I’ve finally got round to adding Matriux to my ever growing collection of forensic and network security tools. The ISOs for the later releases are between 1.5GB and 2.5GB, but I settled for Matriux Lithium, which is just 780MB.
The overall Matriux OS is very lightweight, even down to the KDE interface, but it provides a very comprehensive range of tools to meet almost all the needs of penetration testers. It will run ncey on low-spec systems.
The following are some of the more interesting tools included with Matriux:
* Guymager: Lightweight EnCase clone for the acquisition of attached storage volumes, which can be imaged in the .dd and EnCase formats.
* Sleuthkit and Autopsy Forensic Browser: Both work perfectly here, with Firefox being already configured to start with the Autopsy interface.
* Reconnaissance: A range of widely-used programs for scanning, network mapping and other stuff for gathering information about the target. A lot of these are command line tools, but there’s also the GUI-based Zenmap and Angry IP Scanner.
* Attack Tools: Programs for manually testing the security of networks against a range of attacks. Includes password crackers, ssh bruteforcer and MAC address spoofing. WiFi discovery and cracking tools are also included.
* Websecurify: A web server vulnerability scanner. This checks the target server, and whatever applications are running on it, against a database of known vulnerabilities.
* Fast-Track: This is another automated vulnerability scanning and exploit system, which partly uses the Metasploit framework. As with Websecurify, this only reveals the known vulnerabilities.
* Inguma: Another interesting application that groups commonly-used tools into Discovery, Gathering, Vulnerability, Exploit and Bruteforcing sections, and provides a GUI for them.
* Geany IDE: Very lightweight developer environment.
Some Notes on Using Matriux
As a general rule, scanning, reconnaissance and information gathering is fine, but cracking or running exploits against a target is illegal without the express permission (preferably in writing) of whoever owns the network/server. Always respect peoples’ right to privacy.
Login: The login details for Matriux Lithium are slightly different from those posted on the developers’ site. Users login with ‘tiger‘ as the username and ‘toor‘ as the password. The password ‘toor‘ is also used whenever root permissions are required.
Loading the OS: Users might notice more error messages than normal while starting the Matriux OS, but they can be ignored and the OS will load after a minute or two.
Installing Matriux: The installer doesn’t work on its own, without first creating a new EXT3 primary partition with the supplied partition editor.