Tuesday, August 22, 2006

Mac OSX Essential Security Tools

Having recently converted to a Mac Book Pro, I have been on a quest to locate security tools capable of running on this platform. Here is are the tools I found that I now cannot live without:

KisMAC - This tool is supposed to allow you to do all the cool wireless stuff from OSX. I downloaded it and whil it did look cool, I quickly discovered one huge drawback. It turns out that is monitor/ passive mode is not supported with the Airport Extreme wireless cards in the new Mac Book Pro's. However, I have downloaded the newest Alpha version and found that it now supports passive mode in these cards! The only functionality now lacking is the ability to reinject packets. Hopefully this functionality will be there soon. Packet reinjection is necessary to perform the different Auth/ Deauth flood attacks used to generate more traffic for cracking WEP. This video provides a cool overview of cracking WEP with KisMAC.

Nessus 3.X - New with version 3.x of nessus, the Nessus developers decided to stop distribuing source code. As we have seen, it is possible to get Nessus 3.x running on other platforms. However, it turns out that OSX is now one of the supported platforms. The install and operation of OSX package is seamless. It comes with both the client and the server.

Paros Proxy - Paros proxy is an extremely well designed proxy that is a must for doing web application security testing. Because it is coded in java, it is cross platform. As long as you have JRE installed, Paros proxy functions right out of the box.

Parallels - Think of this as VMWare for MAC, only better. No annoying need to add "vmware" tools into your guest OS, etc. Using Parallels I was able boot all of my favorite Linux-based LiveCD Security Toolkits, such as Backtrack. This gives you instant access to a wealth of security tools (nmap, spike proxy, etc). By editing the CDROM setting to "Use an Image File:", you can now configure Parallels to boot from an ISO file. The only limitation I noticed was that the wireless card is not virtualized. However, since most wireless security tools won't function properly when operating though an abstration layer anyway, this is definately a minor limitation.

VirtueDesktops - Although this application is not actually a security tool, it is unbelievably cool. Its a desktop switching tool that is adds a high level of functionality while adding a super high level of eye-candy as well. Check out this video to see exactly what I am talking about. --Note, this video only shows 2 desktops in a left to right config. You can also add additional desktops on a vertical axis as well.


Post a Comment

Links to this post:

Create a Link

<< Home