A Look at Pentoo Linux and Its Security Analysis Tools

by Sean Michael Kerner

Pentoo 2015 RC 3.7 provides users with the integrated option to verify that the installation files have not been corrupted.

By default, Pentoo starts without a graphical user interface (GUI). Users can choose to boot into the XFCE desktop environment if they want to use a GUI.

Pentoo includes Hardened Gentoo, which provides the Pax Linux kernel patch offering additional memory protections.

Analyzer, wireless, database and man-in-the-middle tools are among the types of security applications included in Pentoo 2015 RC 3.7.

Analyzing database security is enabled in Pentoo by way of multiple tools, including SQLninja and MSsqlscan.

IPv6 is the next-generation networking addressing system. Pentoo includes a long list of IPv6 analysis tools to help researchers identify potential security risks and misconfiguration issues.

The Hashcat Password Cracker is part of Pentoo, including a GUI to make it easier for users to run.

The slowhttpttest tool enables researchers to test for application layer denial-of-service (DoS) attacks.

For researchers who want to test secure SSL connections, Pentoo includes both the SSLsniff and SSLstrip tools that can enable man-in-the-middle connection interception.

Pentoo includes multiple tools to test WiFi security, including AirSnort and the Fern WiFi Cracker.

For those looking to audit potential WordPress content management system security issues, Pentoo includes the WPScan WordPress Security Scanner.