Virtual Machines prepared for executing a PenTest

• BackTrack

To penetrate the vulnerable VMs on my ESXi server, I downloaded and installed BackTrack 5 R1 (32-Bit, Gnome). After an optional registration it is possible to choose between a 32-Bit and 64-Bit ISO. It is also possible to download a virtual machine already installed with BackTrack. I wanted to install BackTrack also on USB Flash-Drive, so I downloaded the ISO.

BackTrack 5 R1 Download

• Samurai WTF

Additionaly I also downloaded and installed the latest version of Samurai WTF (Web Testing Framework).  Here you can find a short description copied of the Samurai website:

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

I've been using BackTrack now for a year and I really like it because you can work very efficient with this distribution. In the future I just want to have a look at Samurai WTF, as I've never worked with it before.

Samurai WTF

• OWASP Live-CD

Last but not least, I found also a Live CD provided by the OWASP project for executing web application pentesting. There was no update in the last 2 1/2 years, but maybe it's worth a loook, so I also deployed it to the ESXi.

OWASP Live-CD Project