Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Mobile Security

New Linux Distro for Mobile Security

Paul Anderson by Paul Anderson
August 19, 2012 - Updated on May 19, 2022
in Mobile Security, Security
2
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

The Three Virtues or Three Uses

You might also like

Downthem DDoS service owner gets a 2-year prison sentence

Cloudflare Stops Record-Breaking DDoS

Chrome Browser Extension Vytal Prevents Privacy Leaks

Santoku Linux is aimed at Mobile Forensics, Mobile Malware Analysis, and Mobile Security Testing; these three aims are called the three virtues or the three uses of the said distribution and is the very foundation for the existence of this new distro. With these three virtues, users can use the free and open source tools and some of the commercial tools of Santoku Linux to forensically acquire and analyze data, examine mobile malware, detect malicious softwares, and support security assessment of mobile applications because of the increasing amount of malware that has plagued the users of mobile phones or smart phones. If you are into mobile security and mobile forensics then this distribution is definitely right for you.

Mobile Forensics:

  • Firmware flashing tools for multiple manufacturers
  • Imaging tools for NAND, media cards, and RAM
  • Free versions of some commercial forensics tools
  • Useful scripts and utilities specifically designed for mobile forensics

Mobile Malware Analysis

  • Mobile device emulators
  • Utilities to simulate network services for dynamic analysis
  • Decompilation and disassembly tools
  • Access to malware databases

Mobile Security Testing

  • Decompilation and disassembly tools
  • Scripts to detect common issues in mobile applications
  • Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more

List of Tools for the Alpha Release

Aside from the platform’s three endeavors which are Mobile Forensics, Mobile Malware Analysis, and Mobile Security Testing, this platform can also be used for Application Security Testing and Penetration Testing. As of this moment, the tools included in the July 2012 alpha release are categorized into Development Tools, Reverse Engineering, Penetration Testing, Wireless Analyzers, Device Forensics, and Mobile Infrastructure.

Development Tools:

  • Android SDK Manager
  • Apple Xcode IDE
  • BlackBerry JDE
  • BlackBerry Tablet OS SDK
  • BlackBerry WebWorks
  • DroidBox
  • Eclipse IDE
  • Windows Phone SDK
  • Android 2.3.3, 3.2, and 4.0.3 Emulators
  • SecurityCompass Lab Server (HTTP and HTTPS)
  • BlackBerry Ripple
  • BlackBerry Simulators

The set of tools for this category contains software development kits (SDK) or devkits plus the Eclipse IDE (Integrated development environment) in order to create or code applications for mobile software packages. Aside from the development environments, it also comes with emulators and simulators for the Android OS and the Blackberry. Thus, you can test the versions 2.3.3, 3.2, and 4.0.3
for the Android OS for your hacking needs.

Penetration Testing:

  • CeWL
  • DirBuster
  • Fierce
  • Nikto
  • nmap
  • Burp Suite
  • Mallory
  • w3af Console
  • w3af GUI
  • ZAP
  • BeEF
  • Ettercap
  • iSniff
  • Metasploit Console
  • Metasploit GUI
  • NetSed
  • SET
  • SQLMap
  • SSLStrip

With the addition of the tools for the Penetration Testing category, users can do penetration testing easier without the hassle of installing your favorite pentesting tools for web applications and servers. Because pentesting is very important. And so, Fire it all up! 

Reverse Engineering:

  • APK Tool
  • Dex2Jar
  • Flawfinder
  • Java Decompiler
  • Strace

With the set of tools for Reverse Engineering, users will be able to reverse engineer third party, closed, binary Android apps and rebuild them easier. Thus, making it your average distro for examining source codes and looking for security weaknesses, decompilation, and debugging. This is very important because nowadays a lot of developers who don’t practice or are not aware of safe coding have released their softwares in the Android Market.

Wireless Analyzers:

  • Aircrack-ng
  • Kismet
  • Ubertooth Kismet
  • Ubertooth Spectrum Analyzer
  • Wireshark

Santoku Linux also includes tools for wireless spectrum, packet analysis of wireless devices, sniffing the network, and for monitoring wireless networks. And of course, it can also be used for cracking and retrieving WEP, WPA/WPA2 keys just like other penetration testing distros out there. Thus, eliminating some of your time in installing your favorite Aircrack-Ng suite.

Device Forensics:

  • AFLogical Open Source Edition
  • Android Encryption Brute Force
  • BitPim
  • BlackBerry Desktop Manager
  • Foremost
  • iPhone Backup Analyzer
  • MIAT
  • Paraben Device Seizure
  • Sift Workstation
  • Sleuth Kit
  • SQLiteSpy

The Device Forensic Tools will help you in your endeavor in analyzing data, data recovery, data manipulation and exploration, investigate disk images, seize digital evidences, software auditing, and for testing the security of your mobile phones. The Paraben Device Seizure for example has been giving forensic examiners access to mobile device data for over 10 years and is recognized as the first tool for the forensic analysis of cell phones. 

Mobile Infrastructure:

  • BES Express
  • Google Mobile Management
  • iPhone Configuration Tool

These categories will help you with your mobile phone’s configuration and installation of its apps or platforms. Take for example the iPhone Configuration Tool which lets you easily create, maintain, encrypt, and push configuration profiles, track and install provisioning profiles and authorized applications, and capture device information including console logs[1]
and the BlackBerry Enterprise Server Express which is a free software to mobilize email platforms for growing businesses[2].

There are tools that are still to be updated or added and if you want a cool tool to be added on the distribution then feel free to drop your message or request in the contact page of the Santoku Linux’s official website. Remember, Santoku Linux is by the Community and for the Community. It’s still an alpha release so expect more tools to be added and more improvements.

Getting Started (for newbies)

Santoku can be downloaded at santoku-linux.com (official website) and the full .iso image or file capacity is 3+ GB so be sure you have a fast connection. Santoku is a pre-configured Linux environment so if you want to install it in your computer or laptop as one of your Operating Systems (multi-boot or dual boot) or as your primary Operating System then you need to create a bootable DVD or USB using the ISO image. Then boot the bootable or live DVD by prioritizing it as your first boot device. If all goes well, you should see something like this:

If you really want to install Santoku Linux then choose the third option that says “install – start the installer directly” or if you just want to try it out first before installing it then choose “live – boot the Live System”,the installation should let you choose your language, time zone, clock settings, and allow you to erase the entire hard disk or install with other OS’s. However, if you have chosen the first option which boots you to the pre-configured Linux environment without installing it, you should see a graphical interface that asks you for a password.

Make sure that you type the word “santoku” in the box that lets you input the password. The next thing you should see is the Desktop Wallpaper of a santoku knife and now you can already play with the distro.

And if want to boot or emulate it with Oracle’s Virtualbox then you can just follow this instruction from the official blog of Santoku.

Santoku Pro

You may be wondering why there is a link for Santoku Pro in the download link of the official website of Santoku Linux so let me explain a few things about it. The Santoku Pro version will be released later this year (2012) and this version will offer an easy-to-use interface for mobile application security assessment. So be sure to subscribe to the mailing list in order to be updated for this version and for the new tools update because there are still a lot of tools that will soon be added for this new distribution because the Santoku Community (contributors) is growing. Stay tuned!

Santoku Linux Download Page:
https://santoku-linux.com/download

References:

http://www.apple.com/support/iphone/enterprise/

http://us.blackberry.com/business/software/besx.html

http://www.paraben.com/device-seizure.html

Tags: forensicsinformationmobilesecurity
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Downthem DDoS service owner gets a 2-year prison sentence

by Christi Rogalski
June 30, 2022
0
Downthem DDoS Service owner sentenced

Matthew Gatrel, a resident of St. Charles, Illinois, has been sentenced to two years in prison for violating the Computer Fraud and Abuse Act (CFAA). The 33-year-old was...

Read more

Cloudflare Stops Record-Breaking DDoS

by Christi Rogalski
June 29, 2022
0
Cloudflare record breaking DDoS

Cloudflare has reported that it successfully neutralized the largest recorded DDoS attack in history. The attack, a 26 million request per second onslaught, targeted a customer on the...

Read more

Chrome Browser Extension Vytal Prevents Privacy Leaks

by Christi Rogalski
June 19, 2022 - Updated on June 20, 2022
0
Vytal Chrome Extension spoofs location data

Released in 2008, Google Chrome is a cross-platform web browser. With over 3.2 billion internet users worldwide, there's no denying that Chrome is the most popular browser today....

Read more

Are Bluetooth signals being used to track smartphones?

by Christi Rogalski
June 17, 2022
0
Bluetooth research leads to tracking

Can Bluetooth signals be used to track smartphones? Many people would say "No" to this question. However, a team of engineers at the University of California San Diego...

Read more

State-sponsored Iranian Hackers utilize .NET DNS Backdoor in new Attack

by Kyle
June 12, 2022
0
Lycaeum APT DNS hijacking backdoor

An Advanced Persistent Threat (APT) hacking group based out of Iran going by the name Lycaeum has been seen using a .NET-based DNS backdoor to target organizations within...

Read more
Next Post
10 Faroe Islands Sites Hacked for #OpHarpoon

10 Faroe Islands Sites Hacked for #OpHarpoon

Related News

Google Chrome Extension fingerprinting source

Google Chrome exposes user extensions to fingerprinting

July 1, 2022
Downthem DDoS Service owner sentenced

Downthem DDoS service owner gets a 2-year prison sentence

June 30, 2022
Cloudflare record breaking DDoS

Cloudflare Stops Record-Breaking DDoS

June 29, 2022
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
    • Tools
  • Data Breaches
  • Malware
  • Privacy
  • Contact Us

© 2022 ZeroSecurity, All Rights Reserved.