this page at http://science.webhostinggeeks.com/samurai-web.