Menu

Home
Duties
Recent commits
Stuff
Contact

CSS under CC License
Original work

http://dev.gentoo.org/~vanquirius

Pentoo Review

Pentoo is a Gentoo Linux based LiveCD that comes with a lot of tools for penetration testing, scanning one's network, exploiting vulnerabilities and so on.

Pentoo's ISO can be downloaded here.

This time I tested mini-Pentoo 2006.0 inside qemu. As expected from previous releases, it automatically boots and logs you in as root in a graphical environment where one can have access to all its tools. This time around, it uses Enlightenment DR 17. Below is the first screen you see after everything has been loaded properly.

Before one thinks about flaming Pentoo for logging-in as root, please remember that a lot of tools need you to have root powers to run properly.

I have mixed feelings about using E. It is pretty, but I would probably have gone with something else, like Fluxbox. I am bringing this up because in my short test it segfaulted on me. Of course, running startx was enough to bring everything up and running.

Right-clicking on the background brings up the menu of tools available to us, as you can see in the screenshot below.

Pentoo packs in a lot of interesting tools ready to be used.

Not surprisingly, it bundles up the most recent version of Ethereal.

Sticking with traditional tools, it comes with a nessus wrapper that starts up nessusd and nessus client.

All one has to do is set up a nessus user and happy scanning (edit: or use pentoo, pentoo):

Just like with nessus, there are plenty of wrapper scripts available to ease the use of the tools.

A quick look in the exploit tree perl script:

And the mandatory self scan with nmap:

To finalize, I believe Pentoo is an excellent idea. It gives quick access to analysis instruments both to novice and expert that can be tested and used from the safety of a LiveCD environment. It gives developers the chance to test tools that are not available in Portage without having the trouble of installing them, which makes it easier to pick priorities for inclusion. Lastly, Pentoo has already contributed a lot to Gentoo through Michael Zanetta's ebuilds and fixes.