Hydrapwk2 Is A Linux Distribution That Simplifies Pentesting

When you deliberation of penetration testing (pentesting), nan first point that astir apt comes to mind is Kali Linux, and pinch bully reason. Kali Linux is nan de facto modular pentest OS because it comes pinch conscionable astir each instrumentality you could imagine.

At nan aforesaid time, because there’s truthful overmuch to beryllium recovered successful Kali Linux, it tin beryllium a spot overwhelming. Granted, that’s benignant of nan quality of penetration testing because you really request to cognize what you’re doing.

Penetration testing is simply a communal information practice. With pentesting, you enactment arsenic an attacker of your ain system, looking for each nan different ways it tin beryllium compromised, utilizing each nan devices astatine your disposal.

But there’s different pentesting distribution, called HydraPWK2, that includes each of nan basal devices but offers them successful a measurement that’s a spot easier to comprehend.

The logic I opportunity this astir HydraPWK2 is each astir nan paper building connected nan desktop. What nan distribution does is shape nan desktop paper into easy understandable categories (Figure 1), specified arsenic Identify, Protect, Detect, Respond, Recover, Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Evasion, Credential Access, Discovery, Lateral Movement, Collection, C2, Inhibit Response Function, Impair Process Control, Exfiltration, Impact, Forensic and Usual Applications.

Organizing nan paper this measurement vastly simplifies really you get to know, understand and usage this penetration testing distribution.

But what astir nan tools?

Yeah, a pentesting OS is only arsenic bully arsenic nan devices it contains, and HydraPWK2 has everything you need. I won’t spell done nan full database of preinstalled applications, but suffice it to opportunity that you astir apt won’t deficiency for tools. Just unfastened nan desktop paper and past unfastened a class to spot what devices are available. For example, spell to Reconnaissance and you’ll spot six subcategories (Figure 2).

Click Wireless Sniffing and you’ll find candump and hackrf_sweep. Keep successful mind that (like pinch Kali Linux), galore of these devices are of a command-line nature, truthful if a paper introduction opens a terminal window, that’s wherever you’ll usage nan command. When nan terminal model opens, galore of nan apps will besides uncover adjuvant accusation astir really to usage nan tool. For instance, nan candump instrumentality tin beryllium utilized for illustration so:

That will create a log record for each web interfaces, and nan record will beryllium named candump-XXX.log, wherever XXX is nan day and a clip stamp. Even nan type of nmap included pinch HydraPWK2 is nan command-line version. There are immoderate graphical personification interface (GUI) tools, specified arsenic Maltego, which are very powerful but tin besides person an associated costs aliases astatine slightest require an account.

Because truthful galore of these devices are command-line versions, you’ll request to person a beautiful thorough knowing of really they work. To that end, I would highly urge that you return nan clip to publication done nan archiving of each tool. Fortunately, HydraPWK2 has a bully magnitude of information, collected successful a single location.

Some of nan tools, specified arsenic nan Social Engineering Toolkit (SET), locomotion you done nan process via a group of lists from which you take options (Figure 3).

The Nature of HydraPWK2

There’s 1 point to support successful mind pinch HydraPWK2: You’re expected to tally it arsenic a unrecorded distribution. However, nan bully point astir this OS is that you tin really instal it connected a drive. To do that, spell to Menu > Usual Applications > System > Install HydraPWK. This will unfastened nan Calamares installer (Figure 4), wherever you tin locomotion done a reasonably straight-up Linux installation.

Although it’s astir apt easier to tally HydraWPK2 arsenic a unrecorded distribution, I decided to spell up pinch nan installation to spot really good it worked. One of nan reasons why I would propose installing this OS is that it would let you to prevention log files and position them astatine a later time. As well, you could besides instal different forensics devices if what you request isn’t recovered retired of nan box.

The installation of nan OS took astir arsenic agelong arsenic immoderate Linux distribution (roughly 5 minutes). Once it was completed, I rebooted and logged in. After I logged in, I could tally sudo apt-get update && sudo apt-get upgrade to make judge HydraPWK2 has each nan latest software. That unsocial makes it worthy installing, truthful I would propose installing it connected a spare strategy (like a laptop, truthful you tin transportation it astir nan institution for various testing) and burning it to an ISO, truthful you person an moreover much portable option.

One of nan things I admit astir HydraPWK2 is that it uses a real-time Linux kernel. Keep successful mind that a real-time Linux kernel ensures that time-sensitive tasks are executed wrong strict clip constraints, which tin beryllium important erstwhile moving devices for penetration testing.

I would urge you springiness some Kali Linux and HydraPWK2 a effort and spot which 1 amended suits your needs. I recovered HydraPWK2 to beryllium reasonably elemental to usage (so agelong arsenic you cognize really to activity pinch nan pentesting tools) and nan Xfce desktop not to get successful nan measurement of nan work.

Grab an ISO of HydraWPK2 from nan official download site.

Group Created pinch Sketch.